Start of client interface implementation

attachment.php

+<?php
+/*********************************************************************
+    attachment.php
+
+    Attachments interface for clients.
+    Clients should never see the dir paths.
+    
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+require('secure.inc.php');
+//TODO: alert admin on any error on this file.
+if(!$thisclient || !$thisclient->isClient() || !$_GET['id'] || !$_GET['ref']) die('Access Denied');
+
+$sql='SELECT attach_id,ref_id,ticket.ticket_id,ticketID,ticket.created,dept_id,file_name,file_key,email FROM '.TICKET_ATTACHMENT_TABLE.
+    ' LEFT JOIN '.TICKET_TABLE.' ticket USING(ticket_id) '.
+    ' WHERE attach_id='.db_input($_GET['id']);
+//valid ID??
+if(!($res=db_query($sql)) || !db_num_rows($res)) die('Invalid/unknown file');
+list($id,$refid,$tid,$extid,$date,$deptID,$filename,$key,$email)=db_fetch_row($res);
+
+//Still paranoid...:)...check the secret session based hash and email
+$hash=MD5($tid*$refid.session_id());
+if(!$_GET['ref'] || strcmp($hash,$_GET['ref']) || strcasecmp($thisclient->getEmail(),$email)) die('Access denied: Kwaheri');
+
+
+//see if the file actually exits.
+$month=date('my',strtotime("$date"));
+$file=rtrim($cfg->getUploadDir(),'/')."/$month/$key".'_'.$filename;
+if(!file_exists($file))
+    $file=rtrim($cfg->getUploadDir(),'/')."/$key".'_'.$filename;
+    
+if(!file_exists($file)) die('Invalid Attachment');
+
+$extension =substr($filename,-3);
+switch(strtolower($extension))
+{
+  case "pdf": $ctype="application/pdf"; break;
+  case "exe": $ctype="application/octet-stream"; break;
+  case "zip": $ctype="application/zip"; break;
+  case "doc": $ctype="application/msword"; break;
+  case "xls": $ctype="application/vnd.ms-excel"; break;
+  case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
+  case "gif": $ctype="image/gif"; break;
+  case "png": $ctype="image/png"; break;
+  case "jpg": $ctype="image/jpg"; break;
+  default: $ctype="application/force-download";
+}
+header("Pragma: public");
+header("Expires: 0");
+header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
+header("Cache-Control: public"); 
+header("Content-Type: $ctype");
+$user_agent = strtolower ($_SERVER["HTTP_USER_AGENT"]);
+if ((is_integer(strpos($user_agent,"msie"))) && (is_integer(strpos($user_agent,"win")))) 
+{
+  header( "Content-Disposition: filename=".basename($filename).";" );
+} else {
+  header( "Content-Disposition: attachment; filename=".basename($filename).";" );
+}
+header("Content-Transfer-Encoding: binary");
+header("Content-Length: ".filesize($file));
+readfile($file);
+exit();
+?>

captcha.php

+<?php
+/*********************************************************************
+    captcha.php
+
+    Simply returns captcha image.
+    
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+require_once('main.inc.php');
+require(INCLUDE_DIR.'class.captcha.php');
+$captcha = new Captcha(5,12,ROOT_DIR.'images/captcha/');
+echo $captcha->getImage();
+?>

index.php

@@ -13,4 +13,41 @@
 
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
-require('offline.php');
+require('client.inc.php');
+$section = 'home';
+require(CLIENTINC_DIR.'header.inc.php');
+?>
+
+<div id="landing_page">
+    <h1>Welcome to the Support Center</h1>
+    <p>
+        In order to streamline support requests and better serve you, we utilize a support ticket system. Every support request is assigned a unique ticket number which you can use to track the progress and responses online. For your reference we provide complete archives and history of all your support requests. A valid email address is required to submit a ticket.
+    </p>
+
+    <div id="new_ticket">
+        <h3>Open A New Ticket</h3>
+        <form method="link" action="open.php">  
+            <div>Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket, please login.</div>
+            <input type="submit" value="Open a New Ticket">
+        </form>
+    </div>
+
+    <div id="check_status">
+        <h3>Check Ticket Status</h3>
+        <form class="status_form" action="login.php" method="get">
+            <div>We provide archives and history of all your current and past support requests complete with responses.</div>
+            <input type="submit" value="Check Ticket Status">
+        </form>
+    </div>
+</div>
+<div class="clear"></div>
+<?php
+if($cfg && $cfg->isKnowledgebaseEnabled()){ 
+    //FIXME: provide ability to feature or select random FAQs ??
+    ?>
+<br>
+Be pure to browse our <a href="kb/index.php">Frequently Asked Questions (FAQs)</a>, before opening a ticket.
+</div>
+<?php
+} ?>
+<?php require(CLIENTINC_DIR.'footer.inc.php'); ?>

login.php

+<?php
+/*********************************************************************
+    index.php
+
+    Client Login 
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+require_once('client.inc.php');
+if(!defined('INCLUDE_DIR')) die('Fatal Error');
+define('CLIENTINC_DIR',INCLUDE_DIR.'client/');
+define('OSTCLIENTINC',TRUE); //make includes happy
+
+require_once(INCLUDE_DIR.'class.client.php');
+require_once(INCLUDE_DIR.'class.ticket.php');
+//We are ready baby
+$loginmsg='Authentication Required';
+if($_POST && (!empty($_POST['lemail']) && !empty($_POST['lticket']))):
+    $loginmsg='Authentication Required';
+    $email=trim($_POST['lemail']);
+    $ticketID=trim($_POST['lticket']);
+    //$_SESSION['_client']=array(); #Uncomment to disable login strikes.
+    
+    //Check time for last max failed login attempt strike.
+    $loginmsg='Invalid login';
+    if($_SESSION['_client']['laststrike']) {
+        if((time()-$_SESSION['_client']['laststrike'])<$cfg->getClientLoginTimeout()) {
+            $loginmsg='Excessive failed login attempts';
+            $errors['err']='You\'ve reached maximum failed login attempts allowed. Try again later or <a href="open.php">open a new ticket</a>';
+        }else{ //Timeout is over.
+            //Reset the counter for next round of attempts after the timeout.
+            $_SESSION['_client']['laststrike']=null;
+            $_SESSION['_client']['strikes']=0;
+        }
+    }
+    //See if we can fetch local ticket id associated with the ID given
+    if(!$errors && is_numeric($ticketID) && Validator::is_email($email) && ($tid=Ticket::getIdByExtId($ticketID))) {
+        //At this point we know the ticket is valid.
+        $ticket= new Ticket($tid);
+        //TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets?? 
+        //Check the email given.
+        if($ticket->getId() && strcasecmp($ticket->getEMail(),$email)==0){
+            //valid match...create session goodies for the client.
+            $user = new ClientSession($email,$ticket->getId());
+            $_SESSION['_client']=array(); //clear.
+            $_SESSION['_client']['userID']   =$ticket->getEmail(); //Email
+            $_SESSION['_client']['key']      =$ticket->getExtId(); //Ticket ID --acts as password when used with email. See above.
+            $_SESSION['_client']['token']    =$user->getSessionToken();
+            $_SESSION['TZ_OFFSET']=$cfg->getTZoffset();
+            $_SESSION['daylight']=$cfg->observeDaylightSaving();
+            //Log login info...
+            $msg=sprintf("%s/%s logged in [%s]",$ticket->getEmail(),$ticket->getExtId(),$_SERVER['REMOTE_ADDR']);
+            Sys::log(LOG_DEBUG,'User login',$msg);
+            //Redirect tickets.php
+            session_write_close();
+            session_regenerate_id();
+            @header("Location: tickets.php");
+            require_once('tickets.php'); //Just incase. of header already sent error.
+            exit;
+        }
+    }
+    //If we get to this point we know the login failed.
+    $_SESSION['_client']['strikes']+=1;
+    if(!$errors && $_SESSION['_client']['strikes']>$cfg->getClientMaxLogins()) {
+        $loginmsg='Access Denied';
+        $errors['err']='Forgot your login info? Please <a href="open.php">open a new ticket</a>.';
+        $_SESSION['_client']['laststrike']=time();
+        $alert='Excessive login attempts by a client?'."\n".
+                'Email: '.$_POST['lemail']."\n".'Ticket#: '.$_POST['lticket']."\n".
+                'IP: '.$_SERVER['REMOTE_ADDR']."\n".'Time:'.date('M j, Y, g:i a T')."\n\n".
+                'Attempts #'.$_SESSION['_client']['strikes'];
+        Sys::log(LOG_ALERT,'Excessive login attempts (client)',$alert,($cfg->alertONLoginError()));
+    }elseif($_SESSION['_client']['strikes']%2==0){ //Log every other failed login attempt as a warning.
+        $alert='Email: '.$_POST['lemail']."\n".'Ticket #: '.$_POST['lticket']."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
+               "\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$_SESSION['_client']['strikes'];
+        Sys::log(LOG_WARNING,'Failed login attempt (client)',$alert);
+    }
+endif;
+
+$nav = new UserNav();
+$nav->setActiveNav('status');
+require(CLIENTINC_DIR.'header.inc.php');
+require(CLIENTINC_DIR.'login.inc.php');
+require(CLIENTINC_DIR.'footer.inc.php');
+?>

logout.php

+<?php
+/*********************************************************************
+    logout.php
+
+    Destroy clients session.
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+
+require('client.inc.php');
+//We are checking to make sure the user is logged in before a logout to avoid session reset tricks on excess logins
+$_SESSION['_client']=array();
+session_unset();
+session_destroy();
+header('Location: index.php');
+require('index.php');
+?>

offline.php

@@ -14,6 +14,11 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require_once('client.inc.php');
+if($cfg && !$cfg->isHelpDeskOffline()) { 
+    @header('Location: index.php'); //Redirect if the system is online.
+    include('index.php');
+    exit;
+}
 $nav=null;
 require(CLIENTINC_DIR.'header.inc.php');
 ?>

open.php

+<?php
+/*********************************************************************
+    open.php
+
+    New tickets handle.
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+require('client.inc.php');
+define('SOURCE','Web'); //Ticket source.
+$inc='open.inc.php';    //default include.
+$errors=array();
+if($_POST):
+    $_POST['deptId']=$_POST['emailId']=0; //Just Making sure we don't accept crap...only topicId is expected.
+    if(!$thisuser && $cfg->enableCaptcha()){
+        if(!$_POST['captcha'])
+            $errors['captcha']='Enter text shown on the image';
+        elseif(strcmp($_SESSION['captcha'],md5($_POST['captcha'])))
+            $errors['captcha']='Invalid - try again!';
+    }
+
+    //FIXME: Allow logged in users to use diff email?
+    if($thisuser && strcasecmp($thisuser->getEmail(),$_POST['email']))
+        $errors['email']='Email mismatch.';
+
+    //Ticket::create...checks for errors..
+    if(($ticket=Ticket::create($_POST,$errors,SOURCE))){
+        $msg='Support ticket request created';
+        if($thisclient && $thisclient->isValid()) //Logged in...simply view the newly created ticket.
+            @header('Location: tickets.php?id='.$ticket->getExtId());
+        //Thank the user and promise speedy resolution!
+        $inc='thankyou.inc.php';
+    }else{
+        $errors['err']=$errors['err']?$errors['err']:'Unable to create a ticket. Please correct errors below and try again!';
+    }
+endif;
+
+//page
+$nav->setActiveNav('new');
+require(CLIENTINC_DIR.'header.inc.php');
+require(CLIENTINC_DIR.$inc);
+require(CLIENTINC_DIR.'footer.inc.php');
+?>

secure.inc.php

+<?php
+/*********************************************************************
+    secure.inc.php
+
+    File included on every client's "secure" pages
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+if(!strcasecmp(basename($_SERVER['SCRIPT_NAME']),basename(__FILE__))) die('Kwaheri rafiki!');
+if(!file_exists('client.inc.php')) die('Fatal Error.');
+require_once('client.inc.php');
+//User must be logged in!
+if(!$thisclient || !$thisclient->getId() || !$thisclient->isValid()){
+    require('./login.php');
+    exit;
+}
+$thisclient->refreshSession();
+?>

tickets.php

+<?php
+/*********************************************************************
+    tickets.php
+
+    Main client/user interface.
+    Note that we are using external ID. The real (local) ids are hidden from user.
+
+    Peter Rotich <peter@osticket.com>
+    Copyright (c)  2006-2012 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+**********************************************************************/
+require('secure.inc.php');
+if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
+
+require_once(INCLUDE_DIR.'class.ticket.php');
+$ticket=null;
+$inc='tickets.inc.php'; //Default page...show all tickets.
+//Check if any id is given...
+if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['ticket_id']) && is_numeric($id)) {
+    //id given fetch the ticket info and check perm.
+    $ticket= new Ticket(Ticket::getIdByExtId((int)$id));
+    if(!$ticket or !$ticket->getEmail()) {
+        $ticket=null; //clear.
+        $errors['err']='Access Denied. Possibly invalid ticket ID';
+    }elseif(strcasecmp($thisclient->getEmail(),$ticket->getEmail())){
+        $errors['err']='Security violation. Repeated violations will result in your account being locked.';
+        $ticket=null; //clear.
+    }else{
+        //Everything checked out.
+        $inc='viewticket.inc.php';
+    }
+}
+//Process post...depends on $ticket object above.
+if($_POST && is_object($ticket) && $ticket->getId()):
+    $errors=array();
+    switch(strtolower($_POST['a'])){
+    case 'postmessage':
+        if(strcasecmp($thisclient->getEmail(),$ticket->getEmail())) { //double check perm again!
+            $errors['err']='Access Denied. Possibly invalid ticket ID';
+            $inc='tickets.inc.php'; //Show the tickets.               
+        }
+
+        if(!$_POST['message'])
+            $errors['message']='Message required';
+        //check attachment..if any is set
+        if($_FILES['attachment']['name']) {
+            if(!$cfg->allowOnlineAttachments()) //Something wrong with the form...user shouldn't have an option to attach
+                $errors['attachment']='File [ '.$_FILES['attachment']['name'].' ] rejected';
+            elseif(!$cfg->canUploadFileType($_FILES['attachment']['name']))
+                $errors['attachment']='Invalid file type [ '.$_FILES['attachment']['name'].' ]';
+            elseif($_FILES['attachment']['size']>$cfg->getMaxFileSize())
+                $errors['attachment']='File is too big. Max '.$cfg->getMaxFileSize().' bytes allowed';
+        }
+                    
+        if(!$errors){
+            //Everything checked out...do the magic.
+            if(($msgid=$ticket->postMessage($_POST['message'],'Web'))) {
+                if($_FILES['attachment']['name'] && $cfg->canUploadFiles() && $cfg->allowOnlineAttachments())
+                    $ticket->uploadAttachment($_FILES['attachment'],$msgid,'M');
+                    
+                $msg='Message Posted Successfully';
+            }else{
+                $errors['err']='Unable to post the message. Try again';
+            }
+        }else{
+            $errors['err']=$errors['err']?$errors['err']:'Error(s) occured. Please try again';
+        }
+        break;
+    default:
+        $errors['err']='Uknown action';
+    }
+    $ticket->reload();
+endif;
+include(CLIENTINC_DIR.'header.inc.php');
+include(CLIENTINC_DIR.$inc);
+include(CLIENTINC_DIR.'footer.inc.php');
+?>

view.php

+<?php
+//We are now using tickets.php but we need to keep view.php for backward compatibility
+require('tickets.php');
+?>