osTicket System is one of the best open-source ticket system until now. I have been testing and using it since version 1.6 RC4. The last version when I created this article is 1.6 RC5. For those both version, it is still using the email address and the ticket number to log in to the system, in order to check the ticket status. If client open or submit a new ticket, then the ticket number will be sent to the client’s email address. Thus, client have to check their email address first, in order to get this ticket number to monitor the ticket status afterwards. Client have to enter the email address, and of course, the ticket number that sent through that email.
I watched for some topic discussion through osTicket Official Forum, and I found there that one of the most important issues in osTicket System is about displaying the ticket number to the client after they submit a new ticket. At least, more than one topic asking and or request the feature about this issue. They need this feature to be implemented in osTicket System.
As a matter of fact, this ticket number is similar with password. Thus, it has to be sent via client’s email right after client submit a new ticket. Unfortunately, many ticket system administrator and or developer do not know this reason why “displaying ticket number after client submit new ticket” was strongly forbidden. There are some developers do not agree with this rule. They want to modify the osTicket script in order to display the ticket number on “thank you” page after client submit a new ticket. Many reason why they asked this feature. One of the their reasons I ever read is: “… since my client never received the email that contains of the ticket number, I need this ticket number to be displayed right after my client submit a new ticket. I don’t need send the ticket number sent through the email address’ client!“.
Okay. Let’s discuss more detail about this. It is, indeed, strongly recommended that the ticket number should not being displayed after your client submit a new ticket. Aah, there must be, at least, one reason for this! The main reason for this is concerning the security vulnerability. Another reason that related with that reason above is: for some ticket systems, they allow their client to reply to the ticket by using email. Thus, this client’ email is obviously needed in this case.
Now, let’s take a look an example here. If you display this ticket number to your client, imagine when somebody else (Mr. X) who knows your client’s email address. Then he acts or pretends to be one of your real client who has that email address, by opening a new ticket. Afterwards, this Mr. X will be able to login by using the email address and that ticket number (the ticket number that has just been displayed a few seconds after he submits that ticket). He will be able to see all of the tickets belongs to your client. Imagine again, how if one of those tickets number contain of such an important or secret information? Do you think this is a good condition in your osTicket System?
If the problem is about your client never receive any email that contains the ticket number, you have to ensure that your email system works correctly. For example, if you use your SMTP, please check your SMTP setting, in case there is a wrong setting there. Also, you have to give such explanation to your client to enter their valid email address in order the ticket number could be sent to their mail inbox properly. It means that email address is a mandatory thing if you want to implement a support system by using this osTicket System. So, there is no reason anymore to avoid to use your client’s email address.
The conclusion: For those of you who want to implement this osTicket System for your online support, please pay attention more seriously, especially when you want to implement it on your website. Always try to remember this: Do not ever display the ticket number after submit a new ticket! Another alternative solution that you can choose is by using username and password to log in to the system by your client. And, please remember again, it also needs your client’s valid email address, as the mandatory thing for your osTicket System.
Please consider again all the explanation above, if you do not want to disappointed your client, since there are so many bad guy out there who will try to pretend as your client, in order to display and know about your client’s matter or their important information. So, be a wise people when you want to modify this osTicket System script.
Nice! I’m gonna make my own journal.