diff --git a/assets/default/css/theme.css b/assets/default/css/theme.css
index 2166850b3a402f0e4109d62e81034af4e56b8b69..d68ab78e966a898a2af31a1a92f9650e5ca1ae28 100644
--- a/assets/default/css/theme.css
+++ b/assets/default/css/theme.css
@@ -127,9 +127,9 @@ h1 {
h3 {
font-size: 16px;
}
-h2 {
+h2, .subject {
font-size: 16px;
- color: #999;
+ color: black;
}
/* Helpers */
.centered {
diff --git a/include/class.client.php b/include/class.client.php
index 2af67879f6944db3526e4480c99e7eee06a2e08f..3e55929014452469378aece33cd35295dbaed194 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -149,6 +149,10 @@ abstract class TicketUser {
return $this->_guest;
}
+ function getUserId() {
+ return $this->user->getId();
+ }
+
abstract function getTicketId();
abstract function getTicket();
}
diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index e6ea209f4048ee21b92244bfc0e504e82a89c8fa..65ce264996fc81d02d14220f68b7a862fe0c14e1 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -1,5 +1,7 @@
<?php
$title=($cfg && is_object($cfg) && $cfg->getTitle())?$cfg->getTitle():'osTicket :: Support Ticket System';
+$signin_url = ROOT_PATH . "login.php"
+ . ($thisclient ? "?e=".urlencode($thisclient->getEmail()) : "");
header("Content-Type: text/html; charset=UTF-8\r\n");
?>
<!DOCTYPE html>
@@ -56,7 +58,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
Guest User | <?php
}
if ($cfg->getClientRegistrationMode() != 'disabled') { ?>
- <a href="<?php echo ROOT_PATH; ?>login.php">Sign In</a>
+ <a href="<?php echo $signin_url; ?>">Sign In</a>
<?php
}
} ?>
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index f326e2f29a4a759cb1fb7f4b968593f050bdd301..2f7d487ae071631e3b8e0d371b92330423ce2c59 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -14,7 +14,9 @@ if ($thisclient && $thisclient->isGuest()
<div id="msg_info">
<i class="icon-compass icon-2x pull-left"></i>
<strong>Looking for your other tickets?</strong></br>
- <a href="login.php" style="text-decoration:underline">Sign in</a> or
+ <a href="<?php echo ROOT_PATH; ?>login.php?e=<?php
+ echo urlencode($thisclient->getEmail());
+ ?>" style="text-decoration:underline">Sign in</a> or
<a href="account.php?do=create" style="text-decoration:underline">register for an account</a>
for the best experience on our help desk.</div>
@@ -26,7 +28,9 @@ if ($thisclient && $thisclient->isGuest()
<h1>
Ticket #<?php echo $ticket->getNumber(); ?>
<a href="tickets.php?id=<?php echo $ticket->getId(); ?>" title="Reload"><span class="Icon refresh"> </span></a>
-<?php if ($cfg->allowClientUpdates()) { ?>
+<?php if ($cfg->allowClientUpdates()
+ // Only ticket owners can edit the ticket details (and other forms)
+ && $thisclient->getId() == $ticket->getUserId()) { ?>
<a class="action-button" href="tickets.php?a=edit&id=<?php
echo $ticket->getId(); ?>"><i class="icon-edit"></i> Edit</a>
<?php } ?>
@@ -93,9 +97,7 @@ foreach (DynamicFormEntry::forTicket($ticket->getId()) as $idx=>$form) {
</tr>
</table>
<br>
-<h2>Subject:<?php echo Format::htmlchars($ticket->getSubject()); ?></h2>
-<br>
-<span class="Icon thread">Ticket Thread</span>
+<div class="subject">Subject: <strong><?php echo Format::htmlchars($ticket->getSubject()); ?></strong></div>
<div id="ticketThread">
<?php
if($ticket->getThreadCount() && ($thread=$ticket->getClientThread())) {
diff --git a/js/osticket.js b/js/osticket.js
index e3089ab2b25ab18b81439d2253715ee94793073d..f5fa852e84f5a3fc7ca372c0c37b1be9e0c99691 100644
--- a/js/osticket.js
+++ b/js/osticket.js
@@ -5,7 +5,7 @@
$(document).ready(function(){
- $("input:not(.dp):visible:enabled:first").focus();
+ $('input:not(.dp):visible:enabled:input[value=""]:first').focus();
$('table.list tbody tr:odd').addClass('odd');
//Overlay
diff --git a/tickets.php b/tickets.php
index 9561da31dd62bd7ecbccb4f4b83326845b279e3f..0d675aa88c9075fcbc872e0fdf006161fcd68e96 100644
--- a/tickets.php
+++ b/tickets.php
@@ -40,7 +40,8 @@ if($_POST && is_object($ticket) && $ticket->getId()):
$errors=array();
switch(strtolower($_POST['a'])){
case 'edit':
- if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
+ if(!$ticket->checkUserAccess($thisclient) //double check perm again!
+ || $thisclient->getId() != $ticket->getUserId())
$errors['err']='Access Denied. Possibly invalid ticket ID';
elseif (!$cfg || !$cfg->allowClientUpdates())
$errors['err']='Access Denied. Client updates are currently disabled';
diff --git a/view.php b/view.php
index 7e865d6a6bd3544ea3c3dbdd9f8aaafababf1839..2299043b0047d4007b3e535b898035b0935e8da5 100644
--- a/view.php
+++ b/view.php
@@ -16,14 +16,23 @@
**********************************************************************/
require_once('client.inc.php');
+$errors = array();
+// Check if the client is already signed in. Don't corrupt their session!
+if ($_GET['auth']
+ && $thisclient
+ && ($u = TicketUser::lookupByToken($_GET['auth']))
+ && ($u->getUserId() == $thisclient->getId())
+) {
+ Http::redirect('tickets.php?id='.$u->getTicketId());
+}
// Try autologin the user
// Authenticated user can be of type ticket owner or collaborator
-$errors = array();
-if (isset($_GET['auth']) || isset($_GET['t']))
+elseif (isset($_GET['auth']) || isset($_GET['t'])) {
// TODO: Consider receiving an AccessDenied object
$user = UserAuthenticationBackend::processSignOn($errors, false);
+}
-if ($user && $user->getTicketId())
+if (@$user && is_object($user) && $user->getTicketId())
Http::redirect('tickets.php?id='.$user->getTicketId());
$nav = new UserNav();