Hi,

I installed OSTicket 1.6.rc4 and it is working fine. One thing I noticed though. Is that any one who visits the page can post a ticket without authorization. The "Open New Ticket" left section allows anyone to send a ticket which may cause spammers and robots to spam using the form. Is there a workaround this? Can I force anyone to register first before actually submitting a ticket?

Thanks

Hey,

At the current time, user registration is not a feature of osTicket.

will it be a feature?

I ahd the same converned so when I installed osticket I put it in a secure portion of the site that requires users to log int before they get to the actual ticket page.

You can do this by including a .htaccess and .htpasswd file in the root directory of osticket

The .htaccess file would look like this


AuthType Basic
AuthName "osTicket"
AuthUserFile user/1302575/htdocs/osticket/.htpasswd
require valid-user


Note that the AuthUserFile is not the URL but the absolute path to your directory.

The .htpasswd file would look like this


user1:ieqAOzv23YyWQ
user2:eegxXktSEwTlg
user3r:6nzUPa9fX4gqU


Note that you will have to use a htpasswd generator to get the user name and encrypted password

This is a bare bones generator I use
http://home.flash.net/cgi-bin/pw.pl

CONS

You must edit the .htpasswd file everytime you need to add a user. If you do not have to many new users or a static pool of users then is not a big deal.

PROS

Cannot get by it even if they know the link to the ticket page or bookmark it. They only need to log in once unless they close the browser whic hcleares the cache information and they will be required to log in again.


There are some PHP or CGI scripts that will provide a user interface for you to manage the .htpasswd file and they are free. here is one I have looked at but have not used it

http://www.locked-area.com/

Hope this helps
KRASH

will give it a try ... one question though, how do I find out the absolute path to the directory?

1. create a text file with

<?php echo $_SERVER['DOCUMENT_ROOT']; ?>

2. Rename the file to something.php (mine is env.php)

3. FTP the file to the root folder of your osticket directory

4. Go to the location of the file in your browser

http://www.yourdomain.com/osticket/env.php

This should return the absolute path
KRASH

Thanks ... I've followed all of the above but it doesn't work. I am prompted for a username and password but when I enter it, I just get the same question again and after a couple of times I defaults to an error page