Securing Magmi - goodbye complicated coding, hello auto authentication

As a leading Magento development agency, we strive to make Magento simpler and easier to manage for online business owners.

Liam recently wrote a patch for Magmi, which includes built-in authentication, meaning heightened security for our customers. This patch has been accepted into the Magmi code base, which is great news for our Magento users, who can now simply download Magmi, without the need for inserting extra code. So, download Magmi and blissfully ignore the complicated process below.

To add authentication to Magmi, just insert the following code into ./magmi/web/head.php, directly after the opening PHP tag, and before any other code:

 function authenticate($username=”“,$password=”“){
require "../../app/Mage.php";
Mage::app('default');
$user = Mage::getModel('admin/user');
$user->login($username,$password);
$result = $user->getId(); 
return $result ? true : false;
} 
if (!isset($_SERVER[‘PHP_AUTH_USER’])) { 
header('WWW-Authenticate:Basic realm="Magmi"'); 
header('HTTP/1.0 401 Unauthorized'); 
echo 'You must be logged in to use Magmi'; 
die(); 
} else {
if (!authenticate($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])){ 
header('WWW-Authenticate: Basic realm="Magmi"');
header('HTTP/1.0 401 Unauthorized'); 
echo 'You must be logged in to use Magmi'; 
 die(); 
} 
} 
/***************** *********************/