Magento secure shopping cart
By
default, Magento shopping cart page is not secured, and does not need
to be. HOWEVER, customers don抰
know
that is does not need to be. When customers get to the shopping cart
page and find that it is not secure, they ASSUME that the checkout
process is not secure and DO NOT proceed to checkout. This results in
cart abandonment and a lost sale.
This
article assumes that you have gotten an SSL certificate installed and
already have the login, wishlist, and my account pages directing to
https by enabling ‘Use Secure URLs in Frontend’ in the Magento
admin panel -> Configuration -> Web. Making the entire site use
https is out of the question.
If
you like the feature, let’s see how
MB_SecureUrl
We’re
going to write a small extension that will force Magento to display
your cart using SSL. This extension only needs three files, so go
ahead and create them.
app/etc/modules/MB_SecureUrl.xml
|
1
2
3
4
5
6
7
8
9
|
<?xml
version="1.0"?><config> <modules> <MB_SecureUrl> <active>true</active> <codePool>community</codePool> </MB_SecureUrl> </modules></config> |
app/code/community/MB/SecureUrl/etc/config.xml
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
<?xml
version="1.0"?><config> <modules> <MB_SecureUrl> <version>0.5.0</version> </MB_SecureUrl> </modules> <frontend> <secure_url> <checkout_cart>/checkout/cart</checkout_cart> <checkout>/checkout/cart</checkout> </secure_url> <routers> <checkout> <args> <modules> <MB_SecureUrl
before="Mage_Checkout">MB_SecureUrl</MB_SecureUrl> </modules> </args> </checkout> </routers> </frontend></config> |
For
config.xml file, you will probably need to create a few directories
found in the path as they most likely don’t exist. Also, in this
extension we use [community] code pool as consider compatibility.
Because Magento CE 1.7 doesn’t support [local] code pool again.
app/code/community/MB/SecureUrl/controllers/CartController.php
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
<?phprequire_once
'Mage/Checkout/controllers/CartController.php';class
MB_SecureUrl_CartController
extends
Mage_Checkout_CartController{ /** *
Delete shoping cart item action */ public
function
deleteAction() { $id
=
(int) $this->getRequest()->getParam('id'); if
($id)
{ try
{ $this->_getCart()->removeItem($id) ->save(); }
catch
(Exception
$e)
{ $this->_getSession()->addError($this->__('Cannot
remove the item.')); Mage::logException($e); } } $url
=
Mage::getUrl('*/*'); if
($_SERVER['HTTPS']
== 'on')
{ $url
=
str_replace('http:',
'https:',
$url); } $this->_redirectReferer($url); }}?> |
CartController.php
rewrites Magento Core controller Mage_Checkout_CartController, but
only rewrite one action, deleteAction. That makes sure to redirect to
cart page still after remove an item form the cart.
To
get this working, refresh the Magento cache (don’t forget to
recompile the Magento compiler, if already enabled) and browse to
your shopping cart! If it isn’t working, check that you have
enabled SSL URL’s for the front end of your Magento site (System >
Configuration > Web > Secure > Use Secure URLs in Frontend).
Secure
Any Magento Page with SSL You Need
The
above extension will force the Magento shopping cart to use your
secure URL, but can easily be adapted to force any Magento page to
use SSL. To do this, simply add extra entries to the config.xml file
you just created, using the same syntax as the [checkout_cart]
option.
Hope
that helps
No comments:
Post a Comment