Cakephp 2.0 Tip# 14 File Uploads


Firstly you need to install the Plugin;

In the Model of the object you want to allow uploads to(eg User,Product) add;


public $actsAs = array(
        'Upload.Upload' => array(


In the View Form of this action add;

<div class="users form">

<?php echo $this->Form->create('User', array('type' => 'file')); ?>
		<legend><?php echo __('Add User'); ?></legend>
		echo $this->Form->input('picture',array('type' => 'file','accept'=>'image/*'));			
<?php echo $this->Form->end(__('Submit')); ?>

CakePhp 2 Tip #11- Force SSL Connection


In your app Controller add;

class AppController extends AppController {

    public $components = array('Security');

    public function beforeFilter() {
        if (isset($this->params['admin'])) {
            $this->Security->blackHoleCallback = 'forceSSL';

    public function forceSSL() {
        return $this->redirect('https://' . env('SERVER_NAME') . $this->here);

More info:

CakePhp 2 Tip#8-Checking User Ownership


Another common task in Cakephp Applications or any Web Application is making sure that a user can only delete items they own otherwise anyone could erase your entire database.

An example you have created a users table and users can create posts, but we need to ensure that User A can only edit and delete posts belonging to them.

Solution: The isAuthorized() function.
This function will check that the user isAuthorized to do what ever action they are about to under take.

Assuming every posts has a user_id as a foreign key, we can check the current logged in user’s Id against the id stored in the post their about to modify and if they match allow and if not deny.

// app/Controller/PostsController.php

public function isAuthorized($user) {
    // All registered users can add posts
    if ($this->action === 'add') {
        return true;

    // The owner of a post can edit and delete it
    if (in_array($this->action, array('edit', 'delete'))) {
        $postId = (int) $this->request->params['pass'][0];
        if ($this->Post->isOwnedBy($postId, $user['id'])) {
            return true;

    return parent::isAuthorized($user);
// app/Model/Post.php
public function isOwnedBy($post, $user) {
    return $this->field('id', array('id' => $post, 'user_id' => $user)) !== false;

Entire User Auth Solution and Guide:

CakePhp Tip #6: Displaying items that belong to a user


Displaying items that belong to a user:

One of the most common things youll do in cakephp is list items that the user should only see. For example a user should just see their “posts” listed or their “articles” etc.

CakePHP has “Magic Find Types” that can help. For example if i wanted to list all the posts of the user_id =12

In my controller i can create an action as follows;


if i wanted to list all posts of the current logged in user;

public function my(){

	$this->Post->recursive = 1;
	$this->set('posts', $this->paginate('Post',array('Post.user_id =' => $userid)));
	//use the index view to render

To call view this action;


Source and more info;

CakePhp tip #5: Joining two fields to create one

Joining two fields to create one (eg to get somebodys name by combining firstname and surname)


You need to create a “VirtualField” in the model;

 public $virtualFields = array('fullname' => 'concat(Patient.firstname, "-", patient.surname)');

Then in your controller, to get a drop downlist;

 $patients = $this->Exercise->Patient->find('list',array('fields'=>array('fullname')));

Credit to: