Osticket: Login issue with username as 123456

Created on 24 Jul 2015  路  6Comments  路  Source: osTicket/osTicket

Hello Team,

While creating a username with 123456, we can registered the user, but unable to login at agent login page.

So it probably bug at registration or login page. So after digging into code i found that

1> for login script, issue bcoz is_numeric check

function getAllowedBackends($userid) {

    $backends =array();
    //XXX: Only one backend can be specified at the moment.
    $sql = 'SELECT backend FROM '.STAFF_TABLE
          .' WHERE backend IS NOT NULL ';
    if (is_numeric($userid))
        $sql.= ' AND staff_id='.db_input($userid);
    else {
        $sql.= ' AND (username='.db_input($userid) .' OR email='.db_input($userid).')';
    }

    if (($res=db_query($sql, false)) && db_num_rows($res))
        $backends[] = db_result($res);

    return array_filter($backends);
}

2> For validation check

function is_username($username, &$error='') {
    if (strlen($username)<2)
        $error = __('Username must have at least two (2) characters');
    elseif (!preg_match('/^[\p{L}\d._-]+$/u', $username))
        $error = __('Username contains invalid characters');
    return $error == '';
}
bug
Source
picture avtaniket

Most helpful comment

I think we've grown up enough we should allow numeric usernames

picture greezybacon on 1 Aug 2015
👍2

All 6 comments

This has been discussed and I think both are still open.

https://github.com/osTicket/osTicket-1.8/issues/1176
and LDAP plugin
https://github.com/osTicket/core-plugins/issues/42

ntozier picture ntozier on 24 Jul 2015

I think we've grown up enough we should allow numeric usernames

greezybacon picture greezybacon on 1 Aug 2015
👍2

This still doesn't seem to be fixed? I ran into this problem with osTicket 1.10.4
I would add that - as an agent, you can send a password-reset E-Mail, but you cannot request a password-reset mail via "Forgot Password" - there it says the username couldn't be verified.

As long as it isn't finally decided whether numeric usernames should be allowed or not, at least the agent-creation page should reject numeric usernames also.

AlgorithMan-de picture AlgorithMan-de on 22 Mar 2019

Just ran into this in OSTicket version 1.14.1 with all numeric logins, including ones with leading zeroes.

fabiorauber picture fabiorauber on 18 Sep 2020

Hi,
fixed this problem of numeric username by changing in include/class.staff.php :

/**** Static functions ********/
    static function lookup($var) {
        if (is_array($var))
            return parent::lookup($var);
        elseif (is_numeric($var)){
                if(!parent::lookup(array('staff_id'=>$var))) return parent::lookup(array('username'=>$var));
                return parent::lookup(array('staff_id'=>$var));
        }
        elseif (Validator::is_email($var))
            return parent::lookup(array('email'=>$var));
        elseif (is_string($var))
            return parent::lookup(array('username'=>$var));
        else
            return null;
    }

BTW I have auth-cas + auth-ldap and auth-passthru fully working with v1.14.2

@+

ngombe42 picture ngombe42 on 22 Sep 2020

This issue is still open today...
The solution provided by @ngombe42 is a workaround, but in any updates, will get overwritten. Can you fix this, please ? It's important.

feiticeir0 picture feiticeir0 on 7 Jul 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rachelsupport picture rachelsupport  路  5Comments
alansebastian picture alansebastian  路  3Comments
markus4000 picture markus4000  路  4Comments
ghost picture ghost  路  6Comments
mlipok picture mlipok  路  5Comments