[geeklog-devel] Geeklog 2: it has a pulse!

Tony Bibbs tony at tonybibbs.com
Fri Jan 17 21:31:51 EST 2003

Ok, granted it isn't rocket science but it is, in fact, a start.  Please 
bare with me and read this it it's entirety.

Go here:


There you will see a very simple login box with account information 
below it on how to get in.  Once you log in you are presented with a 
link that will take you to a page that will dump out a bunch of session 

Here is what is happening:

1) When you hit submit, a request for authentication is built in the 
form of an XML string.  This XML string contains:
     - Application ID
     - Username
     - Password
     - Command Name (in this case authenticate)

2) Server receives the request and sends it to the command factory which 
recognizes the XML request as an authentication request.  It then 
instantiates (on the fly) an instance of the authenticate command and 
tells it to execute.

3) Authenticate command then passes the application ID to the provider 
factory to determine which data provider to authenticate against.  In 
this case it builds an instance of the SQLProvider class and executes 
the authenticate method.

4) SQLProvider authenticates user, gets any group and permissions tied 
to the user and returns the results back to the authenticate command.

5) Authenticate command then builds an XML response and sends it back to 
calling application.

6) The client receives the response, parses it into a User object and 
saves it to the session (which is stored in the database). It then shows 
you the link to a new page.

7) new page pulls the user object from the session with a single DB call 
and outputs a few attributes on the user.

To be clear this establishes a few things:

a) we now have an A&A service which can service many applications to 
implement a single credential set.  This makes the prospect of tying 
other applications in easy encouraging 3rd party apps to work with GL2

b) service can run on a separate box from GL or (as in this case) on 
same box.

c) user data is persisted to a database using PHP4 sessions effectively 
rendering all the code that use to be in lib-sessions.php useless 
(saving, restoring and garbage collection is done for us by PHP)

d) succesfully pulled a PHP OO user object from the session with a 
single database hit.  If you recall in GL 1.3.x you have to sometime hit 
2 or 3 tables often with independent queries against user, user_index, 
user_prefs, etc in order to re-establish session.  Now you do it with 
one DB call that you don't even make (PHP4 session handler pulls it for 
us when you call session_start).

You can browse the code on our cvs server here:


There is still a lot of work to do.  I'd like to convert one of the 
service methods to use SOAP just to see how much easier that will simply 
  the code (with SOAP I don't have to build and parse XML which also 
removes the requirement having xml support compiled into PHP).  If that 
tests out Ok and if timing benchmarks both on the same server and on 
separate servers is acceptable I will convert it over.

However, in the meantime, we need to start concentrating on 
localization.  Handling language effectively as well as time/currency 
stuff will be key and, frankly, we can't go anywhere else without 
getting that done.  Marc, if I get you a template for a detailed 
requirements document do you think you could get it started for us?  By 
them time you get a draft of that I should have this code stable enough 
to start divying up work immediately.


|Tony Bibbs         |[R]egardless of what you may think of our penal   |
|tony at tonybibbs.com |system, the fact is that every man in jail is one |
|                   |less potential fisherman to clutter up your       |
|                   |favorite pool or pond. --Ed Zern                  | 


More information about the geeklog-devel mailing list