Magento Admin panel: Adminhtml

The Magento Admin panel is controlled by the Adminhtml module. And all Adminhtml pages require validation/authentication.

In fact, Magento has different ways treating GET and POST  admin pages, i.e.: $secretKey vs. ‘form_key’

magento admin panel

(This is a developer’s guide.)

For GET request, we must provide http:// … /id/’secretKey’
For POST request, we must provide ‘form_key’ as a post parameter.

Example for GET:  simple attach to the end of the URL in the block .php, note that the secret key only involves the controller and the action, not the module name.

[codesyntax lang=”php” lines=”fancy”]

public function getSearchResultGetUrl(){
    //must pass on the key to maintain logged in
    $secretKey = Mage::getSingleton('adminhtml/url')->getSecretKey('adminhtml_search', 'result');
    return Mage::getUrl('pet/adminhtml_search/result/key/'.$secretKey);
}

[/codesyntax]

Continue reading “Magento Admin panel: Adminhtml”