Use BASIC_AUTH (Workaround)
If your mantis installation uses BASIC_AUTH as login method, you need to modify mantis sources as following(maybe bug).
- api/soap/mc_api.php 44L, replace
withapi/soap/mc_api.php (Before)
function mci_check_login( $p_username, $p_password ) { if ( mci_is_mantis_offline() ) { return false; } # if no user name supplied, then attempt to login as anonymous user
api/soap/mc_api.php (After)function mci_check_login( $p_username, $p_password ) { if ( mci_is_mantis_offline() ) { return false; } if ( BASIC_AUTH == config_get( 'login_method' ) ) { $p_username = $_SERVER['PHP_AUTH_USER']; $p_password = $_SERVER['PHP_AUTH_PW']; } # if no user name supplied, then attempt to login as anonymous user
- core/authentication_api.php replace
withcore/authentication_api.php (Before)
function auth_attempt_script_login( $p_username, $p_password = null ) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name( $p_username ); $t_user = user_get_row( $t_user_id ); # check for disabled account if ( OFF == $t_user['enabled'] ) { return false; } # validate password if supplied if ( null !== $p_password ) { if ( !auth_does_password_match( $t_user_id, $p_password ) ) { return false; } }
core/authentication_api.php (After)function auth_attempt_script_login( $p_username, $p_password = null ) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name( $p_username ); if ( false === $t_user_id ) { return false; } $t_user = user_get_row( $t_user_id ); # check for disabled account if ( OFF == $t_user['enabled'] ) { return false; } # validate password if supplied $t_login_method = config_get( 'login_method' ); if ( null !== $p_password && $t_login_method != BASIC_AUTH) { if ( !auth_does_password_match( $t_user_id, $p_password ) ) { return false; } }