Geeklog 2 comes with a simple, yet powerful mechanism for authenticating and authorizing users. For those of you familiar with the 1.3.x very little flexibility was built into Geeklog making it hard for users in, say, Active Directory, OpenLDAP or some other data store possible. In Geeklog 2 we got around this by introducing the concept of Account Managers. Geeklog 2 will (hopefully) ship with a few account managers. Right now the only one that exists is called Geeklog_DefaultAccountManager (in /path/to/Geeklog-2/system/DefaultAccountManager.php). All account manager must implement the Account Manager API which includes the following methods:
public function createAccount(); public function deleteAccount(); public function updateAccount(); public function authenticate(); public function changePassword();
Notice that nothing related to privileges is included in the API. That's because Geeklog will handle all authorization of users internally. Simply put, account managers only need to worry about the management of the user accounts (create, deletion, updates, etc).
The Geeklog_DefaultAccountManager will be the default and assumes the user information will be stored in the gl2_user table within the Geeklog 2 database. Worth pointing out is that Geeklog 2 will be using the PHP session handler and therefore, upon authenticating a user any information about the user will be loaded into the session at that time. By doing this we avoid having to explicily load that information upon each subsequent request like the way Geeklog 1.3.x handles things. The beauty of this is that this will make Geeklog 2 quite flexible in meeting the needs of businesses and organizations as well as the average blogger.
One of the most noteable advantages of this is that we can implement account registration in any number of ways and, most likely, the first production version of Geeklog 2 will support a few of the more common means for self registration (details yet to be worked out).