Cakephp 2.0 Tip# 14 File Uploads

cake-logo

Firstly you need to install the Plugin;
https://github.com/josegonzalez/cakephp-upload

In the Model of the object you want to allow uploads to(eg User,Product) add;

Model

public $actsAs = array(
        'Upload.Upload' => array(
            'picture'
        )
);

View:

In the View Form of this action add;

Form->create('User', array('type' => 'file')); ?>
Form->input('picture',array('type' => 'file','accept'=>'image/*')); ?>
Form->end(__('Submit')); ?>

CakePhp 2 Tip #11- Force SSL Connection

cake-logo

In your app Controller add;

class AppController extends AppController {

    public $components = array('Security');

    public function beforeFilter() {
        if (isset($this->params['admin'])) {
            $this->Security->blackHoleCallback = 'forceSSL';
            $this->Security->requireSecure();
        }
    }

    public function forceSSL() {
        return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    }
}

More info:
http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html

CakePhp 2 Tip#8-Checking User Ownership

cake-logo

Another common task in Cakephp Applications or any Web Application is making sure that a user can only delete items they own otherwise anyone could erase your entire database.

An example you have created a users table and users can create posts, but we need to ensure that User A can only edit and delete posts belonging to them.

Solution: The isAuthorized() function.
This function will check that the user isAuthorized to do what ever action they are about to under take.

Assuming every posts has a user_id as a foreign key, we can check the current logged in user’s Id against the id stored in the post their about to modify and if they match allow and if not deny.

// app/Controller/PostsController.php

public function isAuthorized($user) {
    // All registered users can add posts
    if ($this->action === 'add') {
        return true;
    }

    // The owner of a post can edit and delete it
    if (in_array($this->action, array('edit', 'delete'))) {
        $postId = (int) $this->request->params['pass'][0];
        if ($this->Post->isOwnedBy($postId, $user['id'])) {
            return true;
        }
    }

    return parent::isAuthorized($user);
}
// app/Model/Post.php
public function isOwnedBy($post, $user) {
    return $this->field('id', array('id' => $post, 'user_id' => $user)) !== false;
}

Entire User Auth Solution and Guide:
https://github.com/cakephp/docs/blob/master/en/tutorials-and-examples/blog-auth-example/auth.rst

CakePhp Tip #6: Displaying items that belong to a user

cake-logo

Displaying items that belong to a user:

One of the most common things youll do in cakephp is list items that the user should only see. For example a user should just see their “posts” listed or their “articles” etc.

CakePHP has “Magic Find Types” that can help. For example if i wanted to list all the posts of the user_id =12

In my controller i can create an action as follows;

 $myposts=$this->Posts->findAllByUserId(12);

if i wanted to list all posts of the current logged in user;

public function my(){

	$userid=$this->Auth->user('id');
	$this->Post->recursive = 1;
		
	$this->set('posts', $this->paginate('Post',array('Post.user_id =' => $userid)));
		
	//use the index view to render
	$this->render('index');	
 }

To call view this action;

http:://localhost/mycakeapp/posts/my

Source and more info;
http://book.cakephp.org/2.0/en/models/retrieving-your-data.html

CakePhp tip #5: Joining two fields to create one

Joining two fields to create one (eg to get somebodys name by combining firstname and surname)

cake-logo

You need to create a “VirtualField” in the model;

 public $virtualFields = array('fullname' => 'concat(Patient.firstname, "-", patient.surname)');

Then in your controller, to get a drop downlist;

 $patients = $this->Exercise->Patient->find('list',array('fields'=>array('fullname')));

Credit to:
http://stackoverflow.com/questions/11822942/cakephp-display-multiple-fields-in-a-single-drop-down