Home » Php » Magento: Detect if admin is logged in in frontend pages

Magento: Detect if admin is logged in in frontend pages

Posted by: admin December 7, 2017 Leave a comment

Questions:

I have created a magento extension. I want to implement access to the extension. The extension creates a page in frontend and i want only admin to access that page. So basically i need something that would detect that if admin is logged in in frontend pages.

I have tried several solution but noting seem to work .

if(Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn()) echo 'logged in'; else echo 'not logged in';

Check on frontend if admin is logged in

Mage::getSingleton('core/session', array('name'=>'adminhtml'));
$adminSession = Mage::getSingleton('admin/session');
$adminSession->start();
if ($adminSession->isLoggedIn()) {
   echo 'logged in';
}
Answers:

The above solutions doesn’t work!

Here is a solution that works ( its not that clean ! but this will work anywhere in your application in phtml view or model or controller or helper ! )

$sesId = isset($_COOKIE['adminhtml']) ? $_COOKIE['adminhtml'] : false ;
$session = false;
if($sesId){
    $session = Mage::getSingleton('core/resource_session')->read($sesId);
}
$loggedIn = false;
if($session)
{
    if(stristr($session,'Mage_Admin_Model_User'))
    {
        $loggedIn = true;
    }
}
var_dump($loggedIn);// this will be true if admin logged in and false if not

Questions:
Answers:

there is a new magento module, written by alan storm: https://github.com/astorm/Magento_CrossAreaSessions

$adminhtml  = Mage::getModel('pulsestorm_crossareasession/manager')->getSessionData('adminhtml');

$adminUser = $dataAdminhtml['admin']['user'];
$loggedIn = $adminUser->getId() && $adminUser->getIsActive();

Questions:
Answers:

If you’re trying to make it work within the template / phtml files, and/or inside the Block’s class you’re going to have a hard time. Mainly because magento (aggressively) caches your PHTML blocks for performance purposes thus undoing any program flow control statements you have especially stuff related with cookie checking. I have no direct / lengthy / indepth explanation why but that’s just how I’ve encountered it over and over again.

However, your solution should be correct, but you need to do the check within a controller’s preDispatch method like so to avoid the aformentioned aggressive caches since controllers are never cached. (shown in Nick’s solution in the question that you linked.):

// Ensure we're in the admin session namespace for checking the admin user..
Mage::getSingleton('core/session', array('name' => 'adminhtml'))->start();

$admin_logged_in = Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn();

// ..get back to the original.
Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->start();

IF you really do need to perform the above checks inside PHTML files or named blocks, check out the following code on how to turn off block-level caching and possibly make it work. What I did before was disable caching for the footer block (in which the child block, not phtml, contains code to check
for a specific cookie)

First off, the block call (found in your local.xml, or module layout update xml, or anywhere you can do layout updates, really. I prefer breaking up my customizations into modules so definitely module layout update xml is the way to go):

<reference name="footer">      
   <action method="unsetData"><key>cache_lifetime</key></action>
   <action method="unsetData"><key>cache_tags</key></action>
   <block type="newsletterpopup/popup" name="newsletterpopup_footer" template="newsletterpopup/popup.phtml"/>
</reference>

And this is the newsletterpopup’s block class:

<?php
class Launchpad_Newsletterpopup_Block_Popup extends Mage_Core_Block_Template {
    public function canRender() {
         // Check if cookie exists here       
    }
    public function afterRender() { // if block has rendered, this is called.
        // Set cookie, if it doesn't exist here.
    }
}

And the phtml would be something like:

<?php if($this->canRender()): ?>
   // stuff
<?php endif; ?>

Good luck!

Questions:
Answers:

Here is a solution this works with Magento 1.7.0.2 (tested) and on each frontend site, I use this in an controller not extending from Mage_Adminhtml_Controller_Action.

https://peters-christoph.de/tutorials/magento-pruefe-admin-session-logi-im-frontend/

Questions:
Answers:

Christoph Peters posted a link which solved my problem (Detect if admin is logged in in frontend pages):

//check if adminhtml cookie is set
if(array_key_exists('adminhtml', $_COOKIE)){
   //get session path and add dir seperator and content field of cookie as data name with magento "sess_" prefix
   $sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
   //write content of file in var
   $sessionFile = file_get_contents($sessionFilePath);

   //save old session
   $oldSession = $_SESSION;
   //decode adminhtml session
   session_decode($sessionFile);
   //save session data from $_SESSION
   $adminSessionData = $_SESSION;
   //set old session back to current session
   $_SESSION = $oldSession;

   if(array_key_exists('user', $adminSessionData['admin'])){
      //save Mage_Admin_Model_User object in var
      $adminUserObj = $adminSessionData['admin']['user'];
      echo 'ADMIN USER IS LOGGED IN';
   }
   else
   {
      echo 'ADMIN USER IS NOT LOGGED IN'
   }
}

Thank you very much Christoph Peters!

Questions:
Answers:

Apart from trying to pull session id from adminhtml cookie, which may or may not work IMHO is better just to “skin” page you need to show to look like its in frontend and use admin controller so it will run under admin session.

Another solution is to “copy” customer from admin to frontend and log them in before hitting your page and then its the matter of just checking if logged in customer is member of some group.

Questions:
Answers:

This code will works

//get the admin session
Mage::getSingleton('core/session', array('name'=>'adminhtml'));

//verify if the user is logged in to the backend
if(Mage::getSingleton('admin/session')->isLoggedIn()) {
  //do stuff
}
else
{
  echo "404 page not found";
}

OR

$adminsession = Mage::getSingleton('admin/session', array('name'=>'adminhtml'));

if($adminsession->isLoggedIn()) {
    //do stuff
} else {
    echo "404 page not found";
}

Did you try to dump the $_SESSION variable? Maybe it will help you get on the right track.

Questions:
Answers:
require_once $dir.'app/Mage.php';
umask(0);

$apps = Mage::app('default');
Mage ::getSingleton('core/session', array('name'=>'adminhtml'));
$adminSession = Mage::getSingleton('admin/session');
$adminSession->start();
if ($adminSession->isLoggedIn()) {
   //echo "logged in";
} 
 else { 
      //echo "Not logged in";
      exit();
 }?> 

Questions:
Answers:

It is quite simple but not a recommended solution. I myself spend number of hours to do this.
For, windows based server try below solution:

$sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
$sessionFile     = file_get_contents($sessionFilePath); 
$exp_cookie   = explode(';',$sessionFile);
if(count($exp_cookie)   >   100)
{
  return "login";
}
return "expire";    

For, Linux based server try below solution:

$sessionFilePath = Mage::getBaseDir('session').DS.'sess_'.$_COOKIE['adminhtml'];
$sessionFile     = file_get_contents($sessionFilePath); 
$exp_cookie   = explode('--',$sessionFile)
if(count($exp_cookie)   >   10)
{
  return "login";
}
return "expire";

Thanks,
Kashif

Questions:
Answers:

The key to be able to use:

// Ensure we're in the admin session namespace for checking the admin user..
Mage::getSingleton('core/session', array('name' => 'adminhtml'))->start();

$admin_logged_in = Mage::getSingleton('admin/session', array('name' => 'adminhtml'))->isLoggedIn();

// ..get back to the original.
Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->start();

is that the controller must extends Mage_Adminhtml_Controller_Action

than you can use this code in the preDispatch function.

And setup the routers for this controller in the admin section of your config.xml.

Questions:
Answers:

Check this blog, I think you need not check with start() before checking with isLoggedIn().

Mage::getSingleton('core/session', array('name'=>'adminhtml')); // get sessions

$check = Mage::getSingleton('admin/session', array('name'=>'adminhtml')); //get admin sessions

    if($check->isLoggedIn()) { //check is admin logged in
        echo "Admin is logged in";
    } else {
        echo "Admin is offline";
    }