3

I'd like to generate a link to an adminhtml page from within a script in my html directory.

I have read this question on Stackoverflow: Magento: generating url for a backend action (with key)

This works for me if I generate such a key from within an extension controller. The key generated from within my html directory script however does not work correctly and throws me to the dashboard when applied.

Edit: The redirect works 100% if the user is not logged in - i.e it directs the user to my module page 100% accurately.

However, if the user is already logged in, it redirects them to the dashboard due to the conflicting session.

I believe I need to somehow "switch" sessions, but I haven't managed to do so yet. I have taken a look at this post:

Check if Admin is Logged in Within Observer

Unfortunately it still redirects to the dashboard.

Any ideas?

Jeremy Trpka
  • 281
  • 1
  • 4
  • 18
Moose
  • 7,495
  • 7
  • 48
  • 91

1 Answers1

2

The problem is, that the key is generated and then stored into a session, this means if you generate a new one, this doesn't work.

You can see the check here:

\Mage_Adminhtml_Controller_Action::_validateSecretKey
{
    if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) {
        return true;
    }

    if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null))
        || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) {
        return false;
    }
    return true;
}

So the key is saved here: Mage::getSingleton('adminhtml/url')->getSecretKey() just use this one :-)

If this doesn't work too, it might be not the problem. Hook into this method and check!

Fabian Blechschmidt
  • 35,388
  • 8
  • 75
  • 182
  • Thanks for your input :-) As you mentioned it definitely does have to do with a conflicting session, as the redirect works 100% granted the user is not logged in (i.e does not have a session active). However, if the user is logged in it results in the dashboard. I've updated my question again to reflect some new information regarding handling the session if the user is already logged in. Still not quite sure about how to handle this. – Moose Mar 07 '14 at 11:40
  • 1
    is your module and page key working in the frontend? Then this is not possible, because the frontend and admin session are two different things :-/ What you might do is to fetch a link via AJAX to update the session with the secret key and then use this link, so the key is saved in the correct session (if your AJAX request goes to a adminhtml controller!) – Fabian Blechschmidt Mar 07 '14 at 12:30
  • @Fabian. How to login through facebook into magento account to place order? – Teja Bhagavan Kollepara Dec 30 '15 at 07:42
  • @TejabhagavanKollepara that is another question, so ask it. But google before or just look it up in other FB plugins, there are plenty of them – Fabian Blechschmidt Dec 30 '15 at 13:17