Greetings (and a question about user access)

The following warnings occurred:

Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)

File	Line	Function
/global.php(961) : eval()'d code	26	errorHandler->error
/global.php	961	eval
/printthread.php	16	require_once

Greetings (and a question about user access) - Printable Version

+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.4 (https://userspice.com/forums/forumdisplay.php?fid=27)
+--- Thread: Greetings (and a question about user access) (/showthread.php?tid=1314)

Greetings (and a question about user access) - TommyKay - 01-24-2019

Hi there, my name is Tommy. I've been asked to set up a website for a neighbourhood for them to share news, events, etc. and they have asked for it to be controlled by username / password passed out to residents. So far I have UserSpice up and running, when users login they are redirected to the website as planned. However, I have found that if I know the URL I am able to access the website without logging in (using incognito mode, for example).

I've tried adding the recommended lines for this as php in the html header using something like
<?php
require_once ‘../users/init.php’; //make sure this path is correct!
require_once $abs_us_root.$us_url_root.’users/includes/template/prep.php’;
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/header.php’; //custom template header
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/navigation.php’; //custom template nav
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/container_open.php’; //custom template container
if (!securePage($_SERVER[‘PHP_SELF’])){die();}
?>

But when the browser reads the file the php lines appear as comments (only in the browser, opening the file on the server displays the code correctly). I don't really know what to do with it and don't have enough general understanding of php to make things work. If anyone can point me to a simple tutorial for blocking off web-directories using php (or UserSpice) I'd love to hear about it.

RE: Greetings (and a question about user access) - Brandin - 01-26-2019

Hi Tommy,

Generally, in this order, you will want to include the following code:
https://pastebin.com/vL70Hp9n

For the most part, the only requirement is the init.php file, and to protect it, the securePage function. It is possible the page is not being properly protected by z_us_root and the pages table. For a file to be protected, it must also have its directory in z_us_root and you should visit the Admin Pages section to add it. The page is most likely listed as a public page.

Brandin.