securePage (function)

Last updated: Fri, May 26, 2023 10:00 am
Return to Knowledgebase


The securePage function in UserSpice is used to secure pages by restricting access based on user authentication and permissions. It verifies if a page should be accessible or if the user should be redirected to a login page or denied access.




# Parameter Data Type Required Description
1 $uri string Yes The URI of the page to secure.


Data Type Description of Returned Data
bool The function returns a boolean value. true indicates that the page is accessible, and false indicates that access is denied.


if (!securePage($_SERVER['PHP_SELF'])){die();}

Further Documentation:

This is the core UserSpice function that determines if someone is allowed to visit a page.
In order for this to function properly, several things must be true
1. The page should end in a .php extension.
2. The page should have the init file required before securePage is called
3. The page must be in the database. It should be added automatically assuming that UserSpice is set to monitor that folder.

If a user is in the $master_account array (defined in init.php) this will always return true.
If a user has been banned, this will always return false.
If a user is an admin and this page is protectable but it is not in the database, you will be redirected to the page security settings.
If a user is not admin and visits a page that isn't in the db, they will be told to contact admin.
If a page is public, anyone can visit it.
If it is private and the user is logged out, they will be redirected back to this page after logging in
A person who tries to visit a page for which they do not have permission will be logged in "security logs" in the dashboard

The typical usage for this function is

if (!securePage($_SERVER['PHP_SELF'])){


if (!securePage($uri)) {
// Access denied, redirect or show an error message

// Page content for authorized users
echo "Welcome to the secure page!";
In the example above, the securePage function is called with the $uri parameter set to the current request URI. It checks if the user has the necessary authentication and permissions to access the page.

If the securePage function returns true, the page content for authorized users is displayed. Otherwise, if it returns false, indicating that access is denied, the user is redirected to the access-denied.php page (you can customize the redirection destination according to your needs).

Note that the securePage function relies on global variables such as $user, $master_account, $us_url_root, and $abs_us_root, which should be properly defined or included before calling the function.