Authenticate Magento Admin Users

Magento’s admin interface allows you to do the vast majority of everything that you would ever want to do to manage your eCommerce website. However, there are times when the rigidity of the framework makes it difficult for developers to appropriately customize a layout.

One of the things that we have done to combat these limitations is to create a new administration section of the website specifically for the use of developers and other advanced administrators of the site. In order to do this as seamlessly as possible, one of the requirements was to enable current admin users to use the same authenticated session across the standard Magento admin and our new custom admin systems.

When looking for the best way to do so, it became obvious that not nearly as many people deal with the admin level session control as do frontend session access control. As a result, here is a snippet of the code that allows you to determine whether the visitor to your custom PHP page has been properly authenticated to your existing Magento admin.

require '../app/Mage.php';
Mage::app('admin');

Mage::getSingleton('core/session', array('name'=>'adminhtml'));

if (!Mage::getSingleton('admin/session')->isLoggedIn()) {
    // Redirect the User to the Login page
} else {
    // Do your stuff
}
comments powered by Disqus

Related Posts

JavaScript Can Have An Interesting Interpretation of Order

There is an interesting little quirk with the way in which JavaScript decides which function it should execute next. You see, while the JavaScript engine has a single thread of execution, it creates the illusion of multiple simultaneous processes running at once by utilizing a queue of functions to execute. This means that every time you make a call to a function in your JavaScript, there is no absolute guarantee that it will be the next piece of code run, as there may have been other events triggered that beat your custom function onto the execution queue.

Read More

Write Bulletproof JavaScript

While display issues have long been the bane of a web developer’s existence, current web development projects tend to have much more client side interactivity, focusing ever more attention on the reliability and resilience of the JavaScript you write to deliver the complete interactive experience. Many things can cause unexpected errors in your carefully crafted code. However, there are a few things that you can do to make sure that your site degrades gracefully and still provides a basic level of functionality when something in the browser goes wrong.

Read More

Magento's preDispatch Observer

One of the decisions that always seems to arise when adding functionality to a Magento website is what the best strategy is for doing so. Should you override the controller or function, edit it in place, or use an observer to listen for a particular event to occur. It just so happens that if you want to make sure that you have some sort of validation logic that runs before a particular controller action is executed, the easiest way to implement it is via a preDispatch observer.

Read More