Monthly Archives: December 2008

  • The Magento Admin panel is controlled by the Adminhtml module. And all Adminhtml pages require validation/authentication.

    In fact, Magento has different ways treating GET and POST  admin pages, i.e.: $secretKey vs. 'form_key'

    magento admin panel

    (This is a developer's guide.)

    For GET request, we must provide http:// ... /id/'secretKey'
    For POST request, we must provide 'form_key' as a post parameter.

    Example for GET:  simple attach to the end of the URL in the block .php, note that the secret key only involves the controller and the action, not the module name.

    public function getSearchResultGetUrl(){
        //must pass on the key to maintain logged in
        $secretKey = Mage::getSingleton('adminhtml/url')->getSecretKey('adminhtml_search', 'result');
        return Mage::getUrl('pet/adminhtml_search/result/key/'.$secretKey);


    Continue reading

1 Item(s)

Back to top