Add custom security check for protected resources on Magento
Assume catalog needs be protected for register customer and there is an url ‘/secure/url’ which need be protected too.
- Modify templete ‘page/html/head.phtml’ and add following code
<?php
//check security contents
echo $this->getLayout()->createBlock('core/template')->setTemplate('page/html/security.phtml')->toHtml();
?>
- Create a new file ‘page/html/security.phtml’ with the following contents
<?php
// check security content
if (("catalog" === Mage::app()->getRequest()->getModuleName()) || (0 === strpos(Mage::app()->getRequest()->getRequestUri(), '/secure/url'))) {
if (!($this->helper('customer')->isLoggedIn())){
?>
<script type="text/javascript">
window.location.href = "<?php echo $this->getUrl('customer/account/login')?>";
</script>
<?php
die();
}
}
?>
Get request information for test purpose:
<?php
echo Mage::app()->getRequest()->getModuleName();
echo "<br />";
echo Mage::app()->getRequest()->getControllerName();
echo "<br />";
echo Mage::app()->getRequest()->getActionName();
echo "<br />";
echo Mage::app()->getRequest()->getRequestUri();
echo "<br />";
?>
reference:
http://stackoverflow.com/questions/16691546/want-to-call-one-phtml-file-in-another-phtml-file-using-anchor-tag
http://stackoverflow.com/questions/8235282/magento-display-request-url
Written on October 24, 2016