Ticket-View with Authentification

[Derblub]

You can view the Support Tickets per Link without Authentification.

This is the dirty fix for the supportview.tpl:

{if $loggedin}
{if $error}

<p>{$LANG.supportticketinvalid}</p>

{else}

<p><strong> »  {$LANG.supportticketsviewticket} {$tid}</strong></p>

<table>
<tr><td width="120">{$LANG.supportticketsdepartment}</td><td>{$department}</td></tr>
<tr><td>{$LANG.supportticketsdate}</td><td>{$date}</td></tr>
<tr><td>{$LANG.supportticketssubject}</td><td>{$subject}</td></tr>
<tr><td>{$LANG.supportticketsstatus}</td><td>{$status}</td></tr>
<tr><td>{$LANG.supportticketsticketurgency}</td><td>{$urgency}</td></tr>
</table>

<br />

<table cellspacing="1" cellpadding="3" width="100%" class="clientareatable">

<tr class="supportticketsheading"><td width="160" rowspan="2" valign="top">{$user}</td><td>{$LANG.supportticketsposted}: {$date}</td></tr>
<tr class="supportticketscontent"><td valign="top">{$message}{if $attachment}<br /><br /><img src="images/support/folder.gif" align="middle" alt="" /> <i>{$LANG.supportticketsticketattachment}: <a href="{$attachmentlink}">{$attachment}</a></i>{/if}</td></tr>

{foreach key=num item=reply from=$replies}

<tr class="supportticketsheading"><td width="160" rowspan="2" valign="top">{$reply.user}</td><td>{$LANG.supportticketsposted}: {$reply.date}</td></tr>
<tr class="supportticketscontent"><td valign="top">{$reply.message}{if $reply.attachment}<br /><br /><img src="images/support/folder.gif" align="middle" alt="" /> <i>{$LANG.supportticketsticketattachment}: <a href="{$reply.attachmentlink}">{$reply.attachment}</a></i>{/if}</td></tr>

{/foreach}

</table>

{if $showclosebutton}
<p align="center"><input type="button" value="{$LANG.supportticketsstatuscloseticket}" onclick="window.location='{$smarty.server.PHP_SELF}?tid={$tid}&c={$c}&closeticket=true'" class="button" /></p>
{/if}

<p><strong> »  {$LANG.supportticketsreply}</strong></p>

{if $errormessage}<div class="errorbox">{$errormessage|replace:'<li>':'  #  '}  #  </div><br />{/if}

<form method="post" action="{$smarty.server.PHP_SELF}?tid={$tid}&c={$c}&postreply=true" enctype="multipart/form-data">

<table cellspacing="1" cellpadding="0" class="frame"><tr><td>
<table width="100%" cellpadding="2">
<tr><td width="120" class="fieldarea">{$LANG.supportticketsclientname}</td><td>{if $loggedin}{$clientname}{else}<input type="text" name="replyname" size=30 value="{$replyname}" />{/if}</td></tr>
<tr><td class="fieldarea">{$LANG.supportticketsclientemail}</td><td>{if $loggedin}{$email}{else}<input type="text" name="replyemail" size=50 value="{$replyemail}" />{/if}</td></tr>
<tr><td colspan="2" class="fieldarea"><textarea name="replymessage" rows="12" cols="60" style="width:100%">{$replymessage}</textarea></td></tr>
<tr><td class="fieldarea">{$LANG.supportticketsticketattachment}:</td><td><input type="file" name="attachment" style="width:80%" /><br />({$LANG.supportticketsallowedextensions}: {$allowedfiletypes})</td></tr>
</table>
</td></tr></table>

<p align="center"><input type="submit" value="{$LANG.supportticketsticketsubmit}" class="button" /></p>

</form>
{/if}
{else}
<p>{$LANG.loginintrotext}</p>

<form action="dologin.php?goto=supporttickets" method="post" enctype="multipart/form-data">

<table align="center">
<tr><td align="right">{$LANG.loginemail}:</td><td><input type="text" name="username" size="40" value="{$username}"></td></tr>
<tr><td align="right">{$LANG.loginpassword}:</td><td><input type="password" name="password" size="25" value="{$password}"></td></tr>
</table>

<p align="center"><input type="submit" value="{$LANG.loginbutton}"><br><input type="checkbox" name="rememberme"{$rememberme}> {$LANG.loginrememberme}</p>
</form>
<p><b>{$LANG.loginforgotten}</B> <a href="passwordreminder.php">{$LANG.loginforgotteninstructions}</a>.</p>
{/if}

[WHMCS Andrew]

DO you mean people can log support tickets without being logged in?

[Daniel]

I don't understand what this will do either..

[DataHosts]

If I am thinking correct it allows the user to view the ticket without having to log into the client area. In a sense...just like Kayako. The email responses from Kayako have a link in the bottom footer of the email that will allow the user to click on it, and be automatically redirected to the ticket view.

 

I could be wrong, but it sounds like it. However, I am not trying it.....

[WHMCS Andrew]

As long as you have the ticket number and random code you can view the tickets, is this what you mean?

[Daniel]

Erm... Doesn't WHMCS do that already though?

[WHMCS Andrew]

Yes - I think this stops that and requires you to login,

[Derblub]

With this mod you must login before you can view a ticket per direct link.

[WHMCS Andrew]

But the point of the direct link with random code is so you don't need to login,

[Derblub]

But this is insecure! A simply bruteforce attack and i can access sensitive informations. We've had a lot of customer request for this sensitivity. By the way, the upper and lower cases at the "random code" are ignored.