Hello,

I have successfully created a new modification in order to reset and get the new password for Admin/Manager/Staff, hereinafter refferred to as Helpdesk Officer (HO), just in case if they forgot their password without having ask the webmaster or admin to reset/update the password by doing md5 via phpMyAdmin or another MySQL tools to database directly.

The general info about this new feature is that we need an activation key that sent to the HO's email who request it, in order to activate the new password. After HO activate the new password, then osTicket will send the new password to HO's email. So, this will prevent somebody who acts as another person trying to reset the password belongs to somebody else. That's the main idea!

Here is the normal scenario I made:

1) There is a new link named "Forgot Password" beneath the password textbox in login page in SCP.

2) HO forgot their password, then click that link.

3) HO enter their email, then click the "Send My New Password".

4) osTicket send an URL link to the email for activate the new password

5) HO check the email, then find there is a URL link in that email.

6) HO have to click that link in order to activate the new password.

7) Password activated, osTicket send the new password to the email.

8) HO check the email, and now can login as usual using the new password.

Ubnormal scenario:

1) If the email that entered by HO does not exist in the system, osTicket will display the message to inform that the email does not exist.

2) If HO supply the wrong activation key on the URL, then osTicket will display the message to inform that the activation key is wrong and the password never been changed. Also, after the new password being activated, then the activation key will never work anymore.

3) If staff A knows the staff B's email, staff A is still able to enter staff B's email in Forgot Password page, and osTicket will send the activation URL link to staff B's email, but, since the staff B never request this new password, as long as staff B never click on this activation link, then the password will never changed. In other word, staff B is still able to use the old password if he/she ignores that activation link.

Feel free to give any feedback regarding this modification by replying this topic.

Actually, it is almost finished, and so far its progress is about 85%. I will publish the final result after 100% completed.

So, stay tuned everyone! ;)

Sincerely,

Masino Sinaga

Here are the screenshots:

blank

Forgot Password link appears beneath the SCP login form.

blank

HO only need to enter email address, and then click on the Send New Password button.

blank

Message from osTicket informs that the request has been sent.

(To be continued to the third post below...)

Sincerely,

Masino Sinaga

After osTicket informs about the URL, then HO check their email. You can see the email below:

blank

This is the email that received by HO. You can see that there is a URL link and when HO click on that link, then the new password is activated.

blank

After the new password being activated, then osTicket informs them about the new password that being sent to the email. This is the second email that sent by osTicket to confirm for the last time.

blank

This is the new password that received by HO from osTicket via the second email.

You can now implement this new feature to yours by following this link:

(Add Forgot Password Feature for HelpDesk Officer into osTicket v1.6 RC5)

Hopefully this will help you all. Let me hear your feedback.

Sincerely,

Masino Sinaga

4 months later

Blank Page

Hi,

After implementing the code, I tried testing out the new feature. After entering my email address, it shows a blank page.

I am wondering if a semi-colon is missing? Please help.

Best,

Bob

4 months later

Awesome!

This script helped me out. Thanks!

2 months later

Great thing, helped me once

Great Script!!

This is a fantastic MOD. Had to do a small bit of code change in the two php files you asked to create.

activatepassword.php - Line 56 Needed to add '/'. after $helpdesk_url.

$helpdesk_email->send($user_email, 'New Password', ''.$user_name.', Your new password is: '.$real_new_password.'. Please login from '.$helpdesk_url.'/'.'scp/');

forgotpassword.php - Line 56 Needed to add '/'. after $helpdesk_url.

$helpdesk_email->send($email, 'Activation Key for New Password', ''.$username.', You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account on "'.$helpdesk_title.'". If you did not request this notification then please ignore it, if you keep receiving it please contact your Administrator. Otherwise, to use the new password you need to activate it. To do this, please click on this link: '.$helpdesk_url.'/'.'scp/activatepassword.php?key='.$user_actkey);

This made the URL that was sent in email actually work. Prior to the code change the '/' mark between the site URL and scp wasn't there.

Carl

11 days later

you can search Password Genius from Google

4 months later

Thanks a million this has really helped me out

2 years later

It works like a charm in osTicket 1.6 ST as well!!

Thank you again masino ;)

6 months later

not able to login on SCP

on my screen don't have any "Forgot Password" link

:
Write a Reply...