Add custom security check for protected resources on Magento

Assume catalog needs be protected for register customer and there is an url ‘/secure/url’ which need be protected too.

  1. Modify templete ‘page/html/head.phtml’ and add following code

    <?php
        //check security contents
        echo $this->getLayout()->createBlock('core/template')->setTemplate('page/html/security.phtml')->toHtml();
    ?>
  2. Create a new file ‘page/html/security.phtml’ with the following contents

    <?php
        // check security content
        if (("catalog" === Mage::app()->getRequest()->getModuleName()) || (0 === strpos(Mage::app()->getRequest()->getRequestUri(), '/secure/url'))) {
            if (!($this->helper('customer')->isLoggedIn())){
    ?>
                <script type="text/javascript">
                      window.location.href = "<?php echo $this->getUrl('customer/account/login')?>";
                </script>
    <?php
                die();
            }
        }
    ?>

Get request information for test purpose:

<?php
    echo Mage::app()->getRequest()->getModuleName();
    echo "<br />";
    echo Mage::app()->getRequest()->getControllerName();
    echo "<br />";
    echo Mage::app()->getRequest()->getActionName();
    echo "<br />";
    echo Mage::app()->getRequest()->getRequestUri();
    echo "<br />";
?>

reference:

http://stackoverflow.com/questions/16691546/want-to-call-one-phtml-file-in-another-phtml-file-using-anchor-tag

http://stackoverflow.com/questions/8235282/magento-display-request-url

 

Leave a Reply

Your email address will not be published. Required fields are marked *