Cakephp Tips – Sort Data With the Pagnator Component

If you wanted to sort a Model by a certain field in this case take the field “created” which is a date. We can simply tell cakePHP to pagnate entries by the order they were created by the following example.

	public function index() {
		// we prepare our query, the cakephp way!
		$this->paginate = array(
			'limit' => 20,
			'order' => array('created' => 'desc')
		$this->Link->recursive = 0;		
		$this->set('links', $this->Paginator->paginate());

More Examples can be found here;

Cakephp 2.0 Tip# 14 File Uploads


Firstly you need to install the Plugin;

In the Model of the object you want to allow uploads to(eg User,Product) add;


public $actsAs = array(
        'Upload.Upload' => array(


In the View Form of this action add;

<div class="users form">

<?php echo $this->Form->create('User', array('type' => 'file')); ?>
		<legend><?php echo __('Add User'); ?></legend>
		echo $this->Form->input('picture',array('type' => 'file','accept'=>'image/*'));			
<?php echo $this->Form->end(__('Submit')); ?>

CakePhp 2 Tip #11- Force SSL Connection


In your app Controller add;

class AppController extends AppController {

    public $components = array('Security');

    public function beforeFilter() {
        if (isset($this->params['admin'])) {
            $this->Security->blackHoleCallback = 'forceSSL';

    public function forceSSL() {
        return $this->redirect('https://' . env('SERVER_NAME') . $this->here);

More info:

CakePhp 2 Tip#8-Checking User Ownership


Another common task in Cakephp Applications or any Web Application is making sure that a user can only delete items they own otherwise anyone could erase your entire database.

An example you have created a users table and users can create posts, but we need to ensure that User A can only edit and delete posts belonging to them.

Solution: The isAuthorized() function.
This function will check that the user isAuthorized to do what ever action they are about to under take.

Assuming every posts has a user_id as a foreign key, we can check the current logged in user’s Id against the id stored in the post their about to modify and if they match allow and if not deny.

// app/Controller/PostsController.php

public function isAuthorized($user) {
    // All registered users can add posts
    if ($this->action === 'add') {
        return true;

    // The owner of a post can edit and delete it
    if (in_array($this->action, array('edit', 'delete'))) {
        $postId = (int) $this->request->params['pass'][0];
        if ($this->Post->isOwnedBy($postId, $user['id'])) {
            return true;

    return parent::isAuthorized($user);
// app/Model/Post.php
public function isOwnedBy($post, $user) {
    return $this->field('id', array('id' => $post, 'user_id' => $user)) !== false;

Entire User Auth Solution and Guide: