Hi,
I may found an issue with the Auth link (%{recipient.ticket_link} in the templates) that is send to customers. Most of them are working e.g.
(e.g. auth=o1xdeaaaacuaaaaav7VnKmjLfy0ysQ%3D%3D) but a few do not authenticate (e.g. auth=o1xdaaaaacvaaaaaA77BapN9u%2BuZyA%3D%3D).
I have no clue where to look for this issue. What I gathered from the files is that de decode is done with positions in the auth sting to gather db ticket ids and user id. I was hoping if I could 'debug' the auth decode process to see what happens to the ticketid.
I do see that the 5th character is different 'e' and 'a', the 11th character 'u' and 'v' and probably the coded ticket number started from the last 'aaaaa'.
My best guess is that the next character is also an 'a' (although uppercase), that a regex or strpos is possibly done on those 5*a (however case insensitive) resulting in a wrong offset? I tried look into the class.auth.php to determine the code, but failed to do that in a timely fashion.
I imagine that you are the best person to ask how to proceed with this issue I have, or how to debug the process?
I do not know if other people see or get feedback from customers about this?
osTicket Version v1.10 (901e5ea)
Web Server Software Apache/2.4.10 (Debian)
MySQL Version 5.5.54
PHP Version 7.0.17-1~dotdeb+8.1
only 'mod/addition':
nl — include/i18n/nl.phar Version: 148287, for version v1.10 Built: Fri, 13 Jan 17 17:13:57 +0000)
Best regards,
Thonal