Ok, so we have authenticated the user in part 1, we can now start the process of adding the users IP to their whitelist.

if (file_exists($whitelist_file)) {
	$user_whitelist = file($whitelist_file, FILE_IGNORE_NEW_LINES);
}
else {
	$user_whitelist = [];
}

First we check to see if the user already has a corresponding file with previously whitelisted IPs. If they do then we simply load the existing IPs into an array, otherwise we create a new empty array.

if (in_array($current_ip, $user_whitelist)) {
	echo "IP Already whitelisted";
	print_r($user_whitelist);
	exit;
}
elseif (count($user_whitelist) < $whitelist_max ) {
	array_unshift($user_whitelist , $current_ip);
}
elseif (count($user_whitelist) == $whitelist_max) {
	array_unshift($user_whitelist , $current_ip);
	array_pop($user_whitelist);
}

Above we are create the logic for how IPs are added to the whitelist. If the IP has already been whitelisted then we can simply stop here.

As I mentioned previously, I want to make the whitelisting process as painless as possible for the end user. Because of this I have decided that the last 5 user IPs (this is defined earlier using $whitelist_max) should be whitelisted. This will help to reduce the need to whitelist every single time they swap between common wifi networks, or if they want multiple devices to be whitelisted at the same time but they are on different networks.

The final bit of logic handles the whitelisted IP list when 5 IPs are already whitelisted and a new IP is added. The new IP is added to the beginning of the array and then the final array element is removed. 

$i = 0;
while ($i < count($user_whitelist))
{
	if ($i == 0) {
		file_put_contents($whitelist_file, $user_whitelist[$i] . "\n");
	}
	else {
		file_put_contents($whitelist_file, $user_whitelist[$i] . "\n", FILE_APPEND);   
	}
    $i++;
}

print_r($user_whitelist);

All that’s left to do is save the new IP list to the users whitelisted IP file. We iterate through the array, on the first loop it writes over the file and the subsequent loops append to the end of the file. Finally the new $user_whitelist is printed so the user can see their current IP whitelist.

And here is the completed PHP file (whitelist-url.php) that authenticates requests and stores successfully whitelisted IPs:

<?php

if ( !isset($_GET['user']) || !isset($_GET['auth']) ) 
{ 
	header('HTTP/1.0 403 Forbidden');
	echo 'You are forbidden!';
	exit;
}

$user = $_GET['user'];
$pass = $_GET['auth'];
$auth_file = "data/auth/{$user}";
$whitelist_file = "data/ip-data/{$user}";
$current_ip = $_SERVER['REMOTE_ADDR'];
$whitelist_max = 5;

if (!file_exists($auth_file)) {
	header('HTTP/1.0 403 Forbidden');
	echo 'You are forbidden!';
	exit;
}

$userauth = file_get_contents($auth_file);

if ( $userauth != $pass ) {
	header('HTTP/1.0 403 Forbidden');
	echo 'You are forbidden!';
	exit;
}

if (file_exists($whitelist_file)) {
	$user_whitelist = file($whitelist_file, FILE_IGNORE_NEW_LINES);
}
else {
	$user_whitelist = [];
}

if (in_array($current_ip, $user_whitelist)) {
	echo "IP Already whitelisted";
	print_r($user_whitelist);
	exit;
}
elseif (count($user_whitelist) < $whitelist_max ) {
	array_unshift($user_whitelist , $current_ip);
}
elseif (count($user_whitelist) == $whitelist_max) {
	array_unshift($user_whitelist , $current_ip);
	array_pop($user_whitelist);
}

$i = 0;
while ($i < count($user_whitelist))
{
	if ($i == 0) {
		file_put_contents($whitelist_file, $user_whitelist[$i] . "\n");
	}
	else {
		file_put_contents($whitelist_file, $user_whitelist[$i] . "\n", FILE_APPEND);   
	}
    $i++;
}

print_r($user_whitelist);

Our API is now authenticating user requests and storing a list of whitelisted IPs for each user in a file. In part 3 of the tutorial I will create a new endpoint that only returns a list of IPs whitelisted for each user. This can then be used by any server/service we like to pull these trusted IPs and allow them access.