MultiLogin extension: a customer that can log in as another customers

November 8, 2011

Last days I developed a extension for Magento that basically lets a customer change their session and log in as another customer. It’s not really very complicated, what this extension does is the following:

Creates a new customer field where shop administrators have to add the ID of those customers that the particular customer is going to be able to log in as
Creates a block (on the left bar) with a select when the customer logs in. There he/she can select the customer he wants to use to log in.
After clicking, the session changes and the customer works as if he/she were the other customer.

At this moment, it isn’t possible to change again the customer session. Once it has changed to the new customer, everything is related to it, so is the multilogin box. I was thinking of creating a cookie session for this, but I think this can be kind of dangerous: if someone finds out how to use that cookie, then it could fail. There are a few thoughts in my mind about how to do so, but it’s not clear.

What is interesting about this extension? Basically, the possibility of changing between customers. This is the controller:

<?php
require_once 'Mage/Customer/controllers/AccountController.php';

class Smile_MultiLogin_ChangeController extends Mage_Customer_AccountController
{
    public function userAction()
    {
	//There are two variables to retrieve from the post: the current customer id (customer_id) and the new customer id (managed_id)
	$data = $this->_filterPostData($this->getRequest()->getPost());

	$managerid = $data['customer_id'];
	$sourceid = Mage::getSingleton('customer/session')->getCustomerId();

	//We need to be sure that the customer that is asking for the change is the actual customer that has rights to do so. In that case, proceed
	if ( $managerid == $sourceid )
	{
	    $customer = Mage::getModel('customer/customer')->load($data['managed_id']);

	    $preferedStoreViewId = $customer->getPreferedStoreViewId();

	    $session = $this->_getSession();
	    if ($session->isLoggedIn()) {
		$session->logout();
	    }

	    if (!$preferedStoreViewId > 0)
	    {
		$customer->getWebsiteId();
		$preferedStoreViewId = Mage::app() ->getWebsite($customer->getWebsiteId())->getDefaultStore() ->getStoreId();
		$params = session_get_cookie_params();
		setcookie(
		    'frontend',
		    '',
		    time() - 42000,
		    $params["path"],
		    $params["domain"],
		    $params["secure"],
		    $params["httponly"]
		  );
		session_regenerate_id();
		session_name('frontend');
		session_start();

		$customer->setPreferedStoreViewId($preferedStoreViewId);
		Mage::app()->setCurrentStore( Mage::getModel('core/store')->load($preferedStoreViewId) );
		Mage::getSingleton('customer/session')->setCustomerAsLoggedIn($customer);
		$this->_redirectUrl(Mage::app()->getStore($preferedStoreViewId)->getBaseUrl());
	    }
	}
    }
}

As you can see in there, when the customer wants to change the session it sends a post action whith the parameter «managed_id». The form that asks for this:

<pre><?php if ($managed = $this->getManaged()){ ?>
<div class="grandes_cuentas_box">
    <?php echo $this->__('Choose a customer to log in as');?>
    <br/><br/>

    <form action="<?php echo Mage::getBaseUrl(); ?>multilogin/change/user" method="post">
        <input type="hidden" name="customer_id" value="<?php echo Mage::getSingleton('customer/session')->getCustomerId(); ?>" />

        <select name="managed_id">
        <?php foreach ( $managed as $managed_customer){
        ?>
        <option value="<?php echo $managed_customer['id']; ?>"><?php echo $managed_customer['name']; ?></option>
        <?php } ?>
        </select>
        <input type="submit" value="<?php echo $this->__('Change Customer');?>"/>
    </form>
</div>
<?php } ?>

The block code:

<pre><?php

class Smile_MultiLogin_Block_Login extends Mage_Core_Block_Template
{
	public function _prepareLayout()
	{
		return parent::_prepareLayout();

	}

	public function getManaged()
	{
		$customer_id = Mage::getSingleton('customer/session')->getCustomer()->getID();
		$customer = Mage::getModel('customer/customer')->load($customer_id);

		if ( $customer->getData('managed_users') )
		{
		$ids_managed = $customer->getData('managed_users'); //.','.$customer_id; //if we want to add our own user (for future development)
		$ids_managed = explode( ",", $ids_managed );

		foreach ( $ids_managed as $k => $id_managed )
		{
			$managed[$k]['id'] = $id_managed;
			$customer_managed = Mage::getModel('customer/customer')->load($id_managed);
			$managed[$k]['name'] = $customer_managed->getName();
		}

		return $managed;
		}
		else
			return false;
	}
}</pre>
</div>
<div>

If someone is interested on the complete package, just ask me for it. I think that this should be fair enough to help you working with “logins”.

Download | MultiLogin Extension complete code (ready to paste)

From → Extensions

2 Comments

Oğuz Çelikdemir permalink

Hi,
if you don’t mind, could you please share with me the complete package? If you don’t mind, I would like to try our website.

Reply
- magenting permalink
  
  Sure, Oğuz, I’ll send it to you be email.
  
  Reply

Leave a comment Cancel reply

Recent Posts

Archives

Categories

Meta