Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Page 1 of 3
Require Login
 
bsboard
Jr. Member
 
Total Posts:  15
Joined:  2008-03-18
 

I am going to be utilizing magento for a B2B order management. There are a couple changes I need, and I would appreciate some direction on .

1) The site should not be browsable unless you are logged in. What I would like to do is have every page (including homepage) display the ‘login’ screen if they are not logged in. I have looked at “Mage::getSingleton(’customer/session’)->isLoggedIn()” but don’t know where to place it.

2) I need to remove payment processing from checkout. Basically, I need to remove the “Shipping” and “Payment” steps of the checkout process.

Any help, hints, suggestions will be GREATLY appreciated, as I’m still trying to figure out how this framework works.

Thanks

 
Magento Community Magento Community
Magento Community
Magento Community
 
bsboard
Jr. Member
 
Total Posts:  15
Joined:  2008-03-18
 

Ok, so I still would like some input on this. I found a way to get it working, but it isn’t very pretty, and i’m pretty certain there is a better way. The following is what the try block of the ‘run’ function in mage.php contains:

Varien_Profiler::start('app');
self::loadRequiredExtensions();
self::app($code$type$etcDir);

if(
self::getSingleton('customer/session')->isLoggedIn() || self::app()->getRequest()->getRequestUri() == '/ordernet/customer/account/login/')
{
     self
::app()->getFrontController()->dispatch();
     
Varien_Profiler::stop('app');
}
else
{
     header
('location:'.self::getUrl('customer/account/login'));
}
It works, but I don’t like that I have to have hard-coded the path to the login page (/ordernet/customer/account/login). Is there any way to get the install directory of magento, so I can do something like $installDir . ‘/customer/account/login/’ ??

Any other comments about this setup would be much appreciated

 
Magento Community Magento Community
Magento Community
Magento Community
 
bsboard
Jr. Member
 
Total Posts:  15
Joined:  2008-03-18
 

...and this is why I think there has got to be a better way. The code is getting more and more ugly, as I am finding new URL’s that need special cases.

1. Posting the login form goes to a separate url
2. Admin login page shouldn’t require you to be logged in as member
3. all admin pages are under ‘index.php/admin’ instead of just ‘/admin’ like the login page.

So now so far I have:

if(self::getSingleton('customer/session')->isLoggedIn() 
               || 
self::app()->getRequest()->getRequestUri() == '/ordernet/customer/account/login/'
               
|| self::app()->getRequest()->getRequestUri() == '/ordernet/customer/account/loginPost/'
               
|| (strpos(self::app()->getRequest()->getRequestUri(),'/ordernet/admin') !== FALSE)
               || (
strpos(self::app()->getRequest()->getRequestUri(),'/ordernet/index.php/admin') !== FALSE))

Adding these values introduced a small security threat. Under this scenario it is possible to see the site using a querystring variable which contains a white-listed admin url. (For example, appending ‘?/ordernet/admin’ to any page). So now I need to perform additional checks on the url (perhaps removing the querystring before the strpos check, or checking that the result of strpos is zero [so the substring is at the beginning])

I may find more problems as I go…

 
Magento Community Magento Community
Magento Community
Magento Community
 
CreedFeed
Member
 
Total Posts:  74
Joined:  2007-08-31
Milwaukee, WI
 

Wow, thanks for the above code. I’ve implemented this in my application and it does seem to work, although it is a bit sloppy as you mention in your post.

One thing I do not like about this is that it requires the editing of a core file (Mage.php). Is there any way to check if a customer is logged in directly in the index.php file?

For my application, I am building two storefronts, one for retail and one for wholesale. I’ve created a second store with a code of “wholesale” so I modified your above code snippets by putting an if ($code == ‘wholesale’) around your code and leaving the original code in for the else statement (corresponding to my if). This way anyone can use the retail store but you must login to see the wholesale store.

If something similar to this could be done in the index.php to check for a login that would be a much smoother solution so as to not edit core files. Any ideas?

 
Magento Community Magento Community
Magento Community
Magento Community
 
x3graphics
Jr. Member
 
Total Posts:  17
Joined:  2007-11-20
Calabasas, CA
 

I needed to do the same thing so I ended up modifying the template files (template/page/1column.phtml) I added the following code to the 4 files:

<body <?php echo $this->getBodyClass()?'class="'.$this->getBodyClass().'"':'' ?>>

<!-- 
Login Block -->
        
<?php
            
if (Mage::app()->isInstalled() && !Mage::getSingleton('customer/session')->isLoggedIn()) {
                ?>
                
<form action="/magento/index.php/customer/account/loginPost/" method="post" id="login-form">
                <
div id="b2bloginblock">
                        <
div class="registered-users">
        <
div class="content">
            <
h4><?php echo $this->__('Business 2 Business'?></h4>
            <
p><?php echo $this->__('If you have an account with us, please log in. If you would like an account to access the B2B site please contact us at wholesale@example.com.'?></p>
            <
ul class="form-list">
                    <
li>
                        <
label for="email"><?php echo $this->__('Email Address'?> <span class="required">*</span></label><br/>
                        <
input name="login[username]" value="<?php echo $this->htmlEscape($this->getUsername()) ?>" title="<?php echo $this->__('Email Address') ?>" id="email" type="text" class="input-text required-entry" style="width:250px;"/>
                    </
li>
                    <
li>
                        <
label for="pass"><?php echo $this->__('Password'?> <span class="required">*</span></label><br/>
                        <
input name="login[password]" type="password" class="input-text required-entry validate-password" id="pass" style="width:250px;"/>
                    </
li>
                </
ul>
                <
class="required"><?php echo $this->__('* Required Fields'?></p>
    </
div>
    <
div class="button-set">
        
        <
button class="form-button" type="submit" name="send" id="send2"><span><?php echo $this->__('Login'?></span></button>
    </
div>
</
div>
                </
div>
                </
form>
                <
script type="text/javascript">
    var 
dataForm = new VarienForm('login-form'true);
</script>

<?php
                }else{
                    
    
        ?>
        
<div class="wrapper">

and before the closing </html> I added:

<?php echo $this->getChildHtml('before_body_end'?>
        <?php
                    }
    
        ?>
        
<!--End -->
    </
body>

I really don’t know how secure this is but it has worked for me so far.

 
Magento Community Magento Community
Magento Community
Magento Community
 
JpSp
Jr. Member
 
Avatar
Total Posts:  4
Joined:  2008-04-29
Portugal
 

Hello Magento users and developers,

I am a Magento user with Zero experience in PHP or any other code language. and i have read in this post that is possible to hide the Price on storefront, or make the users to loggin the site before they are able to see the products and the information associated with that product.

My business its B2B and its extremely important that the prices doesn’t appear on guest users. Theres anyone that can help me doing that. I have the lastest version of Magento with the default theme.

I think that it is possible to hide the price by changing the theme, or changing the code in a php file in the theme. I know that isn’t the best solution for security purposes but for me thats enough.

thanks for you help and support. Lets enlarge the magento comunity rapidly.

João Pedro Paiva
Portugal

 
Magento Community Magento Community
Magento Community
Magento Community
 
alistek
Sr. Member
 
Total Posts:  293
Joined:  2008-04-02
Normal, IL
 

Take a look at this post:

http://www.magentocommerce.com/boards/viewthread/9172/

-Adam

 
Magento Community Magento Community
Magento Community
Magento Community
 
JoshBelke
Member
 
Total Posts:  64
Joined:  2008-02-12
NY, NY
 

@alistek,
1) thats only price block, not the content.
2) now that magento is 1.X you dont want to be fooling with the Mage Core.(Template Files / Layout files)

He should be altering the Template Files to check to see if the user isloggedin.
JpSP unfortunately, its going to take some time to get what you want accomplished.

 
Magento Community Magento Community
Magento Community
Magento Community
 
LeeSaferite
Guru
 
Avatar
Total Posts:  322
Joined:  2007-08-31
Lake City, FL
 

One possibility would be to override the core/url_rewrite model, extend Mage_Core_Model_Rewrite and put your code in the overridden rewrite() method.  Hackish, but might work.  Would be better if Magento had a pair of events surrounding routing.

 
Magento Community Magento Community
Magento Community
Magento Community
 
cozmir
Jr. Member
 
Total Posts:  13
Joined:  2008-09-04
 

Has there ever been a consensus reached on the best way to achieve a login prior to allowing access to the catalog (or sections of the catalog)?

 
Magento Community Magento Community
Magento Community
Magento Community
 
sherrie
Moderator
 
Avatar
Total Posts:  1655
Joined:  2007-12-14
Waterloo, ON
 

I believe there is a community extension for this now.

 
Magento Community Magento Community
Magento Community
Magento Community
 
charvan
Jr. Member
 
Total Posts:  9
Joined:  2007-11-01
 

Sherrie,

Could not locate such an extension.  Do you have a link please?

 
Magento Community Magento Community
Magento Community
Magento Community
 
SeL_
Magento Team
 
Avatar
Total Posts:  1140
Joined:  2007-10-10
Paris, France
 

Found it:
http://www.magentocommerce.com/extension/490

 
Magento Community Magento Community
Magento Community
Magento Community
 
drbyday
Jr. Member
 
Total Posts:  2
Joined:  2009-03-16
 
SeL - 12 November 2008 05:34 AM

Found it:
http://www.magentocommerce.com/extension/490

That extension is catalogue only. Does anyone have a solution for force the login for the entire site. The above code works but there is no registration?

Any help?

 
Magento Community Magento Community
Magento Community
Magento Community
 
bravehartk2
Member
 
Avatar
Total Posts:  34
Joined:  2008-08-14
 

Hi!

In Magento 1.3.1 the following works for me:

I have created a new Module and with a observer that listens to all forntend events of the type (controller_front_init_before). That means every time a when the front controler is triggert, my own observer is called:

<?xml version="1.0"?>
<config>
    <global>
        <
models>
            <
lichtflutloginonly>
                <class>
Lichtflut_Loginonly_Model</class>
            </
lichtflutloginonly>    
        </
models>
        <
events>
            <
controller_front_init_before>
                <
observers>
                    <
lichtflut_loginonly_observer>
                        <
type>singleton</type>
                        <class>
Lichtflut_Loginonly_Model_Observer</class>
                        <
method>checklogin</method>
                    </
lichtflut_loginonly_observer>
                </
observers>
            </
controller_front_init_before>
        </
events>
    </global>
</
config>

and in the Observer I check the login state and if it is one of the login-relevant pages. If not I redirect to Loginpage!

<?php
    
class Lichtflut_Loginonly_Model_Observer{        
        
public function __construct(){
        }
        
        
public function checklogin($observer){
            
            
//getting the magento Paths;
            
$uri Mage::app()->getRequest()->getRequestUri();
            
            
//If Admin or Downloader Interface
            
if(strpos($uri'admin') || strpos($uri'downloader')){
                
return $this;
            
}
                        
            
if(    $uri != '/magento/customer/account/login/' &&
                
$uri != '/magento/customer/account/loginPost/' &&
                
$uri != '/magento/customer/account/logoutSuccess/' &&
                
$uri != '/magento/customer/account/forgotpassword/' &&
                !
Mage::getSingleton('customer/session')->isLoggedIn()){
                
                    
#Mage::log('not logged in');
                    
$request Mage::app()->getRequest();
                     
$request->setModuleName('customer')
                      ->
setControllerName('account')
                     ->
setActionName('login')
                      ->
setDispatched(false);
                
                
                
            
}
            
elseif(Mage::getSingleton('customer/session')->isLoggedIn()){
                
#Mage::log('loged in');
            
}
            
return $this;
        
}
    }    
?>

Thats it!
Since now I don’t registered any complication!

 
Magento Community Magento Community
Magento Community
Magento Community
 
bafius
Jr. Member
 
Total Posts:  13
Joined:  2009-04-14
 

hi, i tryed this, but i can’t get it working…

i’ve put the first code in app/code/local/<Namespace>/<Module_name>/etc/config.xml and the second part into app/code/local/<Namespace>/<Module_name>/Model/Observer.php

I’ve activated the module putting this:

<?xml version="1.0"?>
    
<config>
        <
modules>
            <
Namespace_Modulename>
                <
active>true</active>
                <
codePool>local</codePool>
            </
Namespace_Modulename>
        </
modules>
    </
config>

in /app/etc/modules/<Namespace>_<Module_name>.xml

but i just get an error like this:

Cannot send headers; headers already sent in <observer file path>, line 38

what am i missing?

tnx

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top
Page 1 of 3