I'm trying to build some CRM tools that send emails to my sales guys and link back to pages inside the Magento Admin. I've been building the URLS like this:
Mage::getUrl('*/quotes/edit', array('id'=>$quote->getQuoteId(), '_current'=>true))
The problem is it only sends them to the dashboard. I'm assuming it is because the setting for "_current" is changed when they login, thus invalidating the link and sending them to the default page. Any ideas on how I could make a link into the Admin that doesn't include the session in the url?
I came up with the following that turns off the secret key based on the action name:
public function preDispatch()
{
if ($this->getRequest()->getActionName() == 'update') Mage::getSingleton('adminhtml/url')->turnOffSecretKey();
parent::preDispatch();
}
Tested in ver 1.6.2.0. Paste that in your controller, don't forget to change the action name 'update' to yours or remove the if statement to effect for all actions within your controller.
Disabling secret key from admin URLs should solve your problem.
To disable secret key from admin URLs:-
Login to admin
Go to System -> Configuration -> ADVANCED -> Admin -> Security -> Add Secret Key to URLs
Select No
Save Config
Related
I have 2 laravel projects, 1 for the front end where i m using html css angularjs. The second for api controllers. I call using http post and get the api controllers functions using angularjs to get content data.
In the front end i have a menu this menu appears differently based on user role, if admin or no.
This is done. My problem is the access for views using the url in the browser.
So I have a query where I get for each user what modules in the menu can he see. Now I'm putting the result in Laravel session.
$menu = DB::select menu by user id ... //Getting menu query based on user if admin or no
session(["menu" => $menu);
return session('menu');
I'm getting the results and the menu is showing good in the website based on the logged user if he s admin or no.
Now, to solve the direct url access issue, I want to use this session and compare the url to this session, if the url exists in the session i will let him access, if no i will redirect him to somewhere.
any idea?
I would strongly suggest looking at the Laravel documentation on Authorization before going too far down a custom implementation:
https://laravel.com/docs/5.1/authorization
Without knowing more about how your front-end and back-end applications interact with each other, it is a little difficult to get into speciifics but i shall do my best.
Each page returned by Laravel has access to a Request object which contains information about the request which returned the page. You can access this Request and its assocaited Route using Laravels helper functions (if you are not passing it to the view already). The getPrefix() method will return the root relative url which you can then use as you see fit. For example:
// Return and store the URL as a string
$url = request()->route()->getPrefix();
// Check your session for the URL/s you want to allow and compare to the stored URL
if (session()->get('URL') == $url) {
// User is allowed access to the page
// Do something ...
} else {
// User is not allowed access to this page
// Redirect back or to a route of your choice
return redirect()->back();
}
I hope this gives you some ideas, good luck!
My joomla is 3.3.6. Just installed. All php configuration are as it's required.
I have create a new Group at backend:
https://www.evernote.com/shard/s396/sh/ ... 2973ff37f1
After i did that, i turned the "New User Registration Group" at Users Configuration (tab component) to my new Group "Volunteer":
https://www.evernote.com/shard/s396/sh/ ... 0843e0d80b
Then, in Frontend i registered a new user as usual with the register form. Here you can see is saved at backend as a user in the Volunteer Group: [dont have 10 point of rep] imagin the picture
Now i go to my login in my frontend, i do the login with my user and pass and i got this:
[dont have 10 point of rep] imagin the picture
Does anyone know why the system is throwing me this Warning:
??? I really appreciate the help.
Thnaks All
It means the page that it redirects to after logging in is for "Registered" users (users in the Registered user group), not Volunteers.
I have fresh installed magento 1.8.1.0 on localhost with wamp server. Everything has been installed correctly but when i login into the login page with correct username and password it opens the same login page and not get into dashboard page.
I had read a lot of threads saying to make changes in variens.php by opening Go to app/code/core/Mage/Core/Model/Session/Abstract/Varien.php file within your magento directory.
When i open app/code/core/ i can't find mage folder in core folder.
Please help how can i fix it?
thank you
kamaldeep singh
I don't have the folder mage inside the app/code/core. But i read some thread and made changes using 127.0.0.1/mymagento/index.php/admin in address bar by editing my C:/Windows/system32/drivers/etc/hosts it went to dashboard page
And appears error on dashboard
Fatal error: Maximum function nesting level of '100' reached, aborting! in C:\wamp\www\mymagento\lib\internal\Magento\Framework\Code\Reader\ClassReader.php on line 77
i checked classReader.php on line 77 but there is no line related to nesting level to edit.
When i refresh the dashboard page it opens the login page. when i try to login with correct username and password it opens the same login page and no error like invalid username or password.
If you don't have the Mage folder inside app/code/core your website should not work at all. That folder is essential to run Magento. Check again.
About your problem, do you get any error (wrong username, password, etc.)?
Do you mean a customer cant login, or you cant log into the backend, there is an existing issue with customer login depending on the version of magento you might be using.
find : app/design/frontend/(themepackage(/(theme)/template/customer/form/login.phtml
under
<ul class=”form-list”>
paste in
<input type=”hidden” name=”form_key” value=”<? echo Mage::getSingleton(‘core/session’)->getFormKey(); ?>” />
And in app/design/frontend/(themepackage(/(theme)/template/persistent/customer/form/login.phtml
Apply the same changes.
Clear cache.
Customers should then be able to login.
Resource
Does it says that username or password is wrong or only refreshes the page without any error messages? If there are no errors then try to delete cookies for your host and then login again. Usually it helps.
Are you using chrome? If so, try Firefox. Another option might be to use 127.0.0.1/... instead of localhost/...
In your magento installed folder, go to app/code/core/Mage/Core/Model/Session/Abstract/Varien.php And comment out the lines 96 to 112 in v1.9. Lines may differ due to version. Look for lines that looks like this below:
// session cookie params
/** $cookieParams = array(
'lifetime' => $cookie->getLifetime(),
'path' => $cookie->getPath(),
'domain' => $cookie->getConfigDomain(),
'secure' => $cookie->isSecure(),
'httponly' => $cookie->getHttponly()
);
if (!$cookieParams['httponly']) {
unset($cookieParams['httponly']);
if (!$cookieParams['secure']) {
unset($cookieParams['secure']);
if (!$cookieParams['domain']) {
unset($cookieParams['domain']);
}
}
}
**/
Have fun :)
If you have this problem on non FireFox browser(s), use FireFox to execute this action below and try login in with your non FireFox browser(s) again to confirm. I had this issue with Chrome.
Go to System > Configuration > Web > Session Cookie Management. And change Use HTTP Only from YES to NO.
I've got a websoftware done with Grails that uses request maps from Spring Security.
I am using them for security reasons, so that the user can't access admin areas but also it's used for our business model. We've got two different user roles. One is premium and one is premium plus, while PREMIUM_PLUS > PREMIUM.
The premium plus user can access some more pages than the premium user can. If a premium user wants to access a page that can only get called by a premium plus user, there will be a error like 'no access', but I want a custom message like 'Upgrade now to premium plus'.
I could easily edit the template for all request maps errors but there are also some restricted pages nobody should see where a message like 'no access' is perfect for.
Is there any possibility to do this with two different error pages?
Thank you.
The LoginController have the action denied that shows the denied.gsp. You can customize your controller action to check if you need to display the upgrade page or the denied page.
class LoginController {
def denied() {
if (springSecurityService.isLoggedIn() &&
authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
// have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
redirect action: 'full', params: params
} else {
//implement a method checking whatever you need to define that will display the upgrade
if(mustShowUpgrade()) {
render view: 'upgrade'
}
}
}
}
I have the following controller action, which redirects to the login page if no user is logged in:
public function requireloginAction() {
if(!Mage::getSingleton('customer/session')->isLoggedIn()) {
// Not logged in
// Save requested URL for later redirection
Mage::getSingleton('customer/session')->setBeforeAuthUrl($this->getRequest()->getRequestUri());
header("Status: 301");
header('Location: '.Mage::helper('customer')->getLoginUrl()); // send to the login page
}
else {
// Logged in
.. do something ..
}
}
By using setBeforeAuthUrl, once the user logs in he/she is redirected back to this action.
Problem:
If instead of logging in, the user, creates an account he/she is then redirected to the main page, rather then to the url set in setBeforeAuthUrl.
Question:
Is there something similar to setBeforeAuthUrl that works with Account Creation too? Or how can I achieve the desired effect?
(Magento Version 1.6)
You can try using the following extension. http://www.magentocommerce.com/magento-connect/MagePsycho/extension/3763/custom_login_redirect
Or you can also open app/code/core/Mage/Customer/controllers/AccountController.php and look for the createPostAction() function around line 328 edit:
$url = $this->_welcomeCustomer($customer);
$this->_redirectSuccess($url);
to
$url = 'http://www.mycustomrediurecturl.com';
$this->_redirectSuccess($url);
If you want to do it the nice way override the controller add configuration options and make it a module :)
Cheers
Found solution.
First of all, setBeforeAuthUrl($url) does work for both "Log In" and "New Account Creation"!
The main difference (and the reason I had the problem) is that for a "New Account Creation" Magento checks if $url is within the domain name of the current store and if it is not, it redirects to the "My Account" page. While the redirection for "Log In" redirects to any $url.
I do not know if this is a bug or a feature (I'm using V1.6.0.0).
So just make sure to redirect to a url within the domain name of the current store - especially in a Multi Store configuration.