I have more joomla pages, and i must work at the same time on more admin. panels, so i have created a page where i load pages in iframe, but joomla admin. area is protected from iframe, know someone how can i deactivate this protection?
If i try to open in iframe:www.mypage.com/administrator then i will be redirected to normal page.
I have tried to create new admin template, without any scripts but protection is yet here, i can't found anything with keyword "iframe" or something...
you are looking for the noframes behavior, the com_login view loads
JHtml::_('behavior.noframes');
which ends up calling the noFrames function in the JHtmlBehavior class (libraries/joomla/html/behavior.php)
which loads
$js = "window.addEvent('domready', function () {
if (top == self) {
document.documentElement.style.display = 'block';
}" .
" else {top.location = self.location; }
});";
basically telling the window to change location, so either change how noFrames works or remvoe the JHtml::_('behavior.noframes') call
But note that you shouldnt mod core files as they will get overwritten on updates that need to update that file.
Related
In Magento EE I need to redirect customers depending Origin country, browser lang and previous preference set in a cookie.
I have huge problems making it work with FPC.
I tryed to observe the controller_action_predispatch event, but FPC somehow caches my redirect instruction and customer is not redirected.
I then tried another solution: extending the run() method in Mage_Core_Model_App in order to perform operations before FPC starts to work.
Unfortunately, I don't know why, inside this method you can't access Mage::getModel(), Mage::helper(), Mage::getConfig() ecc
Can you help me please?
Thank you
I've recently been through exactly the same pain. You are on the right track;
controller_action_predispatch
Is the correct event to observe, and you can use this quite happily if you are redirecting to a category or product page with FPC enabled. The problem is the home page - which is a cms page. The cms page cache does not fire controller_action_predispatch. I got around this by adding this to my observer;
public function switchUser($event)
{
// CMS page bug, disable FPC to still use observer
$action = $event->getEvent()->getControllerAction();
if($action instanceof Mage_Cms_IndexController) {
$cache = Mage::app()->getCacheInstance();
$cache->banUse('full_page');
}
// do the rest of your code here
}
The blocks within the cms page will still cache so the page is still nippy, though obviously not as fast as it would be with full FPC enabled. Its a sound trade off in my opinion.
I am trying to set a CMS homepage via a theme's local.xml layout update file in the <cms_index_index> node. I swear I've seen functions to change the store configuration temporarily within a layout node (but maybe I dreamt it), but I'm having trouble finding the layout function in classes like Mage_Core_Block_Abstract and its children classes.
For reference, I've checked in Mage_Cms_IndexController and found the function which renders the homepage:
public function indexAction($coreRoute = null)
{
$pageId = Mage::getStoreConfig(Mage_Cms_Helper_Page::XML_PATH_HOME_PAGE);
if (!Mage::helper('cms/page')->renderPage($this, $pageId)) {
$this->_forward('defaultIndex');
}
}
Or, am I doing this completely the wrong way? What would be best practice for a problem like this? I do not want to add a store view for the new theme, as the new theme is for mobile platforms and requires the same settings from the store view. Thanks guys!
This is not possible. The layout configuration is not invoked until after checks occur to see if there is a valid page which has been specified; because these checks fail, the Default router will match and (by default) the application will display the 404 page.
I have an extension which should give the users (logged in as an Admin in the magento backend) the ability to change some configs in the frontend area. I want to have a link in the frontend which loads the config area via ajax and gives the user the possibility to edit&save this config in the loaded div. I want to use the magento backend forms for this so i don't have to code the forms myself.
My current approach has the link on the pages and loads via ajax the correct backend page (e.g. System > Configuration > Design). For this approach I created a Controller which extends the Mage_Adminhtml_Controller_Action. This Controller get the params from the ajax request and uses an action (like the editAction of the class Mage_Adminhtml_System_ConfigController) to get the right config page in the backend.
My Problems are:
- showing only the correct Area (I just want the user to edit only the section "themes" under System > Configuration > Design) everything else should be not available... so how to remove all the information around this config section?
The form needs the JS-variable Form_Key. How to get the current Form_Key (in the frontend)?
After the ajax has loaded the content the form doesnt get initialized correctly. So if I'm trying to submit the form my firebug says "JS-Error: configForm is not defined". How to solve this form initialising ? Any ideas?
I really hope anybody here can give me a hint how to solve this problems to get the backend config work in the frontend.
This is untested, but it should be enough to get you on the right track:
Output only a specific block
In the frontend most blocks are instantiated via layout XML. In the adminhtml area this is different, so you need to work with PHP instantiation much more.
In your AJAX action I assume you are currently calling loadLayout() and renderLayout().
To only output a specific section use this instead:
public function yourAjaxAction()
{
// assuming the required config section is set in the AJAX request
$sectionCode = $this->getRequest()->getParam('section');
$sections = Mage::getSingleton('adminhtml/config')->getSections();
$blockName = (string)$sections->frontend_model;
if (empty($blockName)) {
$blockName = Mage_Adminhtml_Block_System_Config_Edit::DEFAULT_SECTION_BLOCK;
}
$block = $this->getLayout()->createBlock($blockName)->initForm();
// Set the AJAX response content
$this->getResponse()->setBody($block->toHtml());
}
The form key
The form key can be fetched via
Mage::getSingleton('core/session')->getFormKey()
It must be present in the form posted back to the server. You can use the following code to create a HTML hidden field with the formkey:
// If loadLayout() was called:
$formkeyHtml = Mage::app()->getLayout()->getBlock('formkey')->toHtml();
// If working without layout XML:
$formkeyHtml = Mage::app()->getLayout()->createBlock('core/template', 'formkey')
->setTemplate('formkey.phtml') // adminhtml theme formkey
//->setTemplate('core/formkey.phtml') // frontend theme formkey
->toHtml();
Add configForm JavaScript
The configForm variable is an JS varienForm object of the DOM element containing the config fields.
It is instantiated using:
// config_edit_form is the CSS id
configForm = new varienForm('config_edit_form');
The varienForm declaration is in the file js/varien/form.js.
There also is some additional javascript used by the system configuration. Magento always adds in these blocks to set up the system config JS environment:
Mage::app()->getLayout()->getBlock('js')->append(
$this->getLayout()->createBlock('adminhtml/template')
->setTemplate('system/shipping/ups.phtml')
);
Mage::app()->getLayout()->getBlock('js')->append(
$this->getLayout()->createBlock('adminhtml/template')
->setTemplate('system/config/js.phtml')
);
Mage::app()->getLayout()->getBlock('js')->append(
$this->getLayout()->createBlock('adminhtml/template')
->setTemplate('system/config/applicable_country.phtml')
);
I hope that gets you started.
I am using Membership Authentication in an MVC3 webapp. I make heavy use of jQuery and loading partial views inside divs and tabs. My problem is when the user has been inactive and is logged out and then he tries to call an Action inside a Controller which loads a partial view inside a div or tab, the entire page with the LogOn view is loaded inside the div, wrecking my layout.
The redirection is done correctly, and is the desired effect, however I would like the LogOn page to load on the window, rather than on a div in the current view. Does anyone knows how to accomplish this?
Is it clear what I want and whats wrong?
Thank you.
The combination of authenticated calls and Ajax is always a problem, because Ajax doesn't properly handle the redirect.
I prefer not to the the Authorize attribute on Ajax-called controller actions, but to check for the user being authenticated inside the method and returning a specific HTTP response (such as HTTP403 Unauthorised). Using an error handler in your client-side script, you can test for this response and redirect to the login page by setting window.location.
Just fixed my problem with a little script. Its not the best solution, and I am not totally comfortable with it, but at least it solves my problem in a very simple way.
In case anyone is interested, here its what I did, I added this snippet of code at the beginning of my Log on page:
<script type="text/javascript">
function funcName() {
var str = window.location.href;
var num = loc.indexOf('#Url.Action("Action", "Controller", new { area = "" })');
if (num < 0) {
window.location = '#Url.Action("Action", "Controller", new { area = "" })';
}
}
relocate();
</script>
This way if the login page loads inside some div and not on the window, it relocates to the actual login page.
This is probably going to get a resounding no, but I am wondering if it possible to have the URl change dynamically with using hashing, and without invoking a http request from the browser?
My client is keen on using AJAX for main navigation. This is fine, when the end user goes to the front page first, but when they want to use the deep linking, despite it working, it forces an extra load time as the page loads the front page, then invokes the AJAX from the hash.
UPDATE: Could it be possible, given that what I want to avoid is the page reload (the reason is that it looks bad) to stem the reload by catching the hash with PHP before the headers are sent, and redirecting before the page load. This way only one page loads, and the redirect is all but invisible to the user. Not sure how to do this, but seems like it is possible?
Yes, this is possible. I often do this to store state in the hash part of the URL. The result is that the page doesn't reload, but if the user does reload, they're taken to the right page.
Using this method, the URL will look like: "/index#page=home" or "/index#page=about"
You'll need to write a JavaScript function that handles navigation, and you'll need a containing div that gets rewritten with the contents fetched from AJAX.
Home
About
Questions
<div id="content"></div>
<script type="text/javascript">
function link(page) {
location.hash = "page="+page;
loadPage(page);
}
// NOTE: This is using MooTools. Use the AJAX method in whatever
// JavaScript framework you're using.
function loadPage(page) {
new Request.HTML({
url: "/ajax/"+page+".html",
onSuccess: function(tree, elements, html) {
document.id('content').setProperty('html', html);
}
}).get();
}
</script>
Now, you'll also need to have something that checks the hash on page load to load the right content initially. Again, this is using MooTools, but use whatever onLoad method your JavaScript framework provides.
<script type="text/javascript">
document.addEvent('domready', function() {
parts = location.hash.split('=');
loadPage(parts[1]);
}
</script>
Ok, the problem is that opening an AJAX link of the form http://example.com/#xyz results in a full page being downloaded to the browser, and then the AJAX-altered content is changed once the page has loaded and checked the hash part of its URL. The user has a diconcerting experience.
You can hugely improve this by making a page that just contains the static elements - menus, etc. - and a loading GIF in the content area. This page checks its URL upon loading and dynamically fetches the content specified by the hash part. The page can have any URL you want; we'll use http://example.com/a. Links to this page (http://example.com/a#xyz) now provide a good user experience for users with scripting enabled.
However, new users won't come to the site by fetching http://example.com/a; they'll fetch http://example.com. This is fine - serve the full page, including the home page content and links that don't require scripting to work (e.g., http://example.com/xyz). A script run on loading this page should alter the href of AJAXable links to their AJAX form (http://example.com/a#xyz); thus the first link a user clicks on will result in a full page load but subsequent ones won't.
The only remaining problem is is a no-script user gets sent an AJAX link. You can add a noscript block to the AJAX page that contains a message explaining the problem and provides a link back to the homepage; you could include instructions on how to enable scripting or even how to modify the link by removing a# and pressing enter.
It's not a great answer, but you can offer a different link in the page itself; e.g., if the address bar shows /#xyz you include a link to /xyz somewhere in the page. You could also add a link or button that uses script to bookmark the page, which would again use the non-AJAX form of the link.