Support

Akeeba Ticket System

#36229 Allow a registered user to submit a guest ticket

Posted in ‘Akeeba Ticket System for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Ticket System version
n/a

Latest post by nicholas on Monday, 29 November 2021 03:02 CST

dunwin

 Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

I know this might sound a strange request!

we have one category of support tickets where we want to let registered users send in a ticket without logging in. It is the case where they can't log into our site even though they are registered. While the normal reason might be wrong passwords, it could be other reasons that the user has no knowledge of.

The problem we have is that if a registered user tries to submit a guest ticket they get the message "

Message You already have a user account on our site. Please log in before filing a new ticket."  The problem is they can't log in for some reason and we need to check their accounts.   Is there a way in ATS to bypass the need to login just for one ATS Category? Kind regards  

 David Unwin - London UK

nicholas
Akeeba Staff
Manager

The only thing you could do is set up ATS to allow creating tickets by email. If the user sends an email to that address from the email address you have for them on file in their user account a ticket will be created for them.

Beyond that, we'd never do ANYTHING in the web interface to bypass the need for logging in because that would be a MASSIVE, GLARING SECURITY ISSUE. If I know your email address I come to your site and file a Guest ticket pretending to be you. I can copy your writing style and attach / link to malware to the ticket. Your staff sees that the ticket is filed by you, they trust you and they follow the instructions on the ticket. Their machines are now infected with malware.

How does that differ with sending an email? Well, the email server will reject emails sent with a “fake” email address because of SPF mismatch at the very least. That is to say, if I try to use my mail server to send your site an email with the From address set to your email address your server will reject it because it will see that the mail exchange server that sent the message is NOT in your domain's SPF allowed list. As a result my message never reaches your site's ATS and I can't spoof an email from you.

If you cannot implement that there are, of course, some alternatives. If someone has a problem logging into their site they should be using the Joomla account recovery tools (forgot your username, forgot your password) or if it's a Two Factor Authentication / Two Step Verification issue they could use the contact form on your site. That's what we do on our site. We then ask people to reply by email from the email address we have on file or, if that is not possible, to provide a form of photo ID where they can cover everything except their photo, name, surname, last 4 digits of the ID number and the issuing authority.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

dunwin

Hi Nicholas,

As I have come to expect from Akeeba support, a great response!  Not only did you answer my question very quickly, you took the time to fully explain the consequences of what I was looking to do and to give me a good alternative solution.

Thank you so much for the great support.

Kind regards

David

 David Unwin - London UK

nicholas
Akeeba Staff
Manager

You're welcome! I try to help as best as I can, especially about the hidden consequences of a request :)

Have a great day!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!