diff --git a/htdocs/takepos/genimg/index.php b/htdocs/takepos/genimg/index.php
index a5686054193..c2bb62b9322 100644
--- a/htdocs/takepos/genimg/index.php
+++ b/htdocs/takepos/genimg/index.php
@@ -25,7 +25,7 @@ if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
-require '../../main.inc.php'; // Load $user and permissions
+if (!defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) require '../../main.inc.php'; // Load $user and permissions
$id = GETPOST('id', 'int');
$w = GETPOST('w', 'int');
@@ -72,12 +72,12 @@ elseif ($query == "pro")
$objProd = new Product($db);
$objProd->fetch($id);
- $image = $objProd->show_photos('product', $conf->product->multidir_output[$entity], 'small', 1);
+ $image = $objProd->show_photos('product', $conf->product->multidir_output[$objProd->entity], 'small', 1);
preg_match('@src="([^"]+)"@', $image, $match);
$file = array_pop($match);
if ($file == "") header('Location: ../../public/theme/common/nophoto.png');
- else header('Location: '.$file.'&cache=1');
+ else header('Location: '.$file.'&cache=1&publictakepos=1');
}
else
{
diff --git a/htdocs/takepos/phone.php b/htdocs/takepos/phone.php
index 8714173e45f..d506c64d2fc 100644
--- a/htdocs/takepos/phone.php
+++ b/htdocs/takepos/phone.php
@@ -77,7 +77,7 @@ if ($action=="productinfo"){
$prod = new Product($db);
$prod->fetch($idproduct);
print "".$prod->label."
";
- print '
';
+ print '
';
print "
".$prod->description;
print "
".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency)."";
print '
';
@@ -95,7 +95,7 @@ elseif ($action=="editline"){
$prod = new Product($db);
$prod->fetch($line->fk_product);
print "".$prod->label."
";
- print '
';
+ print '
';
print "
".$prod->description;
print "
".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency)."";
print '
';
diff --git a/htdocs/takepos/public/auto_order.php b/htdocs/takepos/public/auto_order.php
index c7612711df0..910c00327b4 100644
--- a/htdocs/takepos/public/auto_order.php
+++ b/htdocs/takepos/public/auto_order.php
@@ -33,4 +33,5 @@ $_SESSION["takeposterminal"] = 1;
define('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE', 1);
if (GETPOSTISSET("mobilepage")) require '../invoice.php';
+elseif (GETPOSTISSET("genimg")) require DOL_DOCUMENT_ROOT.'/takepos/genimg/index.php';
else require '../phone.php';
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 3cb23b36fbc..39795b62fd8 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -59,6 +59,14 @@ if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias'))
if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip
}
+// Used by TakePOS Auto Order
+if (isset($_GET["publictakepos"]))
+{
+ if (!defined("NOLOGIN")) define("NOLOGIN", 1);
+ if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
+ if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip
+}
+
// For multicompany
$entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1));
if (is_numeric($entity)) define("DOLENTITY", $entity);
@@ -195,6 +203,10 @@ if (!empty($hashp))
$accessallowed = 1; // When using hashp, link is public so we force $accessallowed
$sqlprotectagainstexternals = '';
}
+elseif ($conf->global->TAKEPOS_AUTO_ORDER && isset($_GET["publictakepos"]))
+{
+ $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable
+}
else
{
// Basic protection (against external users only)