View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004691 | mantisbt | bugtracker | public | 2004-10-12 05:53 | 2008-08-12 09:36 |
| Reporter | smhanson | Assigned To | vboctor | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | unable to reproduce | ||
| Product Version | 0.19.0 | ||||
| Summary | 0004691: BASIC_AUTH shows login screen when user already authenticated (with patch) | ||||
| Description | Our intranet uses Basic Authentication, and we're trying to integrate Mantis. However, when a user is already authenticated but has no login cookie, Mantis presents the login screen asking for login and password. Mantis should accept the Basic Auth and create a cookie if needed. | ||||
| Additional Information | Solution: redirect from login_page.php to login.php on BASIC_AUTH (as for HTTP_AUTH). In login.php, set $f_password to an empty screen to avoid saving password in database. | ||||
| Tags | No tags attached. | ||||
| Attached Files | login.patch (1,135 bytes)
Index: login.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/login.php,v
retrieving revision 1.35
diff -u -r1.35 login.php
--- login.php 5 Aug 2004 17:58:47 -0000 1.35
+++ login.php 12 Oct 2004 10:47:10 -0000
@@ -23,7 +23,7 @@
if ( BASIC_AUTH == config_get( 'login_method' ) ) {
$f_username = $_SERVER['REMOTE_USER'];
- $f_password = $_SERVER['PHP_AUTH_PW'];
+ $f_password = '';
}
if ( HTTP_AUTH == config_get( 'login_method' ) ) {
Index: login_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/login_page.php,v
retrieving revision 1.42
diff -u -r1.42 login_page.php
--- login_page.php 14 Aug 2004 15:26:20 -0000 1.42
+++ login_page.php 12 Oct 2004 10:47:10 -0000
@@ -20,7 +20,7 @@
# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php
- if ( HTTP_AUTH == config_get( 'login_method' ) ) {
+ if ( HTTP_AUTH == config_get( 'login_method' ) || BASIC_AUTH == config_get( 'login_method' ) ) {
$t_uri = "login.php";
if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
| ||||
