- March 2009 (2)
- April 2009 (1)
- May 2009 (2)
- June 2009 (7)
- July 2009 (7)
- August 2009 (1)
- September 2009 (1)
- October 2009 (10)
- January 2010 (2)
- February 2010 (2)
- March 2010 (5)
- May 2010 (1)
|
Sunday 21 Mar 2 Comments |
Magento Session Fixation WorkaroundEarlier versions of Magento were susceptible to a form of session fixation vulnerability, which can have quite serious consequences even without anyone trying to exploit it maliciously. Visitors may unwittingly follow a link to a Magento site, and be logged in as another user without performing any actions. This results in multiple visitors sharing a session and causes confusion as they add and remove things from the same cart, and potentially even allows them to view another customer's details and place orders under their account. Luckily the issue has a simple fix in version 1.4 and later, but in this post we'll also detail a precaution that can be taken to guard against this in earlier versions. |
|
Friday 19 Mar 1 Comment |
Customise Magento Checkout Success Page Based On Payment TypeThe Magento order process completes with an order success page confirming that the order has been received and displaying the order number. This poses a problem for orders with non-instantaneous payment methods (like Check/Money Order) since the necessary payment details are then only available to customers during the payment step before the order is placed and customers need to know to note these down. Ideally you want any necessary payment information to be shown to the customer once they have finished placing the order. This post shows how to customise the order success page based on the selected payment type to show payment details for non-instantaneous payment methods, ensuring that customers properly complete the full order process. |
|
Tuesday 9 Mar No Comments |
Automatically set Magento customer groupA commonly used Magento feature is the ability to place customers into different customer groups. These customer groups can then be used in a number of ways, such as tiered pricing where each customer group may have different pricing applied. By default, Magento does not include a means of automatically sorting customers into different groups when the customer account is created; instead they must be assigned manually. This post follows on from our creating custom customer attributes post and shows how to automate customers being assigned to groups based upon information they have provided when signing up, whether from a custom or default customer attribute. |
|
Monday 8 Mar 2 Comments |
Extending the Magento web services APIMagento provides a handy web services API for integration with other software systems, and it can be extended if you need it to do something that it doesn't do by default. However, incorrectly overriding core Magento code can cause incompatibilities when applying upgrades. The following is an example of how to extend the API in a way that attempts to avoid introducing problems with future releases. |
|
Friday 5 Mar No Comments |
Direct SQL queries in MagentoMagento and the Zend Framework that it is built upon offer a complete abstraction of data access, which allows you to get on with the creation of higher-level logic without worrying about database access. However, sometimes you just want to be able to run a few key SQL queries directly and bypass the abstraction. This post details the most direct method of doing so in Magento. |
