Securing Magmi - goodbye complicated coding, hello auto authentication

| Posted by absolute

As a leading Magento development agency, we strive to make Magento simpler and easier to manage for online business owners, and our Head of Development, Liam Wiltshire, sets the benchmark for improved functionality.

Liam recently wrote a patch for Magmi, which includes built-in authentication, meaning heightened security for our customers. This patch has been accepted into the Magmi code base, which is great news for our Magento users, who can now simply download Magmi here, without the need for inserting extra code. So, download Magmi and blissfully ignore the complicated process below.

To add authentication to Magmi, just insert the following code into ./magmi/web/head.php, directly after the opening PHP tag, and before any other code:

 function authenticate($username=”“,$password=”“){
require "../../app/Mage.php";
Mage::app('default');
$user = Mage::getModel('admin/user');
$user->login($username,$password);
$result = $user->getId(); 
return $result ? true : false;
} 
if (!isset($_SERVER[‘PHP_AUTH_USER’])) { 
header('WWW-Authenticate:Basic realm="Magmi"'); 
header('HTTP/1.0 401 Unauthorized'); 
echo 'You must be logged in to use Magmi'; 
die(); 
} else {
if (!authenticate($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])){ 
header('WWW-Authenticate: Basic realm="Magmi"');
header('HTTP/1.0 401 Unauthorized'); 
echo 'You must be logged in to use Magmi'; 
 die(); 
} 
} 
/***************** *********************/