Client: View ticket only by mail-auth

royale

Hi,

i want to disable the need to login to the ticket system by a ticket-ID.

My osTicket is integrated with another system, so that there are no security problems (you can only open the ticket system if you are logged in to the primary system).

OsTicket gets a variable with the users email-adress from the primary system, for example $USER_MAIL, so that the user should automatically be redirected to the ticket overview if there are any tickets, or to the "open ticket" form if there are no tickets from the client.

Anyone knows how this redirect on the index page should look like?

Regards

david

PRedmond

I think you will have to edit login.php to remove the requirement for a ticketID:

if(!$errors && is_numeric($ticketID) && Validator:($email) && ($tid=Ticket:($ticketID))) {

This line is saying if (there aren't any errors) and (the provided ticketID is numeric) and (the provided email address is valid) and (the provided ticketID is in the database, and can create a ticket) then ...

So (very basic) logic would suggest that changing it to

if(!$errors && is_numeric($ticketID) && Validator:($email) ) { SHOULD make it work.

You will also need to comment out these lines:

$_SESSION =$ticket->getEmail(); //Email

$_SESSION =$ticket->getExtId(); //Ticket ID --acts as password when used with email. See above.

I haven't tested this, but give it a go. Just be aware that it may cause problems in tickets.php which you might need to look at fixing, or post back here.

Also be aware that it means that ANYONE with a valid email address can log into the system!!

royale

Thanks PRedmond! But this is not exactly what im searching for ... maybe this image will make it come clearer:

blank

but how to continue? :

royale

to redirect to open.php if there are no tickets by email (stored in external variable $USRMAIL) we can use the existing function getOpenTicketsByEmail in class.ticket.php. :

$openTickets=Ticket:($USRMAIL);

if ($openTickets == 0) {

//No tickets

redirect('open.php');

}

I placed this in the header of index.php and it works.

But how to login $USRMAIL if $openTickets != 0?

royale

Any new ideas? Its quiet hard to modify the login-procedure to work like on the picture :(

I think there has to be an automate session creation (by $USRMAIL) when entering tickets.php.

royale

Here is my try to modify login.php with test-login data.. But till now, session creation doesn't seem to work, just getting a whitepage. please have a look

login.php

<?php

require_once('main.inc.php');

if(!defined('INCLUDE_DIR')) die('Fatal Error');

define('CLIENTINC_DIR',INCLUDE_DIR.'client/');

define('OSTCLIENTINC',TRUE); //make includes happy

require_once(INCLUDE_DIR.'class.client.php');

require_once(INCLUDE_DIR.'class.ticket.php');

$tid = 8; //Just for testing reasons

$email='test@mail.com'; //Just for testing reasons

$ticket= new Ticket($tid);

//create session goodies for the client.

$user = new ClientSession($email,$ticket->getId());

$_SESSION=array(); //clear.

$_SESSION =$ticket->getEmail(); //Email

$_SESSION =$ticket->getExtId(); //Ticket ID --acts as password when used with email. See above.

$_SESSION =$user->getSessionToken();

$_SESSION=$cfg->getTZoffset();

$_SESSION=$cfg->observeDaylightSaving();

//Log login info...

$msg=sprintf("%s/%s logged in ",$ticket->getEmail(),$ticket->getExtId(),$_SERVER);

Sys:(LOG_DEBUG,'User login',$msg);

//Redirect tickets.php

session_write_close();

session_regenerate_id();

<USERMENTION username="header">@header</USERMENTION>("Location: tickets.php");

require('tickets.php'); //Just incase. of header already sent error.

exit;

require(CLIENTINC_DIR.'header.inc.php');

require(CLIENTINC_DIR.'footer.inc.php');

?>

royale

Automatic Login

so this works...

The variables $MAIL; and $ANYID; are customly reffered in secure.inc.php for example. $ANYID;grabs the first ID associated with $MAIL. Works for my purpose, but its a bit slow...

login.php

<?php

require_once('main.inc.php');

if(!defined('INCLUDE_DIR')) die('Fatal Error');

define('CLIENTINC_DIR',INCLUDE_DIR.'client/');

define('OSTCLIENTINC',TRUE); //make includes happy

require_once(INCLUDE_DIR.'class.client.php');

require_once(INCLUDE_DIR.'class.ticket.php');

//We are ready baby

$email=$MAIL;

$ticketID=$ANYID;

//$_SESSION=array(); #Uncomment to disable login strikes.

//Check time for last max failed login attempt strike.

if($_SESSION) {

if((time()-$_SESSION)<$cfg->getClientLoginTimeout()) {

$errors='You\'ve reached maximum failed login attempts allowed. Try again later or <a href="open.php">open a new ticket</a>';

}else{ //Timeout is over.

//Reset the counter for next round of attempts after the timeout.

$_SESSION=null;

$_SESSION=0;

}

//See if we can fetch local ticket id associated with the ID given

if(!$errors && is_numeric($ticketID) && Validator:($email) && ($tid=Ticket:($ticketID))) {

//At this point we know the ticket is valid.

$ticket= new Ticket($tid);

//TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets??

//Check the email given.

if($ticket->getId() && strcasecmp($ticket->getEMail(),$email)==0){

//valid match...create session goodies for the client.

$user = new ClientSession($email,$ticket->getId());

$_SESSION=array(); //clear.

$_SESSION =$ticket->getEmail(); //Email

$_SESSION =$ticket->getExtId(); //Ticket ID --acts as password when used with email. See above.

$_SESSION =$user->getSessionToken();

$_SESSION=$cfg->getTZoffset();

$_SESSION=$cfg->observeDaylightSaving();

//Log login info...

$msg=sprintf("%s/%s logged in ",$ticket->getEmail(),$ticket->getExtId(),$_SERVER);

Sys:(LOG_DEBUG,'User login',$msg);

//Redirect tickets.php

session_write_close();

session_regenerate_id();

<USERMENTION username="header">@header</USERMENTION>("Location: tickets.php");

require('tickets.php'); //Just incase. of header already sent error.

exit;

}

//If we get to this point we know the login failed.

$_SESSION+=1;

if(!$errors && $_SESSION>$cfg->getClientMaxLogins()) {

// $loginmsg='Access Denied';

$errors='Forgot your login info? Please <a href="open.php">open a new ticket</a>.';

$_SESSION=time();

$alert='Excessive login attempts by a client?'."\n".

'Email: '.$_POST."\n".'Ticket#: '.$_POST."\n".

'IP: '.$_SERVER."\n".'Time:'.date('M j, Y, g a T')."\n\n".

'Attempts #'.$_SESSION;

Sys:(LOG_ALERT,'Excessive login attempts (client)',$alert,($cfg->alertONLoginError()));

}elseif($_SESSION%2==0){ //Log every other failed login attempt as a warning.

$alert='Email: '.$_POST."\n".'Ticket #: '.$_POST."\n".'IP: '.$_SERVER.

"\n".'TIME: '.date('M j, Y, g a T')."\n\n".'Attempts #'.$_SESSION;

Sys:(LOG_WARNING,'Failed login attempt (client)',$alert);

}

//require(CLIENTINC_DIR.'header.inc.php');

//require(CLIENTINC_DIR.'footer.inc.php');

?>