Mantis Bug Tracker - Forums


https://mantisbt.org/forums/

Drupal Integration - any ideas ?

https://mantisbt.org/forums/viewtopic.php?t=3943

Page 1 of 2

Drupal Integration - any ideas ?

Posted: 28 Sep 2007, 01:50
by CADbloke
Greetings.

While not wanting to start a war over different CMS systems, I want (I think) to build a site with Drupal, mainly for these reasons ...
. Granular User-role based access management
. Hierarchical document management
. Good site dcumentation
. Focused on content rather than eye candy
. It can contain the SMF forum
. Sick of the decision-making process and it is in front for now.

Anyway, the question - has anyone managed to integrate Mantis with Drupal, creating a single sign-on and/or encapsulating Mantis in the overall site structure?

My reasoning for this is that a bug-tracker is generally a sub-site rather than the whole site and also that Mantis is my bug-tracker of choice. Once again, avoiding off-topic debate, I found Bugzilla a cow to install and about as intuitive and user-friendly as a kick in the nethers.

It could be that I'm just over-complicating this and Mantis should stay separate and autonomous from my main site with links to & from. There would definitely be different role levels in Mantis which would need to be respected by Drupal so there's some more complication.

I've logged this as feature request 8402 (http://www.mantisbt.org/bugs/view.php?id=8402)

Thanks for reading thus far. I've added a poll so you can claw back a bit of reading time with a streamlined answer. Please post here if you have any thoughts.

cheers
CAD bloke

[edit]
see also OpenID - topic http://www.mantisbt.org/forums/viewtopic.php?t=2757

Drupal / Mantis Integration

Posted: 01 Oct 2007, 12:32
by perryclark
It can be done, and has been done by our company. You can check it out at http://www.xtuple.org .

We have a drupal module called bugbits. It's currently working under 4.x Drupal, although I did have it in testing and working under 5.x Drupal. If you're interested, I can get you started. We were having difficulties in other areas with drupal, and made a decision to switch to Joomla. You can do a search for bugbits on the drupal.org site to get you going, to make it work under 5.x isn't that difficult.

I kind of inherited the bugbits module, so I don't know all of the details on how we got it to work, what was modified, etc. But it works pretty well in Drupal.

Thanks,

Perry Clark

Thanks Perry

Posted: 04 Oct 2007, 01:21
by CADbloke
I've seen the bugbits project around but I thought it may have been abandoned. I'm installing Drupal in the next week or so - I'll chase up the link.

Why did you go to Joomla?

FYI - My site needs a fair bit of granular user-role access control so that's the main reason I'm drifting towards Drupal. I'd love to hear your thought on it.

cheers
Ewen

Re: Drupal Integration - any ideas ?

Posted: 24 Jan 2008, 22:48
by Daniel McSweeney
Hi,
just wondering if you made any progress on the issue of linking drupal and mantis. At the moment all I am looking to do is have a common login (same username / password for both). Preferably Mantis using Drupals user details. My ideal scenario is when a user logs into my drupal site, they are silently logged into the mantis one as well.

Any information would be great

Many thanks

Daniel Mc Sweeney

Re: Drupal Integration - any ideas ?

Posted: 29 Jan 2008, 21:31
by perryclark
Hi Daniel,

I've long since abandoned work on Drupal/Mantis integration, choosing to use Joomla!/Mantis currently. As I said someplace/someblog/someforum, I did get bugbits/ Mantis running in Drupal 5.xx. ... I will see if I can dig up the code to get it running under Drupal. What DB are you using? I don't know if there are PostgreSQL specific functions that we used is the reason I'm asking. This was running on Drupal/Mantis on PostgreSQL. I think the bridge for Joomla! works a little closer. The main drawback to either of these systems is that you need to present the mantis pages within an <IFRAME> - This makes direct linking to a mantis issue rather ugly (takes you out of the Drupal/Joomla CMS presentation/wrapper) .

The main reason we ( I... ) dropped Drupal at the time was that we couldn't resolve some forum/mailinglist/blog issues and couldn't get support / find the answer/ figure it out...

Thanks,

Perry Clark
xTuple, LLC
http://www.xtuple.org - community site / issue tracker / forums
http://www.xtuple.com

Re: Drupal Integration - any ideas ?

Posted: 29 Jan 2008, 22:04
by CADbloke
Hi Daniel & Perry

Thanks for your input into this. The more I look at it the more I like the idea of just leaving them separated. I also use SMF forums & have tried the integration package available for that. It works but it's a bit iffy & tends to really complicate matters, as you would expect. I'm getting too old for that level of complication. Persistent cookies, not to mention browsers' ability to remember passwords mean the user really only suffers the minor inconvenience once when registering.

If you check the Mantis bug reports you'll see they're working on open sign-in system. I'm willing to bet other systems (Drupal, Joomla!, SMF, PHPBB etc.) will follow suit (eventually) & so allay the hard labour of integrating specific systems.

I'll just use the time I would have spent sorting this going sailing.

cheers
Ewen

Re: Drupal Integration - any ideas ?

Posted: 15 Feb 2008, 22:54
by nomikon
CADbloke wrote:Hi Daniel & Perry
If you check the Mantis bug reports you'll see they're working on open sign-in system. I'm willing to bet other systems (Drupal, Joomla!, SMF, PHPBB etc.) will follow suit (eventually) & so allay the hard labour of integrating specific systems.
Hi, as far as I know, the proposed Mantis-DokuWiki single-sign-on integration mode means that DokuWiki relies in Mantis authentication and authorisation. I don't see any real reason, however, (other than some easiness for implementation) for putting any one of these tools as the center of the integration. I think a better approach would be making both systems relying in an external, real authentication and authorisation system. For example, we are currently using both DokuWiki and CMS Made Simple , both authenticating against a http://rnd.feide.no/simplesamlphp identity provider. Any tool able to do its authn and authz work against some external, neutral system can be integrated in this setup without too much trouble.

Of course, this would mean building in Mantis some type of external authentication mechanism (Maybe the best one I've seen is just the DokuWiki's "trustExternal" module). Relying in such a external system means also having to take some design decisions, but all by all it seems to me as the way to follow for a real integration within any institution or enterprise IT infrastructure.

What do you think?

Regards,
NK.

Re: Drupal Integration - any ideas ?

Posted: 16 Feb 2008, 08:25
by NT
Hi

What level of integration is required ?
a) just automatic login/logoff from mantis when you login/logoff from Drupal.
b) automatic creation of a user account in mantis to match the one in Drupal, with
changes in user profile (name,email address) fed back to mantis.
c) mantis using Drupal user tables for everything (unlikely to be possible)
d) filters in each system allowing easy specifications of links between the systems.
e) mantis fully integrated into Drupal, and displayed in the users Drupal theme
(needs a lot of work on the presentation side of mantis).

My personal feeling is that the bugtracker is unlikely to be public facing, and so option e) may be more work than could be justified by the demand for it.
I feel that I could use a, d (and maybe b).

Which project would you see as owning this plugin, mantis or Drupal ?
Which releases of Drupal are you interested in (their api seems to radically change each year).

Could you add a request onto to the mantis bugtracker for authenticating against a http://rnd.feide.no/simplesamlphp identity provider if you would like to use this.
Mantis already has ldap authentication built in

Nick

Re: Drupal Integration - any ideas ?

Posted: 16 Feb 2008, 10:35
by nomikon
Well, I was not speaking of Drupal integration only, really, or at least not exclusively. Maybe I should start another thread but the post of CADbloke about open sign-in works seemed to me related to this issue.
NT wrote:Which project would you see as owning this plugin, mantis or Drupal ?
That's the question: I don't see any strong reason for which any of these applications should 'own' such a plugin. It's an architectural design issue being able to get user and group information from some external source. So, instead of any application (Mantis or Drupal) mastering over the other one (Drupal or Mantis), both of these would rely on some third, neutral, identity authority giving them all the required user information. That's the integration level more feasible, I think.

As I wrote, the DokuWiki's TrustExternal authentication API is the best way I've seen to solve that: DokuWiki needs only user autentication and user group information. Then, using TrustExternal mode for authenticating against any SimpleSAMLphp identity provider gives DokuWiki two things: single-sign-on authentication and a list of the groups the user belongs to. Of course, is up to DokuWiki to know what each group could do within its own application domain.

Really, not all web applications are currently able to do that, but there is a real need for this level of integration around user identity and we'll see more and more applications being able to rely on some type of external user data source. For example, some other SimpleSAMLphp integration modules are on its way including one for Drupal, as well, MediaWiki and other PHP web apps.

In the Mantis case, I think such a solution would be a better one than writing more and more plugins for authentication against diverse applications databases (although this proposal doesn't mean discarding such approach: it's just another, broader way). The authentication features would be provided by the identity system. So, if the identity provider has SSO features, Mantis would benefit of that fact. If the Identity provider has pluggable modules for diverse authentication sources, Mantis would benefit of that, too (SimpleSAMLphp currently has plugins for LDAP, SQL, Radius, Shibboleth, PAPI, OpenID and other identity systems).

In other words, besides the current approach of the vast web aplications majority for having each its own user information related setup, I think it should be nice having some way to 'delegate' such issues in some external source as well. That is not simply LDAP o other authentication, but a 'neutral' abstraction being able to rely on the user information provided by that source.

In our case, we have our users stored in a PostgreSQL database. SimpleSAMLphp gets from that database all required user and groups information, giving single-sign-on at the same time. If a user is succesfully authenticated when login in DokuWki, it doesn't need authenticate again to login in CMS Made Simple. SimpleSAMLphp returns the required user data and the groups list that user belongs to, as well, so both DokuWiki and CMS Made Simple are aware about the authorization level/domain for that user. In Mantis this would mean that all users in our database would become authorized users on the Mantis bugtracker system, each on the level according to the groups they already belongs to, without having to repeat that information again, and having Single-Sign-On too.

Surely we could hack a Mantis authentication module (let us say, the LDAP one) to do that, but I'm not sure about all implications in the overall system and, in any case, a cleaner implementation would always be a better solution.

Regards,
NK.

Re: Drupal Integration - any ideas ?

Posted: 16 Feb 2008, 14:13
by NT
Yes it is getting slightly away from the title of the topic, but I agree that single sign on is an important requirement.
Ideally I would like to be able to configure mantis so that it would be able to recognise that a user is already logged into something I trust, whether that is NTLM, X509, http authentication or a single sign-on system.
I think Drupal uses a cookie to indicate who is logged in (this may be usable if Drupal and mantis is on the same site). In these cases I would not want the user to see the login page.

At the moment mantis expects to have a user and their permissions in its database. Getting these from an external source without them being on the mantis is not something I had thought of. Being able to create users automatically has been anticipated, but that still leaves central administration of permissions and leavers to be considered.

The list of authentication requirements that I hope the developers are working towards is http://www.mantisbt.org/wiki/doku.php?i ... sue%3A4235 and the associated issue is http://www.mantisbt.org/bugs/view.php?id=4235. You will see that there are rather a lot of requests for different forms of authentication.

Thanks
Nick

Re: Drupal / Mantis Integration

Posted: 26 Feb 2008, 08:53
by naeemp
perryclark wrote:It can be done, and has been done by our company. You can check it out at http://www.xtuple.org .

We have a drupal module called bugbits. It's currently working under 4.x Drupal, although I did have it in testing and working under 5.x Drupal. If you're interested, I can get you started. We were having difficulties in other areas with drupal, and made a decision to switch to Joomla. You can do a search for bugbits on the drupal.org site to get you going, to make it work under 5.x isn't that difficult.

I kind of inherited the bugbits module, so I don't know all of the details on how we got it to work, what was modified, etc. But it works pretty well in Drupal.

Thanks,

Perry Clark
Hi Perry,

I am using 5.x drupal, and desperatly looking to integrate mantis with Drupal 5.x. Can you help me do it.
I am able to integrate it on 4.7 but for 5.7 it is giving me the following error

"Fatal error: Cannot redeclare db_table_exists() (previously declared in /var/www/drupal57/modules/bugbits/core/database_api.php:169) in /var/www/drupal57/includes/database.mysql.inc on line 422"

Regards

Naeem

Re: Drupal Integration - any ideas ?

Posted: 27 Feb 2008, 20:32
by NT
Hi

I have made a small customisation to mantis to get it to login automatically whenever I am logged into a Drupal site running on the same server.
There must be a Mantis user account for the same userid that you are using for Drupal.
This does not have any automatic logout functionality.
I have had to code this to only have one of the two database connections open at a time, but I have got it running with Mantis 1.1.1 and Drupal (5.5 and 6) using separate mysql databases.

changes to index.php:-

Code: Select all

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}
 	if ( auth_is_user_authenticated() ) {
 		print_header_redirect( config_get( 'default_home_page' ) );
 	} else {
changes to login_page.php:-

Code: Select all

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

 	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}
		
 
 	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
 		print_header_redirect( config_get( 'default_home_page' ) );
new file core/drupal.php:-

Code: Select all

 /* 
 * login_drupal.php logs a user in without having to enter a username or password.
 */
	require_once( 'adodb/adodb.inc.php' );

	function drupal_find_username() {
		# change the following parameters as appropriate
		$t_drupal_cookie_domain = '';
		$t_drupal_url_path = 'testsite6';	# for a drupal path of http://myhost/testsite6
		$t_drupal_db_type = 'mysql';
		$t_drupal_db_host = 'localhost';
		$t_drupal_db_userid = 'drupal';
		$t_drupal_db_password = 'drupal';
		$t_drupal_db_database = 'drupal6';
		$t_drupal_db_prefix = 'testsite_';
		
		# get the cookie that drupal uses for authentication
		if ( $t_drupal_cookie_domain != '' ) {
			$t_cookie_name = $t_drupal_cookie_domain;
		} else {
			$t_path = $_SERVER['SERVER_NAME'] . '/' . $t_drupal_url_path;
			$t_cookie_name = 'SESS'. md5( $t_path );
		}
		if ( !isset( $_COOKIE[$t_cookie_name] ) ) {
			#error_log("drupal cookie ($t_cookie_name) not found" );
			return false;
		}

		# get username matching the cookie from the drupal database
		$t_db = NewADOConnection( $t_drupal_db_type );
		if ( !$t_db->Connect( $t_drupal_db_host, $t_drupal_db_userid, 
						$t_drupal_db_password, $t_drupal_db_database ) ) {
			#error_log("drupal connection failed" );
			return false;
		}
		$t_sql = "SELECT u.name FROM " . $t_drupal_db_prefix . "users u INNER JOIN " . $t_drupal_db_prefix . "sessions s ON u.uid = s.uid WHERE s.sid = ?";
		$t_result = $t_db->Execute( $t_sql, array( $_COOKIE[$t_cookie_name] ) );
		if ( $t_result === false ) {
			#error_log("drupal fetch record failed" );
			return false;
		}
		$t_row = $t_result->FetchRow();
		if ( !$t_row ) {
			#error_log("drupal no session record found on database" );
			return false;
		}
		
		$t_db->Close();

		$t_username = $t_row["name"];	
		#error_log("drupal user '" . $t_username );
		return $t_username;
	}
	
	function drupal_login($p_username) {
		
		$t_user_id = user_get_id_by_name( $p_username );
		if ( false === $t_user_id ) {
			#error_log("drupal user '" . $p_username . "' not a mantis user" );
			return false;
		}
		
		# check for disabled account
		if ( !user_is_enabled( $t_user_id ) ) {
			return false;
		}

		# max. failed login attempts achieved...
		if( !user_is_login_request_allowed( $t_user_id ) ) {
			return false;
		}

		# ok, we're good to login now

		# increment login count
		user_increment_login_count( $t_user_id );

		user_reset_failed_login_count_to_zero( $t_user_id );
		user_reset_lost_password_in_progress_count_to_zero( $t_user_id );

		# set the cookies
		auth_set_cookies( $t_user_id, false );
		auth_set_tokens( $t_user_id );

		return true;
	}
?>

Re: Drupal Integration - any ideas ?

Posted: 28 Feb 2008, 03:57
by naeemp
NT wrote:Hi

I have made a small customisation to mantis to get it to login automatically whenever I am logged into a Drupal site running on the same server.
There must be a Mantis user account for the same userid that you are using for Drupal.
This does not have any automatic logout functionality.
I have had to code this to only have one of the two database connections open at a time, but I have got it running with Mantis 1.1.1 and Drupal (5.5 and 6) using separate mysql databases.

changes to index.php:-

Code: Select all

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}
 	if ( auth_is_user_authenticated() ) {
 		print_header_redirect( config_get( 'default_home_page' ) );
 	} else {
changes to login_page.php:-

Code: Select all

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

 	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}
		
 
 	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
 		print_header_redirect( config_get( 'default_home_page' ) );
new file core/drupal.php:-

Code: Select all

 /* 
 * login_drupal.php logs a user in without having to enter a username or password.
 */
	require_once( 'adodb/adodb.inc.php' );

	function drupal_find_username() {
		# change the following parameters as appropriate
		$t_drupal_cookie_domain = '';
		$t_drupal_url_path = 'testsite6';	# for a drupal path of http://myhost/testsite6
		$t_drupal_db_type = 'mysql';
		$t_drupal_db_host = 'localhost';
		$t_drupal_db_userid = 'drupal';
		$t_drupal_db_password = 'drupal';
		$t_drupal_db_database = 'drupal6';
		$t_drupal_db_prefix = 'testsite_';
		
		# get the cookie that drupal uses for authentication
		if ( $t_drupal_cookie_domain != '' ) {
			$t_cookie_name = $t_drupal_cookie_domain;
		} else {
			$t_path = $_SERVER['SERVER_NAME'] . '/' . $t_drupal_url_path;
			$t_cookie_name = 'SESS'. md5( $t_path );
		}
		if ( !isset( $_COOKIE[$t_cookie_name] ) ) {
			#error_log("drupal cookie ($t_cookie_name) not found" );
			return false;
		}

		# get username matching the cookie from the drupal database
		$t_db = NewADOConnection( $t_drupal_db_type );
		if ( !$t_db->Connect( $t_drupal_db_host, $t_drupal_db_userid, 
						$t_drupal_db_password, $t_drupal_db_database ) ) {
			#error_log("drupal connection failed" );
			return false;
		}
		$t_sql = "SELECT u.name FROM " . $t_drupal_db_prefix . "users u INNER JOIN " . $t_drupal_db_prefix . "sessions s ON u.uid = s.uid WHERE s.sid = ?";
		$t_result = $t_db->Execute( $t_sql, array( $_COOKIE[$t_cookie_name] ) );
		if ( $t_result === false ) {
			#error_log("drupal fetch record failed" );
			return false;
		}
		$t_row = $t_result->FetchRow();
		if ( !$t_row ) {
			#error_log("drupal no session record found on database" );
			return false;
		}
		
		$t_db->Close();

		$t_username = $t_row["name"];	
		#error_log("drupal user '" . $t_username );
		return $t_username;
	}
	
	function drupal_login($p_username) {
		
		$t_user_id = user_get_id_by_name( $p_username );
		if ( false === $t_user_id ) {
			#error_log("drupal user '" . $p_username . "' not a mantis user" );
			return false;
		}
		
		# check for disabled account
		if ( !user_is_enabled( $t_user_id ) ) {
			return false;
		}

		# max. failed login attempts achieved...
		if( !user_is_login_request_allowed( $t_user_id ) ) {
			return false;
		}

		# ok, we're good to login now

		# increment login count
		user_increment_login_count( $t_user_id );

		user_reset_failed_login_count_to_zero( $t_user_id );
		user_reset_lost_password_in_progress_count_to_zero( $t_user_id );

		# set the cookies
		auth_set_cookies( $t_user_id, false );
		auth_set_tokens( $t_user_id );

		return true;
	}
?>
Hi NT,

Thanks for your help, Let me try this out and I will get back to you.

naeemp

Re: Drupal Integration - any ideas ?

Posted: 29 Feb 2008, 05:40
by naeemp
Hi,

I tried carrying out the changes to the index.php and login_page.php as suggested by you in your instructions above. However not able to get it done. Can you help me out. Please find below

FYI.

1. I am running drupal and mantis on 2 different mysql databases as suggested by you.
2. I have created the drupal.php with the code given by you and placed inside the core folder of Mantis.

THIS IS IMPORTANT.

3. Where do you place the mantis folder. Presently I have placed the mantis folder inside the drupal folder alongside with includes, modules, sites themes etc..

My index.php (from drupal)
<?php
// $Id: index.php,v 1.91 2006/12/12 09:32:18 unconed Exp $

/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
*
* The routines here dispatch control to the appropriate handler, which then
* prints the appropriate page.
*/

require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

$return = menu_execute_active_handler();

// Menu status constants are integers; page content is a string.
if (is_int($return)) {
switch ($return) {
case MENU_NOT_FOUND:
drupal_not_found();
break;
case MENU_ACCESS_DENIED:
drupal_access_denied();
break;
case MENU_SITE_OFFLINE:
drupal_site_offline();
break;
}
}
elseif (isset($return)) {
// Print any value (including an empty string) except NULL or undefined:
print theme('page', $return);

}

drupal_page_footer();
My login_page.php (from mantis folder).
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details

# --------------------------------------------------------
# $Id: login_page.php,v 1.52.4.1.6.2 2006/07/24 01:22:25 thraxisp Exp $
# --------------------------------------------------------

# Login page POSTs results to login.php
# Check to see if the user is already logged in

require_once( 'core.php' );

if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
print_header_redirect( config_get( 'default_home_page' ) );
}

$f_error = gpc_get_bool( 'error' );
$f_cookie_error = gpc_get_bool( 'cookie_error' );
$f_return = gpc_get_string( 'return', '' );

# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php

if ( HTTP_AUTH == config_get( 'login_method' ) ) {
$t_uri = "login.php";

if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
$t_uri = "login_anon.php";
}

if ( $f_return ) {
$t_uri .= "?return=" . urlencode( $f_return );
}

print_header_redirect( $t_uri );
exit;
}

html_page_top1();
html_page_top2a();

echo '<br /><div align="center">';

# Display short greeting message
# echo lang_get( 'login_page_info' ) . '<br />';

# Only echo error message if error variable is set
if ( $f_error ) {
echo '<font color="red">' . lang_get( 'login_error' ) . '</font>';
}
if ( $f_cookie_error ) {
echo lang_get( 'login_cookies_disabled' ) . '<br />';
}

echo '</div>';
?>

<!-- Login Form BEGIN -->
<br />
<div align="center">
<form name="login_form" method="post" action="login.php">
<table class="width50" cellspacing="1">
<tr>
<td class="form-title">
<?php
if ( !is_blank( $f_return ) ) {
?>
<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
<?php
}
echo lang_get( 'login_title' ) ?>
</td>
<td class="right">
<?php
if ( ON == config_get( 'allow_anonymous_login' ) ) {
print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );
}
?>
</td>
</tr>
<tr class="row-1">
<td class="category" width="25%">
<?php echo lang_get( 'username' ) ?>
</td>
<td width="75%">
<input type="text" name="username" size="32" maxlength="32" />
</td>
</tr>
<tr class="row-2">
<td class="category">
<?php echo lang_get( 'password' ) ?>
</td>
<td>
<input type="password" name="password" size="16" maxlength="32" />
</td>
</tr>
<tr class="row-1">
<td class="category">
<?php echo lang_get( 'save_login' ) ?>
</td>
<td>
<input type="checkbox" name="perm_login" />
</td>
</tr>
<tr>
<td class="center" colspan="2">
<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
</td>
</tr>
</table>
</form>
</div>

<?php
PRINT '<br /><div align="center">';
print_signup_link();
PRINT '&nbsp;';
print_lost_password_link();
PRINT '</div>';

#
# Do some checks to warn administrators of possible security holes.
# Since this is considered part of the admin-checks, the strings are not translated.
#

# Warning, if plain passwords are selected
if ( config_get( 'login_method' ) === PLAIN ) {
echo '<div class="warning" align="center">';
echo '<p><font color="red"><strong>WARNING:</strong> Plain password authentication is used, this will expose your passwords to administrators.</font></p>';
echo '</div>';
}

# Generate a warning if administrator/root is valid.
$t_admin_user_id = user_get_id_by_name( 'administrator' );
if ( $t_admin_user_id !== false ) {
if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
echo '<div class="warning" align="center">';
echo '<p><font color="red"><strong>WARNING:</strong> You should disable the default "administrator" account or change its password.</font></p>';
echo '</div>';
}
}

# Check if the admin directory is available and is readable.
$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
echo '<div class="warning" align="center">', "\n";
echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
echo '</div>', "\n";

# since admin directory and db_upgrade lists are available check for missing db upgrades
# Check for db upgrade for versions < 1.0.0 using old upgrader
$t_db_version = config_get( 'database_version' , 0 );
# if db version is 0, we haven't moved to new installer.
if ( $t_db_version == 0 ) {
if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {
$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
$result = db_query( $query );
if ( db_num_rows( $result ) < 1 ) {
$t_upgrade_count = 0;
} else {
$t_upgrade_count = (int)db_result( $result );
}
} else {
$t_upgrade_count = 0;
}

if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
require_once( 'admin/upgrade_inc.php' );
$t_upgrades_reqd = $upgrade_set->count_items();
} else {
$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
}

if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
echo '<div class="warning" align="center">';
echo '<p><font color="red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/upgrade.php">here</a> before logging in.</font></p>';
echo '</div>';
}
}

# Check for db upgrade for versions > 1.0.0 using new installer and schema
require_once( 'admin/schema.php' );
$t_upgrades_reqd = sizeof( $upgrade ) - 1;

if ( ( 0 < $t_db_version ) &&
( $t_db_version != $t_upgrades_reqd ) ) {
echo '<div class="warning" align="center">';
echo '<p><font color="red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/install.php">here</a> before logging in.</font></p>';
echo '</div>';
}
}
?>

<!-- Autofocus JS -->
<?php if ( ON == config_get( 'use_javascript' ) ) { ?>
<script type="text/javascript" language="JavaScript">
<!--
window.document.login_form.username.focus();
// -->
</script>
<?php } ?>

<?php html_page_bottom1a( __FILE__ ) ?>

Re: Drupal Integration - any ideas ?

Posted: 29 Feb 2008, 13:56
by NT
Hi naeemp

I have mantis installed in a separate folder in my website Document root, so I have folders /var/www/html/mantis and /var/www/html/drupal and access them with http://mysite/mantis and http://mysite/drupal.

If you have drupal installed in your document root, still install mantis in a subfolder of the document root, ie accessing drupal as http://yoursite/ and mantis as http://yoursite/mantis.

Get mantis working with the userids that you require before changing anything. So if you require drupal user fred to use mantis, you will need to create a fred user in mantis.
  • Once everything is working make copies of index.php and login_page.php (just in case...)
  • Copy drupal.php to the mantis core subdirectory (remembering to change the settings in function drupal_find_username to match your drupal installation.
  • make the changes to index.php and login_page.php (do not change any of your drupal files).
  • login to your drupal site
  • visit your mantis front page.
My index.php (in my case /var/www/html/mantis/index.php) is :-

Code: Select all

<?php
# Mantis - a php based bugtracking system

# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net

# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.

	# --------------------------------------------------------
	# $Id: index.php,v 1.16.2.1 2007-10-13 22:33:15 giallu Exp $
	# --------------------------------------------------------

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}
	if ( auth_is_user_authenticated() ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	} else {
		print_header_redirect( 'login_page.php' );
	}
?>
My login_page.php (in my case /var/www/html/mantis/login_page.php) is :-

Code: Select all

<?php
# Mantis - a php based bugtracking system

# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net

# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.

	# --------------------------------------------------------
	# $Id: login_page.php,v 1.57.2.1 2007-10-13 22:33:19 giallu Exp $
	# --------------------------------------------------------

	# Login page POSTs results to login.php
	# Check to see if the user is already logged in

	require_once( 'core/drupal.php' );
	$t_drupal_user = drupal_find_username();

	require_once( 'core.php' );
	if ( $t_drupal_user && drupal_login($t_drupal_user) ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}

	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}

	$f_error		= gpc_get_bool( 'error' );
	$f_cookie_error	= gpc_get_bool( 'cookie_error' );
	$f_return		= gpc_get_string( 'return', '' );

	# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php

	if ( HTTP_AUTH == config_get( 'login_method' ) ) {
		$t_uri = "login.php";

		if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
			$t_uri = "login_anon.php";
		}

		if ( $f_return ) {
			$t_uri .= "?return=" . urlencode( $f_return );
		}

		print_header_redirect( $t_uri );
		exit;
	}

	html_page_top1();
	html_page_top2a();

	echo '<br /><div align="center">';

	# Display short greeting message
	# echo lang_get( 'login_page_info' ) . '<br />';

	# Only echo error message if error variable is set
	if ( $f_error ) {
		echo '<font color="red">' . lang_get( 'login_error' ) . '</font>';
	}
	if ( $f_cookie_error ) {
		echo lang_get( 'login_cookies_disabled' ) . '<br />';
	}

	echo '</div>';
?>

<!-- Login Form BEGIN -->
<br />
<div align="center">
<form name="login_form" method="post" action="login.php">
<table class="width50" cellspacing="1">
<tr>
	<td class="form-title">
		<?php
			if ( !is_blank( $f_return ) ) {
			?>
				<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
				<?php
			}
			echo lang_get( 'login_title' ) ?>
	</td>
	<td class="right">
	<?php
		if ( ON == config_get( 'allow_anonymous_login' ) ) {
			print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );
		}
	?>
	</td>
</tr>
<tr class="row-1">
	<td class="category" width="25%">
		<?php echo lang_get( 'username' ) ?>
	</td>
	<td width="75%">
		<input type="text" name="username" size="32" maxlength="32" />
	</td>
</tr>
<tr class="row-2">
	<td class="category">
		<?php echo lang_get( 'password' ) ?>
	</td>
	<td>
		<input type="password" name="password" size="16" maxlength="32" />
	</td>
</tr>
<tr class="row-1">
	<td class="category">
		<?php echo lang_get( 'save_login' ) ?>
	</td>
	<td>
		<input type="checkbox" name="perm_login" />
	</td>
</tr>
<tr>
	<td class="center" colspan="2">
		<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
	</td>
</tr>
</table>
</form>
</div>

<?php
	PRINT '<br /><div align="center">';
	print_signup_link();
	PRINT '&nbsp;';
	print_lost_password_link();
	PRINT '</div>';

	#
	# Do some checks to warn administrators of possible security holes.
	# Since this is considered part of the admin-checks, the strings are not translated.
	#

	# Warning, if plain passwords are selected
	if ( config_get( 'login_method' ) === PLAIN ) {
		echo '<div class="warning" align="center">';
		echo '<p><font color="red"><strong>WARNING:</strong> Plain password authentication is used, this will expose your passwords to administrators.</font></p>';
		echo '</div>';
	}

	# Generate a warning if administrator/root is valid.
	$t_admin_user_id = user_get_id_by_name( 'administrator' );
	if ( $t_admin_user_id !== false ) {
		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
			echo '<div class="warning" align="center">';
			echo '<p><font color="red"><strong>WARNING:</strong> You should disable the default "administrator" account or change its password.</font></p>';
			echo '</div>';
		}
	}

	# Check if the admin directory is available and is readable.
	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
	if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
		echo '<div class="warning" align="center">', "\n";
		echo '<p><font color="red"><strong>WARNING:</strong> Admin directory should be removed.</font></p>', "\n";
		echo '</div>', "\n";
			
		# since admin directory and db_upgrade lists are available check for missing db upgrades	
		# Check for db upgrade for versions < 1.0.0 using old upgrader
		$t_db_version = config_get( 'database_version' , 0 );
		# if db version is 0, we haven't moved to new installer.
		if ( $t_db_version == 0 ) {
			if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {
				$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
				$result = db_query( $query );
				if ( db_num_rows( $result ) < 1 ) {
					$t_upgrade_count = 0;
				} else {
					$t_upgrade_count = (int)db_result( $result );
				}
			} else {
				$t_upgrade_count = 0;
			}

			if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
				if ( file_exists( 'admin/upgrade_inc.php' ) ) {
					require_once( 'admin/upgrade_inc.php' );
					$t_upgrades_reqd = $upgrade_set->count_items();
				} else {
					// can't find upgrade file, assume system is up to date
					$t_upgrades_reqd = $t_upgrade_count;
				}
			} else {
				$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
			}

			if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
					( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
				echo '<div class="warning" align="center">';
				echo '<p><font color="red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/upgrade.php">here</a> before logging in.</font></p>';
				echo '</div>';
			}
		}

		# Check for db upgrade for versions > 1.0.0 using new installer and schema
		require_once( 'admin/schema.php' );
		$t_upgrades_reqd = sizeof( $upgrade ) - 1;

		if ( ( 0 < $t_db_version ) &&
				( $t_db_version != $t_upgrades_reqd ) ) {

			if ( $t_db_version < $t_upgrades_reqd ) {
				echo '<div class="warning" align="center">';
				echo '<p><font color="red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/install.php">here</a> before logging in.</font></p>';
				echo '</div>';
			} else {
				echo '<div class="warning" align="center">';
				echo '<p><font color="red"><strong>WARNING:</strong> The database structure is more up-to-date than the code installed.  Please upgrade the code.</font></p>';
				echo '</div>';
			}
		}
	}
?>

<!-- Autofocus JS -->
<?php if ( ON == config_get( 'use_javascript' ) ) { ?>
<script type="text/javascript" language="JavaScript">
<!--
	window.document.login_form.username.focus();
// -->
</script>
<?php } ?>

<?php html_page_bottom1a( __FILE__ ) ?>
All times are UTC
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited