From 991996697dd5e1f529d9e1a36eff465e4256ebf3 Mon Sep 17 00:00:00 2001 From: "jove@bisquerra.com" Date: Thu, 14 May 2020 18:03:22 +0200 Subject: [PATCH 1/4] Public photos for customers with TakePOS --- htdocs/takepos/genimg/index.php | 6 +++--- htdocs/takepos/phone.php | 4 ++-- htdocs/takepos/public/auto_order.php | 1 + htdocs/viewimage.php | 12 ++++++++++++ 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/htdocs/takepos/genimg/index.php b/htdocs/takepos/genimg/index.php index a5686054193..c2bb62b9322 100644 --- a/htdocs/takepos/genimg/index.php +++ b/htdocs/takepos/genimg/index.php @@ -25,7 +25,7 @@ if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); -require '../../main.inc.php'; // Load $user and permissions +if (!defined('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE')) require '../../main.inc.php'; // Load $user and permissions $id = GETPOST('id', 'int'); $w = GETPOST('w', 'int'); @@ -72,12 +72,12 @@ elseif ($query == "pro") $objProd = new Product($db); $objProd->fetch($id); - $image = $objProd->show_photos('product', $conf->product->multidir_output[$entity], 'small', 1); + $image = $objProd->show_photos('product', $conf->product->multidir_output[$objProd->entity], 'small', 1); preg_match('@src="([^"]+)"@', $image, $match); $file = array_pop($match); if ($file == "") header('Location: ../../public/theme/common/nophoto.png'); - else header('Location: '.$file.'&cache=1'); + else header('Location: '.$file.'&cache=1&publictakepos=1'); } else { diff --git a/htdocs/takepos/phone.php b/htdocs/takepos/phone.php index 8714173e45f..d506c64d2fc 100644 --- a/htdocs/takepos/phone.php +++ b/htdocs/takepos/phone.php @@ -77,7 +77,7 @@ if ($action=="productinfo"){ $prod = new Product($db); $prod->fetch($idproduct); print "".$prod->label."
"; - print ''; + print ''; print "
".$prod->description; print "
".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency).""; print '
'; @@ -95,7 +95,7 @@ elseif ($action=="editline"){ $prod = new Product($db); $prod->fetch($line->fk_product); print "".$prod->label."
"; - print ''; + print ''; print "
".$prod->description; print "
".price($prod->price_ttc, 1, $langs, 1, -1, -1, $conf->currency).""; print '
'; diff --git a/htdocs/takepos/public/auto_order.php b/htdocs/takepos/public/auto_order.php index c7612711df0..910c00327b4 100644 --- a/htdocs/takepos/public/auto_order.php +++ b/htdocs/takepos/public/auto_order.php @@ -33,4 +33,5 @@ $_SESSION["takeposterminal"] = 1; define('INCLUDE_PHONEPAGE_FROM_PUBLIC_PAGE', 1); if (GETPOSTISSET("mobilepage")) require '../invoice.php'; +elseif (GETPOSTISSET("genimg")) require DOL_DOCUMENT_ROOT.'/takepos/genimg/index.php'; else require '../phone.php'; diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 3cb23b36fbc..39795b62fd8 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -59,6 +59,14 @@ if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip } +// Used by TakePOS Auto Order +if (isset($_GET["publictakepos"])) +{ + if (!defined("NOLOGIN")) define("NOLOGIN", 1); + if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. + if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip +} + // For multicompany $entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : 1)); if (is_numeric($entity)) define("DOLENTITY", $entity); @@ -195,6 +203,10 @@ if (!empty($hashp)) $accessallowed = 1; // When using hashp, link is public so we force $accessallowed $sqlprotectagainstexternals = ''; } +elseif ($conf->global->TAKEPOS_AUTO_ORDER && isset($_GET["publictakepos"])) +{ + $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable +} else { // Basic protection (against external users only) From 3295b0d669541c24849f51f772d4487b708ddf3b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 May 2020 14:14:05 +0200 Subject: [PATCH 2/4] Update viewimage.php --- htdocs/viewimage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index 39795b62fd8..c72a4e0424e 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -203,7 +203,7 @@ if (!empty($hashp)) $accessallowed = 1; // When using hashp, link is public so we force $accessallowed $sqlprotectagainstexternals = ''; } -elseif ($conf->global->TAKEPOS_AUTO_ORDER && isset($_GET["publictakepos"])) +elseif (! empty($conf->global->TAKEPOS_AUTO_ORDER) && isset($_GET["publictakepos"])) { $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable } From f35a618699830aadfaedbf5fbcf9bc8dc7b307db Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 May 2020 14:29:04 +0200 Subject: [PATCH 3/4] Update index.php --- htdocs/takepos/genimg/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/takepos/genimg/index.php b/htdocs/takepos/genimg/index.php index c2bb62b9322..e668b01aacb 100644 --- a/htdocs/takepos/genimg/index.php +++ b/htdocs/takepos/genimg/index.php @@ -77,7 +77,7 @@ elseif ($query == "pro") preg_match('@src="([^"]+)"@', $image, $match); $file = array_pop($match); if ($file == "") header('Location: ../../public/theme/common/nophoto.png'); - else header('Location: '.$file.'&cache=1&publictakepos=1'); + else header('Location: '.$file.'&cache=1&publictakepos=1&modulepart=product'); } else { From b8d7a4373c2deeba697b592eb6eb23fa19812e85 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 15 May 2020 14:34:24 +0200 Subject: [PATCH 4/4] Update viewimage.php --- htdocs/viewimage.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php index c72a4e0424e..b2534ee92dd 100644 --- a/htdocs/viewimage.php +++ b/htdocs/viewimage.php @@ -52,7 +52,7 @@ if (isset($_GET["hashp"]) && !defined("NOLOGIN")) if (!defined("NOIPCHECK")) define("NOIPCHECK", 1); // Do not check IP defined into conf $dolibarr_main_restrict_ip } // Some value of modulepart can be used to get resources that are public so no login are required. -if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) +if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias') { if (!defined("NOLOGIN")) define("NOLOGIN", 1); if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. @@ -60,7 +60,7 @@ if ((isset($_GET["modulepart"]) && $_GET["modulepart"] == 'medias')) } // Used by TakePOS Auto Order -if (isset($_GET["publictakepos"])) +if (isset($_GET["modulepart"]) && $_GET["modulepart"] == 'product' && isset($_GET["publictakepos"])) { if (!defined("NOLOGIN")) define("NOLOGIN", 1); if (!defined("NOCSRFCHECK")) define("NOCSRFCHECK", 1); // We accept to go on this page from external web site. @@ -203,9 +203,11 @@ if (!empty($hashp)) $accessallowed = 1; // When using hashp, link is public so we force $accessallowed $sqlprotectagainstexternals = ''; } -elseif (! empty($conf->global->TAKEPOS_AUTO_ORDER) && isset($_GET["publictakepos"])) +elseif (isset($_GET["publictakepos"])) { - $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable + if (! empty($conf->global->TAKEPOS_AUTO_ORDER)) { + $accessallowed = 1; // Only if TakePOS Public Auto Order is enabled and received publictakepos variable + } } else {