From 8a3e9f971824b73d0cd26984af527a96da1e409d Mon Sep 17 00:00:00 2001 From: Jared Hancock Date: Mon, 19 Mar 2012 17:52:21 -0500 Subject: [PATCH] Start of client interface implementation --- attachment.php | 71 ++++++++++++++++++++++++++++++++++++++ captcha.php | 20 +++++++++++ index.php | 39 ++++++++++++++++++++- login.php | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++ logout.php | 24 +++++++++++++ offline.php | 5 +++ open.php | 50 +++++++++++++++++++++++++++ secure.inc.php | 25 ++++++++++++++ tickets.php | 82 ++++++++++++++++++++++++++++++++++++++++++++ view.php | 4 +++ 10 files changed, 411 insertions(+), 1 deletion(-) create mode 100644 attachment.php create mode 100644 captcha.php create mode 100644 login.php create mode 100644 logout.php create mode 100644 open.php create mode 100644 secure.inc.php create mode 100644 tickets.php create mode 100644 view.php diff --git a/attachment.php b/attachment.php new file mode 100644 index 00000000..2446f2dc --- /dev/null +++ b/attachment.php @@ -0,0 +1,71 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +require('secure.inc.php'); +//TODO: alert admin on any error on this file. +if(!$thisclient || !$thisclient->isClient() || !$_GET['id'] || !$_GET['ref']) die('Access Denied'); + +$sql='SELECT attach_id,ref_id,ticket.ticket_id,ticketID,ticket.created,dept_id,file_name,file_key,email FROM '.TICKET_ATTACHMENT_TABLE. + ' LEFT JOIN '.TICKET_TABLE.' ticket USING(ticket_id) '. + ' WHERE attach_id='.db_input($_GET['id']); +//valid ID?? +if(!($res=db_query($sql)) || !db_num_rows($res)) die('Invalid/unknown file'); +list($id,$refid,$tid,$extid,$date,$deptID,$filename,$key,$email)=db_fetch_row($res); + +//Still paranoid...:)...check the secret session based hash and email +$hash=MD5($tid*$refid.session_id()); +if(!$_GET['ref'] || strcmp($hash,$_GET['ref']) || strcasecmp($thisclient->getEmail(),$email)) die('Access denied: Kwaheri'); + + +//see if the file actually exits. +$month=date('my',strtotime("$date")); +$file=rtrim($cfg->getUploadDir(),'/')."/$month/$key".'_'.$filename; +if(!file_exists($file)) + $file=rtrim($cfg->getUploadDir(),'/')."/$key".'_'.$filename; + +if(!file_exists($file)) die('Invalid Attachment'); + +$extension =substr($filename,-3); +switch(strtolower($extension)) +{ + case "pdf": $ctype="application/pdf"; break; + case "exe": $ctype="application/octet-stream"; break; + case "zip": $ctype="application/zip"; break; + case "doc": $ctype="application/msword"; break; + case "xls": $ctype="application/vnd.ms-excel"; break; + case "ppt": $ctype="application/vnd.ms-powerpoint"; break; + case "gif": $ctype="image/gif"; break; + case "png": $ctype="image/png"; break; + case "jpg": $ctype="image/jpg"; break; + default: $ctype="application/force-download"; +} +header("Pragma: public"); +header("Expires: 0"); +header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); +header("Cache-Control: public"); +header("Content-Type: $ctype"); +$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]); +if ((is_integer(strpos($user_agent,"msie"))) && (is_integer(strpos($user_agent,"win")))) +{ + header( "Content-Disposition: filename=".basename($filename).";" ); +} else { + header( "Content-Disposition: attachment; filename=".basename($filename).";" ); +} +header("Content-Transfer-Encoding: binary"); +header("Content-Length: ".filesize($file)); +readfile($file); +exit(); +?> diff --git a/captcha.php b/captcha.php new file mode 100644 index 00000000..3ab68f74 --- /dev/null +++ b/captcha.php @@ -0,0 +1,20 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +require_once('main.inc.php'); +require(INCLUDE_DIR.'class.captcha.php'); +$captcha = new Captcha(5,12,ROOT_DIR.'images/captcha/'); +echo $captcha->getImage(); +?> diff --git a/index.php b/index.php index 37e5c7f1..95bdfa55 100644 --- a/index.php +++ b/index.php @@ -13,4 +13,41 @@ vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ -require('offline.php'); +require('client.inc.php'); +$section = 'home'; +require(CLIENTINC_DIR.'header.inc.php'); +?> + +
+

Welcome to the Support Center

+

+ In order to streamline support requests and better serve you, we utilize a support ticket system. Every support request is assigned a unique ticket number which you can use to track the progress and responses online. For your reference we provide complete archives and history of all your support requests. A valid email address is required to submit a ticket. +

+ +
+

Open A New Ticket

+
+
Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket, please login.
+ +
+
+ +
+

Check Ticket Status

+
+
We provide archives and history of all your current and past support requests complete with responses.
+ +
+
+
+
+isKnowledgebaseEnabled()){ + //FIXME: provide ability to feature or select random FAQs ?? + ?> +
+Be pure to browse our Frequently Asked Questions (FAQs), before opening a ticket. + + + diff --git a/login.php b/login.php new file mode 100644 index 00000000..69a73c67 --- /dev/null +++ b/login.php @@ -0,0 +1,92 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +require_once('client.inc.php'); +if(!defined('INCLUDE_DIR')) die('Fatal Error'); +define('CLIENTINC_DIR',INCLUDE_DIR.'client/'); +define('OSTCLIENTINC',TRUE); //make includes happy + +require_once(INCLUDE_DIR.'class.client.php'); +require_once(INCLUDE_DIR.'class.ticket.php'); +//We are ready baby +$loginmsg='Authentication Required'; +if($_POST && (!empty($_POST['lemail']) && !empty($_POST['lticket']))): + $loginmsg='Authentication Required'; + $email=trim($_POST['lemail']); + $ticketID=trim($_POST['lticket']); + //$_SESSION['_client']=array(); #Uncomment to disable login strikes. + + //Check time for last max failed login attempt strike. + $loginmsg='Invalid login'; + if($_SESSION['_client']['laststrike']) { + if((time()-$_SESSION['_client']['laststrike'])<$cfg->getClientLoginTimeout()) { + $loginmsg='Excessive failed login attempts'; + $errors['err']='You\'ve reached maximum failed login attempts allowed. Try again later or open a new ticket'; + }else{ //Timeout is over. + //Reset the counter for next round of attempts after the timeout. + $_SESSION['_client']['laststrike']=null; + $_SESSION['_client']['strikes']=0; + } + } + //See if we can fetch local ticket id associated with the ID given + if(!$errors && is_numeric($ticketID) && Validator::is_email($email) && ($tid=Ticket::getIdByExtId($ticketID))) { + //At this point we know the ticket is valid. + $ticket= new Ticket($tid); + //TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets?? + //Check the email given. + if($ticket->getId() && strcasecmp($ticket->getEMail(),$email)==0){ + //valid match...create session goodies for the client. + $user = new ClientSession($email,$ticket->getId()); + $_SESSION['_client']=array(); //clear. + $_SESSION['_client']['userID'] =$ticket->getEmail(); //Email + $_SESSION['_client']['key'] =$ticket->getExtId(); //Ticket ID --acts as password when used with email. See above. + $_SESSION['_client']['token'] =$user->getSessionToken(); + $_SESSION['TZ_OFFSET']=$cfg->getTZoffset(); + $_SESSION['daylight']=$cfg->observeDaylightSaving(); + //Log login info... + $msg=sprintf("%s/%s logged in [%s]",$ticket->getEmail(),$ticket->getExtId(),$_SERVER['REMOTE_ADDR']); + Sys::log(LOG_DEBUG,'User login',$msg); + //Redirect tickets.php + session_write_close(); + session_regenerate_id(); + @header("Location: tickets.php"); + require_once('tickets.php'); //Just incase. of header already sent error. + exit; + } + } + //If we get to this point we know the login failed. + $_SESSION['_client']['strikes']+=1; + if(!$errors && $_SESSION['_client']['strikes']>$cfg->getClientMaxLogins()) { + $loginmsg='Access Denied'; + $errors['err']='Forgot your login info? Please open a new ticket.'; + $_SESSION['_client']['laststrike']=time(); + $alert='Excessive login attempts by a client?'."\n". + 'Email: '.$_POST['lemail']."\n".'Ticket#: '.$_POST['lticket']."\n". + 'IP: '.$_SERVER['REMOTE_ADDR']."\n".'Time:'.date('M j, Y, g:i a T')."\n\n". + 'Attempts #'.$_SESSION['_client']['strikes']; + Sys::log(LOG_ALERT,'Excessive login attempts (client)',$alert,($cfg->alertONLoginError())); + }elseif($_SESSION['_client']['strikes']%2==0){ //Log every other failed login attempt as a warning. + $alert='Email: '.$_POST['lemail']."\n".'Ticket #: '.$_POST['lticket']."\n".'IP: '.$_SERVER['REMOTE_ADDR']. + "\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$_SESSION['_client']['strikes']; + Sys::log(LOG_WARNING,'Failed login attempt (client)',$alert); + } +endif; + +$nav = new UserNav(); +$nav->setActiveNav('status'); +require(CLIENTINC_DIR.'header.inc.php'); +require(CLIENTINC_DIR.'login.inc.php'); +require(CLIENTINC_DIR.'footer.inc.php'); +?> diff --git a/logout.php b/logout.php new file mode 100644 index 00000000..72c3560e --- /dev/null +++ b/logout.php @@ -0,0 +1,24 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ + +require('client.inc.php'); +//We are checking to make sure the user is logged in before a logout to avoid session reset tricks on excess logins +$_SESSION['_client']=array(); +session_unset(); +session_destroy(); +header('Location: index.php'); +require('index.php'); +?> diff --git a/offline.php b/offline.php index 3c3b24a4..24f8401a 100644 --- a/offline.php +++ b/offline.php @@ -14,6 +14,11 @@ vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require_once('client.inc.php'); +if($cfg && !$cfg->isHelpDeskOffline()) { + @header('Location: index.php'); //Redirect if the system is online. + include('index.php'); + exit; +} $nav=null; require(CLIENTINC_DIR.'header.inc.php'); ?> diff --git a/open.php b/open.php new file mode 100644 index 00000000..a5d86d07 --- /dev/null +++ b/open.php @@ -0,0 +1,50 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +require('client.inc.php'); +define('SOURCE','Web'); //Ticket source. +$inc='open.inc.php'; //default include. +$errors=array(); +if($_POST): + $_POST['deptId']=$_POST['emailId']=0; //Just Making sure we don't accept crap...only topicId is expected. + if(!$thisuser && $cfg->enableCaptcha()){ + if(!$_POST['captcha']) + $errors['captcha']='Enter text shown on the image'; + elseif(strcmp($_SESSION['captcha'],md5($_POST['captcha']))) + $errors['captcha']='Invalid - try again!'; + } + + //FIXME: Allow logged in users to use diff email? + if($thisuser && strcasecmp($thisuser->getEmail(),$_POST['email'])) + $errors['email']='Email mismatch.'; + + //Ticket::create...checks for errors.. + if(($ticket=Ticket::create($_POST,$errors,SOURCE))){ + $msg='Support ticket request created'; + if($thisclient && $thisclient->isValid()) //Logged in...simply view the newly created ticket. + @header('Location: tickets.php?id='.$ticket->getExtId()); + //Thank the user and promise speedy resolution! + $inc='thankyou.inc.php'; + }else{ + $errors['err']=$errors['err']?$errors['err']:'Unable to create a ticket. Please correct errors below and try again!'; + } +endif; + +//page +$nav->setActiveNav('new'); +require(CLIENTINC_DIR.'header.inc.php'); +require(CLIENTINC_DIR.$inc); +require(CLIENTINC_DIR.'footer.inc.php'); +?> diff --git a/secure.inc.php b/secure.inc.php new file mode 100644 index 00000000..f6664ab8 --- /dev/null +++ b/secure.inc.php @@ -0,0 +1,25 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__))) die('Kwaheri rafiki!'); +if(!file_exists('client.inc.php')) die('Fatal Error.'); +require_once('client.inc.php'); +//User must be logged in! +if(!$thisclient || !$thisclient->getId() || !$thisclient->isValid()){ + require('./login.php'); + exit; +} +$thisclient->refreshSession(); +?> diff --git a/tickets.php b/tickets.php new file mode 100644 index 00000000..072abef7 --- /dev/null +++ b/tickets.php @@ -0,0 +1,82 @@ + + Copyright (c) 2006-2012 osTicket + http://www.osticket.com + + Released under the GNU General Public License WITHOUT ANY WARRANTY. + See LICENSE.TXT for details. + + vim: expandtab sw=4 ts=4 sts=4: +**********************************************************************/ +require('secure.inc.php'); +if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again. + +require_once(INCLUDE_DIR.'class.ticket.php'); +$ticket=null; +$inc='tickets.inc.php'; //Default page...show all tickets. +//Check if any id is given... +if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) { + //id given fetch the ticket info and check perm. + $ticket= new Ticket(Ticket::getIdByExtId((int)$id)); + if(!$ticket or !$ticket->getEmail()) { + $ticket=null; //clear. + $errors['err']='Access Denied. Possibly invalid ticket ID'; + }elseif(strcasecmp($thisclient->getEmail(),$ticket->getEmail())){ + $errors['err']='Security violation. Repeated violations will result in your account being locked.'; + $ticket=null; //clear. + }else{ + //Everything checked out. + $inc='viewticket.inc.php'; + } +} +//Process post...depends on $ticket object above. +if($_POST && is_object($ticket) && $ticket->getId()): + $errors=array(); + switch(strtolower($_POST['a'])){ + case 'postmessage': + if(strcasecmp($thisclient->getEmail(),$ticket->getEmail())) { //double check perm again! + $errors['err']='Access Denied. Possibly invalid ticket ID'; + $inc='tickets.inc.php'; //Show the tickets. + } + + if(!$_POST['message']) + $errors['message']='Message required'; + //check attachment..if any is set + if($_FILES['attachment']['name']) { + if(!$cfg->allowOnlineAttachments()) //Something wrong with the form...user shouldn't have an option to attach + $errors['attachment']='File [ '.$_FILES['attachment']['name'].' ] rejected'; + elseif(!$cfg->canUploadFileType($_FILES['attachment']['name'])) + $errors['attachment']='Invalid file type [ '.$_FILES['attachment']['name'].' ]'; + elseif($_FILES['attachment']['size']>$cfg->getMaxFileSize()) + $errors['attachment']='File is too big. Max '.$cfg->getMaxFileSize().' bytes allowed'; + } + + if(!$errors){ + //Everything checked out...do the magic. + if(($msgid=$ticket->postMessage($_POST['message'],'Web'))) { + if($_FILES['attachment']['name'] && $cfg->canUploadFiles() && $cfg->allowOnlineAttachments()) + $ticket->uploadAttachment($_FILES['attachment'],$msgid,'M'); + + $msg='Message Posted Successfully'; + }else{ + $errors['err']='Unable to post the message. Try again'; + } + }else{ + $errors['err']=$errors['err']?$errors['err']:'Error(s) occured. Please try again'; + } + break; + default: + $errors['err']='Uknown action'; + } + $ticket->reload(); +endif; +include(CLIENTINC_DIR.'header.inc.php'); +include(CLIENTINC_DIR.$inc); +include(CLIENTINC_DIR.'footer.inc.php'); +?> diff --git a/view.php b/view.php new file mode 100644 index 00000000..b8be15b0 --- /dev/null +++ b/view.php @@ -0,0 +1,4 @@ +