If I want to have the entire application protected, that's one change in the config file.
In most web apps I have a standard "include" file. If I want the check applied to all pages, I simply put it there.
Or perhaps every page that has the word "secure" in the URI.
\n // standard header file\n ....\n if (contains(selfURI, 'secure')) {\n performCheckFoo(...)\n }\n