Developer Documents


NOTE: some things are linked, like the word MySQL and INNODB and I have to figure out how to turn that off, or just do a forwarding page of some sort. Please ignore them in the meantime
 


Things cached in the $_SESSION variable and what they do

$_SESSION[uid] - The user's ID number. Useful for all kinds of look ups
$_SESSION[username] - The user's username (EG: Kog). Useful for all manners of posting
$_SESSION[email] - The user's email. For debugging.
$_SESSION[country] - The user's current country. Useful for searches based on country information.
$_SESSION[acct_type] - The user's account type. Currently we use this for security purposes (1 is regular user, 3 is administrator). We're moving to acct_status flag instead for things like suspended, deleted, administrative etc. For right now you can use 1 for regular user and 3 for administrator however.

$_SESSION[lang] - Corresponds to the user's preferences table. This is the "tag" for the language and for now must be either en or es. This hooks into lang_<tag> in the database and is used with the grabStrings method to update the SESSION[dictionary]

$_SESSION[dictionary] - Contains all the strings (translated) for the UI. These are tokens in the form of $key => $value, such as greeting => "Welcome to Info-Exchange". The site prints tokens in the form of $key, this allows us to have a dynamically translated site as long as someone maintains the dictionary. Currently there is only an English dictionary, Spanish is coming soon. Eventually there can be whatever language you want, but it will need its own table in the DB.

Users

User accounts consist of the following:
The user is linked to a Preference item containing:

Translation

Our translation is static, and written ahead of time. Things such as seminars are written in their native language and viewed thusly. Machine translation nis not an option due to the high ammount of inaccuracy, so authors will need to write in whatever language they want viewed. Also handy in that it allows greater targetting.

The translation system is based on mysql tables prefixed with lang_<tag> as described above. The format is Key => Entry. Key corresponds to a phrase token embedded in the site. Hello world! becomes: print "$_SESSION[dictionary][hello]"; where hello is arbitrarily decided as the "key" for phrase "hello world."

The system is a bit cumbersome, but it fits the site due to its heavily static content in terms of translation. New items can be added by doing a MySQL INSERT statement such as INSERT INTO `lang_es` ( `key` , `string` ) VALUES ('test', 'test');. To use the dictionary bit just tap into the super-global $_SESSION[dictionary][test] (where test is the `key` attribute). Bear in mind however that the `key` field is the primary key for the record and there can be only one per database. This was intentional.

Lost Password System

Because the passwords are encrypted for reasons of security, there needs to be a way to recover passwords. The work flow is like this narrative:

So, why not make it based on email? Wasn't sure if Martha wanted email addresses to be unique. It's easily changable though. The system is pretty solid overall, and hard to spoof. The only annoyance is possibly getting multiple emails by accident. Unfortunately, the software uses PHP's mail feature, but you can definately swap that code out if you want. In fact, that might indeed be better.

Databasing

Unfortunately the application uses MySQL. Why? More hosts host MySQL, and the class it was written for uses MySQL. Is it hard to port? Probably not, just edit db.inc.php, then edit all queries to be PG, or MSSQL or whatever DBMS you have. I don't think I used any MySQL specific bits, except for the news script (I used a LIMIT modifier).

Because the script was written for MySQL 3.23 it doesn't do any real RDBMS things like foreign keys (the SQLD was compiled without InnoDB anyway...). However, a lot of checking is in the scripting and you can't inject SQL in any place in particular so you should be relatively safe. I would suggest foreign keying it up if you can...

One last note on the DB - the seminaring uses support for UTF in a hackish sort of way. It takes the XML entities of foreign charsets and stores it that way. When it retrieves, it uses a PHP function to render the correct character. Instead of 1xChar you end up with 5-6xchar to store each character. They are text fields so you should be ok for up to 4MB of text. Sorry, this is a MySQL + PHP issue and it can't really be fixed. Get a better platform that supports UTF8...

In terms of the Autoinc IDs, they're set unsigned bigints. You should be OK as long as you have less than a *lot* of records. A solution is to switch to a multipart key.

Licensing and what it means to developers

We've chosen the GPL license (except for these documents... which are Creative Commons v2) of both our own volition and the request of our partner, ECIE.org. They didn't want commercial usage, but instead free (as in beer and liberty) usage of the software with open source and all that good jazz. That's fine by me because I don't want the software sold either. This software is written by and for NGOs, community building organizations and things of that nature. Besides, there are probably other pieces of software with more bells and whistles for money making types.

What does this mean to developers? You can edit this code, but you must distribute that modification as well as the original if asked. You must leave our names (Shea Kauffman and Greg Feigenson) on the code. You cannot sell this or use this as a commercial component AT ALL. I believe that you may be able to have these requirements waived by the authors as they own the copyrights but I'm not sure. Nor do I believe that you can obtain such a waiver from either authors. Sorry.

I think Blackboard and WebX should both provide comperable, commercially viable equivalents.


This page is CategoryInfoExchange
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki