From bda2e4220accc561e34cccd434feeb56601b3185 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 23 May 2014 13:50:45 -0500
Subject: [PATCH] If you're logged in as a client, stay that way

When following a link from an email, if you are already signed in to the
help desk as a client, you should just be redirected to the new ticket.
---
 include/class.client.php |  4 ++++
 view.php                 | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/include/class.client.php b/include/class.client.php
index 2af67879f..3e5592901 100644
--- a/include/class.client.php
+++ b/include/class.client.php
@@ -149,6 +149,10 @@ abstract class TicketUser {
         return $this->_guest;
     }
 
+    function getUserId() {
+        return $this->user->getId();
+    }
+
     abstract function getTicketId();
     abstract function getTicket();
 }
diff --git a/view.php b/view.php
index 7e865d6a6..2299043b0 100644
--- a/view.php
+++ b/view.php
@@ -16,14 +16,23 @@
 **********************************************************************/
 require_once('client.inc.php');
 
+$errors = array();
+// Check if the client is already signed in. Don't corrupt their session!
+if ($_GET['auth']
+        && $thisclient
+        && ($u = TicketUser::lookupByToken($_GET['auth']))
+        && ($u->getUserId() == $thisclient->getId())
+) {
+    Http::redirect('tickets.php?id='.$u->getTicketId());
+}
 // Try autologin the user
 // Authenticated user can be of type ticket owner or collaborator
-$errors = array();
-if (isset($_GET['auth']) || isset($_GET['t']))
+elseif (isset($_GET['auth']) || isset($_GET['t'])) {
     // TODO: Consider receiving an AccessDenied object
     $user =  UserAuthenticationBackend::processSignOn($errors, false);
+}
 
-if ($user && $user->getTicketId())
+if (@$user && is_object($user) && $user->getTicketId())
     Http::redirect('tickets.php?id='.$user->getTicketId());
 
 $nav = new UserNav();
-- 
GitLab