Hi all,
I am using magento 1.9.0.1 and can not change my admin password, I get this error:
Fatal error: Call to undefined method Mage_Adminhtml_Permissions_UserController::_validateCurrentPassword() in /homepages/XX/htdocs/XXn/app/code/core/Mage/Adminhtml/controllers/Permissions/UserController.php on line 114
How can I fix it?
Regards,
Solved! Go to Solution.
I don't think any of the patches contained the code modifications that you are seeing..
You could try replacing the contents of app/code/core/Mage/Adminhtml/Controller/Action.php with the below code (backup the file first). There are no guarantees it will work - since you Magento code seems to be between versions... but it may help.
Personally. I would create a dev of your store and try to 'upgrade' to 1.9.1.0 (and if that is successful; it would be worth further upgrading to 1.9.2.1 to ensure you're patched fully) - otherwise - You will potentially need to apply at least Patch SUPEE-6285 again. - Once you're happy with this on the dev site; repeat on the live.
<?php /** * Magento * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@magento.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade Magento to newer * versions in the future. If you wish to customize Magento for your * needs please refer to http://www.magento.com for more information. * * @category Mage * @package Mage_Adminhtml * @copyright Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com) * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) */ /** * Base adminhtml controller * * @category Mage * @package Mage_Adminhtml * @author Magento Core Team <core@magentocommerce.com> */ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action { /** * Name of "is URLs checked" flag */ const FLAG_IS_URLS_CHECKED = 'check_url_settings'; /** * Session namespace to refer in other places */ const SESSION_NAMESPACE = 'adminhtml'; /** * Array of actions which can be processed without secret key validation * * @var array */ protected $_publicActions = array(); /** * Used module name in current adminhtml controller */ protected $_usedModuleName = 'adminhtml'; /** * Currently used area * * @var string */ protected $_currentArea = 'adminhtml'; /** * Namespace for session. * * @var string */ protected $_sessionNamespace = self::SESSION_NAMESPACE; protected function _isAllowed() { return true; } /** * Retrieve adminhtml session model object * * @return Mage_Adminhtml_Model_Session */ protected function _getSession() { return Mage::getSingleton('adminhtml/session'); } /** * Retrieve base admihtml helper * * @return Mage_Adminhtml_Helper_Data */ protected function _getHelper() { return Mage::helper('adminhtml'); } /** * Define active menu item in menu block * * @return Mage_Adminhtml_Controller_Action */ protected function _setActiveMenu($menuPath) { $this->getLayout()->getBlock('menu')->setActive($menuPath); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addBreadcrumb($label, $title, $link=null) { $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addContent(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('content')->append($block); return $this; } protected function _addLeft(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('left')->append($block); return $this; } protected function _addJs(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('js')->append($block); return $this; } /** * Controller predispatch method * * @return Mage_Adminhtml_Controller_Action */ public function preDispatch() { // override admin store design settings via stores section Mage::getDesign() ->setArea($this->_currentArea) ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name')) ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default')) ; foreach (array('layout', 'template', 'skin', 'locale') as $type) { if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) { Mage::getDesign()->setTheme($type, $value); } } $this->getLayout()->setArea($this->_currentArea); Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array()); parent::preDispatch(); $_isValidFormKey = true; $_isValidSecretKey = true; $_keyErrorMsg = ''; if (Mage::getSingleton('admin/session')->isLoggedIn()) { if ($this->getRequest()->isPost()) { $_isValidFormKey = $this->_validateFormKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.'); } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) { $_isValidSecretKey = $this->_validateSecretKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.'); } } if (!$_isValidFormKey || !$_isValidSecretKey) { $this->setFlag('', self::FLAG_NO_DISPATCH, true); $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true); if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) { $this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array( 'error' => true, 'message' => $_keyErrorMsg ))); } else { $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() ); } return $this; } if ($this->getRequest()->isDispatched() && $this->getRequest()->getActionName() !== 'denied' && !$this->_isAllowed()) { $this->_forward('denied'); $this->setFlag('', self::FLAG_NO_DISPATCH, true); return $this; } if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED) && !$this->getRequest()->getParam('forwarded') && !$this->_getSession()->getIsUrlNotice(true) && !Mage::getConfig()->getNode('global/can_use_base_url')) { //$this->_checkUrlSettings(); $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true); } if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) { Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode()); } return $this; } /** * @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl * @return Mage_Adminhtml_Controller_Action */ protected function _checkUrlSettings() { /** * Don't check for data saving actions */ if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) { return $this; } $configData = Mage::getModel('core/config_data'); $defaultUnsecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL ); $defaultSecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL ); if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web'))) ); return $this; } $dataCollection = $configData->getCollection() ->addValueFilter('{{base_url}}'); $url = false; foreach ($dataCollection as $data) { if ($data->getScope() == 'stores') { $code = Mage::app()->getStore($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code)); } if ($data->getScope() == 'websites') { $code = Mage::app()->getWebsite($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code)); } if ($url) { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url) ); return $this; } } return $this; } public function deniedAction() { $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden'); if (!Mage::getSingleton('admin/session')->isLoggedIn()) { $this->_redirect('*/index/login'); return; } $this->loadLayout(array('default', 'adminhtml_denied')); $this->renderLayout(); } public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true) { parent::loadLayout($ids, $generateBlocks, $generateXml); $this->_initLayoutMessages('adminhtml/session'); return $this; } public function norouteAction($coreRoute = null) { $this->getResponse()->setHeader('HTTP/1.1','404 Not Found'); $this->getResponse()->setHeader('Status','404 File not found'); $this->loadLayout(array('default', 'adminhtml_noroute')); $this->renderLayout(); } /** * Retrieve currently used module name * * @return string */ public function getUsedModuleName() { return $this->_usedModuleName; } /** * Set currently used module name * * @param string $moduleName * @return Mage_Adminhtml_Controller_Action */ public function setUsedModuleName($moduleName) { $this->_usedModuleName = $moduleName; return $this; } /** * Translate a phrase * * @return string */ public function __() { $args = func_get_args(); $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName()); array_unshift($args, $expr); return Mage::app()->getTranslator()->translate($args); } /** * Set referer url for redirect in responce * * Is overriden here to set defaultUrl to admin url * * @param string $defaultUrl * @return Mage_Adminhtml_Controller_Action */ protected function _redirectReferer($defaultUrl=null) { $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl; parent::_redirectReferer($defaultUrl); return $this; } /** * Set redirect into responce * * @param string $path * @param array $arguments */ protected function _redirect($path, $arguments=array()) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); $this->getResponse()->setRedirect($this->getUrl($path, $arguments)); return $this; } protected function _forward($action, $controller = null, $module = null, array $params = null) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); return parent::_forward($action, $controller, $module, $params); } /** * Generate url by route and parameters * * @param string $route * @param array $params * @return string */ public function getUrl($route='', $params=array()) { return Mage::helper('adminhtml')->getUrl($route, $params); } /** * Validate Secret Key * * @return bool */ protected function _validateSecretKey() { if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) { return true; } if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null)) || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) { return false; } return true; } /** * Validate password for current admin user * * @param string $password - current password * * @return mixed - returns true or array of errors */ protected function _validateCurrentPassword($password) { $user = Mage::getSingleton('admin/session')->getUser(); return $user->validateCurrentPassword($password); } }
Hi,
Can you check in your app\code\core\Mage\Adminhtml\Controller\Action.php file and see if you have a line of code in it similar to the below:
protected function _validateCurrentPassword($password)
Hi, I do not have this code, but this is my file:
<?php /** * Magento * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@magentocommerce.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade Magento to newer * versions in the future. If you wish to customize Magento for your * needs please refer to http://www.magentocommerce.com for more information. * * @category Mage * @package Mage_Adminhtml * @copyright Copyright (c) 2014 Magento Inc. (http://www.magentocommerce.com) * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) */ /** * Base adminhtml controller * * @category Mage * @package Mage_Adminhtml * @author Magento Core Team <core@magentocommerce.com> */ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action { /** * Name of "is URLs checked" flag */ const FLAG_IS_URLS_CHECKED = 'check_url_settings'; /** * Session namespace to refer in other places */ const SESSION_NAMESPACE = 'adminhtml'; /** * Array of actions which can be processed without secret key validation * * @var array */ protected $_publicActions = array(); /** * Used module name in current adminhtml controller */ protected $_usedModuleName = 'adminhtml'; /** * Currently used area * * @var string */ protected $_currentArea = 'adminhtml'; /** * Namespace for session. * * @var string */ protected $_sessionNamespace = self::SESSION_NAMESPACE; protected function _isAllowed() { return Mage::getSingleton('admin/session')->isAllowed('admin'); } /** * Retrieve adminhtml session model object * * @return Mage_Adminhtml_Model_Session */ protected function _getSession() { return Mage::getSingleton('adminhtml/session'); } /** * Retrieve base admihtml helper * * @return Mage_Adminhtml_Helper_Data */ protected function _getHelper() { return Mage::helper('adminhtml'); } /** * Define active menu item in menu block * * @return Mage_Adminhtml_Controller_Action */ protected function _setActiveMenu($menuPath) { $this->getLayout()->getBlock('menu')->setActive($menuPath); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addBreadcrumb($label, $title, $link=null) { $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addContent(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('content')->append($block); return $this; } protected function _addLeft(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('left')->append($block); return $this; } protected function _addJs(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('js')->append($block); return $this; } /** * Controller predispatch method * * @return Mage_Adminhtml_Controller_Action */ public function preDispatch() { // override admin store design settings via stores section Mage::getDesign() ->setArea($this->_currentArea) ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name')) ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default')) ; foreach (array('layout', 'template', 'skin', 'locale') as $type) { if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) { Mage::getDesign()->setTheme($type, $value); } } $this->getLayout()->setArea($this->_currentArea); Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array()); parent::preDispatch(); $_isValidFormKey = true; $_isValidSecretKey = true; $_keyErrorMsg = ''; if (Mage::getSingleton('admin/session')->isLoggedIn()) { if ($this->getRequest()->isPost()) { $_isValidFormKey = $this->_validateFormKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.'); } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) { $_isValidSecretKey = $this->_validateSecretKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.'); } } if (!$_isValidFormKey || !$_isValidSecretKey) { $this->setFlag('', self::FLAG_NO_DISPATCH, true); $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true); if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) { $this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array( 'error' => true, 'message' => $_keyErrorMsg ))); } else { $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() ); } return $this; } if ($this->getRequest()->isDispatched() && $this->getRequest()->getActionName() !== 'denied' && !$this->_isAllowed()) { $this->_forward('denied'); $this->setFlag('', self::FLAG_NO_DISPATCH, true); return $this; } if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED) && !$this->getRequest()->getParam('forwarded') && !$this->_getSession()->getIsUrlNotice(true) && !Mage::getConfig()->getNode('global/can_use_base_url')) { //$this->_checkUrlSettings(); $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true); } if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) { Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode()); } return $this; } /** * @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl * @return Mage_Adminhtml_Controller_Action */ protected function _checkUrlSettings() { /** * Don't check for data saving actions */ if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) { return $this; } $configData = Mage::getModel('core/config_data'); $defaultUnsecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL ); $defaultSecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL ); if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web'))) ); return $this; } $dataCollection = $configData->getCollection() ->addValueFilter('{{base_url}}'); $url = false; foreach ($dataCollection as $data) { if ($data->getScope() == 'stores') { $code = Mage::app()->getStore($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code)); } if ($data->getScope() == 'websites') { $code = Mage::app()->getWebsite($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code)); } if ($url) { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url) ); return $this; } } return $this; } public function deniedAction() { $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden'); if (!Mage::getSingleton('admin/session')->isLoggedIn()) { $this->_redirect('*/index/login'); return; } $this->loadLayout(array('default', 'adminhtml_denied')); $this->renderLayout(); } public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true) { parent::loadLayout($ids, $generateBlocks, $generateXml); $this->_initLayoutMessages('adminhtml/session'); return $this; } public function norouteAction($coreRoute = null) { $this->getResponse()->setHeader('HTTP/1.1','404 Not Found'); $this->getResponse()->setHeader('Status','404 File not found'); $this->loadLayout(array('default', 'adminhtml_noroute')); $this->renderLayout(); } /** * Retrieve currently used module name * * @return string */ public function getUsedModuleName() { return $this->_usedModuleName; } /** * Set currently used module name * * @param string $moduleName * @return Mage_Adminhtml_Controller_Action */ public function setUsedModuleName($moduleName) { $this->_usedModuleName = $moduleName; return $this; } /** * Translate a phrase * * @return string */ public function __() { $args = func_get_args(); $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName()); array_unshift($args, $expr); return Mage::app()->getTranslator()->translate($args); } /** * Set referer url for redirect in responce * * Is overriden here to set defaultUrl to admin url * * @param string $defaultUrl * @return Mage_Adminhtml_Controller_Action */ protected function _redirectReferer($defaultUrl=null) { $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl; parent::_redirectReferer($defaultUrl); return $this; } /** * Set redirect into responce * * @param string $path * @param array $arguments */ protected function _redirect($path, $arguments=array()) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); $this->getResponse()->setRedirect($this->getUrl($path, $arguments)); return $this; } protected function _forward($action, $controller = null, $module = null, array $params = null) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); return parent::_forward($action, $controller, $module, $params); } /** * Generate url by route and parameters * * @param string $route * @param array $params * @return string */ public function getUrl($route='', $params=array()) { return Mage::helper('adminhtml')->getUrl($route, $params); } /** * Validate Secret Key * * @return bool */ protected function _validateSecretKey() { if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) { return true; } if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null)) || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) { return false; } return true; } }
Hi,
I'm not sure how you have got into this situation.. but the code you mentioned in your first post doesn't exist in the UserController.php in 1.9.0.1 - It was actually changed in v1.9.1.
Have you tried to upgrade at anytime?
If I was you.. I would re-download version 1.9.0.1 and compare the core files in your installaton to ensure that nothing else has changed.
Hm..
A developer has installed security patches on my site.. maybe this is reason?
I don't think any of the patches contained the code modifications that you are seeing..
You could try replacing the contents of app/code/core/Mage/Adminhtml/Controller/Action.php with the below code (backup the file first). There are no guarantees it will work - since you Magento code seems to be between versions... but it may help.
Personally. I would create a dev of your store and try to 'upgrade' to 1.9.1.0 (and if that is successful; it would be worth further upgrading to 1.9.2.1 to ensure you're patched fully) - otherwise - You will potentially need to apply at least Patch SUPEE-6285 again. - Once you're happy with this on the dev site; repeat on the live.
<?php /** * Magento * * NOTICE OF LICENSE * * This source file is subject to the Open Software License (OSL 3.0) * that is bundled with this package in the file LICENSE.txt. * It is also available through the world-wide-web at this URL: * http://opensource.org/licenses/osl-3.0.php * If you did not receive a copy of the license and are unable to * obtain it through the world-wide-web, please send an email * to license@magento.com so we can send you a copy immediately. * * DISCLAIMER * * Do not edit or add to this file if you wish to upgrade Magento to newer * versions in the future. If you wish to customize Magento for your * needs please refer to http://www.magento.com for more information. * * @category Mage * @package Mage_Adminhtml * @copyright Copyright (c) 2006-2014 X.commerce, Inc. (http://www.magento.com) * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) */ /** * Base adminhtml controller * * @category Mage * @package Mage_Adminhtml * @author Magento Core Team <core@magentocommerce.com> */ class Mage_Adminhtml_Controller_Action extends Mage_Core_Controller_Varien_Action { /** * Name of "is URLs checked" flag */ const FLAG_IS_URLS_CHECKED = 'check_url_settings'; /** * Session namespace to refer in other places */ const SESSION_NAMESPACE = 'adminhtml'; /** * Array of actions which can be processed without secret key validation * * @var array */ protected $_publicActions = array(); /** * Used module name in current adminhtml controller */ protected $_usedModuleName = 'adminhtml'; /** * Currently used area * * @var string */ protected $_currentArea = 'adminhtml'; /** * Namespace for session. * * @var string */ protected $_sessionNamespace = self::SESSION_NAMESPACE; protected function _isAllowed() { return true; } /** * Retrieve adminhtml session model object * * @return Mage_Adminhtml_Model_Session */ protected function _getSession() { return Mage::getSingleton('adminhtml/session'); } /** * Retrieve base admihtml helper * * @return Mage_Adminhtml_Helper_Data */ protected function _getHelper() { return Mage::helper('adminhtml'); } /** * Define active menu item in menu block * * @return Mage_Adminhtml_Controller_Action */ protected function _setActiveMenu($menuPath) { $this->getLayout()->getBlock('menu')->setActive($menuPath); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addBreadcrumb($label, $title, $link=null) { $this->getLayout()->getBlock('breadcrumbs')->addLink($label, $title, $link); return $this; } /** * @return Mage_Adminhtml_Controller_Action */ protected function _addContent(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('content')->append($block); return $this; } protected function _addLeft(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('left')->append($block); return $this; } protected function _addJs(Mage_Core_Block_Abstract $block) { $this->getLayout()->getBlock('js')->append($block); return $this; } /** * Controller predispatch method * * @return Mage_Adminhtml_Controller_Action */ public function preDispatch() { // override admin store design settings via stores section Mage::getDesign() ->setArea($this->_currentArea) ->setPackageName((string)Mage::getConfig()->getNode('stores/admin/design/package/name')) ->setTheme((string)Mage::getConfig()->getNode('stores/admin/design/theme/default')) ; foreach (array('layout', 'template', 'skin', 'locale') as $type) { if ($value = (string)Mage::getConfig()->getNode("stores/admin/design/theme/{$type}")) { Mage::getDesign()->setTheme($type, $value); } } $this->getLayout()->setArea($this->_currentArea); Mage::dispatchEvent('adminhtml_controller_action_predispatch_start', array()); parent::preDispatch(); $_isValidFormKey = true; $_isValidSecretKey = true; $_keyErrorMsg = ''; if (Mage::getSingleton('admin/session')->isLoggedIn()) { if ($this->getRequest()->isPost()) { $_isValidFormKey = $this->_validateFormKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Form Key. Please refresh the page.'); } elseif (Mage::getSingleton('adminhtml/url')->useSecretKey()) { $_isValidSecretKey = $this->_validateSecretKey(); $_keyErrorMsg = Mage::helper('adminhtml')->__('Invalid Secret Key. Please refresh the page.'); } } if (!$_isValidFormKey || !$_isValidSecretKey) { $this->setFlag('', self::FLAG_NO_DISPATCH, true); $this->setFlag('', self::FLAG_NO_POST_DISPATCH, true); if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) { $this->getResponse()->setBody(Mage::helper('core')->jsonEncode(array( 'error' => true, 'message' => $_keyErrorMsg ))); } else { $this->_redirect( Mage::getSingleton('admin/session')->getUser()->getStartupPageUrl() ); } return $this; } if ($this->getRequest()->isDispatched() && $this->getRequest()->getActionName() !== 'denied' && !$this->_isAllowed()) { $this->_forward('denied'); $this->setFlag('', self::FLAG_NO_DISPATCH, true); return $this; } if (!$this->getFlag('', self::FLAG_IS_URLS_CHECKED) && !$this->getRequest()->getParam('forwarded') && !$this->_getSession()->getIsUrlNotice(true) && !Mage::getConfig()->getNode('global/can_use_base_url')) { //$this->_checkUrlSettings(); $this->setFlag('', self::FLAG_IS_URLS_CHECKED, true); } if (is_null(Mage::getSingleton('adminhtml/session')->getLocale())) { Mage::getSingleton('adminhtml/session')->setLocale(Mage::app()->getLocale()->getLocaleCode()); } return $this; } /** * @deprecated after 1.4.0.0 alpha, logic moved to Mage_Adminhtml_Block_Notification_Baseurl * @return Mage_Adminhtml_Controller_Action */ protected function _checkUrlSettings() { /** * Don't check for data saving actions */ if ($this->getRequest()->getPost() || $this->getRequest()->getQuery('isAjax')) { return $this; } $configData = Mage::getModel('core/config_data'); $defaultUnsecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_UNSECURE_BASE_URL ); $defaultSecure = (string)Mage::getConfig()->getNode( 'default/' . Mage_Core_Model_Store::XML_PATH_SECURE_BASE_URL ); if ($defaultSecure == '{{base_url}}' || $defaultUnsecure == '{{base_url}}') { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $this->getUrl('adminhtml/system_config/edit', array('section'=>'web'))) ); return $this; } $dataCollection = $configData->getCollection() ->addValueFilter('{{base_url}}'); $url = false; foreach ($dataCollection as $data) { if ($data->getScope() == 'stores') { $code = Mage::app()->getStore($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'store'=>$code)); } if ($data->getScope() == 'websites') { $code = Mage::app()->getWebsite($data->getScopeId())->getCode(); $url = $this->getUrl('adminhtml/system_config/edit', array('section'=>'web', 'website'=>$code)); } if ($url) { $this->_getSession()->addNotice( $this->__('{{base_url}} is not recommended to use in a production environment to declare the Base Unsecure URL / Base Secure URL. It is highly recommended to change this value in your Magento <a href="%s">configuration</a>.', $url) ); return $this; } } return $this; } public function deniedAction() { $this->getResponse()->setHeader('HTTP/1.1','403 Forbidden'); if (!Mage::getSingleton('admin/session')->isLoggedIn()) { $this->_redirect('*/index/login'); return; } $this->loadLayout(array('default', 'adminhtml_denied')); $this->renderLayout(); } public function loadLayout($ids=null, $generateBlocks=true, $generateXml=true) { parent::loadLayout($ids, $generateBlocks, $generateXml); $this->_initLayoutMessages('adminhtml/session'); return $this; } public function norouteAction($coreRoute = null) { $this->getResponse()->setHeader('HTTP/1.1','404 Not Found'); $this->getResponse()->setHeader('Status','404 File not found'); $this->loadLayout(array('default', 'adminhtml_noroute')); $this->renderLayout(); } /** * Retrieve currently used module name * * @return string */ public function getUsedModuleName() { return $this->_usedModuleName; } /** * Set currently used module name * * @param string $moduleName * @return Mage_Adminhtml_Controller_Action */ public function setUsedModuleName($moduleName) { $this->_usedModuleName = $moduleName; return $this; } /** * Translate a phrase * * @return string */ public function __() { $args = func_get_args(); $expr = new Mage_Core_Model_Translate_Expr(array_shift($args), $this->getUsedModuleName()); array_unshift($args, $expr); return Mage::app()->getTranslator()->translate($args); } /** * Set referer url for redirect in responce * * Is overriden here to set defaultUrl to admin url * * @param string $defaultUrl * @return Mage_Adminhtml_Controller_Action */ protected function _redirectReferer($defaultUrl=null) { $defaultUrl = empty($defaultUrl) ? $this->getUrl('*') : $defaultUrl; parent::_redirectReferer($defaultUrl); return $this; } /** * Set redirect into responce * * @param string $path * @param array $arguments */ protected function _redirect($path, $arguments=array()) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); $this->getResponse()->setRedirect($this->getUrl($path, $arguments)); return $this; } protected function _forward($action, $controller = null, $module = null, array $params = null) { $this->_getSession()->setIsUrlNotice($this->getFlag('', self::FLAG_IS_URLS_CHECKED)); return parent::_forward($action, $controller, $module, $params); } /** * Generate url by route and parameters * * @param string $route * @param array $params * @return string */ public function getUrl($route='', $params=array()) { return Mage::helper('adminhtml')->getUrl($route, $params); } /** * Validate Secret Key * * @return bool */ protected function _validateSecretKey() { if (is_array($this->_publicActions) && in_array($this->getRequest()->getActionName(), $this->_publicActions)) { return true; } if (!($secretKey = $this->getRequest()->getParam(Mage_Adminhtml_Model_Url::SECRET_KEY_PARAM_NAME, null)) || $secretKey != Mage::getSingleton('adminhtml/url')->getSecretKey()) { return false; } return true; } /** * Validate password for current admin user * * @param string $password - current password * * @return mixed - returns true or array of errors */ protected function _validateCurrentPassword($password) { $user = Mage::getSingleton('admin/session')->getUser(); return $user->validateCurrentPassword($password); } }
Many, many, many thanks!