Anonymous access from URLs

Post about your customizations to share with others.

Moderators: Developer, Contributor

Post Reply
TrueFriend
Posts: 3
Joined: 11 Jan 2010, 22:55

Anonymous access from URLs

Post by TrueFriend »

Tweak for access to three places from URL:

1. Access to bug report page
http://<domain>/manti/anonymous-bug_report_page.php?username=<anonymous>&project_id=<project id number>

anonymous-bug_report_page.php:

Code: Select all

<?php
# MantisBT - a php based bugtracking system

# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

	/**
	 * Check login then redirect to main_page.php or to login_page.php
	 * @package MantisBT
	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	 * @copyright Copyright (C) 2002 - 2009  MantisBT Team - mantisbt-dev@lists.sourceforge.net
	 * @link http://www.mantisbt.org
	 */
	 /**
	  * MantisBT Core API's
	  */
	require_once( 'core.php' );

	$f_username		= gpc_get_string( 'username', '' );
	$f_password		= gpc_get_string( 'password', '' );
	$f_perm_login	= gpc_get_bool( 'perm_login' );
	$f_return		= gpc_get_string( 'return', config_get( 'default_home_page' ) );
	$f_from			= gpc_get_string( 'from', '' );
	$f_secure_session = gpc_get_bool( 'secure_session', false );

	$f_username = auth_prepare_username($f_username);
	$f_password = auth_prepare_password($f_password);

	gpc_set_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', $f_secure_session ? '1' : '0' );

	if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {
		session_set( 'secure_session', $f_secure_session );

		$t_redirect_url = 'login_cookie_test.php?return=' . string_sanitize_url( $f_return );

	} else {
		$t_redirect_url = 'login_page.php?return=' . string_sanitize_url( $f_return ) .
			'&error=1&username=' . urlencode( $f_username ) .
			'&perm_login=' . ( $f_perm_login ? 1 : 0 ) .
			'&secure_session=' . ( $f_secure_session ? 1 : 0 );

		if ( HTTP_AUTH == config_get( 'login_method' ) ) {
			auth_http_prompt();
			exit;
		}
	}

print_header_redirect( "set_project.php?ref=bug_report_page.php&project_id=$project_id" );

?>

2. Access to view all bug page

http://<domain>/manti/anonymous-view_all_bug_page.php?username=<anonymous>&project_id=<project id number>

anonymous-view_all_bug_page.php:

Code: Select all

<?php
# MantisBT - a php based bugtracking system

# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

	/**
	 * Check login then redirect to main_page.php or to login_page.php
	 * @package MantisBT
	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	 * @copyright Copyright (C) 2002 - 2009  MantisBT Team - mantisbt-dev@lists.sourceforge.net
	 * @link http://www.mantisbt.org
	 */
	 /**
	  * MantisBT Core API's
	  */
	require_once( 'core.php' );

	$f_username		= gpc_get_string( 'username', '' );
	$f_password		= gpc_get_string( 'password', '' );
	$f_perm_login	= gpc_get_bool( 'perm_login' );
	$f_return		= gpc_get_string( 'return', config_get( 'default_home_page' ) );
	$f_from			= gpc_get_string( 'from', '' );
	$f_secure_session = gpc_get_bool( 'secure_session', false );

	$f_username = auth_prepare_username($f_username);
	$f_password = auth_prepare_password($f_password);

	gpc_set_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', $f_secure_session ? '1' : '0' );

	if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {
		session_set( 'secure_session', $f_secure_session );

		$t_redirect_url = 'login_cookie_test.php?return=' . string_sanitize_url( $f_return );

	} else {
		$t_redirect_url = 'login_page.php?return=' . string_sanitize_url( $f_return ) .
			'&error=1&username=' . urlencode( $f_username ) .
			'&perm_login=' . ( $f_perm_login ? 1 : 0 ) .
			'&secure_session=' . ( $f_secure_session ? 1 : 0 );

		if ( HTTP_AUTH == config_get( 'login_method' ) ) {
			auth_http_prompt();
			exit;
		}
	}

print_header_redirect( "set_project.php?project_id=$project_id&ref=view_all_bug_page.php" );

?>

3. Access to changelog page

http://<domain>/manti/anonymous-changelog_page.php?username=<anonymous>&project_id=<project id number>

anonymous-changelog_page.php:

Code: Select all

<?php
# MantisBT - a php based bugtracking system

# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.

	/**
	 * Check login then redirect to main_page.php or to login_page.php
	 * @package MantisBT
	 * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
	 * @copyright Copyright (C) 2002 - 2009  MantisBT Team - mantisbt-dev@lists.sourceforge.net
	 * @link http://www.mantisbt.org
	 */
	 /**
	  * MantisBT Core API's
	  */
	require_once( 'core.php' );

	$f_username		= gpc_get_string( 'username', '' );
	$f_password		= gpc_get_string( 'password', '' );
	$f_perm_login	= gpc_get_bool( 'perm_login' );
	$f_return		= gpc_get_string( 'return', config_get( 'default_home_page' ) );
	$f_from			= gpc_get_string( 'from', '' );
	$f_secure_session = gpc_get_bool( 'secure_session', false );

	$f_username = auth_prepare_username($f_username);
	$f_password = auth_prepare_password($f_password);

	gpc_set_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', $f_secure_session ? '1' : '0' );

	if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {
		session_set( 'secure_session', $f_secure_session );

		$t_redirect_url = 'login_cookie_test.php?return=' . string_sanitize_url( $f_return );

	} else {
		$t_redirect_url = 'login_page.php?return=' . string_sanitize_url( $f_return ) .
			'&error=1&username=' . urlencode( $f_username ) .
			'&perm_login=' . ( $f_perm_login ? 1 : 0 ) .
			'&secure_session=' . ( $f_secure_session ? 1 : 0 );

		if ( HTTP_AUTH == config_get( 'login_method' ) ) {
			auth_http_prompt();
			exit;
		}
	}

print_header_redirect( "changelog_page.php?project_id=$project_id" );

?>
All 3 files save to your dir where is Mantis installed.
please remove "<" ">" chars from URLs and change the content according to your values

good day
Kirill
Posts: 640
Joined: 25 Nov 2007, 08:05
Location: Kaliningrad, RF
Contact:

Re: Anonymous access from URLs

Post by Kirill »

TrueFriend
Posts: 3
Joined: 11 Jan 2010, 22:55

Re: Anonymous access from URLs

Post by TrueFriend »

This metod only allow access as anonymous login... only from page login_page.php (on this page add right top URL "Login as anonymous" he has to click when they want to get to the next).
Or only open file login_anon.php but only to allow access and create cookies to access as an anonymous user.

Authorization does not allow anonymous users direct access to other files, and must first retrieve login_page.php or login_anon.php for create cookies for anonymous user.
Post Reply