diff --git a/attachment.php b/attachment.php
index d780ae2da4187c41a0607afa30267504c7597f2c..1c0941d7d545d5bbdfaeaa50029d9900ba6e5b39 100644
--- a/attachment.php
+++ b/attachment.php
@@ -17,8 +17,8 @@
require('secure.inc.php');
require_once(INCLUDE_DIR.'class.attachment.php');
//Basic checks
-if(!$thisclient
- || !$_GET['id']
+if(!$thisclient
+ || !$_GET['id']
|| !$_GET['h']
|| !($attachment=Attachment::lookup($_GET['id']))
|| !($file=$attachment->getFile()))
@@ -26,9 +26,9 @@ if(!$thisclient
//Validate session access hash - we want to make sure the link is FRESH! and the user has access to the parent ticket!!
$vhash=md5($attachment->getFileId().session_id().$file->getHash());
-if(strcasecmp(trim($_GET['h']),$vhash)
- || !($ticket=$attachment->getTicket())
- || !$ticket->checkClientAccess($thisclient))
+if(strcasecmp(trim($_GET['h']),$vhash)
+ || !($ticket=$attachment->getTicket())
+ || !$ticket->checkUserAccess($thisclient))
die('Unknown or invalid attachment');
//Download the file..
$file->download();
diff --git a/include/class.nav.php b/include/class.nav.php
index 799c76a8b4dc0a78b74374c2b2aa673cf74c5132..4fd2e189f77d210590958367bcf0b7613b4fb314 100644
--- a/include/class.nav.php
+++ b/include/class.nav.php
@@ -282,7 +282,7 @@ class UserNav {
$navs['new']=array('desc'=>'Open New Ticket','href'=>'open.php','title'=>'');
if($user && $user->isValid()) {
if($cfg && $cfg->showRelatedTickets()) {
- $navs['tickets']=array('desc'=>sprintf('My Tickets (%d)',$user->getNumTickets()),
+ $navs['tickets']=array('desc'=>sprintf('Tickets (%d)',$user->getNumTickets()),
'href'=>'tickets.php',
'title'=>'Show all tickets');
} else {
diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index 9f20098b4b1b4fcfc2d891973717c42876296fde..4f1c93f88433f82744d328bbe7b70e0687ad6669 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -48,7 +48,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
?>
<?php
if($cfg->showRelatedTickets()) {?>
- <a href="<?php echo ROOT_PATH; ?>tickets.php">My Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> -
+ <a href="<?php echo ROOT_PATH; ?>tickets.php">Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> -
<?php
} ?>
<a href="<?php echo ROOT_PATH; ?>logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index 910d021de0fd98940996d90b311fb54a848a134e..9011a6da0f088b9c099900e5df98a8da604c2096 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -1,5 +1,5 @@
<?php
-if(!defined('OSTCLIENTINC') || !$thisclient || !$ticket || !$ticket->checkClientAccess($thisclient)) die('Access Denied!');
+if(!defined('OSTCLIENTINC') || !$thisclient || !$ticket || !$ticket->checkUserAccess($thisclient)) die('Access Denied!');
$info=($_POST && $errors)?Format::htmlchars($_POST):array();
@@ -127,7 +127,7 @@ if($ticket->getThreadCount() && ($thread=$ticket->getClientThread())) {
<form id="reply" action="tickets.php?id=<?php echo $ticket->getExtId(); ?>#reply" name="reply" method="post" enctype="multipart/form-data">
<?php csrf_token(); ?>
<h2>Post a Reply</h2>
- <input type="hidden" name="id" value="<?php echo $ticket->getExtId(); ?>">
+ <input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
<input type="hidden" name="a" value="reply">
<table border="0" cellspacing="0" cellpadding="3" style="width:100%">
<tr>
diff --git a/login.php b/login.php
index 789938980ff451cdcc72920d2b9f88080dcc7a47..feee86956e7fdc9c6fd0bc23582f5a6d4f1902b0 100644
--- a/login.php
+++ b/login.php
@@ -21,9 +21,9 @@ define('OSTCLIENTINC',TRUE); //make includes happy
require_once(INCLUDE_DIR.'class.client.php');
require_once(INCLUDE_DIR.'class.ticket.php');
-if($_POST) {
-
- if(($user=Client::login(trim($_POST['lticket']), trim($_POST['lemail']), null, $errors))) {
+if ($_POST) {
+ if (($user = UserAuthenticationBackend::process($_POST['lemail'],
+ $_POST['lticket'], $errors))) {
//XXX: Ticket owner is assumed.
@header('Location: tickets.php?id='.$user->getTicketID());
require_once('tickets.php'); //Just in case of 'header already sent' error.
diff --git a/tickets.php b/tickets.php
index b47ed0f1528335e9ee5eb871fcd8ca3c34d7b975..d06dfb15867be04ba8482e08cbeed0f5df0cd16b 100644
--- a/tickets.php
+++ b/tickets.php
@@ -20,9 +20,9 @@ require_once(INCLUDE_DIR.'class.ticket.php');
require_once(INCLUDE_DIR.'class.json.php');
$ticket=null;
if($_REQUEST['id']) {
- if(!($ticket=Ticket::lookupByExtId($_REQUEST['id']))) {
+ if (!($ticket = Ticket::lookup($_REQUEST['id']))) {
$errors['err']='Unknown or invalid ticket ID.';
- }elseif(!$ticket->checkClientAccess($thisclient)) {
+ } elseif(!$ticket->checkUserAccess($thisclient)) {
$errors['err']='Unknown or invalid ticket ID.'; //Using generic message on purpose!
$ticket=null;
}
@@ -33,7 +33,7 @@ if($_POST && is_object($ticket) && $ticket->getId()):
$errors=array();
switch(strtolower($_POST['a'])){
case 'reply':
- if(!$ticket->checkClientAccess($thisclient)) //double check perm again!
+ if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
$errors['err']='Access Denied. Possibly invalid ticket ID';
if(!$_POST['message'])
@@ -66,7 +66,7 @@ if($_POST && is_object($ticket) && $ticket->getId()):
$ticket->reload();
endif;
$nav->setActiveNav('tickets');
-if($ticket && $ticket->checkClientAccess($thisclient)) {
+if($ticket && $ticket->checkUserAccess($thisclient)) {
$inc='view.inc.php';
} elseif($cfg->showRelatedTickets() && $thisclient->getNumTickets()) {
$inc='tickets.inc.php';