Magento – password protection

accessSecurity

these days I have deployed a magento instance, but the webshop is not online yet, so I have added an .htaccess password protection to the website which indeed worked fine, but caused problems when my client wanted to upload images for his products.

Is there a way to password protect the whole store for development purposes, using magento-capabilities itself, so that logged in user has full access to the page, but not the public?

I came over this module, but it is unfortunately not compatible with magento 1.8, or I do not know how to install it.

Thanks for help!

Best Answer

You can write a small custom extension that checks if the user has permission to access the site.

Your config.xml would look something like this

<?xml version="1.0"?>
<config>
   <modules>
      <[Namespace]_[Module]>
         <version>1.0.0</version>
      </[Namespace]_[Module]>
   </modules>
   <global>
      <models>
         <[module]>
            <class>[Namespace]_[Module]_Model</class>
         </[module]>
      </models>
      <events>
         <controller_front_init_before>
            <observers>
               <[namespace]_[module]_access_observer>
                  <type>singleton</type>
                  <class>[Namespace]_[Module]_Model_Observer</class>
                  <method>checkAccess</method>
               </[namespace]_[module]_access_observer>
            </observers>
         </controller_front_init_before>
      </events>
   </global>
</config>

And your observer class something like this

class [Namespace]_[Module]_Model_Observer
{
   public function checkAccess()
   {
      $adminurl = (string)Mage::getConfig()->getNode('admin/routers/adminhtml/args/frontName');

      $urlstring = Mage::helper('core/url')->getCurrentUrl();
      $url = Mage::getSingleton('core/url')->parseUrl($urlstring);

      if (strstr($url->path, "/{$adminurl}"))   return $this; // this is the admin section

      // get admin session
      Mage::getSingleton('core/session', array('name' => 'adminhtml'))->start();

      $admin_logged_in = Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn();

      // return to frontend section
      Mage::getSingleton('core/session', array('name' => 'frontend'))->start();

      if (!$admin_logged_in)
      {
         die('No access!');
      }
   }
}

Best Answer

Related Solutions

Magento CE 1.8 Password Storage Security

Community Edition

Enterprise Edition

Advertisement for PBKDF2

Magento – DB user and password

Related Topic