1. General information

1.1. The Diogenes code

Diogenes is written in PHP and it uses MySQL as a database engine. All the display is handled through the Smarty template engine. It keeps track of the revisions of all the files it manages using RCS. It is also possible to use CVS for version control, in which case a daemon written in Perl provides a wrapper around the CVS pserver.

For information about the Diogenes code, you can take a look at Diogenes's API, all the classes are documented using Doxygen.

1.2. The Diogenes library

The Diogenes content-management system is built around the Diogenes library, a PHP library developped by Polytechnique.org to ensure compatibility between a range of websites. For instance, the Lycee-vanGogh.net suite is also built on top of this library.

1.3. Diogenes' virtual web tree

Diogenes internally performs some address rewriting to make sure the pages of the hosted sites have "clean" URLs, that is URLs without GET parameters so that they can :

For instance http://fooserver/site/jeremy/bar/ is much more practical than http://fooserver/site.php?site=jeremy&url=bar/ !

Access to the files inside a barrel (Diogenes-managed site) is handled by the site.php script.

2. Main PHP classes

2.1. DiogenesSession

This class handles authentication operations and access control.

2.2. DiogenesCorePage

This class is derived from the Smarty class, and it is used to define some handlers for custom Smarty tags, like {a lnk=..} which creates an HTML anchor, {diff block=..} which is used to display RCS diffs, or {menu_item ..} which displays a menu entry.

2.3. DiogenesPage

This class is derived from DiogenesCorePage and is the base class for all of Diogenes pages. That is, it handles all things related to display like building the menu and displaying Smarty templates through its overriden display method.

2.4. DiogenesBarrel

This class is used to display a page of a Diogenes barrel, that is a Diogenes-hosted website. Its constructor retrieves the ALIAS variable from $_REQUEST and based on this, it knows which site it is operating on. It can also read an url from $_REQUEST to display a specific page of the barrel.

3. Mecanisms

3.1. Authentication

Information about users is stored in the diogenes_auth table of Diogenes' database. The fields used for authentication are username and password. The plaintext version of the password is not stored anywhere, the password field instead contains an MD5 hash of the password.

When a user wants to log in, he/she is sent a challenge. The user fills in a form with his username and password and sends back username and response, which is calculated from the MD5 hash of the entered username and password as well as the challenge sent by the server. Upon receiving these two values, the server performs the symetric calculation and if the response string is the expected one, the user is authentified.

3.2. Diogenes' interaction with CVS

For CVS operations, Diogenes uses a custom daemon that wraps around the CVS pserver. The daemon, which is fired up on demand, listens on the loopback interface of the server on TCP port 9000. On a properly configured web server (i.e where at the bare minimum the web server is not run as root!), this should not be too much of a security issue as the daemon is launched by the owner of the web server process.

The daemon is written in Perl and it's source code is found in the cvs.pl file. It can handle multiple accesses, forking to handle each client.

3.3. WYSIWYG HTML editor : customised Ekit

Diogenes' WYSIWYG editor is in fact an integration of a customised version of Ekit, an excellent Java applet distributed under the Gnu General Public License (GPL). The customisations concerned the displaying of images, which did not work out of the box as relative URLs needed to be altered to point to the correct location.

$Id: page.html,v 1.4 2004/06/09 11:24:25 jeremy.laine Exp $