//See if we can fetch local ticket id associated with the ID given if (!$errors && is_numeric($ticketID) && Validator::is_email($email) && ($tid = Ticket::getIdByExtId($ticketID))) { //At this point we know that a ticket with the given number exists. $ticket = new Ticket($tid); //TODO: 1) Check how old the ticket is...3 months max?? 2) Must be the latest 5 tickets?? //Check the email given. if ($ticket->getId() && strcasecmp($ticket->getEMail(), $email) == 0) { //valid email match...create session goodies for the user. $user = new UserSession($email, $ticket->getId()); $_SESSION['_user'] = array(); //clear. $_SESSION['_user']['userID'] = $ticket->getEmail(); //Email $_SESSION['_user']['key'] = $ticket->getExtId(); //Ticket ID --acts as password when used with email. See above. $_SESSION['_user']['token'] = $user->getSessionToken(); $_SESSION['TZ_OFFSET'] = $cfg->getTZoffset(); $_SESSION['daylight'] = $cfg->observeDaylightSaving(); //Log login info... $msg = sprintf("%s/%s " . _("logged in"), $ticket->getEmail(), $ticket->getExtId()); Sys::log(LOG_DEBUG, 'User login', $msg, $ticket->getEmail()); //Redirect tickets.php session_write_close(); session_regenerate_id(); @header("Location: tickets.php"); require_once 'tickets.php'; //Just incase. of header already sent error. exit; } } //If we get to this point we know the login failed.