December 15th, 2008

Magento Admin panel: Adminhtml

Category:Admin Panel | Posted By Mai Erne at 10:00 AM

The Magento Admin panel is controlled by the Adminhtml module. And all Adminhtml pages require validation/authentication.

In fact, Magento has different ways treating GET and POST  admin pages, i.e.: $secretKey vs. ‘form_key’

magento admin panel

(This is a developer’s guide.)

For GET request, we must provide http:// … /id/’secretKey’
For POST request, we must provide ‘form_key’ as a post parameter.

Example for GET:  simple attach to the end of the URL in the block .php, note that the secret key only involves the controller and the action, not the module name.

[codesyntax lang="php" lines="fancy"]

public function getSearchResultGetUrl(){
    //must pass on the key to maintain logged in
    $secretKey = Mage::getSingleton('adminhtml/url')->getSecretKey('adminhtml_search', 'result');
    return Mage::getUrl('pet/adminhtml_search/result/key/'.$secretKey);
}

[/codesyntax]

Example for POST: prepare the form key in the block .php

[codesyntax lang="php" lines="fancy"]

public function getSearchResultPostUrl(){
    return Mage::getUrl('pet/adminhtml_search/result');
}

public function getSearchResultPostFormKey(){
    return Mage::getSingleton('core/session')->getFormKey();
}

[/codesyntax]

Then we need to add ‘form_key’ to the form in .phtml file, :

[codesyntax lang="php" lines="fancy"]

<div><input name="form_key" type="hidden" value="<?php echo $this->getSearchResultPostFormKey()?>" /></div>

[/codesyntax]

PS: Mage::getUrl(‘admin/…’) will, in many cases, remove ‘admin’ from the output. To avoid changing the output, a work-around would be:

[codesyntax lang="php" lines="fancy"]

Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_LINK).'admin/...'

[/codesyntax]

No Comments for Current Post.

Comments are closed.