We were getting some severe spams daily and disabled osTicket many months ago.
How do I FIX the spam issue and enable osTicket?

@avif2016

Depends on what you mean by spam. If you mean spam emails there are quite a bit of things you can do.

  1. You can setup Ticket Filters to reject tickets that contain certain words/phrases, that come from a specific email address, etc. (Admin Panel > Manage > Filters)
  2. You can ban email addresses so they can't create tickets (Admin Panel > Emails > Banlist).
  3. You can setup filters in the mailbox itself to move spam emails out of the INBOX so that they aren't fetched.
  4. You can setup filters in the mailbox itself to move real emails to a specific folder and have osTicket only fetch from that one folder.
  5. You can configure osTicket to only allow emails from existing Users (Users with existing accounts in your helpdesk).

I'm sure there are more things but that's what I got off the top of my head.

As far as turning the system back Online you can login as an Admin and Enable the setting Helpdesk Status under Admin Panel > Settings > System. Or you can login to the db, go to the ost_config table, and set isonline to 1.

Cheers.

    KevinTheJedi

    When I try to log into OS Ticket through Chrome, I get the following message: Valid CSRF Token Required
    When I try Internet Explorer, I get the webpage cannot be found message.

    We upgraded our hosting package. I wonder if our new IP address has anything to do with the current situation.
    Any ideas of how to rectify this first?

      @avif2016

      Either the session expired, is invalid, or doesn’t match. You can see it starts here with checkCsrfToken():

      This calls validateCSRFToken():

      This function gets the token and calls validateToken():

      In validateToken() it checks to see if the token you provided matches and if it has expired or not. I would do some var_dump()ing there to see if it’s not matching or if it expired.

      Cheers.

      So you want me to compare our code against the page from gitub.com? Can you please give me very specific direction on the tasks you suggested?

      @avif2016

      Go to your osTicket files, open include/class.csrf.php in any text editor, find the function function validateToken($token) (should be line 73), and change it to the following:

          function validateToken($token) {
        var_dump('Token: ', trim($token), 'This Token: ', $this->getToken(), 'Not Expired: ', !$this->isExpired());die;
        return ($token && trim($token)==$this->getToken() && !$this->isExpired());
    }

      Once you make and save those changes go to the /scp login page and pull up the browser's DevTools (Right Click the login page and select the option Inspect). Once you have the developer tools pulled up go to the Network Tab. Now you can attempt to login which should trigger the code. At this point you should see the modal spinning and spinning (this is good in this case). In the Network tab you should see a new entry called login.php that has a Method of POST. Click this entry, click Preview, copy the content, and post it here.

      Cheers.

        KevinTheJedi
        Instead of seeing the modal spinning, I get this message
        string(7) "Token: " string(40) "2ff536a069b9ce0d7277235378192455c9afcb37" string(12) "This Token: " string(40) "d68f9675b20bef6db6421fe5042cbd5371c4b31d" string(13) "Not Expired: " bool(true)

        I see 200K Status in the Network Tab and a new entry login.php

          @avif2016

          Okay so as you can see the two tokens don't match which is why you get Valid CSRF Token Required. I would suggest opening the DevTools in the browser, go to the Application tab, click Cookies in the sidebar, find OSTSESSID/PHPSESSID and delete them, login to the database, truncate the ost_session table (this will log everyone out of course), Force Refresh the login page (Mac: Shift + Command + R / Windows: Shift + Ctrl + R), and retest. Sometimes even a full browser close and reopen works or Incognito windows.

          If it's still not working after that then something is obviously messing with the sessions causing them to be different. This could be browser extensions, the way PHP sessions are configured on your server, etc.

          Cheers.

            KevinTheJedi truncate the ost_session

            I am not an expert in PHP. I saw the table in the admin, but how do you truncate?

            You didn't answer my early question about the IP Address. Our guys disable osTicket, and a new business hosting at Go Daddy. Does it have anything with a new IP address? Before the upgrade, osTicket was working fine, and now it is not.

              KevinTheJedi

              I raised the IP address issue, and this Go Daddy agent thinks this could be possible, and you said the same thing. The whole site seems to work fine, except the osTicket. Can you tell me where I should update the Go Daddy hosting and Security panel?

              In the meantime, I read the article further.

                @avif2016

                Can you tell me where I should update the Go Daddy hosting and Security panel?

                I don’t have the slightest idea. That would be a question for the Go Daddy agent.

                Cheers.

                  KevinTheJedi
                  I asked the agent back with my first call, but he does not know where to update the new IP address.
                  Can you come up with some questions so I could ask Go Daddy agent specifically?

                    @avif2016

                    I’m not fully convinced the IP change is causing the issue just yet. I would first try truncating the session table as described above. Then I would clear all cache and cookies in the browser and force refresh the page. This is usually what works in these cases.

                    In some cases the session table needed repairing. You can run ‘REPAIR TABLE ost_session; in MySQL to repair the table.

                    Also quick question, what version of PHP is the site running?

                    Cheers.

                      KevinTheJedi

                      I am very concerned about the truncate directive. If I perform this directive, it will log everyone out. What about those data? Is it okay to lose? Some video suggested this cannot be rollback?

                        @avif2016

                        Thats just the easy way to clear the sessions from the database. You can try to delete just your sessions by going to the ost_staff table, finding your account and grab the id, go to the ost_session table, and delete all records that match user_id = id_you_copied.

                        Cheers.

                        a month later

                        Hi Kevin, we fixed the session thing last time. Now, we received another problem:

                        OSticket still isn’t working properly. And I’m not sure why.
                        Today, I received a ticket. I tried to log in and it didn’t recognize my password. So I clicked ‘Forgot Password’. I rec’d a link to enter my new password. When I did, I get the following message.
                        ``
                        Warning: "Continue" targeting switch is equivalent to "break" Did you mean to use 'continue2? in/home/water2099/public_html/flowpointsytem.com/support/include/class.osticket.php on line 442'"

                        Any idea what it means?

                        I don’t know anything about the DB Error you rec’d below.
                        Any ideas how we can get this working properly?

                        [INSERT INTOost_sessionSETsession_id= 'shbav3av3mcr3a16alnjqimd22',session_data= 'csrf|N;',session_expire= NOW() + INTERVAL 86400 SECOND,user_ip= '185.93.231.39',user_agent` = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36']

                        Duplicate entry 'shbav3av3mcr3a16alnjqimd22' for key 'PRIMARY'<br /> <br />
                        ---- Backtrace ----<br />
                        #0 (root)/include/mysqli.php(204): osTicket->logDBError('DB Error #1062', '[INSERT INTO o...')<br />
                        #1 (root)/include/class.orm.php(3133): db_query('INSERT INTO                        os...', true, true)<br />
                        #2 (root)/include/class.orm.php(597): MySqlExecutor->execute()<br />
                        #3 (root)/include/class.ostsession.php(217): VerySimpleModel->save()<br />
                        #4 (root)/include/class.ostsession.php(158): DbSessionBackend->update('shbav3av3mcr3a1...', 'csrf|N;')<br />
                        #5 [internal function]: SessionBackend->write('shbav3av3mcr3a1...', 'csrf|N;')<br />
                        #6 [internal function]: session_write_close()<br />
                        #7 {main}
                        `

                        ntozier
                        I solved the problem by manually installing the latest version, and the osticket is running, but there was a glitch when my coworker first signed in; he saw my profile. Is this common?
                        In this installation, I started fresh, and I used a new database with php 7.4 this time.

                        (Updated)
                        My coworker assigned roles and the people never got any emails from osticket.
                        My other coworker cannot create a ticket.

                            Write a Reply...