Support auto-login if auth token is available.

jeffchulg · Oct 3, 2012 · 60b7320 · 60b7320
1 parent 7358bf8
commit 60b7320
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/view.php b/view.php
@@ -3,6 +3,7 @@
     view.php
 
     Ticket View.
+    TODO: Support different views based on auth_token - e.g for BCC'ed users vs. Ticket owner.
 
     Peter Rotich <[email protected]>
     Copyright (c)  2006-2010 osTicket
@@ -14,8 +15,22 @@
     vim: expandtab sw=4 ts=4 sts=4:
     $Id: $
 **********************************************************************/
-require('secure.inc.php');
-if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
-//We are now using tickets.php but we need to keep view.php for backward compatibility
+require_once('client.inc.php');
+
+//If the user is NOT logged in - try auto-login (if params exists).
+if(!$thisclient || !$thisclient->isValid()) {
+    // * On login Client::login will redirect the user to tickets.php view.
+    // * See TODO above for planned multi-view.
+    $user = null;
+    if($_GET['t'] && $_GET['e'] && $_GET['a'])
+        $user = Client::login($_GET['t'], $_GET['e'], $_GET['a'], $errors);
+
+    //XXX: For now we're assuming the user is the ticket owner
+    // (multi-view based on auth token will come later).
+    if($user && $user->getTicketID()==trim($_GET['t']))
+        @header('Location: tickets.php?id='.$user->getTicketID());
+}
+
+//Simply redirecting to tickets.php until multiview is implemented.
 require('tickets.php');
 ?>