Earlier versions of Magento were susceptible to a form of session fixation vulnerability, which can have quite serious consequences even without anyone trying to exploit it maliciously. Visitors may unwittingly follow a link to a Magento site, and be logged in as another user without performing any actions. This results in multiple visitors sharing a session and causes confusion as they add and remove things from the same cart, and potentially even allows them to view another customer's details and place orders under their account.
The Magento order process completes with an order success page confirming that the order has been received and displaying the order number. This poses a problem for orders with non-instantaneous payment methods (like Check/Money Order) since the necessary payment details are then only available to customers during the payment step before the order is placed and customers need to know to note these down. Ideally you want any necessary payment information to be shown to the customer once they have finished placing the order.
A commonly used Magento feature is the ability to place customers into different customer groups. These customer groups can then be used in a number of ways, such as tiered pricing where each customer group may have different pricing applied. By default, Magento does not include a means of automatically sorting customers into different groups when the customer account is created; instead they must be assigned manually. This post follows on from our creating custom customer attributes post and shows how to automate customers being assigned to groups based upon information they have provided when signing up, whether from a custom or default customer attribute.
First of all, you need to find the Magento core file that provides the API method you want to extend. These are generally in model files called Api.php or under directories called Api. For example, I recently needed to look up customer orders by their IDs, as opposed to their increment IDs (aka their order numbers, such as '#100000003'). After some searching, I found the file that contains the relevant code at app/code/core/Mage/Sales/Model/Order/Api.
$conn = Mage::getSingleton('core/resource')->getConnection('core_read'); This will return a Varien_Db_Adapter_Pdo_Mysql object, a subclass of Zend_Db_Adapter_Abstract, which will allow you to run the Zend adapter methods directly. For example:
// Prints a list of all website names $results = $conn->fetchAll("SELECT * FROM core_website;"); foreach($results as $row) { echo $row['name'] . "\n"; } Note the use of the core_read parameter in the getConnection call - this instructs Magento as to which resource to use.
The simplest way to display custom attributes is to enable them on product view pages, where they normally show up as a table. Design files can be edited to display custom product attributes elsewhere on the product view page. When a Magento product object gets loaded in a template file, any custom attributes that have been added to products are also accessible. The method used to retrieve the values depends on the type of attribute.
Breadcrumbs and page titles Removing the breadcrumbs block should not be very difficult since it is just one line in the /layout/page.xml file. However, if you were to remove breadcrumbs by changing the /layout/page.xml file it will adversely affect page titles, which may not be what you expect.
The underlying issue is related to Magento's built-in flexibility that allows breadcrumbs to be used with page titles. The breadcrumbs block needs to be part of the page in order for page titles to be processed correctly.
In addition to the feed generators, there are some incremental improvements to the rest of the extension, most notably in the BPAY and direct deposit functionality, which now have their own order statuses to help administrators determine at a glance which payment method was used to place an order.
We hope these changes will continue to provide Australian online retailers with commonly desired functionality for running a Magento website in Australia.
Installing jQuery jQuery can be downloaded from jquery.com and to install it you need to copy the file to the following directory:
skin/frontend/default/your_theme/js To include jQuery you need to edit layout/page.xml where you need to add the following to the head block:
<action method="addItem"><type>skin_js</type><name>js/jquery.js</name></action> Normally, this would be all you need to do, however because Magento also includes Prototype, there is a subtlety we need to deal with. jQuery uses '$' as shorthand for accessing the jQuery library.
Looking for instructions for Magento 2? Take a look at the new post How to set up a Magento 2 store for Australia.
Running Magento stores in Australia differs very little from any other country, but there are a few things that you need to do for compliance with ATO requirements and to ensure that Magento calculates taxes correctly. The following is an outline of the necessary configuration and settings you may need to consider when setting up Magento for an Australian store.