It is sometimes necessary to restrict access to a store for customer authenticated. This is needed for B2B websites for example. Here is a module that allows you to redirect anyone not connected to the login page.
Installation
Extension is available on GitHub: https://github.com/jreinke/magento-require-login
You have 2 ways to install it:
- Manual installation : download package here, unzip in Magento root folder, then clean cache.
- Installation with modgit:
modgit -e README.md clone require-login https://github.com/jreinke/magento-require-login.git
See a full example of how to use
modgit
here.
Configuration
Go to “System > Configuration > Bubble RequireLogin”:
Of course, some routes must still be accessibles even if authentication is required. This is the case for password forgotten, password reset, account creation, etc. That’s why a whitelist parameter is available as a regular expression. Be careful when modifying it!
48 Responses to “A Magento module to require login on your store”
Super utile en effet pour du B2B !
Merci pour tous les modules que tu publies ces derniers temps, bien cool !
Hello Johann,
If someone visits the store home page and is not logged in, I would like to have them redirected to the login page. Will this plugin do that?
Thanks,
Garry
Hi!
This module does not allow this but you can easily take inspiration from it to do so.
Hello,
When trying to log in using Safari, I sometimes get redirected to a page like this: ://?SID=2a52afee5970e1064664aefee7c5b187
I believe this has to do with this module, since I can’t find any help or idea’s when looking for Magento Login Troubles.
Any word on if this is the case?
Module works great otherwise.
Kind regards,
Pieter
Hi!
Difficult for me to reproduce the issue. Can you give more info on how to reproduce this?
Hi Johan,
Some general Info:
1 Website
2 Stores: B2B & B2C
B2B Has login required, B2C does not and also has no catalog.
The problem happens when the customer comes in from the splash page (outside of Magento installation folder). He gets the Login Form presented, fills in details and clicks submit. One of the following redirects will lead to “://?SID=2a52afee5970e1064664aefee7c5b187″.
The only case this (sometimes) doesn’t happen if AFTER logging out the user immediatly clicks the ‘Log in’ link again. In about 70% of the cases, he wil log in correctly and get redirected to his Account page. But this does fail sometimes.
If after logging out he visits any page and then tries to log in again (since the login form wil get presented anyway), it will result in the wrong redirect once again.
Hope this helps some, thanks in advance anyway!
I’m having a similar issue. Whenever a customer completes the login form, it directs them to https://localhost//://:/// (I force https, but this was happening before forcing https).
Encountered a similar issue:
loginPost was redirecting to ://?SID=…
except that it was happening systematically. Under Safari, users were even unable to login.
Delete line 16:
$session->setBeforeAuthUrl($requestString);
It should work.
I struggle 2 days in a raw on this issue… Hope this helps others.
Hi Johann,
First of all thankyou for the very nice and usefull extension for magento.
I have a question: it’s possible to make visible the cms pages as like who_we_are or contact_page ?
If yes how can they be added to the expression?
Greetings,
David
I solved the problem adding customer/account/ in front of the url-key of the cms pages and added the name in the string
Hello, we are running Magento CE 1.7.0.2. I just installed your extension and when I access the admin panel….. System>Configuration> Bubble I get a 404 Error – Page not found in the right column. I can send you screen shots if needed. Thank you for any help!
Hi,
You have to logout and login again for ACL refreshing.
Doh! should have tried that. Thanks – it works now.
Bonjour Johann,
Votre module est parfait pour le site B2B que je développe.
Actuellement, j’aimerai pouvoir laisser accès à la page d’accueil.
Après plusieurs tentatives infructueuses, je n’ai toujours pas réussi à trouver comment ajouter cette dernière dans l’expression régulière.
Pourriez-vous m’aider ?
D’avance merci,
Clément
German Translation for Bubble RequireLogin
(app\locale\de_DE\Bubble_RequireLogin.csv) :
Maybe its usefull
“Login Options”,”Anmeldeoption”
“Require Login”,”Login erforderlich”
“Require Login Whitelist”,”Login nicht erforderlich bei diesen URLs”
“Regular expression that is used to match request strings that do not need customer authentication.”,”Regulärer Ausdruck für die URLs, die keine Authentifizierung benötigen.”
“Full overview available”,”Komplette Übersicht verfügbar ”
“here”,”hier”
“Bubble RequireLogin is a module that can force user authentication in frontend.”,”Bubble RequireLogin ist ein Modul welches die Benutzeranmeldung im Frontend erzwingt.”
“http://www.bubblecode.net/en/2012/05/15/a-magento-module-to-require-login-on-your-store/”,”http://www.bubblecode.net/2012/05/15/a-magento-module-to-require-login-on-your-store/”
Very interesting article, I downloaded the zip file with the content and I did copy the files inside my magento installation.
After you have logged in I went into the configuration of my site and I will return this error: 500 internal server error.
Could you give me a hand, to understand what’s the problem?
same prob.. not sure how to solve it
Thanks
is it possible make a login form?
like this: http://www.design3edge.com/wp-content/uploads/demo/fresh-login-form-demo.jpg
Great module! I would like to include some CMS pages that are visible without the login. However, I can’t seem to find the best way to alter the regular expression. Any help appreciated!
Whoops, already found the answer. Maybe it can help someone.
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|your-page#
Hi Petrick, what expression should be included for homepage. So that http://www.example.com should not ask for login.
Fantastic module! Is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?
Any ideas?
Merci pour ton travail install parfaite
Its Great! But is it possible to make an exception for the hompage, so the visitor can see the hompage without the need to login?
Hi,
Here is the syntax to include the homepage:
#(^/$|^$|customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))#
Copied into my test store and got this when trying to access Configuration section in the admin menus:
Fatal error: Class ‘Bubble_RequireLogin_Helper_Data’ not found in /html/STORE/app/Mage.php on line 546
I’m using version 1.7.0.2
Figured it out. When I FTP’d to my server the file permissions for the Data.php file were wrong.
I’ve installed this, but it just goes into a page refresh loop at the login page. This stops happening when I disable the module.
I also have this problem, login redirects back to the login page
Do not forget to whitelist your IPN urls.
Replace
“`
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))#
“`
with
“`
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))|(paypal/\ipn\/)#
“`
Good thing, thanks…
But how do i add the wishlist to the whitelist?
This is great! But is there a way to shift the whitelist to a blacklist, maybe? So that I can specify a particular section that needs to be passworded without having to whitelist the other pages?
Thanks…its perfectly work in magento 1.8…nice tutorial ..
Hello, thanks for this great module! It works great with 1.8. However, using the standard configuration, the API can’t seem to connect. For those who have this problem, simply add ‘|api’ at the end of the whitelist.
Hello,
I have an issue regarding this extension.
I am using another extension to allow suppliers to update informations on products so I need to allow the route /supplier/, how can I do that ?
I tried modifying the existing whitelist but without success.
Thank you in advance for your answer!
My bad I just found the answer in the previous comments,
As @Patrick said :
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|your-page#
So I replaced it with my page :
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword))|supplier#
And everything worked out
Thank you for this great extension!
when i try to access api http://xxxx.com/api/v2_soap?wsdl=1
redirecting to login page,how can i access api
You can probably add that path to the whitelist.
i have an issue with this extension when i try to access magento api its redirecting to loging page.
thank you
I’ve recently implemented that feature. But additionally I needed to show different prices for wholesale and retail customers. So I installed customer group catalog by amasty.
I am looking for a way that only I can add accounts for people to login. What would be the steps to accomplish this ?
Does it work with 1.9.1.1?
Work also on Magento 1.9.0.1
Thanks fo nice extension!
I’m having an issue where ever since I installed this plugin, once a user logs in, it directs them to https://localhost//://:///
Any idea?
PS. Once authenticated and sent to https://localhost//://:///, if I put in the main url again, the session is valid and I get into the store.
call to SOAP API’s are not working,
I have added ‘api’ in the expression as below,
#(customer\/account\/(log(in|out)|forgotpassword|resetpassword|create))|(paypal/\ipn\/)|api#
I can see XML’s by using
http://yourdomain.com/api/soap/?wsdl
But gets following error while accessing soap API via coding
SoapFault exception: [HTTP] Error Fetching http headers
It runs fine if I Disable module from xml file
I’m not a programmer so I need to know what to put into the “Require Login Whitelist” to have username=”riley” and password=”webstack”. I just want to protect store from entry.
Thanks for your assistance
John
Dear Johann,
First thanks for the module, it is working quite well.
But my problem is a little bit complicated. I have multiple magento stores and I am using a single hosting and use addon domains. I’ve some ajax requests to get some blocks and for this purpose I’ve enabled cors. It is working well on Chrome but on Firefox when you have cors and do an ajax request when I’ve used your module, for all these requests the login page is also shown inside these blocks? So can you help me with this? Do you know this problem? I’ve checked all over the internet with no luck.
For chrome the ajax request returns 200 OK.
But for firefox it returns 302 Temp redirect and gets the login page for this store and show it inside every block for every ajax request?
Thanks
Hi,
Please advise
Password reset link redirects to login page, unable to reset password.
Minor change, but I noticed that you cannot actually change your forgotten password in magento 1.9 since domain.com/forgottenpassword link that you get in the forgotten password email redirects to another page with url “changeforgotten” so my current filter look like:
#^/$|^$|customer\/account\/(log(in|out)|forgotpassword|resetpassword|create|changeforgotten)|paypal\/ipn#