Magento Admin panel: Adminhtml
The Magento Admin panel is controlled by the Adminhtml module. And all Adminhtml pages require validation/authentication.
In fact, Magento has different ways treating GET and POST admin pages, i.e.: $secretKey vs. ‘form_key’
(This is a developer’s guide.)
For GET request, we must provide http:// … /id/’secretKey’
For POST request, we must provide ‘form_key’ as a post parameter.
Example for GET: simple attach to the end of the URL in the block .php, note that the secret key only involves the controller and the action, not the module name.
[codesyntax lang=”php” lines=”fancy”]
public function getSearchResultGetUrl(){
//must pass on the key to maintain logged in
$secretKey = Mage::getSingleton('adminhtml/url')->getSecretKey('adminhtml_search', 'result');
return Mage::getUrl('pet/adminhtml_search/result/key/'.$secretKey);
}
[/codesyntax]
Example for POST: prepare the form key in the block .php
[codesyntax lang=”php” lines=”fancy”]
public function getSearchResultPostUrl(){
return Mage::getUrl('pet/adminhtml_search/result');
}
public function getSearchResultPostFormKey(){
return Mage::getSingleton('core/session')->getFormKey();
}
[/codesyntax]
Then we need to add ‘form_key’ to the form in .phtml file, :
[codesyntax lang=”php” lines=”fancy”]
<div><input name="form_key" type="hidden" value="<?php echo $this->getSearchResultPostFormKey()?>" /></div>
[/codesyntax]
PS: Mage::getUrl(‘admin/…’) will, in many cases, remove ‘admin’ from the output. To avoid changing the output, a work-around would be:
[codesyntax lang=”php” lines=”fancy”]
Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_LINK).'admin/...'
[/codesyntax]