You are here: Home / Ticket System / osTicket / Add Forgot Password Feature for HelpDesk Officer into osTicket v1.6 RC5

Add Forgot Password Feature for HelpDesk Officer into osTicket v1.6 RC5

Monday, October 12, 2009 · By 4 Comments

Generally, in any system that require password as the prerequisite to log in to the system, there is always Forgot Password feature in order to reset and get the new one for the user. Unfortunately, this feature does not exist in osTicket System, both in version 1.6 RC4 and 1.6 RC5. So, I made a new modification by adding this feature into osTicket System version 1.6 RC5. When helpdesk officer forgot their password, then they only need to click on the Forgot Password link, enter their email, and then click on the Send New Password button. Afterwards, the osTicket System will send an activation key including the URL link to activate the new password. After helpdesk officer activate it, then the new password will be sent to their email.

You can also read my post I sent to osTicket Forum via this link:
[MOD] Forgot Admin/Manager/Staff Password.

To implement the full modification, please follow these steps below carefully:

  1. First of all, you have to add two new fields to your ost_staff table in the database used by your osTicket system. Run the following SQL script. You may use phpMyAdmin or your another MySQL tools:

    ALTER TABLE ost_staff 
ADD COLUMN `new_passwd` varchar(128) NULL,
ADD COLUMN `new_passwd_activate` varchar(128) NULL;
  2. Open \include\staff\login.tpl.php file, and find this code:

    11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

    <body id="loginBody">
<h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
<div id="loginBox">
  <h1 style="clear: both;"><?=$msg?></h1>
  <form action="login.php" method="post">
  <input type="hidden" name=do value="scplogin" />
    <table border=0 align="center">
      <tr><td width=100px align="right"><b>Username</b>:</td><td><input type="text" name="username" id="name" value="" /></td></tr>
      <tr><td align="right"><b>Password</b>:</td><td><input type="password" name="passwd" id="pass" /></td></tr>
      <tr><td>&nbsp;</td><td>&nbsp;&nbsp;<input class="submit" type="submit" name="submit" value="Login" /></td></tr>
    </table>
</form>
</div>
<div id="copyRights">Copyright &copy; <a href='http://www.osticket.com' target="_blank">osTicket.com</a></div>
</body>
</html>

    then replace with this following code:

    11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

    <body id="loginBody" onload="document.frmLogin.username.focus()">
<h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
<div id="loginBox">
  <h1 style="clear: both;"><?=$msg?></h1>
  <form name="frmLogin" action="login.php" method="post">
  <input type="hidden" name=do value="scplogin" />
    <table border=0 align="center">
      <tr><td width=100px align="right"><b>Username</b>:</td><td><input type="text" name="username" id="name" value="" /></td></tr>
      <tr><td align="right"><b>Password</b>:</td><td><input type="password" name="passwd" id="pass" /></td></tr>
      <tr><td>&nbsp;</td><td><input class="submit" type="submit" name="submit" value="Login" /></td></tr>
    </table>
</form>
</div>
<div><br />&nbsp;<a href="forgotpassword.php">Forgot Password?</a></div><br />
<div id="copyRights">Copyright &copy; <a href='http://www.osticket.com' target="_blank">osTicket.com</a></div>
</body>
</html>
  3. Create a new file and named it with forgotpassword.tpl.php and copy and paste this following code into that file, afterwards, put this file in \include\staff\ sub directory:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

    <?php
 
/**
 * @author Masino Sinaga, http://www.openscriptsolution.com
 * @copyright October 11, 2009
 */
?>
 
<?php defined('OSTSCPINC') or die('Invalid path'); ?>
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>osTicket:: SCP Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
<meta name="robots" content="noindex" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
</head>
 
<body id="loginBody" onload="document.frmForgotPassword.email.focus()">
<h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
<div id="loginBox">
 
	<h1 style="clear: both;"><?php echo $forgotmsg; ?></h1>
	<form name="frmForgotPassword" action="forgotpassword.php" method="post">
	<input type="hidden" name=do value="scplogin" />
    <table border=0 align="center">
        <tr><td align="right"><b>Email</b>:</td><td><input type="email" name="email" id="email" /></td></tr>
        <tr><td>&nbsp;</td><td>&nbsp;&nbsp;<input class="submit" type="submit" name="submit" value="Send My New Password" /></td></tr>
    </table>
</form>
</div>
        <label>&nbsp;</label>
        <div><a href="index.php">Back to Index SCP</a></div>
	<br />
 
<div id="copyRights">Copyright &copy; <a href='http://www.osticket.com' target="_blank">osTicket.com</a></div>
</body>
</html>
  4. Create a new file and named it with forgotpassword.php and copy and paste this following code into that file, afterwards, put this file in \scp\ sub directory:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

    <?php
 
/**
 * @author Masino Sinaga, http://www.openscriptsolution.com
 * @copyright October 11, 2009
 */
 
 
require_once('../main.inc.php');
 
?>
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>osTicket:: SCP Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
<meta name="robots" content="noindex" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
</head>
 
<?php
 
$forgotmsg='Email Required';
if($_POST && (!empty($_POST['email']) )) {
  $email=trim($_POST['email']);
 
  $sqle='SELECT email, username, new_passwd FROM '.STAFF_TABLE.
        ' WHERE email='.db_input($email).'';
  $respe=db_query($sqle);
  $countRec = db_num_rows($respe);
 
  if ($countRec > 0) {
 
    while ($row = db_fetch_array($respe)) {
      $username = $row['username'];
    }
 
    $key_len = 54 - 20;
    $key_len = max(6, $key_len); // we want at least 6
    $key_len = (8) ? min($key_len, 8) : $key_len; // we want at most 8
    $user_actkey = substr(gen_rand_string(10), 0, $key_len);
    $user_password = gen_rand_string(8);
 
    $sql = "UPDATE ".STAFF_TABLE.
            " SET new_passwd='".$user_password."', new_passwd_activate='".$user_actkey. 
            "' WHERE email=".db_input($email)."";
 
    if(db_query($sql) && db_affected_rows($res)){
      global $cfg;
      $helpdesk_email=$cfg->getDefaultEmail();
      $helpdesk_url=$cfg->getUrl();
      $helpdesk_title=$cfg->getTitle();
      if($helpdesk_email){
        $helpdesk_email->send($email, 'Activation Key for New Password', ''.$username.', You are receiving this notification because you have (or someone pretending to be you has) requested a new password be sent for your account on "'.$helpdesk_title.'". If you did not request this notification then please ignore it, if you keep receiving it please contact your Administrator. Otherwise, to use the new password you need to activate it. To do this, please click on this link: '.$helpdesk_url.'scp/activatepassword.php?key='.$user_actkey);
      }
 
      echo '<body id="loginBody" onload="document.frmForgotPassword.email.focus()">
            <h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
            <div id="loginBox">';
      echo '<br />We have sent the URL to your email in order to activate your new password. Check your email in a few minutes!<br /><br />';
      echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
            </body>
            </html>';  
      exit;
 
    } else {
      echo '<body id="loginBody" onload="document.frmForgotPassword.email.focus()">
            <h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
            <div id="loginBox">';
      echo 'Failed send URL to your email. Please try again later!<br /><br />';
      echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
            </body>
            </html>';			
      exit;
    }    
 
  } else {		
 
    echo '<body id="loginBody" onload="document.frmForgotPassword.email.focus()">
          <h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
          <div id="loginBox">';
    echo '<br />Sorry, but that email does not exist in our system.<br /><br />';
    echo '<a href="index.php">Login</a><br /><br />';
    echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
          </body>
          </html>';		
    exit;		
    }
}
 
define("OSTSCPINC",TRUE); //Make includes happy!
include_once(INCLUDE_DIR.'staff/forgotpassword.tpl.php');
 
 
/** Just additional function, please be kind... ;-) **/
 
/**
* Generates an alphanumeric random string of given length
*/
function gen_rand_string($num_chars = 8)
{
	$rand_str = unique_id();
	$rand_str = str_replace('0', 'Z', strtoupper(base_convert($rand_str, 16, 35)));
 
	return substr($rand_str, 0, $num_chars);
}
 
/**
* Return unique id
* @param string $extra additional entropy
*/
function unique_id($extra = 'c')
{
	static $dss_seeded = false;
	global $config;
	$val = '4cc5d71c0f7208b4c7708e3c6ae41d10' . microtime();
	$val = md5($val);
	return substr($val, 4, 16);
}
 
?>
  5. Create a new file and named it with activatepassword.php and copy and paste this following code into that file, afterwards, put this file in \scp\ sub directory:

    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

    <?php
 
/**
 * @author Masino Sinaga, http://www.openscriptsolution.com
 * @copyright October 11, 2009
 */
 
require_once('../main.inc.php');
 
?>
 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>osTicket:: SCP Login</title>
<link rel="stylesheet" href="css/login.css" type="text/css" />
<meta name="robots" content="noindex" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
</head>
 
<body id="loginBody" onload="document.frmForgotPassword.email.focus()">
<h1 id="logo"><a href="index.php">osTicket Staff Control Panel</a></h1>
<div id="loginBox">
 
<?php
 
if($_GET && (!empty($_GET['key']) )) {
  $passwact=trim($_GET['key']);
 
  $sqlNewPass="SELECT username, email, new_passwd FROM ".STAFF_TABLE.
        " WHERE new_passwd_activate='".$passwact."'";
  $resNewPass=db_query($sqlNewPass);
  $countRec = db_num_rows($resNewPass);
 
  if ($countRec > 0) {
 
    while ($row = db_fetch_array($resNewPass)) {
      $real_new_password = $row['new_passwd'];
      $new_password = md5($row['new_passwd']);
      $user_email = $row['email'];
      $user_name = $row['username'];
    }
 
    // Change the password with the new one now, and don't forget to reset the key!
    $sql = "UPDATE ".STAFF_TABLE." SET passwd='".$new_password."', 
           new_passwd='', new_passwd_activate=''  
	   WHERE email='".$user_email."'";
 
    if(db_query($sql) && db_affected_rows($res)){
 
      global $cfg;
      $helpdesk_email=$cfg->getDefaultEmail();
      $helpdesk_url=$cfg->getUrl();
      if($helpdesk_email){
        $helpdesk_email->send($user_email, 'New Password', ''.$user_name.', Your new password is: '.$real_new_password.'. Please login from '.$helpdesk_url.'scp/');
      }
 
      echo "<br /><b>$user_name</b>, <br />";
      echo "We have reset your password with the new one. You can now <a href='index.php'>login</a> with your new password that we have just sent to your email!<br /><br />";		
      echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
            </body>
            </html>';
 
    } else {
 
      echo "<br />Failed when reset your password. Please try again later!<br />";
      echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
            </body>
            </html>';
 
    }
 
  } else {
 
    echo "<br />Wrong activation key.<br /><br />";
    echo '<div id="copyRights">Copyright &copy; <a href="http://www.osticket.com" target="_blank">osTicket.com</a></div>
    </body>
    </html>';
 
  }
 
}
 
?>

That’s all! Hopefully this will help you.

Share
Filed Under: osTicket Tagged With: , , , , , , , , , , , ,

2,611 viewsPrint This Post Print This Post

Comments

  1. Gonzalo says:
    Monday, 12 October 2009 at 16:28:11

    Hello, i see you know a lot about OST, and have seen your posts at the forum.
    There’s a problem lots of people are having with the last version, and it is that they(me included) can’t login as admin in a fresh install.

    I have checked every single possible solution in the support forum and nothing worked. Even tried this mod(i think is awesome!); it works perfect, but still even with the new password can’t login.

    Looks like the guys at the forum can’t find a solution to this problem, maybe you can help us with that.

    Thanks in advance.

    Reply
  2. Masino Sinaga says:
    Tuesday, 13 October 2009 at 11:27:10

    @Gonzalo

    Unfortunately, this never happened to me. I am not sure what is the causes of that problem. I tested osTicket on my localhost using Windows XP SP3 with Wamp server (Apache, MySQL, PHP included), and everything is worked fine here. I am so sorry I cannot help you much about the matter.

    Reply
  3. rcmichelle says:
    Friday, 20 August 2010 at 12:42:55

    you can search Password Genius from Google

    Reply

Trackbacks

  1. Open Script Solution » Force Change Password After Reset Password in osTicket v1.6 RC5 says:
    Wednesday, 11 November 2009 at 09:52:01

    [...] Sinaga Leave a comment Go to comments For those of you who have implemented my MOD about Add Forgot Password Feature for HelpDesk Officer into osTicket v1.6 RC5 and need to force the helpdesk officer to change their password on the next login, here is the [...]

    Reply

Speak Your Mind

*

CAPTCHA Image

*