Your Answer!
This is the solution that I have devised for this:
class.ticket.php
/*============== Static functions. Use Ticket:(params); =============nolint*/
function getIdByExtId($extId=null, $email=null) {
$sql ='SELECT ticket_id FROM '.TICKET_TABLE.' ticket ';
/*DYNAMIC SELECTION*/
if($extId)
$sql.=' WHERE ticketID='.db_input($extId);
if($email && !$extId)
$sql.=' WHERE email='.db_input($email);
if($extId && $email)
$sql.=' AND email='.db_input($email);
if(($res=db_query($sql)) && db_num_rows($res))
list($id)=db_fetch_row($res);
return $id;
}
/*ADD THIS FUNCTION*/
function getIdByEmail($email) {
$sql ='SELECT ticket_id FROM '.TICKET_TABLE.' ticket ';
$sql.='WHERE email='.db_input($email);
if(($res=db_query($sql)) && db_num_rows($res))
list($id)=db_fetch_row($res);
return $id;
}
login.php
if($_POST) {
/*REMOVE trim($_POST) and replace with '' */
if(($user=Client:('', trim($_POST), null, $errors))) {
//XXX: Ticket owner is assumed.
<USERMENTION username="header">@header</USERMENTION>('Location: tickets.php?id='.$user->getTicketID());
require_once('tickets.php'); //Just in case of 'header already sent' error.
exit;
} elseif(!$errors) {
$errors = 'Authentication error - try again!';
}
}
class.client.php (large change)
/* static */ function login($ticketID, $email, $auth=null, &$errors=array()) {
global $ost;
$cfg = $ost->getConfig();
$auth = trim($auth);
$email = trim($email);
/*REPLACE $ticketID = trim($ticketID) with the following */
$ticketID = Ticket:($email);
# Only consider auth token for GET requests, and for GET requests,
# REQUIRE the auth token
$auto_login = ($_SERVER == 'GET');
//Check time for last max failed login attempt strike.
if($_SESSION) {
if((time()-$_SESSION)<$cfg->getClientLoginTimeout()) {
$errors = 'Excessive failed login attempts';
$errors = 'You\'ve reached maximum failed login attempts allowed. Try again later or <a href="open.php">open a new ticket</a>';
$_SESSION = time(); //renew the strike.
} else { //Timeout is over.
//Reset the counter for next round of attempts after the timeout.
$_SESSION = null;
$_SESSION = 0;
}
}
if($auto_login && !$auth) {
$errors = 'Invalid method';
//remove !$ticketID ||
}elseif(!Validator:($email)){
$errors = 'Valid Email Required';
}
//Bail out on error.
if($errors) return false;
/* REPLACE $ticketID with null */
if(($ticket=Ticket:(null, $email)) && $ticket->getId()) {
//At this point we know the ticket ID is valid.
//TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets??
//Check the email given.
# Require auth token for automatic logins (GET METHOD).
if (!strcasecmp($ticket->getEmail(), $email) && (!$auto_login || $auth === $ticket->getAuthToken())) {
//valid match...create session goodies for the client.
$user = new ClientSession($email,$ticket->getExtId());
$_SESSION = array(); //clear.
$_SESSION = $ticket->getEmail(); //Email
$_SESSION = $ticket->getExtId(); //Ticket ID --acts as password when used with email. See above.
$_SESSION = $user->getSessionToken();
$_SESSION = $cfg->getTZoffset();
$_SESSION = $cfg->observeDaylightSaving();
$user->refreshSession(); //set the hash.
//Log login info...
$msg=sprintf('%s/%s logged in ', $ticket->getEmail(), $ticket->getExtId(), $_SERVER);
$ost->logDebug('User login', $msg);
//Regenerate session ID.
$sid=session_id(); //Current session id.
session_regenerate_id(TRUE); //get new ID.
if(($session=$ost->getSession()) && is_object($session) && $sid!=session_id())
$session->destroy($sid);
return $user;
}
}
//If we get to this point we know the login failed.
$errors = 'Invalid login';
$_SESSION+=1;
if(!$errors && $_SESSION>$cfg->getClientMaxLogins()) {
$errors = 'Access Denied';
$errors = 'Forgot your login info? Please <a href="open.php">open a new ticket</a>.';
$_SESSION = time();
$alert='Excessive login attempts by a user.'."\n".
'Email: '.$email."\n".'Ticket#: '.$ticketID."\n".
'IP: '.$_SERVER."\n".'Time:'.date('M j, Y, g a T')."\n\n".
'Attempts #'.$_SESSION;
$ost->logError('Excessive login attempts (user)', $alert, ($cfg->alertONLoginError()));
} elseif($_SESSION%2==0) { //Log every other failed login attempt as a warning.
$alert='Email: '.$email."\n".'Ticket #: '.$ticketID."\n".'IP: '.$_SERVER.
"\n".'TIME: '.date('M j, Y, g a T')."\n\n".'Attempts #'.$_SESSION;
$ost->logWarning('Failed login attempt (user)', $alert);
}
return false;
}
}
login.inc.php
comment out this line
Ticket ID:">
Hopefully this will work for you.
If not drop me an reply and I'll do a little investigation. This worked for me by the way.
Cheers.