Merge pull request #13890 from andreubisquerra/master

Public photos for customers with TakePOS

htdocs/takepos/genimg/index.php

@@ -25,7 +25,7 @@ if (!defined('NOREQUIREMENU'))		define('NOREQUIREMENU', '1');
 if (!defined('NOREQUIREHTML'))		define('NOREQUIREHTML', '1');
 if (!defined('NOREQUIREAJAX'))		define('NOREQUIREAJAX', '1');
 
-require '../../main.inc.php'; // Load $user and permissions
+if (!defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) require '../../main.inc.php'; // Load $user and permissions
 
 $id = GETPOST('id', 'int');
 $w = GETPOST('w', 'int');
@@ -72,12 +72,12 @@ elseif ($query == "pro")
 
 	$objProd = new Product($db);
 	$objProd->fetch($id);
-	$image = $objProd->show_photos('product', $conf->product->multidir_output[$entity], 'small', 1);
+	$image = $objProd->show_photos('product', $conf->product->multidir_output[$objProd->entity], 'small', 1);
 
 	preg_match('@src="([^"]+)"@', $image, $match);
 	$file = array_pop($match);
 	if ($file == "") header('Location: ../../public/theme/common/nophoto.png');
-	else header('Location: '.$file.'&cache=1');
+	else header('Location: '.$file.'&cache=1&publictakepos=1&modulepart=product');
 }
 else
 {

htdocs/takepos/phone.php

@@ -77,7 +77,7 @@ if ($action == "productinfo") {
 	$prod = new Product($db);
     $prod->fetch($idproduct);
 	print "<b>".$prod->label."</b><br>";
-	print '<img class="imgwrapper" width="60%" src="'.DOL_URL_ROOT.'/takepos/genimg/index.php?query=pro&id='.$idproduct.'">';
+	print '<img class="imgwrapper" width="60%" src="'.DOL_URL_ROOT.'/takepos/public/auto_order.php?genimg=pro&query=pro&id='.$idproduct.'">';
 	print "<br>".$prod->description;
 	print "<br><b>".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency)."</b>";
 	print '<br>';
@@ -95,7 +95,7 @@ elseif ($action == "editline") {
 			$prod = new Product($db);
 			$prod->fetch($line->fk_product);
 			print "<b>".$prod->label."</b><br>";
-			print '<img class="imgwrapper" width="60%" src="genimg/index.php?query=pro&id='.$line->fk_product.'">';
+			print '<img class="imgwrapper" width="60%" src="'.DOL_URL_ROOT.'/takepos/public/auto_order.php?genimg=pro&query=pro&id='.$line->fk_product.'">';
 			print "<br>".$prod->description;
 			print "<br><b>".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency)."</b>";
 			print '<br>';

htdocs/takepos/public/auto_order.php

@@ -33,4 +33,5 @@ $_SESSION["takeposterminal"] = 1;
 
 define('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE', 1);
 if (GETPOSTISSET("mobilepage")) require '../invoice.php';
+elseif (GETPOSTISSET("genimg")) require DOL_DOCUMENT_ROOT.'/takepos/genimg/index.php';
 else require '../phone.php';

htdocs/viewimage.php

@@ -52,7 +52,15 @@ if (isset($_GET["hashp"]) && !defined("NOLOGIN"))
 	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip
 }
 // Some value of modulepart can be used to get resources that are public so no login are required.
-if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias'))
+if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')
+{
+	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);
+	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
+	if (!defined("NOIPCHECK"))		define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip
+}
+
+// Used by TakePOS Auto Order
+if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'product' && isset($_GET["publictakepos"]))
 {
 	if (!defined("NOLOGIN"))		define("NOLOGIN", 1);
 	if (!defined("NOCSRFCHECK"))	define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
@@ -195,6 +203,12 @@ if (!empty($hashp))
 	$accessallowed = 1; // When using hashp, link is public so we force $accessallowed
 	$sqlprotectagainstexternals = '';
 }
+elseif (isset($_GET["publictakepos"]))
+{
+	if (! empty($conf->global->TAKEPOS_AUTO_ORDER)) {
+		$accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable
+	}
+}
 else
 {
 	// Basic protection (against external users only)