MultiLogin extension: a customer that can log in as another customers

Published by Pau on

Last days I developed a extension for Magento that basically lets a customer change their session and log in as another customer. It’s not really very complicated, what this extension does is the following:

  • Creates a new customer field where shop administrators have to add the ID of those customers that the particular customer is going to be able to log in as
  • Creates a block (on the left bar) with a select when the customer logs in. There he/she can select the customer he wants to use to log in.
  • After clicking, the session changes and the customer works as if he/she were the other customer.
At this moment, it isn’t possible to change again the customer session. Once it has changed to the new customer, everything is related to it, so is the multilogin box. I was thinking of creating a cookie session for this, but I think this can be kind of dangerous: if someone finds out how to use that cookie, then it could fail. There are a few thoughts in my mind about how to do so, but it’s not clear.
What is interesting about this extension? Basically, the possibility of changing between customers. This is the controller:
<?php
require_once 'Mage/Customer/controllers/AccountController.php';

class Smile_MultiLogin_ChangeController extends Mage_Customer_AccountController
{
    public function userAction()
    {
	//There are two variables to retrieve from the post: the current customer id (customer_id) and the new customer id (managed_id)
	$data = $this->_filterPostData($this->getRequest()->getPost());

	$managerid = $data['customer_id'];
	$sourceid = Mage::getSingleton('customer/session')->getCustomerId();

	//We need to be sure that the customer that is asking for the change is the actual customer that has rights to do so. In that case, proceed
	if ( $managerid == $sourceid )
	{
	    $customer = Mage::getModel('customer/customer')->load($data['managed_id']);

	    $preferedStoreViewId = $customer->getPreferedStoreViewId();

	    $session = $this->_getSession();
	    if ($session->isLoggedIn()) {
		$session->logout();
	    }

	    if (!$preferedStoreViewId > 0)
	    {
		$customer->getWebsiteId();
		$preferedStoreViewId = Mage::app() ->getWebsite($customer->getWebsiteId())->getDefaultStore() ->getStoreId();
		$params = session_get_cookie_params();
		setcookie(
		    'frontend',
		    '',
		    time() - 42000,
		    $params["path"],
		    $params["domain"],
		    $params["secure"],
		    $params["httponly"]
		  );
		session_regenerate_id();
		session_name('frontend');
		session_start();

		$customer->setPreferedStoreViewId($preferedStoreViewId);
		Mage::app()->setCurrentStore( Mage::getModel('core/store')->load($preferedStoreViewId) );
		Mage::getSingleton('customer/session')->setCustomerAsLoggedIn($customer);
		$this->_redirectUrl(Mage::app()->getStore($preferedStoreViewId)->getBaseUrl());
	    }
	}
    }
}
As you can see in there, when the customer wants to change the session it sends a post action whith the parameter «managed_id». The form that asks for this:
<pre><?php if ($managed = $this->getManaged()){ ?>
<div class="grandes_cuentas_box">
    <?php echo $this->__('Choose a customer to log in as');?>
    <br/><br/>

    <form action="<?php echo Mage::getBaseUrl(); ?>multilogin/change/user" method="post">
        <input type="hidden" name="customer_id" value="<?php echo Mage::getSingleton('customer/session')->getCustomerId(); ?>" />

        <select name="managed_id">
        <?php foreach ( $managed as $managed_customer){
        ?>
        <option value="<?php echo $managed_customer['id']; ?>"><?php echo $managed_customer['name']; ?></option>
        <?php } ?>
        </select>
        <input type="submit" value="<?php echo $this->__('Change Customer');?>"/>
    </form>
</div>
<?php } ?>
The block code:
<?php

class Smile_MultiLogin_Block_Login extends Mage_Core_Block_Template
{
	public function _prepareLayout()
	{
		return parent::_prepareLayout();
		
	}
	
	public function getManaged()
	{
		$customer_id = Mage::getSingleton('customer/session')->getCustomer()->getID();
		$customer = Mage::getModel('customer/customer')->load($customer_id);
		
		if ( $customer->getData('managed_users') )
		{
		$ids_managed = $customer->getData('managed_users'); //.','.$customer_id; //if we want to add our own user (for future development)
		$ids_managed = explode( ",", $ids_managed );
		
		foreach ( $ids_managed as $k => $id_managed )
		{
			$managed[$k]['id'] = $id_managed;
			$customer_managed = Mage::getModel('customer/customer')->load($id_managed);
			$managed[$k]['name'] = $customer_managed->getName();
		}
		
		return $managed;
		}
		else
			return false;
	}
}
If someone is interested on the complete package, just ask me for it. I think that this should be fair enough to help you working with “logins”.
Categories: Extensions
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Extensions

My favourite GitHub Magento 2[.4] (and Luma) modules

It’s been almost 4 years of Magento 2 development now. GitHub has been a great place to find modules off all types: sometimes the modules were great by themselves, sometimes they were just useful, and Read more…

Extensions

[Magento 2] GDPR – Cookie Consent for Europe Extension

Default Magento 2 cookie consent functionality has a couple of issues: First of all: it is not compatible with the European Law. This law actually asks for validation regarding all the type of cookies a Read more…

Development

Easy management of Magento scheduled tasks: Magento Cron Scheduler

Today one of my colleagues shared a really nice extension with me: Magento Cron Scheduler. This extension lets you easily list and manage all the scheduled tasks in Magento, it also shows the the processes Read more…