How? Prevent signup with FAKE E-mail

[otrswannabe1]

Hello.

What are the ways to prevent the creation of accounts using fake E-mail addresses?

Also, is there a way to use some type of E-mail verification?

Thanks.

[crythias]

I know what I'm about to say will sound snarky, but probably just don't let users create their own accounts. If you want to receive random tickets from people with whom you have not established a relationship, I suppose you could have a generic web form for them to fill out, and achieve the same result... What I'd do is establish the relationship, and if the first email to me (that passes my spam filter) is a support request, I'd forward it to my otrs email account with my PostMaster filter looking for my #customer tag which means I create the user with minimal effort.

I have a link on the wiki ... http://wiki.otrs.org/index.php?title=Cr ... _API_calls

It's basically the same idea. The ticket is now the "new" customer's when you forward with the #customer email@address

[otrswannabe1]

Thanks crythias.

I'll have to think on that.

Thanks again.

[crythias]

If the signups are via email and not web form, you probably should have a standard spam filter - spamassassin, assp, baracuda that intercepts before otrs is aware of the tickets. If you want to make certain that only current customers can post email tickets, I think I have a post somewhere here.

[otrswannabe1]

Thanks for your reply, crythias.

Actually, the form serves our needs the best. Therefore, I need to find a way to make this work.

It would be a good step in the right direction if OTRS had the ability to implement reCaptcha, but by it using the .dtl files, I don't see how that is possible if there is no way to execute Perl code between the <form> tags.

The other would be email verification. I am surprised that OTRS doesn't have this ability after all of this time.

Thanks.

[crythias]

I realize this is months later, but here's the recipe to add reCAPTCHA to the create account sign-in of OTRS 2.4.7, though the concepts should still apply to 3.0 (not tested, but if you follow this, you'll understand that it's not that hard.)

Part 0: get a key set https://www.google.com/recaptcha/admin/create
Part 1: install reCAPTCHA

Code: Select all

cpan Captcha::reCAPTCHA

(if you're on Windows, you may have to use a different method to install)

Part 2: add to CustomerLogin.dtl (hopefully in your own theme). Additional lines are shown for position purposes

Code: Select all

#            <tr>
#              <td>$Text{"CustomerID"}: </td>
#              <td> <input type="text" name="CustomerID" value="$QData{"UserCustomerID"}" size="25" maxlength="50"/></td>
#            </tr>
#begin recaptcha
            <tr>
               <td>&nbsp;</td>
               <td>$Data{"reCAPTCHA"}</td>
            </tr>
#end recaptcha
          </table>
          <input class="button" type="submit" value="$Text{"Create"}"/>

Part 3: modify Kernel/Output/HTML/Layout.pm (after backing it up) to show the code
in the top where the use section is, add

Code: Select all

use Captcha::reCAPTCHA;

near the line 3897 the lines to add the recaptcha $Param below.

Code: Select all

    if (
        $Self->{ConfigObject}->Get('CustomerPanelCreateAccount')
        && $Self->{ConfigObject}->Get('Customer::AuthModule') eq
        'Kernel::System::CustomerAuth::DB'
        )
    {
        #begin recaptcha
        my $rc = Captcha::reCAPTCHA->new;
        my $rccustom = "<script type= \"text/javascript\">\n
var RecaptchaOptions = {\n
   lang : 'en',
};\n
</script>\n";
        $Param{reCAPTCHA} = $rccustom . $rc->get_html("your_recaptcha_public_key");
        #end recaptcha
        $Self->Block(
            Name => 'CreateAccount',
            Data => \%Param,
        );
    }

Part 4: Modify Kernel/System/Web/InterfaceCustomer.pm (after backing it up) to check valid input
near the top of the file where the use lines are, again add:

Code: Select all

use Captcha::reCAPTCHA;

Then add this near line 569 (additional lines shown for placement purposes):

Code: Select all

        # check needed params
        if ( !$GetParams{UserCustomerID} ) {
            $GetParams{UserCustomerID} = $GetParams{UserEmail};
        }
        if ( !$GetParams{UserLogin} ) {
            $GetParams{UserLogin} = $GetParams{UserEmail};
        }
        # check reCAPTCHA
        my $rc = Captcha::reCAPTCHA->new;
        my $challenge = $Self->{ParamObject}->GetParam( Param => 'recaptcha_challenge_field' )  || '';
        my $response = $Self->{ParamObject}->GetParam( Param => 'recaptcha_response_field' )  || '';
        my $result = $rc->check_answer("your_private_recaptcha_key", $ENV{'REMOTE_ADDR'},
           $challenge, $response
           );
        if ( !$result->{is_valid} ) {
            my $Output = $Self->{LayoutObject}->CustomerHeader( Area => 'Core', Title => 'Error' );
            $Output .= $Self->{LayoutObject}->CustomerWarning(
                Message => 'reCAPTCHA entry failed.',
                Comment => 'Please press Back and try again.'
            );
            $Output .= $Self->{LayoutObject}->CustomerFooter();
            $Self->{LayoutObject}->Print( Output => \$Output );
            exit 0;
        }
        #end recaptcha

I really would love to hear *any* feedback if anyone implements it.

Edit: Added the customization javascript to the Layout.pm so anyone can change the language that the reCAPTCHA shows. The following languages are supported:
Language Code
English en
Dutch nl
French fr
German de
Portuguese pt
Russian ru
Spanish es
Turkish tr

http://code.google.com/apis/recaptcha/d ... .html#i18n

[otrswannabe1]

Thanks for your reply, crythias.

Wow...

Although I haven't tried this yet, I am impressed!

After I finish a couple of project milestones, I will give it a try. I am excited about the solution!

Thanks so very much.