Changing default category sort order in Magento

Posted on February 28th, 2011 | Posted by admin

Category toolbar has many options. By default is shows how many items are in the category, you can choose how many products you wish to be displayed per page, you can change the listing type (List or Grid) and you may choose Sort Order. This “Sort Order” can be confusing. The default “Sort Order” is “Best Value”. What does it mean? How is the Best value determined? Can we change the default sort order?

What is “Best Value” filed?

When you go to Category page in Magento administration, you will see “Category Products” tab. From there, you will see the list of products that are associated to this category. The last column in “Position”. That is how “Best Value” is determined. So, best value is not something that is dynamically calculated. You can tailor it to your likings.

CSRF Attack Prevention

Posted on February 28th, 2011 | Posted by admin

If you login to your Magento admin today, you are welcomed with message box that says:

CSRF Attack Prevention Read details!

Yesterday Magento team acknowledged CSRF vulnerability and provided solution in a form of tutorial to change admin path (frontName) of your Magento shop.

I find this approach strange and funny at the same time. Is hiding vulnerability new way of fixing it? Especially since some users of French Magento forums found similar problem in downloader (Magento connect manager). I can confirm this couse i tested it myself. The most funny part was that Magento cached my get request so i couldn’t get rid of my test alert box

Few fast tips for Magento admins:

1. Follow official Magento news, forums, updates.

2. Don’t click suspicious links. These kind of attacks are usually done through malformed links that admin clicks through mail, comment, or any other source.

3.  Clear “saved passwords” from browsers. Since most web browsers offer to remember passwords, and then autocomplete them,  these kind of attack could easily stole your password.

Custom admin theme in Magento

Posted on February 28th, 2011 | Posted by admin

As mentioned on Magento forums the easiest way to achieve this is with overriding adminhtml config with your local custom one and activate it as module.

This is just a small example of different approach with Admin Theme config option in admin panel, to show you how things can be done in different ways in Magento.

Since this is one of those “code talks, talk walks” examples, here it is: admintheme_example.rar.

It’s great example of small Magento module with simple event hooking and adding configuration fields through system.xml.

Follow directory structure, copy files to their place and you will notice new “Admin Theme” option in System->Configuration->General->Design (Default Config scope). Your theme goes in app/design/adminhtml/default/yourthemename folder. It doesn’t need to be whole theme of course, just the files you’re changing.

Disabling wishlist functionality

Posted on February 27th, 2011 | Posted by admin

If like many of the Magento store owners you find that some of the built-in features are not useful to you or to your customers you can always disable them via the admin interface buy disabling their respective modules.

Wishlist is not one of them.

To remove all of the traces of the wishlist functionality you need to do the following:

1. Go to the Admin interface (select the appropriate scope) and under System -> Configuration -> Customers -> Whishlist select “No” under the “Enabled” in the General options.

This will remove all of the whishlist links in the magento blocks as well as the whishlist itself.

2. Just to make things perfect you should check the (yourskinname)/template/catalog/product/view/addto.phtml and remove the “pipe” character from that file so that it doesn’t disturb the looks of your site

Custom Transactional Emails in magento

Posted on February 27th, 2011 | Posted by admin

Custom Transactional Emails in magento

Since transactional emails are very important for the process of online shopping you need to have them set up just the you want them and the default templates just don’t cut it. You need your own logo, email data and custom verbiage to be consistent with the image of your company.

Here how it’s done :

1. Creating custom transactional e-mails via Admin

a) In the admin panel of your magento installation go to:  System->Transactional Emails

You’ll be presented with a list of default emails.  You’ll need to create a custom email so the only way to avoid writing our custom templates from scratch is to use the existing code of the template.
Hint: If you want to see the template before copying, first click on the “Preview” button on the right.

Page 1 of 2012345»1020...Last »