Restrict Access to a Product Page in Miva Merchant

I have received numerous requests for some code I wrote to password protect a product page in Miva Merchant 5 (or 5.5), so I thought I'd share it here. This code was originally written for a site that wanted to implement custom product pricing using the Emporium Plus External Product Purchase module, but wanted to ensure that only staff members could access the page.

Note: This code requires the Tool Kit from Emporium Plus. If you have a Miva Merchant 5 (or 5.5) store, the Tool Kit is an immensely valuable module that allows developers and store owners enormous flexibility in customizing their stores. It is beyond worth the money (and no, I don't get anything for saying so except the satisfaction of spreading the word about an extremely useful tool).

To use the code below:

1. Set up an availability group, and assign authorized customers to this group.
2. Substitute your desired product code where indicated by the text YOUR_PRODUCT_CODE_HERE (2 places).
3. Substitute your availability group name (not code!) for the AVAILABILITY_GROUP_NAME in the code below.

This code is designed to work on the main screen of the regular PROD page. If you're using a template manager, you can remove the conditional that tests for the product code.

<html>
<head>
<title>&mvt:store:name;: &mvt:product:name;</title>
<base href="&mvt:global:basehref;">
<mvt:item name="head" param="head_tag" />
</head>

<mvt:item name="body">
<mvt:item name="hdft" param="global_header" />

<tr><td align="left" valign="bottom">
<mvt:item name="hdft" param="header" />
</td></tr>
<tr><td align="left" valign="top" bgcolor="&mvt:colors:ctgy_bg;">
<table border="0" cellpadding="10" cellspacing="0">
<tr><td align="left" valign="top" nowrap>
<mvt:item name="fonts" param="ctgy_font">
<mvt:item name="customerlink" />
<mvt:item name="affiliatelink" />
<mvt:item name="category_tree" />
</mvt:item>
</td></tr>
</table>

</td><td align="left" valign="top" width="80%">
<br>
<blockquote>
<mvt:comment>Test for desired product code</mvt:comment>
<mvt:if expr="l.settings:product:code EQ 'YOUR_PRODUCT_CODE_HERE'">

<mvt:comment>Check to see if customer is logged in</mvt:comment>
<mvt:if expr="g.Basket:CUST_ID">

<mvt:comment>Check to see if customer is a member of your availability group</mvt:comment>
<mvt:item name="toolkit" param="agroup|acount" />
<mvt:foreach iterator="customer_agroup" array="customer_agroups">


<mvt:comment>Set test variable for use later in the page</mvt:comment>
<mvt:if expr="l.settings:customer_agroup:name EQ 'YOUR_AVAILABILITY_GROUP'">
<mvt:item name="toolkit" param="sassign|staffid|1" />
<mvt:item name="prod_ctgy_hdft" param="prod_header" />
<mvt:item name="prod_ctgy_hdft" param="prod_header" />
<mvt:item name="product_display" />

<mvt:if expr="l.settings:product_count NE 0">
<br><br>
<mvt:item name="fonts" param="hdr_font">
<b>Related Item(s)</b><br>
</mvt:item>

<mvt:item name="product_list" />
</mvt:if>
<mvt:item name="prod_ctgy_hdft" param="prod_footer" />
</blockquote>

</mvt:if>
</mvt:foreach>
</mvt:if>


<mvt:comment>If staffid variable not set, display login</mvt:comment>
<mvt:if expr="g.Basket:CUST_ID AND (g.staffid NE '1')">
          <p>This page is for internal use only.</p><br><br><br>
          <p><a href="http://domain.com"><img src="graphics/00000001/continue_shopping.jpg"
alt="Continue Shopping"></a></p>

<mvt:elseif expr="g.staffid NE '1'">


          <p>This page is for internal use only.  Staff members may log in below.</p>
<form method="post" action="&mvt:global:secure_sessionurl;" class="loginform">
<input type="hidden" name="Store_Code" value="&mvte:store:code;">
<input type="hidden" name="Screen" value="PROD">
<input type="hidden" name="Product_Code" value="YOUR_PRODUCT_CODE_HERE">
<label for="user">Username</label><input type="text" id="user" size="20" name="Customer_Login"
value="&mvte:global:Customer_Login;"><br><br>
<input type="radio" name="Action" value="LOGN" checked="checked" style="display: none;">
<label for="pass">Password:</label> <input type="password" id="pass" size="20"
name="Customer_Password"><br><br>
<mvt:item name="buttons" param="Login" /><br><br>
</form>

</mvt:if>

<mvt:comment>For all other products, display the regular layout</mvt:comment>

<mvt:else>

<mvt:item name="product_display" />

<mvt:if expr="l.settings:product_count NE 0">
<br><br>
<mvt:item name="fonts" param="hdr_font">
<b>Related Item(s)</b><br>
</mvt:item>

<mvt:item name="product_list" />
</mvt:if>
<mvt:item name="prod_ctgy_hdft" param="prod_footer" />
</blockquote>

</mvt:if>

</td></tr>

<tr><td align="left" valign="bottom">
<mvt:item name="hdft" param="footer" />
</td></tr>
</table>

<mvt:item name="hdft" param="global_footer" />
</mvt:item>
</html>

Happy Mid-Year!

Ok, ok, I know there isn't really such a thing as Happy Mid-Year. But one of my New Year's Resolutions for this year was to post regularly to my blog. It doesn't take a rocket scientist to see that didn't exactly happen. So I figured rather than beat myself up over it, I'd declare a new Mid-Year Resolution.

In honor of Happy Mid-Year, I'd like to express some thoughts on the new Miva Merchant 5.5. A party atmosphere is definitely fitting here. Miva Merchant 5.5 not only provides a more aesthetic admin interface, it breaks out some handy new features for developers and store owners alike.

Among my favorites is the new Quick Find feature in the top navigation. The ability to instantly do a product, category, order or customer search without having to first expand multiple menus comes in very handy.

Another favorite is the new category and product sorting feature. Click through to a category, select Category Order: Show and simply enter the new sort order in the text boxes. Click Update to re-order multiple categories or products at once, or enter the new display order number in a single box and hit Enter on your keyboard to move that item to the new location.

The new SEO options are a great benefit to store owners. Products and Categories now have built-in meta tags and store owners can set up search engine friendly links with just a click.

Designers and developers will greatly benefit from the new Dreamweaver integration and the frameworks system. There are still a few bugs being worked out here, but these features show great promise for helping non-technical designers and store owners build an attractive, user friendly site.

Developers will also be pleased to have full access to the underlying template system. Category tree and attribute templates are now fully accessible without module purchases, making creation of a completely custom layout a breeze.

The launch of 5.5 hasn't been without its hiccups, but the new MM management has shown great responsiveness in dealing with them. If you liked the earlier versions of Miva Merchant, the new MM5.5 will definitely please.

My only complaint about the new look is that the "Log in securely" link is no longer very prominent on the admin login page. My favorite webhost for both Miva Merchant hosting and non-Miva sites, Hostasaurus, suggested this easy to implement solution. Just add the following lines to your .htaccess file to force admin pages to secure so that remembering to click the link is no longer an issue.

RewriteEngine On
RewriteCond %{REQUEST_URI} /mm5/admin.mvc
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https://www.domain.com/mm5/admin.mvc [R]