php whitelist for admin and member
Posted: Tue Jan 19, 2016 7:19 am
Hello,
I have made in php a administration system. I have two different accounts: admin and member. With the admin account you can edit data and the member account not.
But I have a whitelist for this. The admin and users can look on different pages.
But this doesn't work. I place a include whitelist page above the doctype, on every page (except index.php).
I have the index.php (login page, this works), and the code below is standing on the page after index.php, so admin.php and member.php. If the code below run, you see a white screen with nothing and no errors.
Can someone help me? What is wrong with the code?
thanks in advance.
I have made in php a administration system. I have two different accounts: admin and member. With the admin account you can edit data and the member account not.
But I have a whitelist for this. The admin and users can look on different pages.
But this doesn't work. I place a include whitelist page above the doctype, on every page (except index.php).
I have the index.php (login page, this works), and the code below is standing on the page after index.php, so admin.php and member.php. If the code below run, you see a white screen with nothing and no errors.
Can someone help me? What is wrong with the code?
thanks in advance.
Code: Select all
session_start();
//$a_username = ($_POST ['username']);
//$a_password = ($_POST ['password']);
$_SESSION['username'] = $a_username;
$_SESSION['password'] = $a_password;
$sqli = "SELECT * FROM users WHERE username='$a_username' AND password='$a_password' ";
$numrows = mysqli_query($link, $sqli) or die(mysqli_error());
//Define from form text feilds
//$username = 'username';
$password = 'password';
//this is admin login
if($a_username == "admin" && $a_password = md5( $_POST ['password'])){
$whitelist = array("/folder/admin.php", "/folder/edit1.php", "/folder/edit2.php", "/folder/edit3.php", "/folder/edit4.php");
$ip = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
if(in_array($ip, $whitelist)) {
//echo "You can access the whitelist page!";
} else {
session_destroy ();
header("Location: index.php");die();
}
}//this is member log in
else {
$whitelist2 = array("/folder/member.php", "/folder/member2.php", "/folder/member3.php", "/folder/member4.php", "/folder/member5.php");
$ip2 = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
if (in_array($ip2, $whitelist2)) {
//echo "You can access the whitelist page!";
} else {
session_destroy ();
header("Location: index.php");die();
}
}