Order details page

  • Posts: 197
  • Thank you received: 13
1 year 8 months ago #349581

-- HikaShop version -- : 4.7.1
-- Joomla version -- : 4.2.8
-- PHP version -- : 8.1

hi
in my website an order details page is :
mydomain.com/my-orders/order/invoice/?order_id=XXX

for viewing this page, it is requreid that user be signed in to his acount

for some reasons, i need to make this page public.
that means all orders can be seen for all.

is there anyway that i can edit hikashop core to do this ?

Please Log in or Create an account to join the conversation.

  • Posts: 82863
  • Thank you received: 13372
  • MODERATOR
1 year 8 months ago #349586

Hi,

Note that we don't recommend doing this, for obvious security reasons.

In the file components/com_hikashop/controllers/order.php in the function isLogged you can add a return true; at the beginning.
This will prevent the controller from redirecting to the login form page when the current user is not logged in with the user account of the order or is not logged in.
Then, in the file administrator/components/com_hikashop/classes/order.php in the function loadFullOrder you can add $checkUser = false; at the beginning.
This will allow the loading of the data from the database for the orders even if the current user is not logged in or not the user of the order.

Please Log in or Create an account to join the conversation.

  • Posts: 197
  • Thank you received: 13
1 year 8 months ago #349588

yes you are right. but for a reason we have to do this in this specific project considering all potensialy security issues

thank you alot for your help

Please Log in or Create an account to join the conversation.

Time to create page: 0.051 seconds
Powered by Kunena Forum