/ var / www / html / IT-Ticket / osTicket-v1.18.2 / upload / [ HOME SHELL ]

Name	Size	Permission	Action
api	[ DIR ]	drwxr-xr-x
apps	[ DIR ]	drwxr-xr-x
assets	[ DIR ]	drwxr-xr-x
css	[ DIR ]	drwxr-xr-x
images	[ DIR ]	drwxr-xr-x
include	[ DIR ]	drwxr-xr-x
js	[ DIR ]	drwxr-xr-x
kb	[ DIR ]	drwxr-xr-x
pages	[ DIR ]	drwxr-xr-x
scp	[ DIR ]	drwxr-xr-x
setup	[ DIR ]	drwxr-xr-x
account.php	5.31 KB	-rw-r--r--
ajax.php	1.88 KB	-rw-r--r--
avatar.php	1.06 KB	-rw-r--r--
bootstrap.php	15.92 KB	-rw-r--r--
captcha.php	611 B	-rw-r--r--
client.inc.php	3 KB	-rw-r--r--
file.php	2.3 KB	-rw-r--r--
index.php	2.28 KB	-rw-r--r--
login.php	5.63 KB	-rw-r--r--
logo.php	925 B	-rw-r--r--
logout.php	732 B	-rw-r--r--
main.inc.php	1.98 KB	-rw-r--r--
manage.php	2.28 KB	-rwxr-xr-x
offline.php	940 B	-rw-r--r--
open.php	3.1 KB	-rw-r--r--
profile.php	1.2 KB	-rw-r--r--
pwreset.php	3.17 KB	-rw-r--r--
secure.inc.php	1.14 KB	-rw-r--r--
tickets.php	5.66 KB	-rw-r--r--
view.php	1.67 KB	-rw-r--r--
web.config	2.15 KB	-rw-r--r--

Code Editor : login.php

<?php
/*********************************************************************
    login.php

User access link recovery

TODO: This is a temp. fix to allow for collaboration in lieu of real
    username and password coming in 1.8.2

Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2013 osTicket
    http://www.osticket.com

Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once('client.inc.php');
if(!defined('INCLUDE_DIR')) die('Fatal Error');
define('CLIENTINC_DIR',INCLUDE_DIR.'client/');
define('OSTCLIENTINC',TRUE); //make includes happy

require_once(INCLUDE_DIR.'class.client.php');
require_once(INCLUDE_DIR.'class.ticket.php');

if ($cfg->getClientRegistrationMode() == 'disabled'
        || isset($_POST['lticket']))
    $inc = 'accesslink.inc.php';
else
    $inc = 'login.inc.php';

$suggest_pwreset = false;

// Check the CSRF token, and ensure that future requests will have to use a
// different CSRF token. This will help ward off both parallel and serial
// brute force attacks, because new tokens will have to be requested for
// each attempt.
if ($_POST) {
    // Check CSRF token
    if (!$ost->checkCSRFToken())
        Http::response(400, __('Valid CSRF Token Required'));

// Rotate the CSRF token (original cannot be reused)
    $ost->getCSRF()->rotate();
}

if ($_POST && isset($_POST['luser'])) {
    if (!$_POST['luser'])
        $errors['err'] = __('Valid username or email address is required');
    elseif (($user = UserAuthenticationBackend::process(trim($_POST['luser']),
            substr($_POST['lpasswd'], 0, 128), $errors))) {
        if ($user instanceof ClientCreateRequest) {
            if ($cfg && $cfg->isClientRegistrationEnabled()) {
                // Attempt to automatically register
                if ($user->attemptAutoRegister())
                    Http::redirect('tickets.php');

// Auto-registration failed. Show the user the info we have
                $inc = 'register.inc.php';
                $user_form = UserForm::getUserForm()->getForm($user->getInfo());
            }
            else {
                $errors['err'] = __('Access Denied. Contact your help desk administrator to have an account registered for you');
                // fall through to show login page again
            }
        }
        else {
            Http::redirect($_SESSION['_client']['auth']['dest']
                ?: 'tickets.php');
        }
    } elseif(!$errors['err']) {
        $errors['err'] = sprintf('%s - %s', __('Invalid username or password'), __('Please try again!'));
    }
    $suggest_pwreset = true;
}
elseif ($_POST && isset($_POST['lticket'])) {
    if (!Validator::is_email($_POST['lemail']))
        $errors['err'] = __('Valid email address and ticket number required');
    elseif (($user = UserAuthenticationBackend::process($_POST['lemail'],
            $_POST['lticket'], $errors))) {

// If email address verification is not required, then provide
        // immediate access to the ticket!
        if (!$cfg->isClientEmailVerificationRequired())
            Http::redirect('tickets.php');

// This will succeed as it is checked in the authentication backend
        $ticket = Ticket::lookupByNumber($_POST['lticket'], $_POST['lemail']);

// We're using authentication backend so we can guard aganist brute
        // force attempts (which doesn't buy much since the link is emailed)
        if ($ticket) {
            $ticket->sendAccessLink($user);
            $msg = sprintf(__("%s - access link sent to your email!"),
                Format::htmlchars($user->getName()->getFirst()));
            $_POST = null;
        } else {
            $errors['err'] = sprintf('%s - %s',
                __('Invalid email or ticket number'),
                __('Please try again!'));
        }
    } elseif(!$errors['err']) {
        $errors['err'] = sprintf('%s - %s', __('Invalid email or ticket number'), __('Please try again!'));
    }
}
elseif (isset($_GET['do'])) {
    switch($_GET['do']) {
    case 'ext':
        // Lookup external backend
        if ($bk = UserAuthenticationBackend::getBackend($_GET['bk'])) {
            $result = $bk->triggerAuth();
            if ($result instanceof AccessDenied) {
                $errors['err'] = $result->getMessage();
            }
        }
    }
}
elseif ($user = UserAuthenticationBackend::processSignOn($errors, false)) {
    // Users from the ticket access link
    if ($user && $user instanceof TicketUser && $user->getTicketId())
        Http::redirect('tickets.php?id='.$user->getTicketId());
    // Users imported from an external auth backend
    elseif ($user instanceof ClientCreateRequest) {
        if ($cfg && $cfg->isClientRegistrationEnabled()) {
            // Attempt to automatically register
            if ($user->attemptAutoRegister())
                Http::redirect('tickets.php');

// Unable to auto-register. Fill in what we have and let the
            // user complete the info
            $inc = 'register.inc.php';
        }
        else {
            $errors['err'] = __('Access Denied. Contact your help desk administrator to have an account registered for you');
            // fall through to show login page again
        }
    }
    elseif ($user instanceof AuthenticatedUser) {
        Http::redirect($_SESSION['_client']['auth']['dest']
                ?: 'tickets.php');
    }
}

if (!$nav) {
    $nav = new UserNav();
    $nav->setActiveNav('status');
}

require CLIENTINC_DIR.'header.inc.php';
require CLIENTINC_DIR.$inc;
require CLIENTINC_DIR.'footer.inc.php';
?>

Urban Research Lab

Urban Research Lab

The Urban Research Lab (URL) at IIIT-Delhi was established in 2020, during a time when the pandemic brought the complexities of urban life more visible than ever. What started as an initiative by faculty and students has grown into a collaborative space for critically exploring and reimagining the urban questions through research, dialogue, and interdisciplinary engagement.