× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Greetings (and a question about user access)
Hi there, my name is Tommy. I've been asked to set up a website for a neighbourhood for them to share news, events, etc. and they have asked for it to be controlled by username / password passed out to residents. So far I have UserSpice up and running, when users login they are redirected to the website as planned. However, I have found that if I know the URL I am able to access the website without logging in (using incognito mode, for example).

I've tried adding the recommended lines for this as php in the html header using something like
require_once ‘../users/init.php’;  //make sure this path is correct!
require_once $abs_us_root.$us_url_root.’users/includes/template/prep.php’;
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/header.php’; //custom template header
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/navigation.php’; //custom template nav
require_once $abs_us_root.$us_url_root.’usersc/templates/’.$settings->template.’/container_open.php’; //custom template container
if (!securePage($_SERVER[‘PHP_SELF’])){die();}

But when the browser reads the file the php lines appear as comments (only in the browser, opening the file on the server displays the code correctly). I don't really know what to do with it and don't have enough general understanding of php to make things work. If anyone can point me to a simple tutorial for blocking off web-directories using php (or UserSpice) I'd love to hear about it.
Hi Tommy,

Generally, in this order, you will want to include the following code:

For the most part, the only requirement is the init.php file, and to protect it, the securePage function. It is possible the page is not being properly protected by z_us_root and the pages table. For a file to be protected, it must also have its directory in z_us_root and you should visit the Admin Pages section to add it. The page is most likely listed as a public page.


Forum Jump:

Users browsing this thread: 1 Guest(s)