Magento Themes and Magento Extensions

Custom Account/Registration Fields

Posted on November 28th, 2014 | Posted by admin

I am busy on a big project about Magento.
I will update the blog as my work notes.

We will add four fields into Account/Registration Page.

Four core files:

app/design/frontend/default/yourtheme/template/customer/form/register.phtml – Has the HTML form for initial registration Note: this file will also be used for a one-shot database extension

app/design/frontend/default/yourtheme/template/customer/form/edit.phtml – Has the HTML form for edit by customers

app/code/core/Mage/Customer/Model/Entity/Setup.php – Has an array full of customer attributes to use for registration

app/code/core/Mage/Customer/etc/config.xml – Has a description of fields to be used in the forms

app/code/core/Mage/Customer/controllers/AccountController.php – For checkbox option

On the Register.html:

Frontend performance: why should you care?

Posted on November 27th, 2014 | Posted by admin

Speed is the most important feature of any online store. If it is too slow, people will just not use it. It may have great products, low prices, the most beautiful interface, but if it takes forever to load, people will just go away.

In the offline world, we often have to wait. Line in the bank, security control at the airport, checkout line at the grocery store… pick your favorite. “I had such a great time waiting in the line for 3 hours” – said no one, ever…  People hate waiting.

On the other hand, in the online world, we have ability to serve thousands of customers in the same time. Immediate service. And that’s exactly what people expect. They expect websites to load in 2 seconds or less. Almost half of customers will abandon the website if it takes more than 3 seconds to load, and most of them will never come back.

Session and cookie in Magento

Posted on November 26th, 2014 | Posted by admin

Magento provides very easy way to handle Cookie and session.
Magento session:
Magento session is handle by core Module ‘core/session’. Here is the way to save Session in magento

$session = Mage::getSingleton('core/session');
$session->setData('my_magento_session', array('id' => "my_session_id_value", 'setAt' => time()));

This will store a array of session “my_magento_session”.
we can get store session like this

$mysession = Mage::getSingleton('core/session')->getData('my_magento_session');
$sessionId = $mysession["id"];

and session can be removed with setting session variable null

Magento Session Fixation Workaround

Posted on November 21st, 2014 | Posted by admin

Earlier versions of Magento were susceptible to a form of session fixation vulnerability, which can have quite serious consequences even without anyone trying to exploit it maliciously. Visitors may unwittingly follow a link to a Magento site, and be logged in as another user without performing any actions. This results in multiple visitors sharing a session and causes confusion as they add and remove things from the same cart, and potentially even allows them to view another customer’s details and place orders under their account. Luckily the issue has a simple fix in version 1.4 and later, but in this post we’ll also detail a precaution that can be taken to guard against this in earlier versions.

The problem stems from a feature whereby the session ID is passed as a GET parameter when the URL by which the current Magento store is being accessed doesn’t match that store’s base URL. This feature was designed to support a user freely switching between stores within the one site. However, it is quite common for a site to be accessible by two or more URLs (e.g. domain both with and without www), and links that are generated when accessing the site via any URL that is not the base URL will have a SID parameter included in the query string. If a URL of this form is then distributed to many people through an email campaign, ad link, data feed, or by other means, then they may share the session

Understanding Full Page Cache in Magento Enterprise

Posted on November 20th, 2014 | Posted by admin


The answer the the first question is, quite literally, full page caching involves the storage of the full output of a page in a cache, so that in subsequent page loads will not require much server load at all. For high-traffic Enterprise level eCommerce sites, full page caching is imperative in order to keep server load as low as possible, and to avoid downtime during periods of high traffic. If 1000 users are visiting the site at the same time, the amount of memory used with full page caching enabled is inconsequential when compared to the server load caused by 1000 users instantiating Magento at once. Additionally, full page caching will increase site speed, since all the server needs to do is fetch and render the page from the cache. So, now that we’ve established that full page caching (henceforth FPC) is important, let’s evaluate it critically.

Page 1 of 212»