php whitelist for admin and member

For general web development questions that are not specifically related to CSS HTML Validator. This includes (but is not limited to) general HTML, CSS, Accessibility, JavaScript, and SEO questions.
Post Reply
maichel
Rank 0 - Newcomer
Posts: 6
Joined: Mon Oct 05, 2015 8:13 am

php whitelist for admin and member

Post by maichel »

Hello,

I have made in php a administration system. I have two different accounts: admin and member. With the admin account you can edit data and the member account not.
But I have a whitelist for this. The admin and users can look on different pages.
But this doesn't work. I place a include whitelist page above the doctype, on every page (except index.php).
I have the index.php (login page, this works), and the code below is standing on the page after index.php, so admin.php and member.php. If the code below run, you see a white screen with nothing and no errors.

Can someone help me? What is wrong with the code?
thanks in advance.

Code: Select all

session_start();

//$a_username =  ($_POST ['username']);
//$a_password =  ($_POST ['password']);
$_SESSION['username'] = $a_username;
$_SESSION['password'] = $a_password;
    $sqli = "SELECT * FROM users WHERE username='$a_username' AND password='$a_password' ";

    $numrows = mysqli_query($link, $sqli)    or    die(mysqli_error());
    
    //Define from form text feilds
        //$username = 'username';
       $password = 'password';
//this is admin login
if($a_username == "admin" && $a_password = md5( $_POST ['password'])){
    $whitelist = array("/folder/admin.php", "/folder/edit1.php", "/folder/edit2.php", "/folder/edit3.php", "/folder/edit4.php");  
    $ip = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
    if(in_array($ip, $whitelist)) {
    //echo "You can access the whitelist page!";
    } else {
    session_destroy ();
    header("Location: index.php");die();
    }
}//this is member log in
else {
    $whitelist2 = array("/folder/member.php", "/folder/member2.php", "/folder/member3.php", "/folder/member4.php", "/folder/member5.php");   
    $ip2 = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
    if (in_array($ip2, $whitelist2)) {
    //echo "You can access the whitelist page!";
    } else {
    session_destroy ();
    header("Location: index.php");die();
    }
}  
Post Reply