Hi,
That's a security measure to avoid non authorized users to be able to view files uploaded by users.
The dirty solution would be to:
- remove the htaccess on the media/com_hikashop/upload/safe/ folder so that anyone could access the uploaded files (provided they know the name of the file).
- change the line:
return '<a target="_blank" class="'.$class.'" href="'.HIKASHOP_LIVE.'administrator/index.php?option=com_hikashop&ctrl='.$download_link.'">'.$value.'</a>';
to:
return '<a target="_blank" class="'.$class.'" href="'.HIKASHOP_LIVE.'media/com_hikashop/upload/safe/'.$value.'">'.$value.'</a>';
in the file administrator/com_hikashop/com_hikashop/classes/field.php
That way, the admin email will contain the direct URL to the file so the admin receiving it will just have to click on the link to get the file, without any login needed.
This means anyone with the URL can access the file and also that you'll have to redo the change after each update of HikaShop.
A cleaner solution would be to develop a plugin to create your own custom field type extending from the "ajax image" or "ajax file" type and overridding the _showOne function to add some kind of password in the download URL provided in the admin email. With your custom type, the download URL will trigger the onFieldFileDownload(&$found, $name, $field_table, $field_namekey, $options) event. So you can implement that event to check the password in the URL (in $_GET) to allow the download by changing the $found variable to true.
HIKASHOP ESSENTIAL 49,95€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
HIKAAUCTION 40€Add-on Create auctions and let your customers bid for products.
ACCESS THE CHECKOUTClick here to access the payment area
