The page class has a variable called current_user which is an object of (user) which extends visitor which extends data_access. Visitor has a variable called authorizer which is an object of (defauth) which extends authorizer.

() = developer designed and the name is in the configuration file or passed to page.

Page
Has variable current_user which is an instance of (user) and passes to the constructor the routine, level, and parameters for the authorization.

(user) extends visitor
Has authorize, deauthorize, and meets_credentials functions. Authorize uses the authorizer and returns true or false based on the results. Deauthorize sets authorized to false. Meets_credentials will check a set of credentials against the values of the current user to see if they can perform some task without changing their login status.

Visitor (abstract) extends data_access
Has variable authorizer which is an instance of (defauth).

data_access (abstract)

(defauth) extends authorizer and is an auth routine
Has a function check_auth which will check if the user is authorized.

authorizer (abstract)
Has a reference to the current user. Contains some heavily modified PEAR Auth code. May be rewritten completely soon when implementing LDAP control.