The securePage function in UserSpice is used to secure pages by restricting access based on user authentication and permissions. It verifies if a page should be accessible or if the user should be redirected to a login page or denied access.
Location
users/helpers/permissions.php
Parameters
#
Parameter
Data Type
Required
Description
1
$uri
string
Yes
The URI of the page to secure.
Returns
Data Type
Description of Returned Data
bool
The function returns a boolean value. true indicates that the page is accessible, and false indicates that access is denied.
Example
if (!securePage($_SERVER['PHP_SELF'])){die();}
Further Documentation:
This is the core UserSpice function that determines if someone is allowed to visit a page.
In order for this to function properly, several things must be true
1. The page should end in a .php extension.
2. The page should have the init file required before securePage is called
3. The page must be in the database. It should be added automatically assuming that UserSpice is set to monitor that folder.
If a user is in the $master_account array (defined in init.php) this will always return true.
If a user has been banned, this will always return false.
If a user is an admin and this page is protectable but it is not in the database, you will be redirected to the page security settings.
If a user is not admin and visits a page that isn't in the db, they will be told to contact admin.
If a page is public, anyone can visit it.
If it is private and the user is logged out, they will be redirected back to this page after logging in
A person who tries to visit a page for which they do not have permission will be logged in "security logs" in the dashboard
The typical usage for this function is
if (!securePage($_SERVER['PHP_SELF'])){ die();
}
$uri = $_SERVER['REQUEST_URI'];
if (!securePage($uri)) {
// Access denied, redirect or show an error message
Redirect::to($us_url_root.'access-denied.php'); exit();
}
// Page content for authorized users
echo "Welcome to the secure page!";
In the example above, the securePage function is called with the $uri parameter set to the current request URI. It checks if the user has the necessary authentication and permissions to access the page.
If the securePage function returns true, the page content for authorized users is displayed. Otherwise, if it returns false, indicating that access is denied, the user is redirected to the access-denied.php page (you can customize the redirection destination according to your needs).
Note that the securePage function relies on global variables such as $user, $master_account, $us_url_root, and $abs_us_root, which should be properly defined or included before calling the function.