View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0008461mantisbtsignuppublic2007-10-13 14:002007-10-24 02:27
Reportertomas Assigned Tovboctor  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionfixed 
Platformx86OSLinux 
Product Version1.1.0rc1 
Fixed in Version1.1.0rc2 
Summary0008461: signup_page and lost_pwd_page don't work if anonymous access not enabled
Description

The signup and lost password pages apparently are not excluded from the usual user authentification mechanisms. Thus, if anonymous access is not enabled, and an user that is not logged in tries to create an account or retrieve a password, the system sees that he's not logged in and redirects him back to the login page.

When the anonymous access is allowed, those two pages work properly, as the user is authentificated as anonymous.

This effectively means that it is impossible to configure Mantis in a way such that it allows the users to signup, but does not allow anonymous access. As this is the default configuration, I think this would qualify as a show-stopper :)

Steps To Reproduce
  • disable anonymous access
  • go to the login screen (login_page.php)
  • click the "Signup for a new account" or "Lost your password?" link
  • you'll get redirected back to the login page
  • if anonymous access is allowed, everything works well
TagsNo tags attached.

Activities

vboctor

vboctor

2007-10-14 15:02

manager   ~0015861

Update helper_show_queries() in core/helper_api.php to the implementation below:

# --------------------
# returns a boolean indicating whether SQL queries executed should be shown
# or not.
function helper_show_queries() {
    # Check is authenticated before checking access level, otherwise user gets 
    # redirected to login_page.php.  See #8461.
    return  ON == config_get( 'show_queries_count' ) && 
            auth_is_user_authenticated() &&
            access_has_global_level( config_get( 'show_queries_threshold' ) );
}