diff --git a/DBConnector.class.php b/DBConnector.class.php
index 4e45193..2fd4670 100644
--- a/DBConnector.class.php
+++ b/DBConnector.class.php
@@ -125,6 +125,19 @@ public function ipAddress()
         return $ip;
     }
 
+    public function checkPermission()
+    {
+        $ip = $this->ipAddress();
+        $ip_list = array();
+        $rows = $this->query("SELECT address FROM address");
+        while ($row = $rows->fetchArray(SQLITE3_ASSOC)) {
+            array_push($ip_list, $row['address']);
+        }
+        $rows->finalize();
+        $allowed = in_array($ip, $ip_list);
+        return $allowed;
+    }
+
     public function addUser($username, $address, $device = 'laptop')
     {
         // Add a new user with his/her address and the device to the database.
diff --git a/control.php b/control.php
index ed3724e..6178a78 100644
--- a/control.php
+++ b/control.php
@@ -5,9 +5,6 @@
 
 // Authors: Alexander Wagner, Stefan Weil
 
-// TODO: Authentisierung. Funktioniert hier nicht mit auth.php,
-// daher vielleicht über Datenbankabfrage.
-
 // Test whether the script was called directly (used for unit test). Use some
 // heuristics to detect whether we are not running in a web application.
 if (isset($unittest)) {
@@ -345,7 +342,6 @@ function createNewWindowSafe($db, $w)
     createNewWindow($db, $window);
 }
 
-
 function createNewWindow($db, $w)
 {
     // '$w' already contains 'file', 'handler' and 'date'.
@@ -568,7 +564,9 @@ function processRequests($db)
     }
 } // processRequests
 
-processRequests($db);
+if ($db->checkPermission() || $unittest[__FILE__]) {
+    processRequests($db);
+}
 
 if ($unittest[__FILE__]) {
     // Experimental: Get function call from startx.