Confirmation page doesn't pass client to the Account Confirmed page

Jayfont

Version: 1.17 stable
Ubuntu 21
PHP 8.0

When I register a new user (either converting a guest or creating a new user), when they click on the registration link and set the password and save, it just refreshes the same screen with validation errors for the name and email. It actually does register them, but it doesn't redirect them to the Account Confirmed screen. They can click on the profile link and it will go to their profile page as a logged in user.

Jayfont

Jayfont
I have tried this in private mode as well, to rule out any cache issues. It happens to all users who attempt it.

ntozier

So are you saying that you register a new user.
The user receives an email.
They click on the email.
It takes them to the page to update their password.
And that's when it refreshes and tells them that a email address and name are required?

ringhidb

ntozier

Experiencing the same thing here on registration and "forgot password" as well. Once a user clicks the link in the email, the profile.php page opens, and has their information auto-filled because of the token in the link.
After typing in the New Password and Confirm New Password, and clicking update, it goes right back to the profile.php page, but this time, with the highlighted "errors" from @Jayfont's report.

You can tell it is on a different "version" of the page, because now a new field "Current Password" shows up like it would by default if you were able to log in, and wanted to just change your password.

After clicking update, even after seeing the red text above, you can use all the links in the header to navigate just fine, and you can sign out, and when you sign back in, the old password fails and the new password works.

This is confusing to end users, because they think it didn't work, and they keep emailing us new support requests because the password reset isn't working, when in reality, it is just never getting to the Http::redirect('tickets.php') line in profile.php like it should.

KevinTheJedi

ringhidb

You need to be running the latest version (v1.17.2) and apply this:

https://github.com/osTicket/osTicket/pull/6379

Cheers.

ringhidb

So far I think I've tracked it down to the
elseif (!$staff && !$entry->isValidForClient(true))
line in class.user.php causing this.

The $acct->update($_POST, $errors); completes successfully, and $errors is still an empty array after that call.
Then it tries to update the user info, with the same POST, which gets forms, and loops through them twice in the same updateInfo function.

ringhidb

@KevinTheJedi only on version 1.17 currently. We customized our install quite a bit to make use of larger screens with higher resolution (the static px width for tables needed to leave the code a long time ago), as well as a few other things. I'll have to devote some time to comparing changes between our local install and 1.17.2 before I can set a maintenance window and do the update.

ringhidb

Hey @KevinTheJedi, I was able to get through the latest download, and make the same changes in the code necessary for our CSS customization, and also changed the relevant lines in include/class.usersession.php, but the issue persists.

This only happen in Chrome, Firefox and Safari both process the login correctly and allow navigation to Profile and current/past tickets.

KevinTheJedi

ringhidb

Then your mods broke something, you didn’t apply the changes correctly, or something else went wrong.

Cheers.