Displaying an uploaded image in the notification email

Start
Prev
1
Next
End

a2zcs
Topic Author
Offline

Posts: 268
Thank you received: 7
Hikamarket Frontedition Hikamarket Multivendor Hikaserial Standard Hikashop Business

1 year 10 months ago #348432

-- url of the page with the problem -- : bromarprintstore.com/
-- HikaShop version -- : 4.7.0
-- Joomla version -- : 4.2.6
-- PHP version -- : 8.1.14
-- Error-message(debug-mod must be tuned on) -- : n/a

On our catalog, we have a field that allows customers to upload an image to be included on the product they are ordering. My question is how can that image be included in the notification email without the need to be logged in to see it. This is for a very busy print shop that finds it very cumbersome to have to login just to retrieve an image from the order.

Thanks

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

1 year 10 months ago #348434

Hi,

That's a security measure to avoid non authorized users to be able to view files uploaded by users.

The dirty solution would be to:
- remove the htaccess on the media/com_hikashop/upload/safe/ folder so that anyone could access the uploaded files (provided they know the name of the file).
- change the line:

return '<a target="_blank" class="'.$class.'" href="'.HIKASHOP_LIVE.'administrator/index.php?option=com_hikashop&ctrl='.$download_link.'">'.$value.'</a>';

to:

return '<a target="_blank" class="'.$class.'" href="'.HIKASHOP_LIVE.'media/com_hikashop/upload/safe/'.$value.'">'.$value.'</a>';

in the file administrator/com_hikashop/com_hikashop/classes/field.php
That way, the admin email will contain the direct URL to the file so the admin receiving it will just have to click on the link to get the file, without any login needed.
This means anyone with the URL can access the file and also that you'll have to redo the change after each update of HikaShop.

A cleaner solution would be to develop a plugin to create your own custom field type extending from the "ajax image" or "ajax file" type and overridding the _showOne function to add some kind of password in the download URL provided in the admin email. With your custom type, the download URL will trigger the onFieldFileDownload(&$found, $name, $field_table, $field_namekey, $options) event. So you can implement that event to check the password in the URL (in $_GET) to allow the download by changing the $found variable to true.

Please Log in or Create an account to join the conversation.

a2zcs
Topic Author
Offline

Posts: 268
Thank you received: 7
Hikamarket Frontedition Hikamarket Multivendor Hikaserial Standard Hikashop Business

1 year 10 months ago #348449

Good morning,
Thanks for the response. Developing a plugin is beyond my knowledge and ability. Is this something you could do or know of someone that can? Cost?

In the meantime I'll try the other solution.

Cheers,
Matt

Please Log in or Create an account to join the conversation.

a2zcs
Topic Author
Offline

Posts: 268
Thank you received: 7
Hikamarket Frontedition Hikamarket Multivendor Hikaserial Standard Hikashop Business

1 year 10 months ago #348455

Hi,
Unfortunately, that didn't work. When clicking on the link it still takes me to the admin login.
I've renamed the .htaccess file in the safe folder.

This is the line inserted into the field.php:

return '<a target="_blank" class="'.$class.'" href="'.HIKASHOP_LIVE.'media/com_hikashop/upload/safe/'.$value.'">'.$value.'</a>';

Thoughts?

Last edit: 1 year 10 months ago by a2zcs.

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

1 year 10 months ago #348456

Hi,

This means that the line is not being used.
Could you provide :
- a screenshot of the resulting email
- a screenshot of the area where you did the change in administrator/com_hikashop/com_hikashop/classes/field.php

We could work on it, yes. The cost would be 300€

Please Log in or Create an account to join the conversation.

a2zcs
Topic Author
Offline

Posts: 268
Thank you received: 7
Hikamarket Frontedition Hikamarket Multivendor Hikaserial Standard Hikashop Business

1 year 10 months ago #348493

Here are the attached screenshots of the resulting email and of the area the new code was placed.

Thanks

Attachments:

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

1 year 10 months ago #348494

Hi,

Can you confirm that the email you're looking at is the "order admin notification" and not another one ?
If it's another one, it would also require changing the line:

$t .= '<p>'.$fieldsClass->getFieldName($field).': '.$fieldsClass->show($field,$item->$namekey,'user_email').'</p>';

to:

$t .= '<p>'.$fieldsClass->getFieldName($field).': '.$fieldsClass->show($field,$item->$namekey,'admin_email').'</p>';

in the "preload" section of the email in the menu System>Emails.

Please Log in or Create an account to join the conversation.

a2zcs
Topic Author
Offline

Posts: 268
Thank you received: 7
Hikamarket Frontedition Hikamarket Multivendor Hikaserial Standard Hikashop Business

1 year 10 months ago #348504

Hi,
Yes it was the Order Administrator Notification and the line below was in the preload section of it.

$t .= '<p>'.$fieldsClass->getFieldName($field).': '.$fieldsClass->show($field,$item->$namekey,'admin_email').'</p>';

Please Log in or Create an account to join the conversation.

nicolas
Away

Posts: 82863
Thank you received: 13372
MODERATOR

1 year 10 months ago #348510

Hi,

Then, I don't see how it cannot work.

Please Log in or Create an account to join the conversation.

Start
Prev
1
Next
End

Time to create page: 0.072 seconds