I didn’t make an SQL script for it because I didn’t want to learn how to, (use https://www.heidisql.com)
Configuration
inc/config.php
<?php
/* Change the Database Values to your Database */
////////// CONFIG ////////////
$title = "Webpanel";
//DB CONFIG//
$dbServername= "localhost";
$dbUsername = "root";
$dbPassowrd = "";
$dbName = "essentialmode";
////////////
$ServerLogo = "img/logo.png";
// This is the permission level in the db where admins have to have a greater value to access admin.
$perm_levelForAdmin = 3;
Features
Anyone that has a permission level of less than 3 can only see their own stats (user).
Anyone that has a permission level greater than 3 can edit db values easily (admin).
Just from a quick glance on my phone, I can see this has a ton of security vulnerabilities. The user logging in could drop tables whenever they want with the correct SQL query.
Edit: Now that I am on my computer I can grab you some links to look at. I would strongly recommend using Sign in Through Steam as then you aren’t worrying about passwords or sensitive user information. If you want to see the way I prevented SQL injections (AFIK, currently wanting more people to test it) you can take a look at the functions escapestring and dbqueryhere. My method isn’t as nice as using PDO but it is easier for large amounts of data processing and should still be secure.
Why would I want people I only know from the community that worked their way up to admin to have access to the back end of my server so they can fiddle around in PHPMyAdmin and mess up stuff they have no reason to be in.
Maybe someone a little more fluent in this type of stuff can chime in if this is possible or not: but add maybe a permission to where someone can only access the whitelist table for adding new users to the whitelist? I know my community, as well as many others, have a group of individuals that do the interviews, training, etc. and would be nice for them to be able to add them instead of always having to wait for an admin.
Your easiest bet would be to use phpMyAdmin and setup a MySQL account that only has access to that specific table. This is very easy to do through phpMyAdmin.
Sorry, but I never went around to actually fix the security issues. maybe in the future I will, but for now; I lost all motivation for this due to the fact that this release is impractical.
Most of the SQL Injections can be remediated by using PDO for interfacing with the database. It should be minimal changed to the scripts, but will substantially help with protecting against SQLi. Lots of tutorials out there.
Also I would like to use this panel, however, does not function the sql file unfortunately and unfortunately I do not know how to insert a table manually can someone help me?