Cake PHP
Cake PHP
Cake PHP
Release 3.x
Contents
CakePHP at a Glance
Conventions Over Configuration
The Model Layer . . . . . . . .
The View Layer . . . . . . . . .
The Controller Layer . . . . . .
CakePHP Request Cycle . . . .
Just the Start . . . . . . . . . . .
Additional Reading . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1
1
1
2
2
3
4
4
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
27
27
27
27
28
28
28
28
29
29
29
29
29
30
31
32
33
i
Log . . . . . . . . . .
Routing . . . . . . . .
Network . . . . . . . .
Sessions . . . . . . . .
Network\Http . . . . .
Network\Email . . . .
Controller . . . . . . .
Controller\Components
Model . . . . . . . . .
TestSuite . . . . . . . .
View . . . . . . . . . .
View\Helper . . . . . .
I18n . . . . . . . . . .
L10n . . . . . . . . . .
Testing . . . . . . . . .
Utility . . . . . . . . .
4
ii
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
33
34
36
36
37
37
37
39
41
42
43
45
49
50
50
51
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
55
55
62
69
73
83
89
Contributing
Documentation . . . . . . . . .
Tickets . . . . . . . . . . . . . .
Code . . . . . . . . . . . . . . .
Coding Standards . . . . . . . .
Backwards Compatibility Guide
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
97
97
105
106
108
118
Installation
Requirements . . .
Installing CakePHP
Permissions . . . .
Development Server
Production . . . . .
Fire It Up . . . . .
URL Rewriting . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
123
123
124
125
125
126
127
127
.
.
.
.
.
.
133
133
135
136
136
138
140
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Configuration
Configuring your Application . . . . . . .
Additional Class Paths . . . . . . . . . .
Inflection Configuration . . . . . . . . . .
Configure Class . . . . . . . . . . . . . .
Reading and writing configuration files . .
Creating your Own Configuration Engines
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Routing
Quick Tour . . . . . . . . . . . . . .
Connecting Routes . . . . . . . . . .
Creating RESTful Routes . . . . . . .
Passed Arguments . . . . . . . . . . .
Generating URLs . . . . . . . . . . .
Redirect Routing . . . . . . . . . . .
Custom Route Classes . . . . . . . .
Creating Persistent URL Parameters .
Handling Named Parameters in URLs
RequestActionTrait . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
145
145
147
155
158
159
160
161
162
162
163
10 Controllers
The App Controller . . . . . . . .
Request Flow . . . . . . . . . . .
Controller Actions . . . . . . . . .
Interacting with Views . . . . . .
Redirecting to Other Pages . . . .
Loading Additional Models . . . .
Paginating a Model . . . . . . . .
Configuring Components to Load .
Configuring Helpers to Load . . .
Request Life-cycle Callbacks . . .
More on Controllers . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
183
183
184
184
186
188
189
190
190
190
191
191
11 Views
The App View . . . . . . . . . .
View Templates . . . . . . . . .
Using View Blocks . . . . . . .
Layouts . . . . . . . . . . . . .
Elements . . . . . . . . . . . . .
Creating Your Own View Classes
More About Views . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
231
231
232
234
236
238
242
242
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
485
486
487
489
489
490
490
491
491
492
492
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
495
495
497
498
500
500
501
501
504
504
511
512
17 Debugging
Basic Debugging . . . . . . .
Using the Debugger Class . . .
Outputting Values . . . . . . .
Logging With Stack Traces . .
Generating Stack Traces . . .
Getting an Excerpt From a File
Using Logging to Debug . . .
Debug Kit . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
519
519
519
519
520
520
521
521
522
18 Deployment
Update config/app.php . . . . . . . . . .
Check Your Security . . . . . . . . . . .
Set Document Root . . . . . . . . . . . .
Improve Your Applications Performance
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
523
523
524
524
524
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
19 Email
527
Basic Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
iv
Configuration . . . . . . .
Setting Headers . . . . . .
Sending Templated Emails
Sending Attachments . . .
Using Transports . . . . .
Sending Messages Quickly
Sending Emails from CLI .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
528
530
530
532
533
534
534
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
535
535
536
536
537
537
539
540
540
541
21 Events System
Example Event Usage . . .
Accessing Event Managers
Registering Listeners . . .
Dispatching Events . . . .
Conclusion . . . . . . . .
Additional Reading . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
545
545
546
547
549
552
552
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
555
555
557
561
564
565
23 Logging
Logging Configuration . . .
Error and Exception Logging
Interacting with Log Streams
Using the FileLog Adapter .
Logging to Syslog . . . . . .
Writing to Logs . . . . . . .
Log API . . . . . . . . . . .
Logging Trait . . . . . . . .
Using Monolog . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
567
567
569
570
570
570
571
572
574
574
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
24 Modelless Forms
575
Creating a Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Processing Request Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
577
577
578
578
25 Pagination
Using Controller::paginate() . . . . . . . . . . . . . . . .
Using the Paginator Directly . . . . . . . . . . . . . . . .
Control which Fields Used for Ordering . . . . . . . . . .
Limit the Maximum Number of Rows that can be Fetched .
Joining Additional Associations . . . . . . . . . . . . . .
Out of Range Page Requests . . . . . . . . . . . . . . . .
Pagination in the View . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
579
579
582
582
582
583
583
583
.
.
.
.
.
.
.
.
.
.
.
585
585
586
587
588
588
589
591
592
592
593
594
26 Plugins
Installing a Plugin With Composer .
Loading a Plugin . . . . . . . . . .
Plugin Configuration . . . . . . . .
Using Plugins . . . . . . . . . . . .
Creating Your Own Plugins . . . . .
Plugin Controllers . . . . . . . . . .
Plugin Models . . . . . . . . . . . .
Plugin Views . . . . . . . . . . . .
Plugin Assets . . . . . . . . . . . .
Components, Helpers and Behaviors
Expand Your Plugin . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
27 REST
595
The Simple Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
Accepting Input in Other Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
RESTful Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
28 Security
599
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Cross Site Request Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
29 Sessions
Session Configuration . . . . . . . . . . .
Built-in Session Handlers & Configuration
Setting ini directives . . . . . . . . . . . .
Creating a Custom Session Handler . . .
Accessing the Session Object . . . . . . .
Reading & Writing Session Data . . . . .
Destroying the Session . . . . . . . . . .
Rotating Session Identifiers . . . . . . . .
Flash Messages . . . . . . . . . . . . . .
30 Testing
vi
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
607
607
608
610
611
612
613
613
614
614
615
Installing PHPUnit . . . . . .
Test Database Setup . . . . . .
Checking the Test Setup . . . .
Test Case Conventions . . . .
Creating Your First Test Case .
Running Tests . . . . . . . . .
Test Case Lifecycle Callbacks
Fixtures . . . . . . . . . . . .
Testing Table Classes . . . . .
Controller Integration Testing .
Testing Views . . . . . . . . .
Testing Components . . . . . .
Testing Helpers . . . . . . . .
Creating Test Suites . . . . . .
Creating Tests for Plugins . . .
Generating Tests with Bake . .
Integration with Jenkins . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
615
616
616
617
617
618
620
620
626
628
633
634
635
637
637
639
639
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
643
643
648
649
650
.
.
.
.
.
651
651
651
652
652
652
.
.
.
.
.
.
.
.
655
655
655
657
660
661
665
666
668
675
675
675
679
31 Validation
Creating Validators .
Validating Data . . .
Validating Entities . .
Core Validation Rules
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
32 App Class
Finding Classes . . . . . . .
Finding Paths to Namespaces
Locating Plugins . . . . . .
Locating Themes . . . . . .
Loading Vendor Files . . . .
33 Collections
Quick Example . . . .
List of Methods . . . .
Iterating . . . . . . . .
Filtering . . . . . . . .
Aggregation . . . . . .
Sorting . . . . . . . . .
Working with Tree Data
Other Methods . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
35 Hash
683
Hash Path Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
vii
36 Http Client
Doing Requests . . . . . . . . . . . .
Creating Multipart Requests with Files
Sending Request Bodies . . . . . . .
Request Method Options . . . . . . .
Authentication . . . . . . . . . . . . .
Creating Scoped Clients . . . . . . . .
Setting and Managing Cookies . . . .
Response Objects . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
37 Inflector
Creating Plural & Singular Forms . . . . . .
Creating CamelCase and under_scored Forms
Creating Human Readable Forms . . . . . . .
Creating Table and Class Name Forms . . . .
Creating Variable Names . . . . . . . . . . .
Creating URL Safe Strings . . . . . . . . . .
Inflection Configuration . . . . . . . . . . . .
38 Number
Formatting Currency Values . . . . . .
Setting the Default Currency . . . . . .
Formatting Floating Point Numbers . .
Formatting Percentages . . . . . . . . .
Interacting with Human Readable Values
Formatting Numbers . . . . . . . . . .
Format Differences . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
699
699
700
701
701
702
704
705
705
.
.
.
.
.
.
.
707
707
708
708
708
708
709
709
.
.
.
.
.
.
.
711
711
712
712
713
713
714
715
39 Registry Objects
717
Loading Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
Triggering Callbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
Disabling Callbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
40 Text
Generating UUIDs . . . . . . . . . .
Simple String Parsing . . . . . . . . .
Formatting Strings . . . . . . . . . .
Wrapping Text . . . . . . . . . . . . .
Highlighting Substrings . . . . . . . .
Removing Links . . . . . . . . . . . .
Truncating Text . . . . . . . . . . . .
Truncating the Tail of a String . . . .
Extracting an Excerpt . . . . . . . . .
Converting an Array to Sentence Form
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
719
720
720
720
721
722
722
722
723
724
725
41 Time
727
Creating Time Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
viii
Formatting . . . . . . . . . . . . .
Conversion . . . . . . . . . . . .
Comparing With the Present . . .
Comparing With Intervals . . . . .
Accepting Localized Request Data
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
729
731
731
732
732
42 Xml
733
Importing Data to Xml Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Transforming a XML String in Array . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
Transforming an Array into a String of XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
43 Constants & Functions
737
Global Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Core Definition Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Timing Definition Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
44 Debug Kit
Installation . . . . . . . . .
DebugKit Storage . . . . . .
Toolbar Usage . . . . . . . .
Using the History Panel . . .
Developing Your Own Panels
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
741
741
741
741
742
742
45 Migrations
Installation . . . . . . . . . . .
Overview . . . . . . . . . . . .
Creating Migrations . . . . . . .
Applying Migrations . . . . . .
Reverting Migrations . . . . . .
Migrations Status . . . . . . . .
Marking a migration as migrated
Using Migrations In Plugins . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
745
745
745
746
750
750
750
750
751
.
.
.
.
.
46 Appendices
753
3.0 Migration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
47 Indices and Tables
795
797
Index
799
ix
CHAPTER 1
CakePHP at a Glance
CakePHP is designed to make common web-development tasks simple, and easy. By providing an all-in-one
toolbox to get you started the various parts of CakePHP work well together or separately.
The goal of this overview is to introduce the general concepts in CakePHP, and give you a quick overview
of how those concepts are implemented in CakePHP. If you are itching to get started on a project, you can
start with the tutorial, or dive into the docs.
echo $row->username;
}
You may notice that we didnt have to write any code before we could start working with our data. By using
conventions, CakePHP will use standard classes for table and entity classes that have not yet been defined.
If we wanted to make a new user and save it (with validation) we would do something like:
use Cake\ORM\TableRegistry;
$users = TableRegistry::get('Users');
$user = $users->newEntity(['email' => '[email protected]']);
$users->save($user);
The View layer provides a number of extension points like Elements and View Cells to let you easily re-use
your presentation logic.
The View layer is not only limited to HTML or text representation of the data. It can be used to deliver
common data formats like JSON, XML, and through a pluggable architecture any other format you may
need.
You may notice that we never explicitly rendered a view. CakePHPs conventions will take care of selecting
the right view and rendering it with the view data we prepared with set().
The typical CakePHP request cycle starts with a user requesting a page or resource in your application. At
CakePHP Request Cycle
Additional Reading
Where to Get Help
The Official CakePHP website
http://www.cakephp.org
The Official CakePHP website is always a great place to visit. It features links to oft-used developer tools,
screencasts, donation opportunities, and downloads.
The Cookbook
http://book.cakephp.org
This manual should probably be the first place you go to get answers. As with many other open source
projects, we get new folks regularly. Try your best to answer your questions on your own first. Answers
may come slower, but will remain longer and youll also be lightening our support load. Both the manual
and the API have an online component.
The Bakery
http://bakery.cakephp.org
The CakePHP Bakery is a clearing house for all things regarding CakePHP. Check it out for tutorials, case
studies, and code examples. Once youre acquainted with CakePHP, log on and share your knowledge with
the community and gain instant fame and fortune.
The API
http://api.cakephp.org/
Straight to the point and straight from the core developers, the CakePHP API (Application Programming
Interface) is the most comprehensive documentation around for all the nitty gritty details of the internal
workings of the framework. Its a straight forward code reference, so bring your propeller hat.
The Test Cases
If you ever feel the information provided in the API is not sufficient, check out the code of the test cases
provided with CakePHP. They can serve as practical examples for function and data member usage for a
class.
tests/TestCase/
https://github.com/cakephp?tab=members
http://groups.google.com/group/cake-php
Additional Reading
great resource for finding archived answers, frequently asked questions, and getting answers to immediate
problems. Join other CakePHP users and start discussing.
Stackoverflow
http://stackoverflow.com/3
Tag your questions with cakephp and the specific version you are using to enable existing users of stackoverflow to find your questions.
Where to get Help in your Language
French
CakePHP Conventions
We are big fans of convention over configuration. While it takes a bit of time to learn CakePHPs conventions, you save time in the long run. By following conventions, you get free functionality, and you liberate
yourself from the maintenance nightmare of tracking config files. Conventions also make for a very uniform
development experience, allowing other developers to jump in and help more easily.
Controller Conventions
Controller class names are plural, CamelCased, and end in Controller. PeopleController and
LatestArticlesController are both examples of conventional controller names.
Public methods on Controllers are often exposed as actions accessible through a web browser. For example
the /articles/view maps to the view() method of the ArticlesController out of the box.
Protected or private methods cannot be accessed with routing.
URL Considerations for Controller Names
As youve just seen, single word controllers map easily to a simple lower case URL path. For example,
ApplesController (which would be defined in the file name ApplesController.php) is accessed from
http://example.com/apples.
3
http://stackoverflow.com/questions/tagged/cakephp/
http://cakephp-fr.org
5
http://cakephp-br.org
4
Multiple word controllers can be any inflected form which equals the controller name so:
/redApples
/RedApples
/Red_apples
/red_apples
Will all resolve to the index of the RedApples controller. However, the convention is that your URLs are
lowercase and dashed using the DashedRoute class, therefore /red-apples/go-pick is the correct
form to access the RedApplesController::goPick() action.
For more information on CakePHP URLs and parameter handling, see Connecting Routes.
File and Class Name Conventions
In general, filenames match the class names, and follow the PSR-0 or PSR-4 standards for autoloading. The
following are some examples of class names and their filenames:
The Controller class KissesAndHugsController would be found in a file named KissesAndHugsController.php
The Component class MyHandyComponent would be found in a file named MyHandyComponent.php
The Table class OptionValuesTable would be found in a file named OptionValuesTable.php.
The Entity class OptionValue would be found in a file named OptionValue.php.
The Behavior class EspeciallyFunkableBehavior would be found in a file named EspeciallyFunkableBehavior.php
The View class SuperSimpleView would be found in a file named SuperSimpleView.php
The Helper class BestEverHelper would be found in a file named BestEverHelper.php
Each file would be located in the appropriate folder/namespace in your app folder.
Model and Database Conventions
Table class names are plural and CamelCased. People, BigPeople, and ReallyBigPeople are all examples of
conventional model names.
Table names corresponding to CakePHP models are plural and underscored. The underlying tables for the
above mentioned models would be people, big_people, and really_big_people, respectively.
You can use the utility library Cake\Utility\Inflector to check the singular/plural of words. See
the Inflector for more information.
Field names with two or more words are underscored: first_name.
Foreign keys in hasMany, belongsTo or hasOne relationships are recognized by default as the (singular)
name of the related table followed by _id. So if Bakers hasMany Cakes, the cakes table will refer to the
Additional Reading
bakers table via a baker_id foreign key. For a table like category_types whose name contains multiple words,
the foreign key would be category_type_id.
Join tables, used in BelongsToMany relationships between models, should be named after the model tables
they will join, arranged in alphabetical order (apples_zebras rather than zebras_apples).
Rather than using an auto-increment key as the primary key, you may also use char(36). CakePHP will then
use a unique 36 character UUID (Text::uuid) whenever you save a new record using the Table::save()
method.
View Conventions
View template files are named after the controller functions they display, in an underscored
form. The getReady() function of the PeopleController class will look for a view template in
src/Template/People/get_ready.ctp.
The basic pattern is src/Template/Controller/underscored_function_name.ctp.
By naming the pieces of your application using CakePHP conventions, you gain functionality without the
hassle and maintenance tethers of configuration. Heres a final example that ties the conventions together:
Database table: people
Table class: PeopleTable, found at src/Model/Table/PeopleTable.php
Entity class: Person, found at src/Model/Entity/Person.php
Controller class: PeopleController, found at src/Controller/PeopleController.php
View template, found at src/Template/People/index.ctp
Using these conventions, CakePHP knows that a request to http://example.com/people/ maps to a call on
the index() function of the PeopleController, where the Person model is automatically available (and
automatically tied to the people table in the database), and renders to a file. None of these relationships
have been configured by any means other than by creating classes and files that youd need to create anyway.
Now that youve been introduced to CakePHPs fundamentals, you might try a run through the Bookmarker
Tutorial to see how things fit together.
tmp
vendor
webroot
.htaccess
composer.json
index.php
README.md
Youll notice a few top level folders:
The bin folder holds the Cake console executables.
The config folder holds the (few) Configuration files CakePHP uses. Database connection details,
bootstrapping, core configuration files and more should be stored here.
The plugins folder is where the Plugins your application uses are stored.
The logs folder normally contains your log files, depending on your log configuration.
The src folder will be where you work your magic: its where your applications files will be placed.
The tests folder will be where you put the test cases for your application.
The tmp folder is where CakePHP stores temporary data. The actual data it stores depends on how you
have CakePHP configured, but this folder is usually used to store model descriptions and sometimes
session information.
The vendor folder is where CakePHP and other application dependencies will be installed. Make a
personal commitment not to edit files in this folder. We cant help you if youve modified the core.
The webroot directory is the public document root of your application. It contains all the files you
want to be publically reachable.
Make sure that the tmp and logs folders exist and are writable, otherwise the performance of your
application will be severely impacted. In debug mode, CakePHP will warn you, if it is not the case.
The src Folder
CakePHPs src folder is where you will do most of your application development. Lets look a little closer
at the folders inside src.
Console Contains the console commands and console tasks for your application. For more information see
Console & Shells.
Controller Contains your applications controllers and their components.
Locale Stores string files for internationalization.
Model Contains your applications tables, entities and behaviors.
View Presentational classes are placed here: cells, helpers, and template files.
Additional Reading
Template Presentational files are placed here: elements, error pages, layouts, and view template files.
10
CHAPTER 2
The best way to experience and learn CakePHP is to sit down and build something. To start off well build
a simple bookmarking application.
Bookmarker Tutorial
This tutorial will walk you through the creation of a simple bookmarking application (bookmarker). To start
with, well be installing CakePHP, creating our database, and using the tools CakePHP provides to get our
application up fast.
Heres what youll need:
1. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
2. Basic PHP knowledge.
Lets get started!
Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php
https://getcomposer.org/download/
11
If you downloaded and ran the Composer Windows Installer2 , then type the following line in your terminal
from your installation directory (ie. C:\wamp\www\dev\cakephp3):
composer create-project --prefer-dist cakephp/app bookmarker
The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/bookmarker
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md
Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.
Note: For Windows, the command needs to be bin\cake (note the backslash).
This will start PHPs built-in webserver on port 8765. Open up http://localhost:8765 in your web browser to
see the welcome page. All the bullet points should be checkmarks other than CakePHP being able to connect
to your database. If not, you may need to install additional PHP extensions, or set directory permissions.
2
12
https://getcomposer.org/Composer-Setup.exe
You may have noticed that the bookmarks_tags table used a composite primary key. CakePHP supports
composite primary keys almost everywhere, making it easier to build multi-tenanted applications.
The table and column names we used were not arbitrary. By using CakePHPs naming conventions, we
can leverage CakePHP better and avoid having to configure the framework. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.
Bookmarker Tutorial
13
Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:
return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cakephp',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_bookmarks',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
],
],
// More configuration below.
];
Once youve saved your config/app.php file, you should see that CakePHP is able to connect to the
database section have a checkmark.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.
This will generate the controllers, models, views, their corresponding test cases, and fixtures for
our users, bookmarks and tags resources. If youve stopped your server, restart it and go to
http://localhost:8765/bookmarks.
You should see a basic but functional application providing data access to your applications database tables.
Once youre at the list of bookmarks, add a few users, bookmarks, and tags.
Note: If you see a Not Found (404) page, confirm that the Apache mod_rewrite module is loaded.
14
Now update one of the users you created earlier, if you change their password, you should see a hashed
password instead of the original value on the list or view pages. CakePHP hashes passwords with bcrypt3
by default. You can also use sha1 or md5 if youre working with an existing database.
http://codahale.com/how-to-safely-store-a-password/
Bookmarker Tutorial
15
<?php
use Cake\Routing\Router;
Router::defaultRouteClass('Route');
// New route we're adding for our tagged action.
// The trailing `*` tells CakePHP that this action has
// passed parameters.
Router::scope(
'/bookmarks',
['controller' => 'Bookmarks'],
function ($routes) {
$routes->connect('/tagged/*', ['action' => 'tags']);
}
);
Router::scope('/', function ($routes) {
// Connect the default routes.
$routes->fallbacks('InflectedRoute');
});
The above defines a new route which connects the /bookmarks/tagged/* path, to
BookmarksController::tags(). By defining routes, you can isolate how your URLs look,
from how they are implemented. If we were to visit http://localhost:8765/bookmarks/tagged, we would
see a helpful error page from CakePHP informing you that the controller action does not exist. Lets
implement that missing method now. In src/Controller/BookmarksController.php add the following:
public function tags()
{
// The 'pass' key is provided by CakePHP and contains all
// the passed URL path segments in the request.
$tags = $this->request->params['pass'];
// Use the BookmarksTable to find tagged bookmarks.
$bookmarks = $this->Bookmarks->find('tagged', [
'tags' => $tags
]);
// Pass variables into the view template context.
$this->set([
'bookmarks' => $bookmarks,
'tags' => $tags
]);
}
To access other parts of the request data, consult the Request section.
Creating the Finder Method
In CakePHP we like to keep our controller actions slim, and put most of our applications logic in the models.
If you were to visit the /bookmarks/tagged URL now you would see an error that the findTagged()
16
method has not been implemented yet, so lets do that. In src/Model/Table/BookmarksTable.php add the
following:
// The $query argument is a query builder instance.
// The $options array will contain the 'tags' option we passed
// to find('tagged') in our controller action.
public function findTagged(Query $query, array $options)
{
return $this->find()
->distinct(['Bookmarks.id'])
->matching('Tags', function ($q) use ($options) {
return $q->where(['Tags.title IN' => $options['tags']]);
});
}
We just implemented a custom finder method. This is a very powerful concept in CakePHP that allows you to
package up re-usable queries. Finder methods always get a Query Builder object and an array of options as
parameters. Finders can manipulate the query and add any required conditions or criteria. When complete,
finder methods must return a modified query object. In our finder weve leveraged the distinct()
and matching() methods which allow us to find distinct bookmarks that have a matching tag. The
matching() method accepts an anonymous function4 that receives a query builder as its argument. Inside
the callback we use the query builder to define conditions that will filter bookmarks that have specific tags.
Creating the View
Now if you visit the /bookmarks/tagged URL, CakePHP will show an error letting you know that
you have not made a view file. Next, lets build the view file for our tags() action. In
src/Template/Bookmarks/tags.ctp put the following content:
<h1>
Bookmarks tagged with
<?= $this->Text->toList($tags) ?>
</h1>
<section>
<?php foreach ($bookmarks as $bookmark): ?>
<article>
<!-- Use the HtmlHelper to create a link -->
<h4><?= $this->Html->link($bookmark->title, $bookmark->url) ?></h4>
<small><?= h($bookmark->url) ?></small>
<!-- Use the TextHelper to format text -->
<?= $this->Text->autoParagraph($bookmark->description) ?>
</article>
<?php endforeach; ?>
</section>
In the above code we use the Html and Text helpers to assist in generating our view output. We also use
the h shortcut function to HTML encode output. You should remember to always use h() when outputting
user data to prevent HTML injection issues.
4
http://php.net/manual/en/functions.anonymous.php
Bookmarker Tutorial
17
The tags.ctp file we just created follows the CakePHP conventions for view template files. The convention is to have the template use the lower case and underscored version of the controller action name.
You may notice that we were able to use the $tags and $bookmarks variables in our view. When we use
the set() method in our controllers we set specific variables to be sent to the view. The view will make
all passed variables available in the templates as local variables.
You should now be able to visit the /bookmarks/tagged/funny URL and see all the bookmarks tagged with
funny.
So far, weve created a basic application to manage bookmarks, tags and users. However, everyone can see
everyone elses tags. In the next chapter, well implement authentication and restrict the visible bookmarks
to only those that belong to the current user.
Now continue to Bookmarker Tutorial Part 2 to continue building your application or dive into the
documentation to learn more about what CakePHP can do for you.
Adding Login
In CakePHP, authentication is handled by Components. Components can be thought of as ways to create
reusable chunks of controller code related to a specific feature or concept. Components can also hook into
the controllers event life-cycle and interact with your application that way. To get started, well add the
AuthComponent to our application. Well pretty much want every method to require authentication, so well
add AuthComponent in our AppController:
// In src/Controller/AppController.php
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
18
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
]
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
}
Weve just told CakePHP that we want to load the Flash and Auth components. In addition, weve
customized the configuration of AuthComponent, as our users table uses email as the username. Now, if
you go to any URL youll be kicked to /users/login, which will show an error page as we have not written
that code yet. So lets create the login action:
// In src/Controller/UsersController.php
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}
Now that we have a simple login form, we should be able to log in with one of the users that has a hashed
password.
Note: If none of your users have hashed passwords, comment the loadComponent(Auth) line.
Then go and edit the user, saving a new password for them.
You should now be able to log in. If not, make sure you are using a user that has a hashed password.
19
Adding Logout
Now that people can log in, youll probably want to provide a way to log out as well. Again, in the
UsersController, add the following code:
public function logout()
{
$this->Flash->success('You are now logged out.');
return $this->redirect($this->Auth->logout());
}
Now you can visit /users/logout to log out and be sent to the login page.
Enabling Registrations
If you arent logged in and you try to visit /users/add you will be kicked to the login page. We should fix that
as well if we want people to sign up for our application. In the UsersController add the following:
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow(['add']);
}
The above tells AuthComponent that the add() action does not require authentication or authorization.
You may want to take the time to clean up the Users/add.ctp and remove the misleading links, or continue
on to the next section. We wont be building out user editing, viewing or listing in this tutorial so they will
not work as AuthComponent will deny you access to those controller actions.
Also, add the following to the configuration for Auth in your AppController:
'authorize' => 'Controller',
20
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => $this->referer()
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
Well default to denying access, and incrementally grant access where it makes sense. First, well add the
authorization logic for bookmarks. In your BookmarksController add the following:
public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['index', 'add', 'tags'])) {
return true;
}
// All other actions require an id.
if (empty($this->request->params['pass'][0])) {
return false;
}
// Check that the bookmark belongs to the current user.
$id = $this->request->params['pass'][0];
$bookmark = $this->Bookmarks->get($id);
if ($bookmark->user_id == $user['id']) {
return true;
}
return parent::isAuthorized($user);
}
Now if you try to view, edit or delete a bookmark that does not belong to you, you should be redirected back
to the page you came from. However, there is no error message being displayed, so lets rectify that next:
// In src/Template/Layout/default.ctp
// Under the existing flash message.
<?= $this->Flash->render('auth') ?>
21
By setting the entity property with the session data, we remove any possibility of the user modifying which
user a bookmark is for. Well do the same for the edit form and action. Your edit() action from
src/Controller/BookmarksController.php should look like:
public function edit($id = null)
{
$bookmark = $this->Bookmarks->get($id, [
'contain' => ['Tags']
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}
22
List View
Now, we only need to show bookmarks for the currently logged in user. We can do that by updating the call
to paginate(). Make your index() action from src/Controller/BookmarksController.php look like:
public function index()
{
$this->paginate = [
'conditions' => [
'Bookmarks.user_id' => $this->Auth->user('id'),
]
];
$this->set('bookmarks', $this->paginate($this->Bookmarks));
$this->set('_serialize', ['bookmarks']);
}
We should also update the tags() action and the related finder method, but well leave that as an exercise
you can complete on your own.
This will let us access the $bookmark->tag_string computed property. Well use this property in
inputs later on. Remember to add the tag_string property to the _accessible list in your entity, as
well want to save it later on.
23
24
While this code is a bit more complicated than what weve done so far, it helps to showcase how powerful
the ORM in CakePHP is. You can easily manipulate query results using the Collections methods, and handle
scenarios where you are creating entities on the fly with ease.
Wrapping Up
Weve expanded our bookmarking application to handle authentication and basic authorization/access control scenarios. Weve also added some nice UX improvements by leveraging the FormHelper and ORM
capabilities.
Thanks for taking the time to explore CakePHP. Next, you can complete the Blog Tutorial, learn more about
the Database Access & ORM, or you can peruse the /topics.
25
26
CHAPTER 3
This page summarizes the changes from CakePHP 2.x that will assist in migrating a project to 3.0, as well
as a reference to get up to date with the changes made to the core since the CakePHP 2.x branch. Be sure to
read the other pages in this guide for all the new features and API changes.
Requirements
CakePHP 3.x supports PHP Version 5.4.16 and above.
CakePHP 3.x requires the mbstring extension.
CakePHP 3.x requires the intl extension.
Warning: CakePHP 3.0 will not work if you do not meet the above requirements.
Upgrade Tool
While this document covers all the breaking changes and improvements made in CakePHP 3.0, weve also
created a console application to help you easily complete some of the time consuming mechanical changes.
You can get the upgrade tool from github1 .
https://github.com/cakephp/upgrade
http://www.php-fig.org/psr/psr-4/
3
https://github.com/cakephp/app
2
27
Namespaces
All of CakePHPs core classes are now namespaced and follow PSR-4 autoloading specifications. For
example src/Cache/Cache.php is namespaced as Cake\Cache\Cache. Global constants and helper
methods like __() and debug() are not namespaced for convenience sake.
Removed Constants
The following deprecated constants have been removed:
IMAGES
CSS
JS
IMAGES_URL
JS_URL
CSS_URL
DEFAULT_LANGUAGE
Configuration
Configuration in CakePHP 3.0 is significantly different than in previous versions. You should read the
Configuration documentation for how configuration is done in 3.0.
You can no longer use App::build() to configure additional class paths. Instead you should map additional paths using your applications autoloader. See the section on Additional Class Paths for more
information.
Three new configure variables provide the path configuration for plugins, views and locale files. You can
add multiple paths to App.paths.templates, App.paths.plugins, App.paths.locales to
configure multiple paths for templates, plugins and locale files respectively.
The config key www_root has been changed to wwwRoot for consistency. Please adjust your app.php
config file as well as any usage of Configure::read(App.wwwRoot).
4
28
http://getcomposer.org
New ORM
CakePHP 3.0 features a new ORM that has been re-built from the ground up. The new ORM is significantly different and incompatible with the previous one. Upgrading to the new ORM will require extensive
changes in any application that is being upgraded. See the new Database Access & ORM documentation for
information on how to use the new ORM.
Basics
LogError() was removed, it provided no benefit and is rarely/never used.
The following global functions have been removed: config(), cache(), clearCache(),
convertSlashes(), am(), fileExistsInPath(), sortByKey().
Debugging
Configure::write(debug, $bool) does not support 0/1/2 anymore. A simple boolean
is used instead to switch debug mode on or off.
Object settings/configuration
Objects used in CakePHP now have a consistent instance-configuration storage/retrieval system. Code
which previously accessed for example: $object->settings should instead be updated to use
$object->config().
Cache
Memcache engine has been removed, use Cake\Cache\Cache\Engine\Memcached instead.
Cache engines are now lazy loaded upon first use.
Cake\Cache\Cache::engine() has been added.
Cake\Cache\Cache::enabled() has been added. This replaced the Cache.disable configure option.
Cake\Cache\Cache::enable() has been added.
Cake\Cache\Cache::disable() has been added.
Cache configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Cache::set() has been removed. It is recommended that you create multiple cache configurations
to replace runtime configuration tweaks previously possible with Cache::set().
New ORM
29
and
All Cake\Cache\Cache\CacheEngine methods now honor/are responsible for handling the configured key prefix. The Cake\Cache\CacheEngine::write() no longer permits setting the duration
on write - the duration is taken from the cache engines runtime config. Calling a cache method with an
empty key will now throw an InvalidArgumentException, instead of returning false.
Core
App
App::pluginPath() has been removed. Use CakePlugin::path() instead.
App::build() has been removed.
App::location() has been removed.
App::paths() has been removed.
App::load() has been removed.
App::objects() has been removed.
App::RESET has been removed.
App::APPEND has been removed.
App::PREPEND has been removed.
App::REGISTER has been removed.
Plugin
Cake\Core\Plugin::load() does not setup an autoloader unless you set the autoload option to true.
When loading plugins you can no longer provide a callable.
When loading plugins you can no longer provide an array of config files to load.
Configure
Cake\Configure\PhpReader renamed to Cake\Core\Configure\EnginePhpConfig
Cake\Configure\IniReader renamed to Cake\Core\Configure\EngineIniConfig
Cake\Configure\ConfigReaderInterface
Cake\Core\Configure\ConfigEngineInterface
renamed
to
Cake\Core\Configure::load() now expects the file name without extension suffix as this
can be derived from the engine. E.g. using PhpConfig use app to load app.php.
Setting
a
$config
variable
in
PHP
config
file
is
deprecated.
Cake\Core\Configure\EnginePhpConfig now expects the config file to return an
array.
A new config engine Cake\Core\Configure\EngineJsonConfig has been added.
Object
The Object class has been removed. It formerly contained a grab bag of methods that were
used in various places across the framework. The most useful of these methods have been extracted into traits. You can use the Cake\Log\LogTrait to access the log() method. The
Cake\Routing\RequestActionTrait provides requestAction().
Console
The cake executable has been moved from the app/Console directory to the bin directory within the
application skeleton. You can now invoke CakePHPs console with bin/cake.
TaskCollection Replaced
This class has been renamed to Cake\Console\TaskRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code. Tasks no longer have access to callbacks, as
there were never any callbacks to use.
Shell
Shell::__construct() has
Cake\Console\ConsoleIo.
changed.
It
now
takes
an
instance
of
ConsoleOptionParser
ConsoleOptionParser::merge() has been added to merge parsers.
Console
31
ConsoleInputArgument
ConsoleInputArgument::isEqualTo() has been added to compare two arguments.
Shell / Task
Shells and Tasks have been moved from Console/Command and Console/Command/Task to Shell
and Shell/Task.
ApiShell Removed
The ApiShell was removed as it didnt provide any benefit over the file source itself and the online documentation/API5 .
SchemaShell Removed
The SchemaShell was removed as it was never a complete database migration implementation and better
tools such as Phinx6 have emerged. It has been replaced by the CakePHP Migrations Plugin7 which acts as
a wrapper between CakePHP and Phinx8 .
ExtractTask
bin/cake i18n extract no longer includes untranslated validation messages. If you want
translated validation messages you should wrap those messages in __() calls like any other content.
BakeShell / TemplateTask
Bake is no longer part of the core source and is superseded by CakePHP Bake Plugin9
Bake templates have been moved under src/Template/Bake.
The syntax of Bake templates now uses erb-style tags (<% %>) to denote templating logic, allowing
php code to be treated as plain text.
The bake view command has been renamed bake template.
5
http://api.cakephp.org/
https://phinx.org/
7
https://github.com/cakephp/migrations
8
https://phinx.org/
9
https://github.com/cakephp/bake
6
32
Event
The getEventManager() method, was removed on all objects that had it. An eventManager()
method is now provided by the EventManagerTrait. The EventManagerTrait contains the logic
of instantiating and keeping a reference to a local event manager.
The Event subsystem has had a number of optional features removed. When dispatching events you can no
longer use the following options:
passParams This option is now enabled always implicitly. You cannot turn it off.
break This option has been removed. You must now stop events.
breakOn This option has been removed. You must now stop events.
Log
Log configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Log engines are now lazily loaded upon the first write to the logs.
Cake\Log\Log::engine() has been added.
The following methods have been removed from Cake\Log\Log :: defaultLevels(),
enabled(), enable(), disable().
You can no longer create custom levels using Log::levels().
When configuring loggers you should use levels instead of types.
You can no longer specify custom log levels. You must use the default set of log levels. You should use
logging scopes to create custom log files or specific handling for different sections of your application.
Using a non-standard log level will now throw an exception.
Cake\Log\LogTrait was added. You can use this trait in your classes to add the log() method.
The logging scope passed to Cake\Log\Log::write() is now forwarded to the log engines
write() method in order to provide better context to the engines.
Log engines are now required to implement Psr\Log\LogInterface instead of Cakes own
LogInterface. In general, if you extended Cake\Log\Engine\BaseEngine you just need
to rename the write() method to log().
Cake\Log\Engine\FileLog now writes files in ROOT/logs instead of ROOT/tmp/logs.
Event
33
Routing
Named Parameters
Named parameters were removed in 3.0. Named parameters were added in 1.2.0 as a pretty version of
query string parameters. While the visual benefit is arguable, the problems named parameters created are
not.
Named parameters required special handling in CakePHP as well as any PHP or JavaScript library that
needed to interact with them, as named parameters are not implemented or understood by any library except
CakePHP. The additional complexity and code required to support named parameters did not justify their
existence, and they have been removed. In their place you should use standard query string parameters or
passed arguments. By default Router will treat any additional parameters to Router::url() as query
string arguments.
Since many applications will still need to parse incoming URLs containing named parameters.
Cake\Routing\Router::parseNamedParams() has been added to allow backwards compatibility with existing URLs.
RequestActionTrait
Cake\Routing\RequestActionTrait::requestAction() has had some of the extra options changed:
options[url] is now options[query].
options[data] is now options[post].
Named parameters are no longer supported.
Router
Named parameters have been removed, see above for more information.
The full_base option has been replaced with the _full option.
The ext option has been replaced with the _ext option.
_scheme, _port, _host, _base, _full, _ext options added.
String URLs are no longer modified by adding the plugin/controller/prefix names.
The default fallback route handling was removed. If no routes match a parameter set / will be returned.
Route classes are responsible for all URL generation including query string parameters. This makes
routes far more powerful and flexible.
Persistent
parameters
were
removed.
They
were
replaced
with
Cake\Routing\Router::urlFilter() which allows a more flexible way to mutate
URLs being reverse routed.
34
Router::parseExtensions()
has
been
removed.
Use
Cake\Routing\Router::extensions() instead. This method must be called before
routes are connected. It wont modify existing routes.
Router::setExtensions() has been removed. Use Cake\Routing\Router::extensions()
instead.
Router::resourceMap() has been removed.
The [method] option has been renamed to _method.
The ability to match arbitrary headers with [] style parameters has been removed. If you need to
parse/match on arbitrary conditions consider using custom route classes.
Router::promote() has been removed.
Router::parse() will now raise an exception when a URL cannot be handled by any route.
Router::url() will now raise an exception when no route matches a set of parameters.
Routing scopes have been introduced. Routing scopes allow you to keep your routes file DRY and
give Router hints on how to optimize parsing & reverse routing URLs.
Route
CakeRoute was re-named to Route.
The signature of match() has changed to match($url, $context = []) See
Cake\Routing\Route::match() for information on the new signature.
FilterAssetFilter
Plugin & theme assets handled by the AssetFilter are no longer read via include instead they are
treated as plain text files. This fixes a number of issues with JavaScript libraries like TinyMCE and
environments with short_tags enabled.
Support for the Asset.filter configuration and hooks were removed. This feature can easily be
replaced with a plugin or dispatcher filter.
Routing
35
Network
Request
CakeRequest has been renamed to Cake\Network\Request.
Cake\Network\Request::port() was added.
Cake\Network\Request::scheme() was added.
Cake\Network\Request::cookie() was added.
Cake\Network\Request::$trustProxy was added. This makes it easier to put CakePHP
applications behind load balancers.
Cake\Network\Request::$data is no longer merged with the prefixed data key, as that prefix
has been removed.
Cake\Network\Request::env() was added.
Cake\Network\Request::acceptLanguage() was changed from static method to nonstatic.
Request detector for mobile has been removed from the core. Instead the app template adds detectors for mobile and tablet using MobileDetect lib.
The method onlyAllow() has been renamed to allowMethod() and no longer accepts var
args. All method names need to be passed as first argument, either as string or array of strings.
Response
The mapping of mimetype text/plain to extension csv has been removed. As a consequence Cake\Controller\Component\RequestHandlerComponent doesnt set extension to csv if Accept header contains mimetype text/plain which was a common annoyance
when receiving a jQuery XHR request.
Sessions
The session class is no longer static, instead the session can be accessed through the request object. See the
Sessions documentation for using the session object.
Cake\Network\Session and related session classes have been moved under the
Cake\Network namespace.
SessionHandlerInterface has been removed in favor of the one provided by PHP itself.
The property Session::$requestCountdown has been removed.
The session checkAgent feature has been removed. It caused a number of bugs when chrome frame,
and flash player are involved.
The conventional sessions database table name is now sessions instead of cake_sessions.
36
The session cookie timeout is automatically updated in tandem with the timeout in the session data.
The path for session cookie now defaults to apps base path instead of /. Also new config variable
Session.cookiePath has been added to easily customize the cookie path.
A new convenience method Cake\Network\Session::consume() has been added to allow
reading and deleting session data in a single step.
The default value of Cake\Network\Session::clear()s argument $renew has been
changed from true to false.
Network\Http
HttpSocket is now Cake\Network\Http\Client.
HttpClient has been re-written from the ground up. It has a simpler/easier to use API, support for
new authentication systems like OAuth, and file uploads. It uses PHPs stream APIs so there is no
requirement for cURL. See the Http Client documentation for more information.
Network\Email
Cake\Network\Email\Email::config() is now used to define configuration profiles. This
replaces the EmailConfig classes in previous versions.
Cake\Network\Email\Email::profile() replaces config() as the way to modify per
instance configuration options.
Cake\Network\Email\Email::drop() has been added to allow the removal of email configuration.
Cake\Network\Email\Email::configTransport() has been added to allow the definition of transport configurations. This change removes transport options from delivery profiles and
allows you to easily re-use transports across email profiles.
Cake\Network\Email\Email::dropTransport() has been added to allow the removal of
transport configuration.
Controller
Controller
The $helpers, $components properties are now merged with all parent classes not just
AppController and the plugin AppController. The properties are merged differently now as well.
Instead of all settings in all classes being merged together, the configuration defined in the child class
will be used. This means that if you have some configuration defined in your AppController, and
some configuration defined in a subclass, only the configuration in the subclass will be used.
Network\Http
37
removed,
use
Controller::flash() has been removed. This method was rarely used in real applications and
served no purpose anymore.
Controller::validate() and Controller::validationErrors() have been removed. They were left over methods from the 1.x days where the concerns of models + controllers
were far more intertwined.
Controller::loadModel() now loads table objects.
The Controller::$scaffold property has been removed. Dynamic scaffolding has been removed from CakePHP core. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
The Controller::$ext property has been removed. You now have to extend and override the
View::$_ext property if you want to use a non-default view file extension.
The Controller::$methods property has been removed.
You should now use
Controller::isAction() to determine whether or not a method name is an action. This
change was made to allow easier customization of what is and is not counted as an action.
The Controller::$Components property has been removed and replaced with
_components.
If you need to load components at runtime you should use
$this->loadComponent() on your controller.
The signature of Cake\Controller\Controller::redirect() has been changed to
Controller::redirect(string|array $url, int $status = null). The 3rd argument $exit has been dropped. The method can no longer send response and exit script, instead it
returns a Response instance with appropriate headers set.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
Underscore prefixed controller methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead. Only public methods can be used as controller actions.
Scaffold Removed
The dynamic scaffolding in CakePHP has been removed from CakePHP core. It was infrequently used,
and never intended for production use. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
ComponentCollection Replaced
This class has been renamed to Cake\Controller\ComponentRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake
upgrade rename_collections to assist in upgrading your code.
38
Component
The _Collection property is now _registry.
Cake\Controller\ComponentRegistry now.
It
contains
an
instance
of
All components should now use the config() method to get/set configuration.
Default configuration for components should be defined in the $_defaultConfig property. This
property is automatically merged with any configuration provided to the constructor.
Configuration options are no longer set as public properties.
The Component::initialize() method is no longer an event listener. Instead, it is
a post-constructor hook like Table::initialize() and Controller::initialize().
The new Component::beforeFilter() method is bound to the same event that
Component::initialize() used to be. The initialize method should have the following signature initialize(array $config).
Controller\Components
CookieComponent
Uses Cake\Network\Request::cookie() to read cookie data, this eases testing, and allows
for ControllerTestCase to set cookies.
Cookies encrypted in previous versions of CakePHP using the cipher() method are now unreadable because Security::cipher() has been removed. You will need to re-encrypt cookies
with the rijndael() or aes() method before upgrading.
CookieComponent::type() has been removed and replaced with configuration data accessed
through config().
write() no longer takes encryption or expires parameters. Both of these are now managed
through config data. See Cookie for more information.
The path for cookies now defaults to apps base path instead of /.
AuthComponent
Default is now the default password hasher used by authentication classes. It uses exclusively
the bcrypt hashing algorithm. If you want to continue using SHA1 hashing used in 2.x use
passwordHasher => Weak in your authenticator configuration.
A new FallbackPasswordHasher was added to help users migrate old passwords from one
algorithm to another. Check AuthComponents documentation for more info.
BlowfishAuthenticate class has been removed. Just use FormAuthenticate
BlowfishPasswordHasher class has been removed. Use DefaultPasswordHasher instead.
Controller\Components
39
RequestHandlerComponent
The following methods have been removed from RequestHandler component:: isAjax(),
isFlash(), isSSL(), isPut(), isPost(), isGet(), isDelete().
Use the
Cake\Network\Request::is() method instead with relevant argument.
RequestHandler::setContent() was removed, use Cake\Network\Response::type()
instead.
RequestHandler::getReferer() was removed, use Cake\Network\Request::referer()
instead.
RequestHandler::getClientIP() was removed, use Cake\Network\Request::clientIp()
instead.
RequestHandler::getAjaxVersion() was removed.
RequestHandler::mapType() was removed, use Cake\Network\Response::mapType()
instead.
Configuration options are no longer set as public properties.
SecurityComponent
The following methods and their related properties have been removed from Security component: requirePost(), requireGet(), requirePut(), requireDelete(). Use the
Cake\Network\Request::allowMethod() instead.
40
SecurityComponent::$disabledFields()
SecurityComponent::$unlockedFields().
has
been
removed,
use
The CSRF related features in SecurityComponent have been extracted and moved into a separate CsrfComponent. This allows you more easily use CSRF protection without having to use form tampering
prevention.
Configuration options are no longer set as public properties.
The methods requireAuth() and requireSecure() no longer accept var args. All method
names need to be passed as first argument, either as string or array of strings.
SessionComponent
SessionComponent::setFlash() is deprecated. You should use Flash instead.
Error
Custom ExceptionRenderers are now expected to either return a Cake\Network\Response object or
string when rendering errors. This means that any methods handling specific exceptions must return a
response or string value.
Model
The Model layer in 2.x has been entirely re-written and replaced. You should review the New ORM Upgrade
Guide for information on how to use the new ORM.
The Model class has been removed.
The BehaviorCollection class has been removed.
The DboSource class has been removed.
The Datasource class has been removed.
The various datasource classes have been removed.
ConnectionManager
ConnectionManager has been moved to the Cake\Datasource namespace.
ConnectionManager has had the following methods removed:
sourceList
getSourceName
loadDataSource
enumConnectionObjects
Model
41
Behaviors
Underscore prefixed behavior methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead.
TreeBehavior
The TreeBehavior was completely re-written to use the new ORM. Although it works the same as in 2.x, a
few methods were renamed or removed:
TreeBehavior::children() is now a custom finder find(children).
TreeBehavior::generateTreeList() is now a custom finder find(treeList).
TreeBehavior::getParentNode() was removed.
TreeBehavior::getPath() is now a custom finder find(path).
TreeBehavior::reorder() was removed.
TreeBehavior::verify() was removed.
TestSuite
TestCase
_normalizePath() has been added to allow path comparison tests to run across all operation
systems regarding their DS settings (\ in Windows vs / in UNIX, for example).
The following assertion methods have been removed as they have long been deprecated and replaced by
their new PHPUnit counterpart:
assertEqual() in favor of assertEquals()
assertNotEqual() in favor of assertNotEquals()
assertIdentical() in favor of assertSame()
assertNotIdentical() in favor of assertNotSame()
42
View
Themes are now Basic Plugins
Having themes and plugins as ways to create modular application components has proven to be limited, and
confusing. In CakePHP 3.0, themes no longer reside inside the application. Instead they are standalone
plugins. This solves a few problems with themes:
You could not put themes in plugins.
Themes could not provide helpers, or custom view classes.
Both these issues are solved by converting themes into plugins.
View
43
HelperCollection Replaced
This class has been renamed to Cake\View\HelperRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code.
View Class
The
plugin
key
has
been
Cake\View\View::element().
SomePlugin.element_name instead.
removed
from
$options
argument
Specify
the
element
name
of
as
ViewBlock
ViewBlock::append() has been removed, use Cake\ViewViewBlock::concat() instead. However, View::append() still exists.
JsonView
By default JSON data will have HTML entities encoded now. This prevents possible XSS issues when
JSON view content is embedded in HTML files.
Cake\View\JsonView now supports the _jsonOptions view variable. This allows you to
configure the bit-mask options used when generating JSON.
44
XmlView
Cake\View\XmlView now supports the _xmlOptions view variable. This allows you to configure the options used when generating XML.
View\Helper
The $settings property is now called $_config and should be accessed through the config()
method.
Configuration options are no longer set as public properties.
Helper::clean() was removed. It was never robust enough to fully prevent XSS. instead you
should escape content with h or use a dedicated library like htmlPurifier.
Helper::output() was removed. This method was deprecated in 2.x.
Methods
Helper::webroot(),
Helper::url(),
Helper::assetUrl(),
Helper::assetTimestamp() have been moved to new Cake\View\Helper\UrlHelper
helper. Helper::url() is now available as Cake\View\Helper\UrlHelper::build().
Magic accessors to deprecated properties have been removed. The following properties now need to
be accessed from the request object:
base
here
webroot
data
action
params
Helper
Helper has had the following methods removed:
Helper::setEntity()
Helper::entity()
Helper::model()
Helper::field()
Helper::value()
Helper::_name()
Helper::_initInputField()
Helper::_selectedArray()
View\Helper
45
These methods were part used only by FormHelper, and part of the persistent field features that have proven
to be problematic over time. FormHelper no longer relies on these methods and the complexity they provide
is not necessary anymore.
The following methods have been removed:
Helper::_parseAttributes()
Helper::_formatAttribute()
These methods can now be found on the StringTemplate class that helpers frequently use. See the
StringTemplateTrait for an easy way to integrate string templates into your own helpers.
FormHelper
FormHelper has been entirely rewritten for 3.0. It features a few large changes:
FormHelper works with the new ORM. But has an extensible system for integrating with other ORMs
or datasources.
FormHelper features an extensible widget system that allows you to create new custom input widgets
and easily augment the built-in ones.
String templates are the foundation of the helper. Instead of munging arrays together everywhere,
most of the HTML FormHelper generates can be customized in one central place using template sets.
In addition to these larger changes, some smaller breaking changes have been made as well. These changes
should help streamline the HTML FormHelper generates and reduce the problems people had in the past:
The data[ prefix was removed from all generated inputs. The prefix serves no real purpose anymore.
The various standalone input methods like text(), select() and others no longer generate id
attributes.
The inputDefaults option has been removed from create().
Options default and onsubmit of create() have been removed. Instead one should use
JavaScript event binding or set all required js code for onsubmit.
end() can no longer make buttons. You should create buttons with button() or submit().
FormHelper::tagIsInvalid() has been removed. Use isFieldError() instead.
FormHelper::inputDefaults() has been removed. You can use templates() to define/augment the templates FormHelper uses.
The wrap and class options have been removed from the error() method.
The showParents option has been removed from select().
The div, before, after, between and errorMessage options have been removed from
input(). You can use templates to update the wrapping HTML. The templates option allows
you to override the loaded templates for one input.
The separator, between, and legend options have been removed from radio(). You can
use templates to change the wrapping HTML now.
46
The format24Hours parameter has been removed from hour(). It has been replaced with the
format option.
The minYear, and maxYear parameters have been removed from year(). Both of these parameters can now be provided as options.
The dateFormat and timeFormat parameters have been removed from datetime(). You can
use the template to define the order the inputs should be displayed in.
The submit() has had the div, before and after options removed. You can customize the
submitContainer template to modify this content.
The inputs() method no longer accepts legend and fieldset in the $fields parameter,
you must use the $options parameter. It now also requires $fields parameter to be an array.
The $blacklist parameter has been removed, the functionality has been replaced by specifying
field => false in the $fields parameter.
The inline parameter has been removed from postLink() method. You should use the block
option instead. Setting block => true will emulate the previous behavior.
The timeFormat parameter for hour(), time() and dateTime() now defaults to 24, complying with ISO 8601.
The $confirmMessage argument of Cake\View\Helper\FormHelper::postLink()
has been removed. You should now use key confirm in $options to specify the message.
Checkbox and radio input types are now rendered inside of label elements by default. This helps
increase compatibility with popular CSS libraries like Bootstrap10 and Foundation11 .
Templates tags are now all camelBacked. Pre-3.0 tags formstart, formend, hiddenblock
and inputsubmit are now formStart, formEnd, hiddenBlock and inputSubmit. Make
sure you change them if they are customized in your app.
It is recommended that you review the Form documentation for more details on how to use the FormHelper
in 3.0.
HtmlHelper
HtmlHelper::useTag() has been removed, use tag() instead.
HtmlHelper::loadConfig() has been removed. Customizing the tags can now be done using
templates() or the templates setting.
The second parameter $options for HtmlHelper::css() now always requires an array as
documented.
The first parameter $data for HtmlHelper::style() now always requires an array as documented.
The inline parameter has been removed from meta(), css(), script(), scriptBlock() methods. You
should use the block option instead. Setting block => true will emulate the previous behavior.
10
11
http://getbootstrap.com/
http://foundation.zurb.com/
View\Helper
47
PaginatorHelper
link() has been removed. It was no longer used by the helper internally. It had low usage in user
land code, and no longer fit the goals of the helper.
next() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
prev() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
first() no longer has after, ellipsis, separator, class, or tag options.
last() no longer has after, ellipsis, separator, class, or tag options.
numbers() no longer has separator, tag, currentTag, currentClass, class, tag, ellipsis options. These options are now facilitated through templates. It also requires the $options parameter
to be an array now.
The
%page%
style
placeholders
have
Cake\View\Helper\PaginatorHelper::counter().
holders instead.
been
removed
from
Use {{page}} style place-
url() has been renamed to generateUrl() to avoid method declaration clashes with
Helper::url().
By default all links and inactive texts are wrapped in <li> elements. This helps make CSS easier to write,
and improves compatibility with popular CSS frameworks.
Instead of the various options in each method, you should use the templates feature. See the PaginatorHelper
Templates documentation for information on how to use templates.
TimeHelper
TimeHelper::__set(), TimeHelper::__get(), and TimeHelper::__isset() were
removed. These were magic methods for deprecated attributes.
TimeHelper::serverOffset() has been removed. It promoted incorrect time math practices.
TimeHelper::niceShort() has been removed.
48
NumberHelper
NumberHelper::format() now requires $options to be an array.
SessionHelper
The SessionHelper has been deprecated. You can use $this->request->session() directly, and the flash message functionality has been moved into Flash instead.
JsHelper
JsHelper and all associated engines have been removed. It could only generate a very small subset
of JavaScript code for selected library and hence trying to generate all JavaScript code using just the
helper often became an impediment. Its now recommended to directly use JavaScript library of your
choice.
CacheHelper Removed
CacheHelper has been removed. The caching functionality it provided was non-standard, limited and incompatible with non-HTML layouts and data views. These limitations meant a full rebuild would be necessary.
Edge Side Includes have become a standardized way to implement the functionality CacheHelper used to
provide. However, implementing Edge Side Includes12 in PHP has a number of limitations and edge cases.
Instead of building a sub-par solution, we recommend that developers needing full response caching use
Varnish13 or Squid14 instead.
I18n
The I18n subsystem was completely rewritten. In general, you can expect the same behavior as in previous
versions, specifically if you are using the __() family of functions.
Internally, the I18n class uses Aura\Intl, and appropriate methods are exposed to access the specific
features of this library. For this reason most methods inside I18n were removed or renamed.
Due to the use of ext/intl, the L10n class was completely removed. It provided outdated and incomplete
data in comparison to the data available from the Locale class in PHP.
The default application language will no longer be changed automatically by the browser accepted language
nor by having the Config.language value set in the browser session. You can, however, use a dispatcher
filter to get automatic language switching from the Accept-Language header sent by the browser:
// In config/bootstrap.php
DispatcherFactory::addFilter('LocaleSelector');
12
http://en.wikipedia.org/wiki/Edge_Side_Includes
http://varnish-cache.org
14
http://squid-cache.org
13
I18n
49
There is no built-in replacement for automatically selecting the language by setting a value in the user
session.
The default formatting function for translated messages is no longer sprintf, but the more advanced and
feature rich MessageFormatter class. In general you can rewrite placeholders in messages as follows:
// Before:
__('Today is a %s day in %s', 'Sunny', 'Spain');
// After:
__('Today is a {0} day in {1}', 'Sunny', 'Spain');
You can avoid rewriting your messages by using the old sprintf formatter:
I18n::defaultFormatter('sprintf');
Additionally, the Config.language value was removed and it can no longer be used to control the
current language of the application. Instead, you can use the I18n class:
// Before
Configure::write('Config.language', 'fr_FR');
// Now
I18n::locale('en_US');
to
Since CakePHP now requires the mbstring extension, the Multibyte class has been removed.
Error messages throughout CakePHP are no longer passed through I18n functions. This was done to
simplify the internals of CakePHP and reduce overhead. The developer facing messages are rarely, if
ever, actually translated - so the additional overhead reaps very little benefit.
L10n
Cake\I18n\L10n s constructor now takes a Cake\Network\Request instance as argument.
Testing
The TestShell has been removed. CakePHP, the application skeleton and newly baked plugins all
use phpunit to run tests.
The webrunner (webroot/test.php) has been removed. CLI adoption has greatly increased since the
initial release of 2.x. Additionaly, CLI runners offer superior integration with IDEs and other automated tooling.
50
If you find yourself in need of a way to run tests from a browser you should checkout VisualPHPUnit15 . It offers many additional features over the old webrunner.
ControllerTestCase is deprecated and will be removed for CakePHP 3.0.0. You should use the
new Controller Integration Testing features instead.
Fixtures should now be referenced using their plural form:
// Instead of
$fixtures = ['app.article'];
// You should use
$fixtures = ['app.articles'];
Utility
Set Class Removed
The Set class has been removed, you should use the Hash class instead now.
Inflector
The default value for $replacement argument of Cake\Utility\Inflector::slug() has
been changed from underscore (_) to dash (-). Using dashes to separate words in URLs is the popular
choice and also recommended by Google.
Transliterations for Cake\Utility\Inflector::slug() have changed. If you use custom
transliterations you will need to update your code. Instead of regular expressions, transliterations use
simple string replacement. This yielded significant performance improvements:
// Instead of
Inflector::rules('transliteration', [
'/|/' => 'ae',
'//' => 'aa'
]);
// You should use
Inflector::rules('transliteration', [
'' => 'ae',
'' => 'ae',
15
https://github.com/NSinopoli/VisualPHPUnit
Utility
51
Separate set of uninflected and irregular rules for pluralization and singularization
have been removed.
Instead we now have a common list for each.
When using
Cake\Utility\Inflector::rules() with type singular and plural you can no longer
use keys like uninflected, irregular in $rules argument array.
You can add / overwrite the list of uninflected and irregular rules using
Cake\Utility\Inflector::rules() by using values uninflected and irregular for
$type argument.
Sanitize
Sanitize class has been removed.
Security
Security::cipher() has been removed. It is insecure and promoted bad cryptographic practices. You should use Security::encrypt() instead.
The Configure value Security.cipherSeed is no longer required.
Security::cipher() it serves no use.
Backwards compatibility in Cake\Utility\Security::rijndael() for values encrypted prior to CakePHP 2.3.1 has been removed.
You should re-encrypt values using
Security::encrypt() and a recent version of CakePHP 2.x before migrating.
The ability to generate a blowfish hash has been removed. You can no longer use type blowfish
for Security::hash(). One should just use PHPs password_hash() and password_verify() to
generate and verify blowfish hashes. The compability library ircmaxell/password-compat16 which is
installed along with CakePHP provides these functions for PHP < 5.5.
OpenSSL is now used over mcrypt when encrypting/decrypting data. This change provides better
performance and future proofs CakePHP against distros dropping support for mcrypt.
Security::rijndael() is deprecated and only available when using mcrypt.
Warning: Data encrypted with Security::encrypt() in previous versions is not compatible with the
openssl implementation. You should set the implementation to mcrypt when upgrading.
Time
CakeTime has been renamed to Cake\I18n\Time.
CakeTime::serverOffset() has been removed. It promoted incorrect time math practises.
16
52
https://packagist.org/packages/ircmaxell/password-compat
Number
The Number library was rewritten to internally use the NumberFormatter class.
CakeNumber has been renamed to Cake\I18n\Number.
Number::format() now requires $options to be an array.
Number::addFormat() was removed.
Number::fromReadableSize() has been moved to Cake\Utility\Text::parseFileSize().
Validation
The range for Validation::range() now is inclusive if $lower and $upper are provided.
Validation::ssn() has been removed.
Utility
53
Xml
Xml::build() now requires $options to be an array.
Xml::build() no longer accepts a URL. If you need to create an XML document from a URL,
use Http\Client.
54
CHAPTER 4
In this section, you can walk through typical CakePHP applications to see how all of the pieces come
together.
Alternatively, you can refer to the non-official CakePHP plugin repository CakePackages1 and the Bakery2
for existing applications and components.
Bookmarker Tutorial
This tutorial will walk you through the creation of a simple bookmarking application (bookmarker). To start
with, well be installing CakePHP, creating our database, and using the tools CakePHP provides to get our
application up fast.
Heres what youll need:
1. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
2. Basic PHP knowledge.
Lets get started!
Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php
1
2
http://plugins.cakephp.org/
http://bakery.cakephp.org/
55
If you downloaded and ran the Composer Windows Installer4 , then type the following line in your terminal
from your installation directory (ie. C:\wamp\www\dev\cakephp3):
composer create-project --prefer-dist cakephp/app bookmarker
The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/bookmarker
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md
Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.
56
https://getcomposer.org/download/
https://getcomposer.org/Composer-Setup.exe
Note: For Windows, the command needs to be bin\cake (note the backslash).
This will start PHPs built-in webserver on port 8765. Open up http://localhost:8765 in your web browser to
see the welcome page. All the bullet points should be checkmarks other than CakePHP being able to connect
to your database. If not, you may need to install additional PHP extensions, or set directory permissions.
You may have noticed that the bookmarks_tags table used a composite primary key. CakePHP supports
composite primary keys almost everywhere, making it easier to build multi-tenanted applications.
The table and column names we used were not arbitrary. By using CakePHPs naming conventions, we
Bookmarker Tutorial
57
can leverage CakePHP better and avoid having to configure the framework. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.
Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:
return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cakephp',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_bookmarks',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
],
],
// More configuration below.
];
Once youve saved your config/app.php file, you should see that CakePHP is able to connect to the
database section have a checkmark.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.
This will generate the controllers, models, views, their corresponding test cases, and fixtures for
our users, bookmarks and tags resources. If youve stopped your server, restart it and go to
http://localhost:8765/bookmarks.
58
You should see a basic but functional application providing data access to your applications database tables.
Once youre at the list of bookmarks, add a few users, bookmarks, and tags.
Note: If you see a Not Found (404) page, confirm that the Apache mod_rewrite module is loaded.
Now update one of the users you created earlier, if you change their password, you should see a hashed
password instead of the original value on the list or view pages. CakePHP hashes passwords with bcrypt5
by default. You can also use sha1 or md5 if youre working with an existing database.
http://codahale.com/how-to-safely-store-a-password/
Bookmarker Tutorial
59
The above defines a new route which connects the /bookmarks/tagged/* path, to
BookmarksController::tags(). By defining routes, you can isolate how your URLs look,
from how they are implemented. If we were to visit http://localhost:8765/bookmarks/tagged, we would
see a helpful error page from CakePHP informing you that the controller action does not exist. Lets
implement that missing method now. In src/Controller/BookmarksController.php add the following:
public function tags()
{
// The 'pass' key is provided by CakePHP and contains all
// the passed URL path segments in the request.
$tags = $this->request->params['pass'];
// Use the BookmarksTable to find tagged bookmarks.
$bookmarks = $this->Bookmarks->find('tagged', [
'tags' => $tags
]);
// Pass variables into the view template context.
$this->set([
'bookmarks' => $bookmarks,
'tags' => $tags
]);
}
To access other parts of the request data, consult the Request section.
60
We just implemented a custom finder method. This is a very powerful concept in CakePHP that allows you to
package up re-usable queries. Finder methods always get a Query Builder object and an array of options as
parameters. Finders can manipulate the query and add any required conditions or criteria. When complete,
finder methods must return a modified query object. In our finder weve leveraged the distinct()
and matching() methods which allow us to find distinct bookmarks that have a matching tag. The
matching() method accepts an anonymous function6 that receives a query builder as its argument. Inside
the callback we use the query builder to define conditions that will filter bookmarks that have specific tags.
Creating the View
Now if you visit the /bookmarks/tagged URL, CakePHP will show an error letting you know that
you have not made a view file. Next, lets build the view file for our tags() action. In
src/Template/Bookmarks/tags.ctp put the following content:
<h1>
Bookmarks tagged with
<?= $this->Text->toList($tags) ?>
</h1>
<section>
<?php foreach ($bookmarks as $bookmark): ?>
<article>
<!-- Use the HtmlHelper to create a link -->
<h4><?= $this->Html->link($bookmark->title, $bookmark->url) ?></h4>
<small><?= h($bookmark->url) ?></small>
<!-- Use the TextHelper to format text -->
<?= $this->Text->autoParagraph($bookmark->description) ?>
</article>
<?php endforeach; ?>
</section>
6
http://php.net/manual/en/functions.anonymous.php
Bookmarker Tutorial
61
In the above code we use the Html and Text helpers to assist in generating our view output. We also use
the h shortcut function to HTML encode output. You should remember to always use h() when outputting
user data to prevent HTML injection issues.
The tags.ctp file we just created follows the CakePHP conventions for view template files. The convention is to have the template use the lower case and underscored version of the controller action name.
You may notice that we were able to use the $tags and $bookmarks variables in our view. When we use
the set() method in our controllers we set specific variables to be sent to the view. The view will make
all passed variables available in the templates as local variables.
You should now be able to visit the /bookmarks/tagged/funny URL and see all the bookmarks tagged with
funny.
So far, weve created a basic application to manage bookmarks, tags and users. However, everyone can see
everyone elses tags. In the next chapter, well implement authentication and restrict the visible bookmarks
to only those that belong to the current user.
Now continue to Bookmarker Tutorial Part 2 to continue building your application or dive into the
documentation to learn more about what CakePHP can do for you.
Adding Login
In CakePHP, authentication is handled by Components. Components can be thought of as ways to create
reusable chunks of controller code related to a specific feature or concept. Components can also hook into
the controllers event life-cycle and interact with your application that way. To get started, well add the
AuthComponent to our application. Well pretty much want every method to require authentication, so well
add AuthComponent in our AppController:
// In src/Controller/AppController.php
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
62
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
]
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
}
Weve just told CakePHP that we want to load the Flash and Auth components. In addition, weve
customized the configuration of AuthComponent, as our users table uses email as the username. Now, if
you go to any URL youll be kicked to /users/login, which will show an error page as we have not written
that code yet. So lets create the login action:
// In src/Controller/UsersController.php
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}
Now that we have a simple login form, we should be able to log in with one of the users that has a hashed
password.
Note: If none of your users have hashed passwords, comment the loadComponent(Auth) line.
Then go and edit the user, saving a new password for them.
You should now be able to log in. If not, make sure you are using a user that has a hashed password.
Bookmarker Tutorial Part 2
63
Adding Logout
Now that people can log in, youll probably want to provide a way to log out as well. Again, in the
UsersController, add the following code:
public function logout()
{
$this->Flash->success('You are now logged out.');
return $this->redirect($this->Auth->logout());
}
Now you can visit /users/logout to log out and be sent to the login page.
Enabling Registrations
If you arent logged in and you try to visit /users/add you will be kicked to the login page. We should fix that
as well if we want people to sign up for our application. In the UsersController add the following:
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow(['add']);
}
The above tells AuthComponent that the add() action does not require authentication or authorization.
You may want to take the time to clean up the Users/add.ctp and remove the misleading links, or continue
on to the next section. We wont be building out user editing, viewing or listing in this tutorial so they will
not work as AuthComponent will deny you access to those controller actions.
Also, add the following to the configuration for Auth in your AppController:
'authorize' => 'Controller',
64
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => $this->referer()
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
Well default to denying access, and incrementally grant access where it makes sense. First, well add the
authorization logic for bookmarks. In your BookmarksController add the following:
public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['index', 'add', 'tags'])) {
return true;
}
// All other actions require an id.
if (empty($this->request->params['pass'][0])) {
return false;
}
// Check that the bookmark belongs to the current user.
$id = $this->request->params['pass'][0];
$bookmark = $this->Bookmarks->get($id);
if ($bookmark->user_id == $user['id']) {
return true;
}
return parent::isAuthorized($user);
}
Now if you try to view, edit or delete a bookmark that does not belong to you, you should be redirected back
to the page you came from. However, there is no error message being displayed, so lets rectify that next:
// In src/Template/Layout/default.ctp
// Under the existing flash message.
<?= $this->Flash->render('auth') ?>
65
By setting the entity property with the session data, we remove any possibility of the user modifying which
user a bookmark is for. Well do the same for the edit form and action. Your edit() action from
src/Controller/BookmarksController.php should look like:
public function edit($id = null)
{
$bookmark = $this->Bookmarks->get($id, [
'contain' => ['Tags']
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}
66
List View
Now, we only need to show bookmarks for the currently logged in user. We can do that by updating the call
to paginate(). Make your index() action from src/Controller/BookmarksController.php look like:
public function index()
{
$this->paginate = [
'conditions' => [
'Bookmarks.user_id' => $this->Auth->user('id'),
]
];
$this->set('bookmarks', $this->paginate($this->Bookmarks));
$this->set('_serialize', ['bookmarks']);
}
We should also update the tags() action and the related finder method, but well leave that as an exercise
you can complete on your own.
This will let us access the $bookmark->tag_string computed property. Well use this property in
inputs later on. Remember to add the tag_string property to the _accessible list in your entity, as
well want to save it later on.
67
68
While this code is a bit more complicated than what weve done so far, it helps to showcase how powerful
the ORM in CakePHP is. You can easily manipulate query results using the Collections methods, and handle
scenarios where you are creating entities on the fly with ease.
Wrapping Up
Weve expanded our bookmarking application to handle authentication and basic authorization/access control scenarios. Weve also added some nice UX improvements by leveraging the FormHelper and ORM
capabilities.
Thanks for taking the time to explore CakePHP. Next, you can complete the Blog Tutorial, learn more about
the Database Access & ORM, or you can peruse the /topics.
Blog Tutorial
This tutorial will walk you through the creation of a simple blog application. Well be installing CakePHP,
creating a database, and creating enough application logic to list, add, edit, and delete blog posts.
Heres what youll need:
1. A running web server. Were going to assume youre using Apache, though the instructions for using
other servers should be very similar. We might have to play a little with the server configuration, but
most folks can get CakePHP up and running without any configuration at all. Make sure you have
PHP 5.4.16 or greater, and that the mbstring and intl extensions are enabled in PHP.
2. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
3. Basic PHP knowledge.
Lets get started!
Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php
Blog Tutorial
69
The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/cake_install
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md
Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.
If for some reason CakePHP cant write to these directories, youll be informed by a warning while not in
production mode.
7
70
https://getcomposer.org/download/
While not recommended, if you are unable to set the permissions to the same as your webserver, you can
simply set write permissions on the folder by running a command such as:
chmod 777 -R tmp
chmod 777 -R logs
The choices on table and column names are not arbitrary. If you follow CakePHPs database naming conventions, and CakePHPs class naming conventions (both outlined in CakePHP Conventions), youll be
able to take advantage of a lot of free functionality and avoid configuration. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.
Check out CakePHP Conventions for more information, but its suffice to say that naming our table articles automatically hooks it to our Articles model, and having fields called modified and created will be
automatically managed by CakePHP.
Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:
Blog Tutorial
71
return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cake_blog',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_blog',
'encoding' => 'utf8',
'timezone' => 'UTC'
],
],
// More configuration below.
];
Once youve saved your config/app.php file, you should be able to open your browser and see the CakePHP
welcome page. It should also tell you that your database connection file was found, and that CakePHP can
successfully connect to the database.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.
Optional Configuration
There are a few other items that can be configured. Most developers complete these laundry-list items, but
theyre not required for this tutorial. One is defining a custom string (or salt) for use in security hashes.
The security salt is used for generating hashes. If you used Composer this too is taken care of for you during
the install. Else youd need to change the default salt value by editing config/app.php. It doesnt matter
much what the new value is, as long as its not easily guessed:
'Security' => [
'salt' => 'something long and containing lots of different values.',
],
A Note on mod_rewrite
Occasionally new users will run into mod_rewrite issues. For example if the CakePHP welcome page looks
a little funny (no images or CSS styles). This probably means mod_rewrite is not functioning on your
system. Please refer to the URL Rewriting section to help resolve any issues you are having.
Now continue to Blog Tutorial - Part 2 to start building your first CakePHP application.
72
Naming conventions are very important in CakePHP. By naming our Table object ArticlesTable,
CakePHP can automatically infer that this Table object will be used in the ArticlesController, and will
be tied to a database table called articles.
Note: CakePHP will dynamically create a model object for you if it cannot find a corresponding file in
src/Model/Table. This also means that if you accidentally name your file wrong (i.e. articlestable.php or
ArticleTable.php), CakePHP will not recognize any of your settings and will use the a generated model
instead.
For more on models, such as callbacks, and validation, check out the Database Access & ORM chapter of
the Manual.
73
Now, lets add an action to our controller. Actions often represent a single function or interface in an
application. For example, when users request www.example.com/articles/index (which is also the same as
www.example.com/articles/), they might expect to see a listing of articles. The code for that action would
look like this:
// src/Controller/ArticlesController.php
namespace App\Controller;
class ArticlesController extends AppController
{
public function index()
{
$articles = $this->Articles->find('all');
$this->set(compact('articles'));
}
}
By defining function index() in our ArticlesController, users can now access the logic there by requesting
www.example.com/articles/index. Similarly, if we were to define a function called foobar(), users would
be able to access that at www.example.com/articles/foobar.
Warning: You may be tempted to name your controllers and actions a certain way to obtain a certain
URL. Resist that temptation. Follow CakePHP conventions (capitalization, plural names, etc.) and create
readable, understandable action names. You can map URLs to your code using routes covered later
on.
The single instruction in the action uses set() to pass data from the controller to the view (which well
create next). The line sets the view variable called articles equal to the return value of the find(all)
method of the Articles table object.
To learn more about CakePHPs controllers, check out the Controllers chapter.
74
CakePHPs template files are stored in src/Template inside a folder named after the controller they correspond to (well have to create a folder named Articles in this case). To format this article data in a nice
table, our view code might look something like this:
<!-- File: src/Template/Articles/index.ctp -->
<h1>Blog articles</h1>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
</tr>
<!-- Here is where we iterate through our $articles query object, printing out article
<?php foreach ($articles as $article): ?>
<tr>
<td><?= $article->id ?></td>
<td>
<?= $this->Html->link($article->title, ['action' => 'view', $article->id]) ?>
</td>
<td>
<?= $article->created->format(DATE_RFC850) ?>
</td>
</tr>
<?php endforeach; ?>
</table>
75
The set() call should look familiar. Notice were using get() rather than find(all) because we
only really want a single articles information.
Notice that our view action takes a parameter: the ID of the article wed like to see. This parameter is handed
to the action through the requested URL. If a user requests /articles/view/3, then the value 3 is
passed as $id.
We also do a bit of error checking to ensure a user is actually accessing a record. By using the get() function in the Articles table, we make sure the user has accessed a record that exists. In case the requested article
is not present in the database, or the id is falsey the get() function will throw a NotFoundException.
Now lets create the view for our new view action and place it in src/Template/Articles/view.ctp
<!-- File: src/Template/Articles/view.ctp -->
<h1><?= h($article->title) ?></h1>
<p><?= h($article->body) ?></p>
<p><small>Created: <?= $article->created->format(DATE_RFC850) ?></small></p>
Verify that this is working by trying the links at /articles/index or manually requesting an article by
accessing /articles/view/1.
Adding Articles
Reading from the database and showing us the articles is a great start, but lets allow for the adding of new
articles.
First, start by creating an add() action in the ArticlesController:
// src/Controller/ArticlesController.php
namespace App\Controller;
use App\Controller\AppController;
class ArticlesController extends AppController
{
76
Note: You need to include the FlashComponent in any controller where you will use it. If necessary,
include it in your AppController.
Heres what the add() action does: if the HTTP method of the request was POST, try to save the data using
the Articles model. If for some reason it doesnt save, just render the view. This gives us a chance to show
the user validation errors or other warnings.
Every CakePHP request includes a Request object which is accessible using $this->request. The
request object contains useful information regarding the request that was just received, and can be used to
control the flow of your application. In this case, we use the Cake\Network\Request::is() method
to check that the request is a HTTP POST request.
When a user uses a form to POST data to your application, that information is available in
$this->request->data. You can use the pr() or debug() functions to print it out if you want
to see what it looks like.
We use FlashComponents success() and error() methods to set a message to a session vari-
77
able. These methods are provided using PHPs magic method features8 . Flash messages will be
displayed on the page after redirection. In the layout we have <?= $this->Flash->render()
?> which displays the message and clears the corresponding session variable. The controllers
Cake\Controller\Controller::redirect function redirects to another URL. The param
[action => index] translates to URL /articles i.e the index action of the articles controller.
You can refer to Cake\Routing\Router::url() function on the API9 to see the formats in which
you can specify a URL for various CakePHP functions.
Calling the save() method will check for validation errors and abort the save if any occur. Well discuss
how those errors are handled in the following sections.
Data Validation
CakePHP goes a long way toward taking the monotony out of form input validation. Everyone hates coding
up endless forms and their validation routines. CakePHP makes it easier and faster.
To take advantage of the validation features, youll need to use CakePHPs FormHelper in your views. The
Cake\View\Helper\FormHelper is available by default to all views at $this->Form.
Heres our add view:
<!-- File: src/Template/Articles/add.ctp -->
<h1>Add Article</h1>
<?php
echo $this->Form->create($article);
echo $this->Form->input('title');
echo $this->Form->input('body', ['rows' => '3']);
echo $this->Form->button(__('Save Article'));
echo $this->Form->end();
?>
We use the FormHelper to generate the opening tag for an HTML form.
$this->Form->create() generates:
If create() is called with no parameters supplied, it assumes you are building a form that submits via
POST to the current controllers add() action (or edit() action when id is included in the form data).
The $this->Form->input() method is used to create form elements of the same name. The first
parameter tells CakePHP which field they correspond to, and the second parameter allows you to specify a
wide array of options - in this case, the number of rows for the textarea. Theres a bit of introspection and
automagic here: input() will output different form elements based on the model field specified.
The $this->Form->end() call ends the form. Outputting hidden inputs if CSRF/Form Tampering
prevention is enabled.
Now lets go back and update our src/Template/Articles/index.ctp view to include a new Add Article
link. Before the <table>, add the following line:
8
9
78
http://php.net/manual/en/language.oop5.overloading.php#object.call
http://api.cakephp.org
You may be wondering: how do I tell CakePHP about my validation requirements? Validation rules are
defined in the model. Lets look back at our Articles model and make a few adjustments:
// src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
public function validationDefault(Validator $validator)
{
$validator
->notEmpty('title')
->notEmpty('body');
return $validator;
}
}
The validationDefault() method tells CakePHP how to validate your data when the save()
method is called. Here, weve specified that both the body and title fields must not be empty. CakePHPs
validation engine is strong, with a number of pre-built rules (credit card numbers, email addresses, etc.) and
flexibility for adding your own validation rules. For more information on that setup, check the Validation
documentation.
Now that your validation rules are in place, use the app to try to add an article with an empty title or body
to see how it works. Since weve used the Cake\View\Helper\FormHelper::input() method of
the FormHelper to create our form elements, our validation error messages will be shown automatically.
Editing Articles
Post editing: here we go. Youre a CakePHP pro by now, so you should have picked up a pattern. Make the
action, then the view. Heres what the edit() action of the ArticlesController would look like:
// src/Controller/ArticlesController.php
public function edit($id = null)
{
$article = $this->Articles->get($id);
if ($this->request->is(['post', 'put'])) {
$this->Articles->patchEntity($article, $this->request->data);
if ($this->Articles->save($article)) {
79
This action first ensures that the user has tried to access an existing record. If they havent passed in an $id
parameter, or the article does not exist, we throw a NotFoundException for the CakePHP ErrorHandler
to take care of.
Next the action checks whether the request is either a POST or a PUT request. If it is, then we use the POST
data to update our article entity by using the patchEntity method. Finally we use the table object to save
the entity back or kick back and show the user validation errors.
The edit view might look something like this:
<!-- File: src/Template/Articles/edit.ctp -->
<h1>Edit
<?php
echo
echo
echo
echo
echo
?>
Article</h1>
$this->Form->create($article);
$this->Form->input('title');
$this->Form->input('body', ['rows' => '3']);
$this->Form->button(__('Save Article'));
$this->Form->end();
This view outputs the edit form (with the values populated), along with any necessary validation error
messages.
CakePHP will determine to whether a save() generates an insert, or update statement based on state in
the entity.
You can now update your index view with links to edit specific articles:
<!-- File: src/Template/Articles/index.ctp
<h1>Blog articles</h1>
<p><?= $this->Html->link("Add Article", ['action' => 'add']) ?></p>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
<th>Action</th>
</tr>
<!-- Here's where we iterate through our $articles query object, printing out article info
<?php foreach ($articles as $article): ?>
<tr>
80
Deleting Articles
Next, lets make a way for users to delete articles. Start with a delete() action in the ArticlesController:
// src/Controller/ArticlesController.php
public function delete($id)
{
$this->request->allowMethod(['post', 'delete']);
$article = $this->Articles->get($id);
if ($this->Articles->delete($article)) {
$this->Flash->success(__('The article with id: {0} has been deleted.', h($id)));
return $this->redirect(['action' => 'index']);
}
}
This logic deletes the article specified by $id, and uses $this->Flash->success() to show the user
a confirmation message after redirecting them on to /articles. If the user attempts to do a delete using a
GET request, the allowMethod will throw an Exception. Uncaught exceptions are captured by CakePHPs
exception handler, and a nice error page is displayed. There are many built-in Exceptions that can be used
to indicate the various HTTP errors your application might need to generate.
Because were just executing some logic and redirecting, this action has no view. You might want to update
your index view with links that allow users to delete articles, however:
<!-- File: src/Template/Articles/index.ctp (delete links added) -->
<h1>Blog articles</h1>
<p><?= $this->Html->link('Add Article', ['action' => 'add']) ?></p>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
<th>Actions</th>
</tr>
81
<!-- Here's where we loop through our $articles query object, printing out article info -->
<?php foreach ($articles as $article): ?>
<tr>
<td><?= $article->id ?></td>
<td>
<?= $this->Html->link($article->title, ['action' => 'view', $article->id]) ?>
</td>
<td>
<?= $article->created->format(DATE_RFC850) ?>
</td>
<td>
<?= $this->Form->postLink(
'Delete',
['action' => 'delete', $article->id],
['confirm' => 'Are you sure?'])
?>
<?= $this->Html->link('Edit', ['action' => 'edit', $article->id]) ?>
</td>
</tr>
<?php endforeach; ?>
</table>
Routes
For some, CakePHPs default routing works well enough. Developers who are sensitive to user-friendliness
and general search engine compatibility will appreciate the way that CakePHPs URLs map to specific
actions. So well just make a quick change to routes in this tutorial.
For more information on advanced routing techniques, see Connecting Routes.
By default, CakePHP responds to a request for the root of your site (e.g., http://www.example.com) using
its PagesController, rendering a view called home. Instead, well replace this with our ArticlesController
by creating a routing rule.
CakePHPs routing is found in config/routes.php. Youll want to comment out or remove the line that
defines the default root route. It looks like this:
$routes->connect('/', ['controller' => 'Pages', 'action' => 'display', 'home']);
This line connects the URL / with the default CakePHP home page. We want it to connect with our own
controller, so replace that line with this one:
82
This should connect users requesting / to the index() action of our ArticlesController.
Note:
CakePHP also makes use of reverse routing. If, with the above route defined, you pass
[controller => Articles, action => index] to a function expecting an array,
the resulting URL used will be /. Its therefore a good idea to always use arrays for URLs as this means
your routes define where a URL goes, and also ensures that links point to the same place.
Conclusion
Creating applications this way will win you peace, honor, love, and money beyond even your wildest fantasies. Simple, isnt it? Keep in mind that this tutorial was very basic. CakePHP has many more features to
offer, and is flexible in ways we didnt wish to cover here for simplicitys sake. Use the rest of this manual
as a guide for building more feature-rich applications.
Now that youve created a basic CakePHP application, you can either continue to Blog Tutorial - Part 3,
or start your own project. You can also peruse the /topics or API <http://api.cakephp.org/3.0> to learn
more about CakePHP.
If you need help, there are many ways to get the help you need - please see the Where to Get Help page.
Welcome to CakePHP!
Suggested Follow-up Reading
These are common tasks people learning CakePHP usually want to study next:
1. Layouts: Customizing your website layout
2. Elements: Including and reusing view snippets
3. Code Generation with Bake: Generating basic CRUD code
4. Blog Tutorial - Authentication and Authorization: User authentication and authorization tutorial
83
Migrations Plugin
We will use the migrations plugin10 to create a table in our database. If you already have an articles table in
your database, erase it.
Now open your applications composer.json file. Normally you would see that the migrations plugin is
already under require. If not add it as follows:
"require": {
"cakephp/migrations": "~1.0"
}
Then run composer update. The migrations plugin will now be in your applications plugins folder.
Also add Plugin::load(Migrations); in your applications bootstrap.php file.
Once the plugin is loaded, run the following command to create a migration file:
bin/cake migrations create Initial
A migration file will be generated in the /config/Migrations folder. You can open your new migration file and add the following:
<?php
use Phinx\Migration\AbstractMigration;
class Initial extends AbstractMigration
{
public function change()
{
$articles = $this->table('articles');
$articles->addColumn('title', 'string', ['limit' => 50])
->addColumn('body', 'text', ['null' => true, 'default' => null])
->addColumn('category_id', 'integer', ['null' => true, 'default' => null])
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime', ['null' => true, 'default' => null])
->save();
$categories = $this->table('categories');
$categories->addColumn('parent_id', 'integer', ['null' => true, 'default' => null])
->addColumn('lft', 'integer', ['null' => true, 'default' => null])
->addColumn('rght', 'integer', ['null' => true, 'default' => null])
->addColumn('name', 'string', ['limit' => 255])
->addColumn('description', 'string', ['limit' => 255, 'null' => true, 'default'
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime', ['null' => true, 'default' => null])
->save();
}
}
84
https://github.com/cakephp/migrations
tables
together.
Open
the
// src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
// Just add the belongsTo relation with CategoriesTable
$this->belongsTo('Categories', [
'foreignKey' => 'category_id',
]);
}
}
The bake tool has created all your files in a snap. You can give them a quick read if you want re-familiarize
yourself with how CakePHP works.
Note: If you are on Windows remember to use instead of /.
http://www.sitepoint.com/hierarchical-data-database-2/
85
With the TreeBehavior attached youll be able to access some features like reordering the categories. Well
see that in a moment.
But for now, you have to remove the following inputs in your Categories add and edit template files:
echo $this->Form->input('lft');
echo $this->Form->input('rght');
These fields are automatically managed by the TreeBehavior when a category is saved.
Using your web browser, add some new categories using the /yoursite/categories/add controller
action.
86
if ($this->Categories->moveDown($category)) {
$this->Flash->success('The category has been moved down.');
} else {
$this->Flash->error('The category could not be moved down. Please, try again.')
}
return $this->redirect($this->referer(['action' => 'index']));
}
}
87
</div>
88
When you go to the address /yoursite/articles/add you should see a list of categories to choose.
We have adhered to the CakePHP conventions in naming tables, but were also taking advantage of another
convention: By using the username and password columns in a users table, CakePHP will be able to autoconfigure most things for us when implementing the user login.
Next step is to create our Users table, responsible for finding, saving and validating any user data:
// src/Model/Table/UsersTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class UsersTable extends Table
{
public function validationDefault(Validator $validator)
{
return $validator
->notEmpty('username', 'A username is required')
->notEmpty('password', 'A password is required')
->notEmpty('role', 'A role is required')
->add('role', 'inList', [
'rule' => ['inList', ['admin', 'author']],
'message' => 'Please enter a valid role'
89
]);
}
}
Lets also create our UsersController. The following content corresponds to parts of a basic baked UsersController class using the code generation utilities bundled with CakePHP:
// src/Controller/UsersController.php
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class UsersController extends AppController
{
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('add');
}
public function index()
{
$this->set('users', $this->Users->find('all'));
}
public function view($id)
{
$user = $this->Users->get($id);
$this->set(compact('user'));
}
public function add()
{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'add']);
}
$this->Flash->error(__('Unable to add the user.'));
}
$this->set('user', $user);
}
}
In the same way we created the views for our articles or by using the code generation tool, we can implement
the user views. For the purpose of this tutorial, we will show just the add.ctp:
90
91
There is not much to configure, as we used the conventions for the users table. We just set up the URLs
that will be loaded after the login and logout actions is performed, in our case to /articles/ and /
respectively.
What we did in the beforeFilter() function was to tell the AuthComponent to not require a login for
all index() and view() actions, in every controller. We want our visitors to be able to read and list the
entries without registering in the site.
Now, we need to be able to register new users, save their username and password, and more importantly,
hash their password so it is not stored as plain text in our database. Lets tell the AuthComponent to let
un-authenticated users access the users add function and implement the login and logout action:
// src/Controller/UsersController.php
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
// Allow users to register and logout.
// You should not add the "login" action to allow list. Doing so would
// cause problems with normal functioning of AuthComponent.
$this->Auth->allow(['add', 'logout']);
}
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again'));
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
Password hashing is not done yet, we need an Entity class for our User in order to handle its own specific
logic. Create the src/Model/Entity/User.php entity file and add the following:
// src/Model/Entity/User.php
namespace App\Model\Entity;
92
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// Make all fields mass assignable for now.
protected $_accessible = ['*' => true];
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}
Now every time the password property is assigned to the user it will be hashed using the
DefaultPasswordHasher class. Were just missing a template view file for the login function. Open
up your src/Template/Users/login.ctp file and add the following lines:
<!-- File: src/Template/Users/login.ctp -->
<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your username and password') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
</fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>
You can now register a new user by accessing the /users/add URL and log in with the newly created
credentials by going to /users/login URL. Also, try to access any other URL that was not explicitly
allowed such as /articles/add, you will see that the application automatically redirects you to the login
page.
And thats it! It looks too simple to be true. Lets go back a bit to explain what happened. The
beforeFilter() function is telling the AuthComponent to not require a login for the add() action in addition to the index() and view() actions that were already allowed in the AppControllers
beforeFilter() function.
The login() action calls the $this->Auth->identify() function in the AuthComponent, and it
works without any further config because we are following conventions as mentioned earlier. That is, having
a Users table with a username and a password column, and use a form posted to a controller with the user
data. This function returns whether the login was successful or not, and in the case it succeeds, then we
redirect the user to the configured redirection URL that we used when adding the AuthComponent to our
application.
Blog Tutorial - Authentication and Authorization
93
The logout works by just accessing the /users/logout URL and will redirect the user to the configured
logoutUrl formerly described. This URL is the result of the AuthComponent::logout() function on
success.
Also, a small change in the ArticlesController is required to store the currently logged in user as a reference
for the created article:
// src/Controller/ArticlesController.php
public function add()
{
$article = $this->Articles->newEntity();
if ($this->request->is('post')) {
$article = $this->Articles->patchEntity($article, $this->request->data);
// Added this line
$article->user_id = $this->Auth->user('id');
// You could also do the following
//$newData = ['user_id' => $this->Auth->user('id')];
//$article = $this->Articles->patchEntity($article, $newData);
if ($this->Articles->save($article)) {
$this->Flash->success(__('Your article has been saved.'));
return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to add your article.'));
}
$this->set('article', $article);
}
The user() function provided by the component returns any column from the currently logged in user.
We used this method to add the data into the request info that is saved.
Lets secure our app to prevent some authors from editing or deleting the others articles. Basic rules for
our app are that admin users can access every URL, while normal users (the author role) can only access the
permitted actions. Again, open the AppController class and add a few more options to the Auth config:
// src/Controller/AppController.php
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'], // Added this line
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
94
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}
public function isAuthorized($user)
{
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}
We just created a very simple authorization mechanism. In this case the users with role admin will be able
to access any URL in the site when logged in, but the rest of them (i.e the role author) cant do anything
different from not logged in users.
This is not exactly what we wanted, so we need to supply more rules to our isAuthorized() method.
But instead of doing it in AppController, lets delegate each controller to supply those extra rules. The rules
were going to add to ArticlesController should allow authors to create articles but prevent the edition of
articles if the author does not match. Open the file ArticlesController.php and add the following
content:
// src/Controller/ArticlesController.php
public function isAuthorized($user)
{
// All registered users can add articles
if ($this->request->action === 'add') {
return true;
}
// The owner of an article can edit and delete it
if (in_array($this->request->action, ['edit', 'delete'])) {
$articleId = (int)$this->request->params['pass'][0];
if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}
Were now overriding the AppControllers isAuthorized() call and internally checking if the parent
class is already authorizing the user. If he isnt, then just allow him to access the add action, and conditionally
access edit and delete. One final thing has not been implemented. To tell whether or not the user is authorized
Blog Tutorial - Authentication and Authorization
95
to edit the article, were calling a isOwnedBy() function in the Articles table. Lets then implement that
function:
// src/Model/Table/ArticlesTable.php
public function isOwnedBy($articleId, $userId)
{
return $this->exists(['id' => $articleId, 'user_id' => $userId]);
}
This concludes our simple authentication and authorization tutorial. For securing the UsersController you
can follow the same technique we did for ArticlesController. You could also be more creative and code
something more general in AppController based on your own rules.
Should you need more control, we suggest you read the complete Auth guide in the Authentication section
where you will find more about configuring the component, creating custom Authorization classes, and
much more.
Suggested Follow-up Reading
1. Code Generation with Bake Generating basic CRUD code
2. Authentication: User registration and login
96
CHAPTER 5
Contributing
There are a number of ways you can contribute to CakePHP. The following sections cover the various ways
you can contribute to CakePHP:
Documentation
Contributing to the documentation is simple. The files are hosted on https://github.com/cakephp/docs. Feel
free to fork the repo, add your changes/improvements/translations and give back by issuing a pull request.
You can even edit the docs online with GitHub, without ever downloading the files the Improve this Doc
button on any given page will direct you to GitHubs online editor for that page.
CakePHP documentation is continuously integrated1 , so you can check the status of the various builds2 on
the Jenkins server at any time.
Translations
Email the docs team (docs at cakephp dot org) or hop on IRC (#cakephp on freenode) to discuss any translation efforts you would like to participate in.
New Translation Language
We want to provide translations that are as complete as possible. However, there may be times where
a translation file is not up-to-date. You should always consider the English version as the authoritative
version.
If your language is not in the current languages, please contact us through Github and we will consider
creating a skeleton folder for it. The following sections are the first one you should consider translating as
these files dont change often:
1
2
http://en.wikipedia.org/wiki/Continuous_integration
http://ci.cakephp.org
97
index.rst
intro.rst
quickstart.rst
installation.rst
/intro folder
/tutorials-and-examples folder
Reminder for Docs Administrators
The structure of all language folders should mirror the English folder structure. If the structure changes for
the English version, we should apply those changes in the other languages.
For example, if a new English file is created in en/file.rst, we should:
Add the file in all other languages : fr/file.rst, zh/file.rst, ...
Delete the content, but keeping the title, meta information and eventual toc-tree elements.
The following note will be added while nobody has translated the file:
File Title
##########
.. note::
The documentation is not currently supported in XX language for this
page.
Please feel free to send us a pull request on
`Github <https://github.com/cakephp/docs>`_ or use the **Improve This Doc**
button to directly propose your changes.
You can refer to the English version in the select top menu to have
information about this page's topic.
// If toc-tree elements are in the English version
.. toctree::
:maxdepth: 1
one-toc-file
other-toc-file
.. meta::
:title lang=xx: File Title
:keywords lang=xx: title, description,...
Translator tips
Browse and edit in the language you want the content to be translated to - otherwise you wont see
what has already been translated.
98
Chapter 5. Contributing
Feel free to dive right in if your chosen language already exists on the book.
Use Informal Form3 .
Translate both the content and the title at the same time.
Do compare to the English content before submitting a correction (if you correct something, but dont
integrate an upstream change your submission wont be accepted).
If you need to write an English term, wrap it in <em> tags. E.g. asdf asdf Controller asdf or asdf
asdf Kontroller (Controller) asfd as appropriate.
Do not submit partial translations.
Do not edit a section with a pending change.
Do not use HTML entities4 for accented characters, the book uses UTF-8.
Do not significantly change the markup (HTML) or add new content
If the original content is missing some info, submit an edit for that first.
http://en.wikipedia.org/wiki/Register_(linguistics)
http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
5
http://en.wikipedia.org/wiki/ReStructuredText
4
Documentation
99
Paragraphs
Paragraphs are simply blocks of text, with all the lines at the same level of indentation. Paragraphs should
be separated by more than one empty line.
Inline Markup
One asterisk: text for emphasis (italics) Well use it for general highlighting/emphasis.
*text*.
Two asterisks: text for strong emphasis (boldface) Well use it for working directories, bullet list
subject, table names and excluding the following word table.
**/config/Migrations**, **articles**, etc.
Two backquotes: text for code samples Well use it for names of method options, names of table
columns, object names, excluding the following word object and for method/function names
include ().
cascadeCallbacks,
config(), etc.
true,
id,
PagesController,
If asterisks or backquotes appear in running text and could be confused with inline markup delimiters, they
have to be escaped with a backslash.
Inline markup has a few restrictions:
It may not be nested.
Content may not start or end with whitespace: * text* is wrong.
Content must be separated from surrounding text by non-word characters. Use a backslash escaped
space to work around that: onelong\ *bolded*\ word.
Lists
List markup is very similar to markdown. Unordered lists are indicated by starting a line with a single
asterisk and a space. Numbered lists can be created with either numerals, or # for auto numbering:
* This is a bullet
* So is this. But this line
has two lines.
1. First line
2. Second line
#. Automatic numbering
#. Will save you some time.
Indented lists can also be created, by indenting sections and separating them with an empty line:
100
Chapter 5. Contributing
* First line
* Second line
* Going deeper
* Whoah
* Back to the first level.
Terms cannot be more than one line, but definitions can be multi-line and all lines should be indented
consistently.
Links
There are several kinds of links, each with their own uses.
External Links
:doc:
Other pages in the documentation can be linked to using the :doc: role. You can link to the specified
document using either an absolute or relative path reference. You should omit the .rst extension.
For example, if the reference :doc:form appears in the document core-helpers/html,
then the link references core-helpers/form. If the reference was :doc:/core-helpers,
it would always reference /core-helpers regardless of where it was used.
Cross Referencing Links
:ref:
You can cross reference any arbitrary title in any document using the :ref: role. Link label targets
must be unique across the entire documentation. When creating labels for class methods, its best to
use class-method as the format for your link label.
The most common use of labels is above a title. Example:
Documentation
101
.. _label-name:
Section heading
--------------More content here.
Elsewhere you could reference the above section using :ref:label-name. The links text
would be the title that the link preceded. You can also provide custom link text using :ref:Link
text <label-name>.
Describing Classes and their Contents
The CakePHP documentation uses the phpdomain6 to provide custom directives for describing PHP objects
and constructs. Using these directives and roles is required to give proper indexing and cross referencing
features.
Describing Classes and Constructs
Each directive populates the index, and or the namespace index.
.. php:global:: name
This directive declares a new PHP global variable.
.. php:function:: name(signature)
Defines a new global function outside of a class.
.. php:const:: name
This directive declares a new PHP constant, you can also use it nested inside a class directive to create
class constants.
.. php:exception:: name
This directive declares a new Exception in the current namespace. The signature can include constructor arguments.
.. php:class:: name
Describes a class. Methods, attributes, and constants belonging to the class should be inside this
directives body:
.. php:class:: MyClass
Class description
.. php:method:: method($argument)
Method description
Attributes, methods and constants dont need to be nested. They can also just follow the class declaration:
6
http://pypi.python.org/pypi/sphinxcontrib-phpdomain
102
Chapter 5. Contributing
.. php:class:: MyClass
Text about the class
.. php:method:: methodName()
Text about the method
See also:
php:method, php:attr, php:const
.. php:method:: name(signature)
Describe a class method, its arguments, return value, and exceptions:
.. php:method:: instanceMethod($one, $two)
:param string $one: The first parameter.
:param string $two: The second parameter.
:returns: An array of stuff.
:throws: InvalidArgumentException
This is an instance method.
.. php:staticmethod:: ClassName::methodName(signature)
Describe a static method, its arguments, return value and exceptions, see php:method for options.
.. php:attr:: name
Describe an property/attribute on a class.
Cross Referencing
The following roles refer to PHP objects and links are generated if a matching directive is found:
:php:func:
Reference a PHP function.
:php:global:
Reference a global variable whose name has $ prefix.
:php:const:
Reference either a global constant, or a class constant. Class constants should be preceded by the
owning class:
DateTime has an :php:const:`DateTime::ATOM` constant.
:php:class:
Reference a class by name:
:php:class:`ClassName`
:php:meth:
Reference a method of a class. This role supports both kinds of methods:
Documentation
103
:php:meth:`DateTime::setDate`
:php:meth:`Classname::staticMethod`
:php:attr:
Reference a property on an object:
:php:attr:`ClassName::$propertyName`
:php:exc:
Reference an exception.
Source Code
Literal code blocks are created by ending a paragraph with ::. The literal block must be indented, and like
all paragraphs be separated by single lines:
This is a paragraph::
while ($i--) {
doStuff()
}
This is regular text again.
Literal text is not modified or formatted, save that one level of indentation is removed.
Notes and Warnings
There are often times when you want to inform the reader of an important tip, special note or a potential
hazard. Admonitions in sphinx are used for just that. There are fives kinds of admonitions.
.. tip:: Tips are used to document or re-iterate interesting or important information. The content of the directive should be written in complete sentences and include all appropriate punctuation.
.. note:: Notes are used to document an especially important piece of information. The content
of the directive should be written in complete sentences and include all appropriate punctuation.
.. warning:: Warnings are used to document potential stumbling blocks, or information pertaining to security. The content of the directive should be written in complete sentences and include
all appropriate punctuation.
.. versionadded:: X.Y.Z Version added admonitions are used to display notes specific
to new features added at a specific version, X.Y.Z being the version on which the said feature was
added.
.. deprecated:: X.Y.Z As opposed to version added admonitions, deprecated admonition are used to notify of a deprecated feature, X.Y.Z being the version on which the said feature
was deprecated.
All admonitions are made the same:
104
Chapter 5. Contributing
.. note::
Indented and preceded and followed by a blank line. Just like a
paragraph.
This text is not part of the note.
Samples
Tickets
Getting feedback and help from the community in the form of tickets is an extremely important part of the
CakePHP development process. All of CakePHPs tickets are hosted on GitHub7 .
Reporting Bugs
Well written bug reports are very helpful. There are a few steps to help create the best bug report possible:
Do search8 for a similar existing ticket, and ensure someone hasnt already reported your issue, or
that it hasnt already been fixed in the repository.
Do include detailed instructions on how to reproduce the bug. This could be in the form of test cases
or a code snippet that demonstrates the issue. Not having a way to reproduce an issue, means its less
likely to get fixed.
Do give as many details as possible about your environment: (OS, PHP version, CakePHP version).
Dont use the ticket system to ask support questions. Use the Google Group9 , the #cakephp IRC
channel or Stack Overflow <https://stackoverflow.com/questions/tagged/cakephp> for that.
7
https://github.com/cakephp/cakephp/issues
https://github.com/cakephp/cakephp/search?q=it+is+broken&ref=cmdform&type=Issues
9
http://groups.google.com/group/cake-php
8
Tickets
105
Code
Patches and pull requests are a great way to contribute code back to CakePHP. Pull requests can be created
in GitHub, and are preferred over patch files in ticket comments.
Initial Setup
Before working on patches for CakePHP, its a good idea to get your environment setup. Youll need the
following software:
Git
PHP 5.4.16 or greater
PHPUnit 3.7.0 or greater
Set up your user information with your name/handle and working email address:
git config --global user.name 'Bob Barker'
git config --global user.email '[email protected]'
Note: If you are new to Git, we highly recommend you to read the excellent and free ProGit10 book.
Get a clone of the CakePHP source code from GitHub:
If you dont have a GitHub11 account, create one.
Fork the CakePHP repository12 by clicking the Fork button.
10
http://git-scm.com/book/
http://github.com
12
http://github.com/cakephp/cakephp
11
106
Chapter 5. Contributing
After your fork is made, clone your fork to your local machine:
git clone [email protected]:YOURNAME/cakephp.git
Add the original CakePHP repository as a remote repository. Youll use this later to fetch changes from the
CakePHP repository. This will let you stay up to date with CakePHP:
cd cakephp
git remote add upstream git://github.com/cakephp/cakephp.git
Now that you have CakePHP setup you should be able to define a $test database connection, and run all
the tests.
Working on a Patch
Each time you want to work on a bug, feature or enhancement create a topic branch.
The branch you create should be based on the version that your fix/enhancement is for. For example if you
are fixing a bug in 2.3 you would want to use the 2.3 branch as the base for your branch. If your change
is a bug fix for the current stable release, you should use the master branch. This makes merging your
changes in later much simpler:
# fixing a bug on 2.3
git fetch upstream
git checkout -b ticket-1234 upstream/2.3
Tip: Use a descriptive name for your branch, referencing the ticket or feature name is a good convention.
e.g. ticket-1234, feature-awesome
The above will create a local branch based on the upstream (CakePHP) 2.3 branch. Work on your fix, and
make as many commits as you need; but keep in mind the following:
Follow the Coding Standards.
Add a test case to show the bug is fixed, or that the new feature works.
Keep your commits logical, and write good clear and concise commit messages.
checkout 2.3
fetch upstream
merge upstream/2.3
checkout <branch_name>
rebase 2.3
This will fetch + merge in any changes that have happened in CakePHP since you started. It will then rebase
- or replay your changes on top of the current code. You might encounter a conflict during the rebase. If
Code
107
the rebase quits early you can see which files are conflicted/un-merged with git status. Resolve each
conflict, and then continue the rebase:
git add <filename> # do this for each conflicted file.
git rebase --continue
Check that all your tests continue to pass. Then push your branch to your fork:
git push origin <branch-name>
Once your branch is on GitHub, you can discuss it on the cakephp-core13 mailing list or submit a pull request
on GitHub.
Choosing Where Your Changes will be Merged Into
When making pull requests you should make sure you select the correct base branch, as you cannot edit it
once the pull request is created.
If your change is a bugfix and doesnt introduce new functionality and only corrects existing behavior
that is present in the current release. Then choose master as your merge target.
If your change is a new feature or an addition to the framework, then you should choose the branch
with the next version number. For example if the current stable release is 2.2.2, the branch accepting
new features will be 2.3
If your change is a breaks existing functionality, or APIs then youll have to choose then next major
release. For example, if the current release is 2.2.2 then the next time existing behavior can be
broken will be in 3.0 so you should target that branch.
Note: Remember that all code you contribute to CakePHP will be licensed under the MIT License, and the
Cake Software Foundation14 will become the owner of any contributed code. Contributors should follow
the CakePHP Community Guidelines15 .
All bug fixes merged into a maintenance branch will also be merged into upcoming releases periodically by
the core team.
Coding Standards
CakePHP developers will use the PSR-2 coding style guide16 in addition to the following rules as coding
standards.
It is recommended that others developing CakeIngredients follow the same standards.
You can use the CakePHP Code Sniffer17 to check that your code follows required standards.
13
http://groups.google.com/group/cakephp-core
http://cakefoundation.org/pages/about
15
http://community.cakephp.org/guidelines
16
http://www.php-fig.org/psr/psr-2/
17
https://github.com/cakephp/cakephp-codesniffer
14
108
Chapter 5. Contributing
Indentation
Four spaces will be used for indentation.
So, indentation should look like this:
// base level
// level 1
// level 2
// level 1
// base level
Or:
$booleanVariable = true;
$stringVariable = 'moose';
if ($booleanVariable) {
echo 'Boolean value is true';
if ($stringVariable === 'moose') {
echo 'We have encountered a moose';
}
}
Line Length
It is recommended to keep lines at approximately 100 characters long for better code readability. Lines must
not be longer than 120 characters.
In short:
100 characters is the soft limit.
120 characters is the hard limit.
Control Structures
Control structures are for example if, for, foreach, while, switch etc. Below, an example with if:
if ((expr_1) || (expr_2)) {
// action_1;
} elseif (!(expr_3) && (expr_4)) {
// action_2;
} else {
// default_action;
}
Coding Standards
109
In the control structures there should be 1 (one) space before the first parenthesis and 1 (one) space
between the last parenthesis and the opening bracket.
Always use curly brackets in control structures, even if they are not needed. They increase the readability of the code, and they give you fewer logical errors.
Opening curly brackets should be placed on the same line as the control structure. Closing curly
brackets should be placed on new lines, and they should have same indentation level as the control
structure. The statement included in curly brackets should begin on a new line, and code contained
within it should gain a new level of indentation.
Inline assignments should not be used inside of the control structures.
// wrong = no brackets, badly placed statement
if (expr) statement;
// wrong = no brackets
if (expr)
statement;
// good
if (expr) {
statement;
}
// wrong = inline assignment
if ($variable = Class::function()) {
statement;
}
// good
$variable = Class::function();
if ($variable) {
statement;
}
Ternary Operator
Ternary operators are permissible when the entire ternary operation fits on one line. Longer ternaries should
be split into if else statements. Ternary operators should not ever be nested. Optionally parentheses can
be used around the condition check of the ternary for clarity:
// Good, simple and readable
$variable = isset($options['variable']) ? $options['variable'] : true;
110
Chapter 5. Contributing
Template Files
In template files (.ctp files) developers should use keyword control structures. Keyword control structures
are easier to read in complex template files. Control structures can either be contained in a larger PHP block,
or in separate PHP tags:
<?php
if ($isAdmin):
echo '<p>You are the admin user.</p>';
endif;
?>
<p>The following is also acceptable:</p>
<?php if ($isAdmin): ?>
<p>You are the admin user.</p>
<?php endif; ?>
Comparison
Always try to be as strict as possible. If a none strict test is deliberate it might be wise to comment it as such
to avoid confusing it for a mistake.
For testing if a variable is null, it is recommended to use a strict check:
if ($value === null) {
// ...
}
Function Calls
Functions should be called without space between functions name and starting parenthesis. There should
be one space between every parameter of a function call:
$var = foo($bar, $bar2, $bar3);
As you can see above there should be one space on both sides of equals sign (=).
Coding Standards
111
Method Definition
Example of a method definition:
public function someFunction($arg1, $arg2 = '')
{
if (expr) {
statement;
}
return $var;
}
Parameters with a default value, should be placed last in function definition. Try to make your functions
return something, at least true or false, so it can be determined whether the function call was successful:
public function connection($dns, $persistent = false)
{
if (is_array($dns)) {
$dnsInfo = $dns;
} else {
$dnsInfo = BD::parseDNS($dns);
}
if (!($dnsInfo) || !($dnsInfo['phpType'])) {
return $this->addError();
}
return true;
}
Here $Model must be an instance of Model, $array must be an array and $callback must be of
type callable (a valid callback).
Note that if you want to allow $array to be also an instance of ArrayObject you should not typehint
as array accepts only the primitive type:
112
Chapter 5. Contributing
/**
* Some method description.
*
* @param array|ArrayObject $array Some array value.
*/
public function foo($array)
{
}
Method Chaining
Method chaining should have multiple methods spread across separate lines, and indented with one tab:
$email->from('[email protected]')
->to('[email protected]')
->subject('A great message')
->send();
Commenting Code
All comments should be written in English, and should in a clear way describe the commented block of
code.
Comments can include the following phpDocumentor19 tags:
@author20
@copyright21
@deprecated22 Using the @version <vector> <description> format, where version
and description are mandatory.
@example23
@ignore24
18
http://www.php-fig.org/psr/psr-2/
http://phpdoc.org
20
http://phpdoc.org/docs/latest/references/phpdoc/tags/author.html
21
http://phpdoc.org/docs/latest/references/phpdoc/tags/copyright.html
22
http://phpdoc.org/docs/latest/references/phpdoc/tags/deprecated.html
23
http://phpdoc.org/docs/latest/references/phpdoc/tags/example.html
24
http://phpdoc.org/docs/latest/references/phpdoc/tags/ignore.html
19
Coding Standards
113
@internal25
@link26
@see27
@since28
@version29
PhpDoc tags are very much like JavaDoc tags in Java. Tags are only processed if they are the first thing in a
DocBlock line, for example:
/**
* Tag example.
*
* @author this tag is parsed, but this @version is ignored
* @version 1.0 this tag is also parsed
*/
/**
* Example of inline phpDoc tags.
*
* This function works hard with foo() to rule the world.
*
* @return void
*/
function bar()
{
}
/**
* Foo function.
*
* @return void
*/
function foo()
{
}
Comment blocks, with the exception of the first block in a file, should always be preceded by a newline.
Variable Types
Variable types for use in DocBlocks:
Type Description
mixed A variable with undefined (or multiple) type.
25
http://phpdoc.org/docs/latest/references/phpdoc/tags/internal.html
http://phpdoc.org/docs/latest/references/phpdoc/tags/link.html
27
http://phpdoc.org/docs/latest/references/phpdoc/tags/see.html
28
http://phpdoc.org/docs/latest/references/phpdoc/tags/since.html
29
http://phpdoc.org/docs/latest/references/phpdoc/tags/version.html
26
114
Chapter 5. Contributing
For more than two types it is usually best to just use mixed.
When returning the object itself, e.g. for chaining, one should use $this instead:
/**
* Foo function.
*
* @return $this
*/
public function foo()
{
return $this;
}
Including Files
include, require, include_once and require_once do not have parentheses:
// wrong = parentheses
require_once('ClassFileName.php');
require_once ($class);
// good = no parentheses
require_once 'ClassFileName.php';
require_once $class;
When including files with classes or libraries, use only and always the require_once30 function.
30
http://php.net/require_once
Coding Standards
115
PHP Tags
Always use long tags (<?php ?>) Instead of short tags (<?
template files (.ctp) where appropriate.
Short Echo
The short echo should be used in template files in place of <?php echo. It should be immediately followed
by a single space, the variable or function value to echo, a single space, and the php closing tag:
// wrong = semicolon, no spaces
<td><?=$name;?></td>
// good = spaces, no semicolon
<td><?= $name ?></td>
As of PHP 5.4 the short echo tag (<?=) is no longer to be consider a short tag is always available regardless
of the short_open_tag ini directive.
Naming Convention
Functions
Write all functions in camelBack:
function longFunctionName()
{
}
Classes
Class names should be written in CamelCase, for example:
class ExampleClass
{
}
Variables
Variable names should be as descriptive as possible, but also as short as possible. All variables should start
with a lowercase letter, and should be written in camelBack in case of multiple words. Variables referencing
objects should in some way associate to the class the variable is an object of. Example:
$user = 'John';
$users = ['John', 'Hans', 'Arne'];
$dispatcher = new Dispatcher();
116
Chapter 5. Contributing
Member Visibility
Use PHP5s private and protected keywords for methods and variables. Additionally, protected method or
variable names start with a single underscore (_). Example:
class A
{
protected $_iAmAProtectedVariable;
protected function _iAmAProtectedMethod()
{
/* ... */
}
}
Private methods or variable names start with double underscore (__). Example:
class A
{
private $__iAmAPrivateVariable;
private function __iAmAPrivateMethod()
{
/* ... */
}
}
Try to avoid private methods or variables, though, in favor of protected ones. The latter can be accessed
or modified by subclasses, whereas private ones prevent extension or re-use. Private visibility also makes
testing much more difficult.
Example Addresses
For all example URL and mail addresses use example.com, example.org and example.net, for example:
Email: [email protected]
WWW: http://www.example.com
FTP: ftp://ftp.example.com
The example.com domain name has been reserved for this (see RFC 260632 ) and is recommended for use
in documentation or as examples.
Files
File names which do not contain classes should be lowercased and underscored, for example:
31
32
[email protected]
http://tools.ietf.org/html/rfc2606.html
Coding Standards
117
long_file_name.php
Casting
For casting we use:
Type Description
(bool) Cast to boolean.
(int) Cast to integer.
(float) Cast to float.
(string) Cast to string.
(array) Cast to array.
(object) Cast to object.
Please use (int)$var instead of intval($var) and (float)$var instead of floatval($var)
when applicable.
Constants
Constants should be defined in capital letters:
define('CONSTANT', 1);
If a constant name consists of multiple words, they should be separated by an underscore character, for
example:
define('LONG_NAMED_CONSTANT', 2);
http://semver.org/
118
Chapter 5. Contributing
Migration Guides
For each major and minor release, the CakePHP team will provide a migration guide. These guides explain
the new features and any breaking changes that are in each release. They can be found in the Appendices
section of the cookbook.
Using CakePHP
If you are building your application with CakePHP, the following guidelines explain the stability you can
expect.
Interfaces
Outside of major releases, interfaces provided by CakePHP will not have any existing methods changed.
New methods may be added, but no existing methods will be changed.
Classes
Classes provided by CakePHP can be constructed and have their public methods and properties used by
application code and outside of major releases backwards compatibility is ensured.
Note: Some classes in CakePHP are marked with the @internal API doc tag. These classes are not
stable and do not have any backwards compatibility promises.
In minor releases, new methods may be added to classes, and existing methods may have new arguments
added. Any new arguments will have default values, but if youve overridden methods with a differing
signature you may see fatal errors. Methods that have new arguments added will be documented in the
migration guide for that release.
The following table outlines several use cases and what compatibility you can expect from CakePHP:
119
If you...
Typehint against the class
Create a new instance
Extend the class
Access a public property
Call a public method
Extend a class and...
Override a public property
Access a protected property
Override a protected property
Override a protected method
Call a protected method
Add a public property
Add a public method
Add an argument to an overridden
method
Add a default argument to an
existing method
Backwards compatibility?
Yes
Yes
Yes
Yes
Yes
Yes
No 34
No 1
No 1
No 1
No
No
No 1
Yes
Working on CakePHP
If you are helping make CakePHP even better please keep the following guidelines in mind when
adding/changing functionality:
In a minor release you can:
34
Your code may be broken by minor releases. Check the migration guide for details.
120
Chapter 5. Contributing
35
You can change a class/method name as long as the old name remains available. This is generally avoided unless renaming has
significant benefit.
36
Avoid whenever possible. Any removals need to be documented in the migration guide.
121
122
Chapter 5. Contributing
CHAPTER 6
Installation
CakePHP is simple and easy to install. The minimum requirements are a web server and a copy of CakePHP,
thats it! While this chapter focuses primarily on setting up on Apache (because its simple to install and
setup), CakePHP will run on a variety of web servers such as nginx, LightHTTPD, or Microsoft IIS.
Requirements
HTTP Server. For example: Apache. Having mod_rewrite is preferred, but by no means required.
PHP 5.4.16 or greater.
mbstring extension
intl extension
Note: In both XAMPP and WAMP, mcrypt and mbstring extensions are working by default.
In XAMPP, intl extension is included but you have to uncomment extension=php_intl.dll in
php.ini and restart the server through the XAMPP Control Panel.
In WAMP, the intl extension is activated by default but not working. To make it work you have to go to
php folder (by default) C:\wamp\bin\php\php{version}, copy all the files that looks like icu*.dll and paste
them into the apache bin directory C:\wamp\bin\apache\apache{version}\bin. Then restart all services
and it should be OK.
While a database engine isnt required, we imagine that most applications will utilize one. CakePHP supports a variety of database storage engines:
MySQL (5.1.10 or greater)
PostgreSQL
Microsoft SQL Server (2008 or higher)
SQLite 3
123
Note: All built-in drivers require PDO. You should make sure you have the correct PDO extensions installed.
Installing CakePHP
CakePHP uses Composer1 , a dependency management tool for PHP 5.3+, as the officially supported method
for installation.
First, youll need to download and install Composer if you havent done so already. If you have cURL
installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php
Once Composer finishes downloading the application skeleton and the core CakePHP library, you should
have a functioning CakePHP application installed via Composer. Be sure to keep the composer.json and
composer.lock files with the rest of your source code.
You can now visit the path to where you installed your CakePHP application and see the setup traffic lights.
Although composer is the recommended installation method, there are pre-installed downloads available on
Github5 . Those downloads contain the app skeleton with all vendor packages installed. Also it includes the
composer.phar so you have everything you need for further use.
http://getcomposer.org
https://getcomposer.org/download/
3
https://github.com/composer/windows-setup/releases/
4
https://github.com/composer/windows-setup
5
https://github.com/cakephp/cakephp/tags
2
124
Chapter 6. Installation
Each time you run php composer.phar update you will receive the latest stable releases when using
the default version constraint ~3.0. Only bugfix and minor version releases of 3.x will be used when
updating.
If you want to keep current with the latest unreleased changes in CakePHP you can add the change your
applications composer.json:
"require": {
"cakephp/cakephp": "dev-master"
}
Be aware that is not recommended, as your application can break when next major version is being released.
Additionally composer does not cache development branches, so it slows down consecutive composer installs/updates.
Permissions
CakePHP uses the tmp directory for a number of different operations. Model descriptions, cached views,
and session information are just a few examples. The logs directory is used to write log files by the default
FileLog engine.
As such, make sure the directories logs, tmp and all its subdirectories in your CakePHP installation are
writable by the web server user. Composers installation process makes tmp and its subfolders globally
writeable to get things up and running quickly but you can update the permissions for better security and
keep them writable only for the webserver user.
One common issue is that logs and tmp directories and subdirectories must be writable both by the web
server and the command line user. On a UNIX system, if your web server user is different from your
command line user, you can run the following commands from your application directory just once in your
project to ensure that permissions will be setup properly:
HTTPDUSER=`ps
setfacl -R -m
setfacl -R -d
setfacl -R -m
setfacl -R -d
Development Server
A development installation is the fastest method to setup CakePHP. In this example, we will be using CakePHPs console to run PHPs built-in web server which will make your application available at
http://host:port. From the app directory, execute:
bin/cake server
By default, without any arguments provided, this will serve your application at http://localhost:8765/.
If you have something conflicting with localhost or port 8765, you can tell the CakePHP console to run the
web server on a specific host and/or port utilizing the following arguments:
Permissions
125
Production
A production installation is a more flexible way to setup CakePHP. Using this method allows an entire
domain to act as a single CakePHP application. This example will help you install CakePHP anywhere on
your filesystem and make it available at http://www.example.com. Note that this installation may require
the rights to change the DocumentRoot on Apache webservers.
After installing your application using one of the methods above into the directory of your choosing - well
assume you chose /cake_install - your production setup will look like this on the file system:
/cake_install/
bin/
config/
logs/
plugins/
src/
tests/
tmp/
vendor/
webroot/ (this directory is set as DocumentRoot)
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md
Developers using Apache should set the DocumentRoot directive for the domain to:
DocumentRoot /cake_install/webroot
If your web server is configured correctly, you should now find your CakePHP application accessible at
http://www.example.com.
126
Chapter 6. Installation
Fire It Up
Alright, lets see CakePHP in action. Depending on which setup you used, you should point your browser
to http://example.com/ or http://localhost:8765/. At this point, youll be presented with CakePHPs default
home, and a message that tells you the status of your current database connection.
Congratulations! You are ready to create your first CakePHP application.
URL Rewriting
Apache
While CakePHP is built to work with mod_rewrite out of the boxand usually doesweve noticed that a
few users struggle with getting everything to play nicely on their systems.
Here are a few things you might try to get it running correctly. First look at your httpd.conf. (Make sure you
are editing the system httpd.conf rather than a user- or site-specific httpd.conf.)
These files can vary between different distributions and Apache versions. You may also take a look at
http://wiki.apache.org/httpd/DistrosDefaultLayout for further information.
1. Make sure that an .htaccess override is allowed and that AllowOverride is set to All for the correct
DocumentRoot. You should see something similar to:
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride All
#
Order deny,allow
#
Deny from all
</Directory>
2. Make sure you are loading mod_rewrite correctly. You should see something like:
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
In many systems these will be commented out by default, so you may just need to remove the leading
# symbols.
After you make changes, restart Apache to make sure the settings are active.
Verify that your .htaccess files are actually in the right directories. Some operating systems treat files
that start with . as hidden and therefore wont copy them.
3. Make sure your copy of CakePHP comes from the downloads section of the site or our Git repository,
and has been unpacked correctly, by checking for .htaccess files.
Fire It Up
127
CakePHP app directory (will be copied to the top directory of your application by bake):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule
^$
webroot/
RewriteRule
(.*) webroot/$1
</IfModule>
[L]
[L]
CakePHP webroot directory (will be copied to your applications web root by bake):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
If your CakePHP site still has problems with mod_rewrite, you might want to try modifying
settings for Virtual Hosts. On Ubuntu, edit the file /etc/apache2/sites-available/default (location is distribution-dependent). In this file, ensure that AllowOverride None is changed to
AllowOverride All, so you have:
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
On Mac OSX, another solution is to use the tool virtualhostx6 to make a Virtual Host to point to your
folder.
For many hosting services (GoDaddy, 1and1), your web server is actually being served from a
user directory that already uses mod_rewrite. If you are installing CakePHP into a user directory (http://example.com/~username/cakephp/), or any other URL structure that already utilizes
mod_rewrite, youll need to add RewriteBase statements to the .htaccess files CakePHP uses (.htaccess, webroot/.htaccess).
This can be added to the same section with the RewriteEngine directive, so for example, your webroot
.htaccess file would look like:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /path/to/app
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
The details of those changes will depend on your setup, and can include additional things that are not
related to CakePHP. Please refer to Apaches online documentation for more information.
6
http://clickontyler.com/virtualhostx/
128
Chapter 6. Installation
4. (Optional) To improve production setup, you should prevent invalid assets from being parsed by
CakePHP. Modify your webroot .htaccess to something like:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /path/to/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(webroot/)?(img|css|js)/(.*)$
RewriteRule ^ index.php [L]
</IfModule>
The above will simply prevent incorrect assets from being sent to index.php and instead display your
webservers 404 page.
Additionally you can create a matching HTML 404 page, or use the default built-in CakePHP 404 by
adding an ErrorDocument directive:
ErrorDocument 404 /404-not-found
nginx
nginx does not make use of .htaccess files like Apache, so it is necessary to create those rewritten URLs in the site-available configuration.
This is usually found in
/etc/nginx/sites-available/your_virtual_host_conf_file.
Depending upon
your setup, you will have to modify this, but at the very least, you will need PHP running as a FastCGI
instance:
server {
listen
80;
server_name www.example.com;
rewrite ^(.*) http://example.com$1 permanent;
}
server {
listen
80;
server_name example.com;
# root directive should be global
root
/var/www/example.com/public/webroot/;
index index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass
127.0.0.1:9000;
URL Rewriting
129
fastcgi_index
index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
On some servers (Like Ubuntu 14.04) the above configuration wont work out of the box, and the nginx docs
recommend a different approach anyway (http://nginx.org/en/docs/http/converting_rewrite_rules.html). You
might try the following (youll notice this is also just one server {} block, rather than two, although if you
want example.com to resolve to your CakePHP application in addition to www.example.com consult the
nginx link above):
server {
listen
80;
server_name www.example.com;
rewrite 301 http://www.example.com$request_uri permanent;
# root directive should be global
root
/var/www/example.com/public/webroot/;
index index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass
127.0.0.1:9000;
fastcgi_index
index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
http://www.microsoft.com/web/downloads/platform.aspx
http://www.iis.net/downloads/microsoft/url-rewrite
9
http://www.microsoft.com/en-us/download/details.aspx?id=5747
10
http://www.microsoft.com/en-us/download/details.aspx?id=7435
8
130
Chapter 6. Installation
Once the web.config file is created with the correct IIS-friendly rewrite rules, CakePHPs links, CSS, JavaScipt, and rerouting should work correctly.
URL Rewriting
131
132
Chapter 6. Installation
CHAPTER 7
Configuration
While conventions remove the need to configure all of CakePHP, youll still need to configure a few things
like your database credentials.
Additionally, there are optional configuration options that allow you to swap out default values & implementations with ones tailored to your application.
You can also use additional configuration files to provide environment specific overrides. Each file loaded
after app.php can redefine previously declared values allowing you to customize configuration for development or staging environments.
133
General Configuration
Below is a description of the variables and how they affect your CakePHP application.
debug Changes CakePHP debugging output. false = Production mode. No error messages, errors, or
warnings shown. true = Errors and warnings shown.
App.namespace The namespace to find app classes under.
Note: When changing the namespace in your configuration, you will also need to update your
composer.json file to use this namespace as well. Additionally, create a new autoloader by running
php composer.phar dumpautoload.
App.baseUrl Un-comment this definition if you dont plan to use Apaches mod_rewrite with CakePHP.
Dont forget to remove your .htaccess files too.
App.base The base directory the app resides in. If false this will be auto detected. If not false, ensure
your string starts with a / and does NOT end with a /. E.g., /basedir is a valid App.base. Otherwise,
the AuthComponent will not work properly.
App.encoding Define what encoding your application uses. This encoding is used to generate the charset
in the layout, and encode entities. It should match the encoding values specified for your database.
App.webroot The webroot directory.
App.wwwRoot The file path to webroot.
App.fullBaseUrl The fully qualified domain name (including protocol) to your applications root. This
is used when generating absolute URLs. By default this value is generated using the $_SERVER
environment. However, you should define it manually to optimize performance or if you are concerned
about people manipulating the Host header.
App.imageBaseUrl Web path to the public images directory under webroot. If you are using a CDN you
should set this value to the CDNs location.
App.cssBaseUrl Web path to the public css directory under webroot. If you are using a CDN you should
set this value to the CDNs location.
App.jsBaseUrl Web path to the public js directory under webroot. If you are using a CDN you should set
this value to the CDNs location.
App.paths Configure paths for non class based resources. Supports the plugins, templates,
locales subkeys, which allow the definition of paths for plugins, view templates and locale files
respectively.
Security.salt A random string used in hashing. This value is also used as the HMAC salt when doing
symetric encryption.
Asset.timestamp Appends a timestamp which is last modified time of the particular file at the end of asset
files URLs (CSS, JavaScript, Image) when using proper helpers. Valid values:
(bool) false - Doesnt do anything (default)
(bool) true - Appends the timestamp when debug is false
134
Chapter 7. Configuration
Database Configuration
See the Database Configuration for information on configuring your database connections.
Caching Configuration
See the Caching Configuration for information on configuring caching in CakePHP.
Logging Configuration
See the Logging Configuration for information on configuring logging in CakePHP.
Email Configuration
See the Email Configuration for information on configuring email presets in CakePHP.
Session Configuration
See the Session Configuration for information on configuring session handling in CakePHP.
Routing configuration
See the Routes Configuration for more information on configuring routing and creating routes for your
application.
135
The above would setup paths for both the App and App\Controller namespace. The first key will be
searched, and if that path does not contain the class/file the second key will be searched. You can also map
a single namespace to multiple directories with the following:
"autoload": {
"psr-4": {
"App\": ["src", "/path/to/directory"]
}
}
Paths should end with a directory separator, or they will not work properly.
Inflection Configuration
See the Inflection Configuration docs for more information.
Configure Class
class Cake\Core\Configure
CakePHPs Configure class can be used to store and retrieve application or runtime specific values. Be
careful, this class allows you to store anything in it, then use it in any other part of your code: a sure
temptation to break the MVC pattern CakePHP was designed for. The main goal of Configure class is to
136
Chapter 7. Configuration
keep centralized variables that can be shared between many objects. Remember to try to live by convention
over configuration and you wont end up breaking the MVC structure weve set in place.
You can access Configure from anywhere in your application:
Configure::read('debug');
Note: The dot notation used in the $key parameter can be used to organize your configuration settings
into logical groups.
The above example could also be written in a single call:
Configure::write('Company', [
'name' => 'Pizza, Inc.',
'slogan' => 'Pizza for your body and soul'
]);
You can use Configure::write(debug, $bool) to switch between debug and production
modes on the fly. This is especially handy for JSON interactions where debugging information can cause
parsing problems.
Configure::read('Company');
// Yields:
['name' => 'Pizza, Inc.', 'slogan' => 'Pizza for your body and soul'];
Configure Class
137
You can have multiple engines attached to Configure, each reading different kinds or sources of configuration
files. You can interact with attached engines using a few other methods on Configure. To see check which
engine aliases are attached you can use Configure::configured():
1
http://php.net/parse_ini_file
138
Chapter 7. Configuration
static Cake\Core\Configure::drop($name)
You can also remove attached engines. Configure::drop(default) would remove the default
engine alias. Any future attempts to load configuration files with that engine would fail:
Configure::drop('default');
Loaded configuration files merge their data with the existing runtime configuration in Configure. This allows
you to overwrite and add new values into the existing runtime configuration. By setting $merge to true,
values will not ever overwrite the existing configuration.
Configure::dump('my_config.php', 'default');
Configure::dump() can be used to either modify or overwrite configuration files that are readable with
Configure::load()
139
You can also store runtime configuration values for use in a future request. Since configure only remembers
values for the current request, you will need to store any modified configuration information if you want to
use it in subsequent requests:
// Store the current configuration in the 'user_1234' key in the 'default' cache.
Configure::store('user_1234', 'default');
Stored configuration data is persisted in the named cache configuration. See the Caching documentation for
more information on caching.
When restoring configuration information its important to restore it with the same key, and cache configuration as was used to store it. Restored information is merged on top of the existing runtime configuration.
140
Chapter 7. Configuration
In your config/bootstrap.php you could attach this engine and use it:
use App\Configure\Engine\XmlConfig;
Configure::config('xml', new XmlConfig());
...
Configure::load('my_xml', 'xml');
The read() method of a config engine, must return an array of the configuration information that the
resource named $key contains.
interface Cake\Core\Configure\ConfigEngineInterface
Defines the interface used by classes that read configuration data and store it in Configure
Cake\Core\Configure\ConfigEngineInterface::read($key)
Parameters
$key (string) The key name or identifier to load.
This method should load/parse the configuration data identified by $key and return an array of data
in the file.
Cake\Core\Configure\ConfigEngineInterface::dump($key)
Parameters
$key (string) The identifier to write to.
$data (array) The data to dump.
This method should dump/store the provided configuration data to a key identified by $key.
141
return [
'debug' => 0,
'Security' => [
'salt' => 'its-secret'
],
'App' => [
'namespace' => 'App'
]
];
The above ini file, would result in the same end configuration data as the PHP example above. Array
structures can be created either through dot separated values, or sections. Sections can contain dot separated
keys for deeper nesting.
142
Chapter 7. Configuration
"Security": {
"salt": "its-secret"
}
}
Bootstrapping CakePHP
If you have any additional configuration needs, you should add them to your applications config/bootstrap.php file. This file is included before each request, and CLI command.
This file is ideal for a number of common bootstrapping tasks:
Defining convenience functions.
Declaring constants.
Creating cache configurations.
Configuring inflections.
Loading configuration files.
Be careful to maintain the MVC software design pattern when you add things to the bootstrap file: it might
be tempting to place formatting functions there in order to use them in your controllers. As youll see in the
Controllers and Views sections there are better ways you add custom logic to your application.
Bootstrapping CakePHP
143
144
Chapter 7. Configuration
CHAPTER 8
Routing
class Cake\Routing\Router
Routing provides you tools that map URLs to controller actions. By defining routes, you can separate how
your application is implemented from how its URLs are structured.
Routing in CakePHP also encompasses the idea of reverse routing, where an array of parameters can be
transformed into a URL string. By using reverse routing, you can more easily re-factor your applications
URL structure without having to update all your code.
Quick Tour
This section will teach you by example the most common uses of the CakePHP Router. Typically you want
to display something as a landing page, so you add this to your routes.php file:
use Cake\Routing\Router;
// Using the scoped route builder.
Router::scope('/', function ($routes) {
$routes->connect('/', ['controller' => 'Articles', 'action' => 'index']);
});
// Using the static method.
Router::connect('/', ['controller' => 'Articles', 'action' => 'index']);
Router provides two interfaces for connecting routes. The static method is a backwards compatible interface, while the scoped builders offer more terse syntax when building multiple routes, and better performance.
This will execute the index method in the ArticlesController when the homepage of your site is
visited. Sometimes you need dynamic routes that will accept multiple parameters, this would be the case,
for example of a route for viewing an articles content:
Router::connect('/articles/*', ['controller' => 'Articles', 'action' => 'view']);
145
The above route will accept any URL looking like /articles/15 and invoke the method view(15)
in the ArticlesController. This will not, though, prevent people from trying to access URLs looking like /articles/foobar. If you wish, you can restring some parameters to conform to a regular
expression:
Router::connect(
'/articles/:id',
['controller' => 'Articles', 'action' => 'view'],
['id' => '\d+', 'pass' => ['id']]
);
The previous example changed the star matcher by a new placeholder :id. Using placeholders allows us to
validate parts of the URL, in this case we used the \d+ regular expression so that only digits are matched.
Finally, we told the Router to treat the id placeholder as a function argument to the view() function by
specifying the pass option. More on using this options later.
The CakePHP Router can also reverse match routes. That means that from an array containing matching
parameters, it is capable of generation a URL string:
use Cake\Routing\Router;
echo Router::url(['controller' => 'Articles', 'action' => 'view', 'id' => 15]);
// Will output
/articles/15
Routes can also be labelled with a unique name, this allows you to quickly reference them when building
links instead of specifying each of the routing parameters:
use Cake\Routing\Router;
Router::connect(
'/login',
['controller' => 'Users', 'action' => 'login'],
['_name' => 'login']
);
echo Router::url(['_name' => 'login']);
// Will output
/login
To help keep your routing code DRY, the Router has the concept of scopes. A scope defines a common path
segment, and optionally route defaults. Any routes connected inside a scope will inherit the path/defaults
from their wrapping scopes:
Router::scope('/blog', ['plugin' => 'Blog'], function ($routes) {
$routes->connect('/', ['controller' => 'Articles']);
});
146
Chapter 8. Routing
Connecting Routes
static Cake\Routing\Router::connect($route, $defaults =[], $options =[])
To keep your code DRY you should use routing scopes. Routing scopes not only let you keep your code
DRY, they also help Router optimize its operation. As seen above you can also use Router::connect()
to connect routes. This method defaults to the / scope. To create a scope and connect some routes well use
the scope() method:
// In config/routes.php
Router::scope('/', function ($routes) {
$routes->fallbacks('InflectedRoute');
});
The connect() method takes up to three parameters: the URL template you wish to match, the default
values for your route elements, and the options for the route. Options frequently include regular expression
rules to help the router match elements in the URL.
The basic format for a route definition is:
$routes->connect(
'URL template',
['default' => 'defaultValue'],
['option' => 'matchingRegex']
);
The first parameter is used to tell the router what sort of URL youre trying to control. The URL is a normal
slash delimited string, but can also contain a wildcard (*) or Route Elements. Using a wildcard tells the
router that you are willing to accept any additional arguments supplied. Routes without a * only match the
exact template pattern supplied.
Once youve specified a URL, you use the last two parameters of connect() to tell CakePHP what to
do with a request once it has been matched. The second parameter is an associative array. The keys of the
array should be named after the route elements the URL template represents. The values in the array are the
default values for those keys. Lets look at some basic examples before we start using the third parameter of
connect():
$routes->connect(
'/pages/*',
['controller' => 'Pages', 'action' => 'display']
);
This route is found in the routes.php file distributed with CakePHP. It matches any URL starting
with /pages/ and hands it to the display() action of the PagesController. A request to
/pages/products would be mapped to PagesController->display(products).
In addition to the greedy star /* there is also the /** trailing star syntax. Using a trailing double star,
will capture the remainder of a URL as a single passed argument. This is useful when you want to use an
argument that included a / in it:
$routes->connect(
'/pages/**',
Connecting Routes
147
The incoming URL of /pages/the-example-/-and-proof would result in a single passed argument of the-example-/-and-proof.
You can use the second parameter of connect() to provide any routing parameters that are composed of
the default values of the route:
$routes->connect(
'/government',
['controller' => 'Pages', 'action' => 'display', 5]
);
This example shows how you can use the second parameter of connect() to define default parameters.
If you built a site that features products for different categories of customers, you might consider creating a
route. This allows you link to /government rather than /pages/display/5.
Another common use for the Router is to define an alias for a controller. Lets say that instead
of accessing our regular URL at /users/some_action/5, wed like to be able to access it by
/cooks/some_action/5. The following route easily takes care of that:
$routes->connect(
'/cooks/:action/*', ['controller' => 'Users']
);
This is telling the Router that any URL beginning with /cooks/ should be sent to the users controller. The
action called will depend on the value of the :action parameter. By using Route Elements, you can create
variable routes, that accept user input or variables. The above route also uses the greedy star. The greedy
star indicates to Router that this route should accept any additional positional arguments given. These
arguments will be made available in the Passed Arguments array.
When generating URLs, routes are used too. Using [controller => Users, action =>
some_action, 5] as a URL will output /cooks/some_action/5 if the above route is the first
match found.
Route Elements
You can specify your own route elements and doing so gives you the power to define places in the URL
where parameters for controller actions should lie. When a request is made, the values for these route
elements are found in $this->request->params in the controller. When you define a custom route
element, you can optionally specify a regular expression - this tells CakePHP how to know if the URL is
correctly formed or not. If you choose to not provide a regular expression, any non / character will be
treated as part of the parameter:
$routes->connect(
'/:controller/:id',
['action' => 'view'],
['id' => '[0-9]+']
);
148
Chapter 8. Routing
The above example illustrates how to create a quick way to view models from any controller by crafting a
URL that looks like /controllername/:id. The URL provided to connect() specifies two route
elements: :controller and :id. The :controller element is a CakePHP default route element, so
the router knows how to match and identify controller names in URLs. The :id element is a custom route
element, and must be further clarified by specifying a matching regular expression in the third parameter of
connect().
CakePHP does not automatically produce lowercased URLs when using the :controller parameter. If
you need this, the above example could be rewritten like so:
$routes->connect(
'/:controller/:id',
['action' => 'view'],
['id' => '[0-9]+', 'routeClass' => 'InflectedRoute']
);
The special InflectedRoute class will make sure that the :controller and :plugin parameters
are correctly lowercased.
Note: Patterns used for route elements must not contain any capturing groups. If they do, Router will not
function correctly.
Once this route has been defined, requesting /apples/5 would call the view() method of
the ApplesController.
Inside the view() method, you would need to access the passed ID at
$this->request->params[id].
If you have a single controller in your application and you do not want the controller name to appear in the
URL, you can map all URLs to actions in your controller. For example, to map all URLs to actions of the
home controller, e.g have URLs like /demo instead of /home/demo, you can do the following:
$routes->connect('/:action', ['controller' => 'Home']);
If you would like to provide a case insensitive URL, you can use regular expression inline modifiers:
$routes->connect(
'/:userShortcut',
['controller' => 'Teachers', 'action' => 'profile', 1],
['userShortcut' => '(?i:principal)']
);
This is rather involved, but shows how powerful routes can be The URL supplied has four route elements.
Connecting Routes
149
The first is familiar to us: its a default route element that tells CakePHP to expect a controller name.
Next, we specify some default values. Regardless of the controller, we want the index() action to be called.
Finally, we specify some regular expressions that will match years, months and days in numerical form. Note
that parenthesis (grouping) are not supported in the regular expressions. You can still specify alternates, as
above, but not grouped with parenthesis.
Once defined, this route will match /articles/2007/02/01, /articles/2004/11/16, handing the requests to the index() actions of their respective controllers, with the date parameters in
$this->request->params.
There are several route elements that have special meaning in CakePHP, and should not be used unless you
want the special meaning
controller Used to name the controller for a route.
action Used to name the controller action for a route.
plugin Used to name the plugin a controller is located in.
prefix Used for Prefix Routing
_ext Used for File extentions routing.
_base Set to false to remove the base path from the generated URL. If your application is not in
the root directory, this can be used to generate URLs that are cake relative. cake relative URLs are
required when using requestAction.
_scheme Set to create links on different schemes like webcal or ftp. Defaults to the current scheme.
_host Set the host to use for the link. Defaults to the current host.
_port Set the port if you need to create links on non-standard ports.
_full If true the FULL_BASE_URL constant will be prepended to generated URLs.
# Allows you to set URL hash fragments.
_ssl Set to true to convert the generated URL to https or false to force http.
_method Define the HTTP verb/method to use. Useful when working with Creating RESTful Routes.
_name Name of route. If you have setup named routes, you can use this key to specify it.
150
Chapter 8. Routing
// routes.php
Router::scope('/', function ($routes) {
$routes->connect(
'/blog/:id-:slug', // E.g. /blog/3-CakePHP_Rocks
['controller' => 'Blogs', 'action' => 'view'],
[
// Define the route elements in the route template
// to pass as function arguments. Order matters since this
// will simply map ":id" to $articleId in your action
'pass' => ['id', 'slug'],
// Define a pattern that `id` must match.
'id' => '[0-9]+'
]
);
});
Now thanks to the reverse routing capabilities, you can pass in the URL array like below and CakePHP will
know how to form the URL as defined in the routes:
// view.ctp
// This will return a link to /blog/3-CakePHP_Rocks
echo $this->Html->link('CakePHP Rocks', [
'controller' => 'Blog',
'action' => 'view',
'id' => 3,
'slug' => 'CakePHP_Rocks'
]);
// You can also used numerically indexed parameters.
echo $this->Html->link('CakePHP Rocks', [
'controller' => 'Blog',
'action' => 'view',
3,
'CakePHP_Rocks'
]);
Connecting Routes
151
If your route template contains any route elements like :controller youll need to supply those as part
of the options to Router::url().
Note: Route names must be unique across your entire application. The same _name cannot be used twice,
even if the names occur inside a different routing scope.
Prefix Routing
static Cake\Routing\Router::prefix($name, $callback)
Many applications require an administration section where privileged users can make changes. This is
often done through a special URL such as /admin/users/edit/5. In CakePHP, prefix routing can be
enabled by using the prefix scope method:
Router::prefix('admin', function ($routes) {
// All routes here will be prefixed with `/admin`
// And have the prefix => admin route element added.
$routes->fallbacks('InflectedRoute');
});
Prefixes are mapped to sub-namespaces in your applications Controller namespace. By having prefixes
as separate controllers you can create smaller and simpler controllers. Behavior that is common to the
prefixed and non-prefixed controllers can be encapsulated using inheritance, Components, or traits. Using
our users example, accessing the URL /admin/users/edit/5 would call the edit() method of our
src/Controller/Admin/UsersController.php passing 5 as the first parameter. The view file used would be
src/Template/Admin/Users/edit.ctp
You can map the URL /admin to your index() action of pages controller using following route:
Router::prefix('admin', function ($routes) {
// Because you are in the admin scope,
// you do not need to include the /admin prefix
// or the admin route element.
$routes->connect('/', ['controller' => 'Pages', 'action' => 'index']);
});
When creating prefix routes, you can set additional route parameters using the $options argument:
Router::prefix('admin', ['param' => 'value'], function ($routes) {
// Routes connected here are prefixed with '/admin' and
// have the 'param' routing key set.
$routes->connect('/:controller');
});
152
Chapter 8. Routing
The above would create a route template like /debug_kit/admin/:controller. The connected
route would have the plugin and prefix route elements set.
When defining prefixes, you can nest multiple prefixes if necessary:
Router::prefix('manager', function ($routes) {
$routes->prefix('admin', function ($routes) {
$routes->connect('/:controller');
});
});
The above would create a route template like /manager/admin/:controller. The connected route
would have the prefix route element set to manager/admin.
The
current
prefix
will
be
available
$this->request->params[prefix]
from
the
controller
methods
through
When using prefix routes its important to set the prefix option. Heres how to build this link using the
HTML helper:
// Go into a prefixed route.
echo $this->Html->link(
'Manage articles',
['prefix' => 'manager', 'controller' => 'Articles', 'action' => 'add']
);
// Leave a prefix
echo $this->Html->link(
'View Post',
['prefix' => false, 'controller' => 'Articles', 'action' => 'view', 5]
);
Note: You should connect prefix routes before you connect fallback routes.
Plugin Routing
static Cake\Routing\Router::plugin($name, $options =[], $callback)
Routes for Plugins are most easily created using the plugin() method. This method creates a new routing
scope for the plugins routes:
Router::plugin('DebugKit', function ($routes) {
// Routes connected here are prefixed with '/debug_kit' and
// have the plugin route element set to 'DebugKit'.
$routes->connect('/:controller');
});
Connecting Routes
153
When creating plugin scopes, you can customize the path element used with the path option:
Router::plugin('DebugKit', ['path' => '/debugger'], function ($routes) {
// Routes connected here are prefixed with '/debugger' and
// have the plugin route element set to 'DebugKit'.
$routes->connect('/:controller');
});
When using scopes you can nest plugin scopes within prefix scopes:
Router::prefix('admin', function ($routes) {
$routes->plugin('DebugKit', function ($routes) {
$routes->connect('/:controller');
});
});
The above would create a route that looks like /admin/debug_kit/:controller. It would have the
prefix, and plugin route elements set.
You can create links that point to a plugin, by adding the plugin key to your URL array:
echo $this->Html->link(
'New todo',
['plugin' => 'Todo', 'controller' => 'TodoItems', 'action' => 'create']
);
Conversely if the active request is a plugin request and you want to create a link that has no plugin you can
do the following:
echo $this->Html->link(
'New todo',
['plugin' => null, 'controller' => 'Users', 'action' => 'profile']
);
By setting plugin => null you tell the Router that you want to create a link that is not part of a plugin.
SEO-Friendly Routing
Some developers prefer to use dashes in URLs, as its perceived to give better search engine rankings.
The DashedRoute class can be used in your application with the ability to route plugin, controller, and
camelized action names to a dashed URL.
For example, if we had a ToDo plugin, with a TodoItems controller, and a showItems() action, it
could be accessed at /to-do/todo-items/show-items with the following router connection:
Router::plugin('ToDo', ['path' => 'to-do'], function ($routes) {
$routes->fallbacks('DashedRoute');
});
Chapter 8. Routing
To handle different file extensions with your routes, you need one extra line in your routes config file:
Router::extensions(['html', 'rss']);
This will enable the named extensions for all routes connected after this method call. Any routes connected
prior to it will not inherit the extensions. By default the extensions you passed will be merged with existing
list of extensions. You can pass false for the second argument to override existing list. Calling the method
without arguments will return existing list of extensions. You can set extensions per scope as well:
Router::scope('/api', function ($routes) {
$routes->extensions(['json', 'xml']);
});
Note: Setting the extensions should be the first thing you do in a scope, as the extensions will only be
applied to routes connected after the extensions are set.
By using extensions, you tell the router to remove any matching file extensions, and then parse what remains.
If you want to create a URL such as /page/title-of-page.html you would create your route using:
Router::scope('/page', function ($routes) {
$routes->extensions(['json', 'xml', 'html']);
$routes->connect(
'/:title',
['controller' => 'Pages', 'action' => 'view'],
[
'pass' => ['title']
]
);
});
Then to create links which map back to the routes simply use:
$this->Html->link(
'Link title',
['controller' => 'Pages', 'action' => 'view', 'title' => 'super-article', '_ext' => 'ht
);
File extensions are used by Request Handling to do automatic view switching based on content types.
155
$routes->resources('Recipes');
});
The first line sets up a number of default routes for easy REST access where method specifies the desired
result format (e.g. xml, json, rss). These routes are HTTP Request Method sensitive.
HTTP format
GET
GET
POST
PUT
PATCH
DELETE
URL.format
/recipes.format
/recipes/123.format
/recipes.format
/recipes/123.format
/recipes/123.format
/recipes/123.format
CakePHPs Router class uses a number of different indicators to detect the HTTP method being used. Here
they are in order of preference:
1. The _method POST variable
2. The X_HTTP_METHOD_OVERRIDE
3. The REQUEST_METHOD header
The _method POST variable is helpful in using a browser as a REST client (or anything else that can do
POST easily). Just set the value of _method to the name of the HTTP request method you wish to emulate.
Will generate resource routes for both articles and comments. The comments routes will look like:
/api/articles/:article_id/comments
/api/articles/:article_id/comments/:id
Note: While you can nest resources as deeply as you require, it is not recommended to nest more than 2
resources together.
156
Chapter 8. Routing
Would create read only resource routes. The route names are create, update, view, index, and
delete.
The above would use update() for the edit() action, and create() instead of add().
In addition to the default routes, this would also connect a route for /articles/delete_all. By default the path
segment will match the key name. You can use the path key inside the resource definition to customize the
path name:
$routes->resources('Articles', [
'map' => [
'updateAll' => [
'action' => 'updateAll',
'method' => 'DELETE',
'path' => '/update_many'
],
]
]);
// This would connect /articles/update_many
157
If you define only and map, make sure that your mapped methods are also in the only list.
Passed Arguments
Passed arguments are additional arguments or path segments that are used when making a request. They are
often used to pass parameters to your controller methods.
http://localhost/calendars/view/recent/mark
In
the
above
example,
both
recent
and
mark
are
passed
arguments
to
CalendarsController::view(). Passed arguments are given to your controllers in three
ways.
First as arguments to the action method called, and secondly they are available in
$this->request->params[pass] as a numerically indexed array.
When using custom
routes you can force particular parameters to go into the passed arguments as well.
If you were to visit the previously mentioned URL, and you had a controller action that looked like:
class CalendarsController extends AppController
{
public function view($arg1, $arg2)
{
debug(func_get_args());
}
}
158
Chapter 8. Routing
debug($this->request->params['pass']);
When generating URLs, using a routing array you add passed arguments as values without string keys in
the array:
['controller' => 'Articles', 'action' => 'view', 5]
Generating URLs
static Cake\Routing\Router::url($url = null, $full = false)
Generating URLs or Reverse routing is a feature in CakePHP that is used to allow you to easily change your
URL structure without having to modify all your code. By using routing arrays to define your URLs, you
can later configure routes and the generated URLs will automatically update.
If you create URLs using strings like:
$this->Html->link('View', '/articles/view/' . $id);
And then later decide that /articles should really be called articles instead, you would have to go
through your entire application renaming URLs. However, if you defined your link like:
$this->Html->link(
'View',
['controller' => 'Articles', 'action' => 'view', $id]
);
Then when you decided to change your URLs, you could do so by defining a route. This would change both
the incoming URL mapping, as well as the generated URLs.
When using array URLs, you can define both query string parameters and document fragments using special
keys:
Router::url([
'controller' => 'Articles',
'action' => 'index',
'?' => ['page' => 1],
'#' => 'top'
]);
// Will generate a URL like.
/articles/index?page=1#top
Generating URLs
159
Router will also convert any unknown parameters in a routing array to querystring parameters. The ? is
offered for backwards compatibility with older versions of CakePHP.
You can also use any of the special route elements when generating URLs:
_ext Used for Routing File Extensions routing.
_base Set to false to remove the base path from the generated URL. If your application is not in
the root directory, this can be used to generate URLs that are cake relative. cake relative URLs are
required when using requestAction.
_scheme Set to create links on different schemes like webcal or ftp. Defaults to the current
scheme.
_host Set the host to use for the link. Defaults to the current host.
_port Set the port if you need to create links on non-standard ports.
_full If true the FULL_BASE_URL constant will be prepended to generated URLs.
_ssl Set to true to convert the generated URL to https or false to force http.
_name Name of route. If you have setup named routes, you can use this key to specify it.
Redirect Routing
static Cake\Routing\Router::redirect($route, $url, $options =[])
Redirect routing allows you to issue HTTP status 30x redirects for incoming routes, and point them at
different URLs. This is useful when you want to inform client applications that a resource has moved and
you dont want to expose two URLs for the same content.
Redirection routes are different from normal routes as they perform an actual header redirection if a match
is found. The redirection can occur to a destination within your application or an outside location:
$routes->redirect(
'/home/*',
['controller' => 'Articles', 'action' => 'view'],
['persist' => true]
// Or ['persist'=>['id']] for default routing where the
// view action expects $id as an argument.
);
160
Chapter 8. Routing
This route would create an instance of SlugRoute and allow you to implement custom parameter handling.
You can use plugin route classes using standard plugin syntax.
will cause all routes connected after this to use the DashedRoute route class. Calling the method without
an argument will return current default route class.
Fallbacks method
Cake\Routing\Router::fallbacks($routeClass = null)
The fallbacks method is a simple shortcut for defining default routes.
The method uses the
passed routing class for the defined rules or if no class is provided the class returned by
Router::defaultRouteClass() is used.
Calling fallbacks like so:
161
$routes->fallbacks('InflectedRoute');
Note:
Using the default route class (Route) with fallbacks, or any route with :plugin and/or
:controller route elements will result in inconsistent URL case.
162
Chapter 8. Routing
This will populate $this->request->params[named] with any named parameters found in the
passed arguments. Any passed argument that was interpreted as a named parameter, will be removed from
the list of passed arguments.
RequestActionTrait
trait Cake\Routing\RequestActionTrait
This trait allows classes which include it to create sub-requests or request actions.
Cake\Routing\RequestActionTrait::requestAction(string $url, array $options)
This function calls a controllers action from any location and returns the response body from the
action. The $url passed is a CakePHP-relative URL (/controllername/actionname/params). To pass
extra data to the receiving controller action add to the $options array.
Note: You can use requestAction() to retrieve a rendered view by passing return in the options: requestAction($url, [return]);. It is important to note that making a requestAction using return from a controller method may cause script and css tags to not work correctly.
Generally you can avoid dispatching sub-requests by using View Cells. Cells give you a lightweight
way to create re-usable view components when compared to requestAction().
You should always include checks to make sure your requestAction methods are actually originating from requestAction(). Failing to do so will allow requestAction methods to be directly
accessible from a URL, which is generally undesirable.
If we now create a simple element to call that function:
// src/View/Element/latest_comments.ctp
echo $this->requestAction('/comments/latest');
We can then place that element anywhere to get the output using:
echo $this->element('latest_comments');
Written in this way, whenever the element is rendered, a request will be made to the controller to get
the data, the data will be processed, rendered and returned. However in accordance with the warning
above its best to make use of element caching to prevent needless processing. By modifying the call
to element to look like this:
echo $this->element('latest_comments', [], ['cache' => '+1 hour']);
The requestAction call will not be made while the cached element view file exists and is valid.
In addition, requestAction takes routing array URLs:
echo $this->requestAction(
['controller' => 'Articles', 'action' => 'featured']
);
Note: Unlike other places where array URLs are analogous to string URLs, requestAction treats
them differently.
RequestActionTrait
163
The URL based array are the same as the ones that Cake\Routing\Router::url() uses with
one difference - if you are using passed parameters, you must put them in a second array and wrap
them with the correct key. This is because requestAction merges the extra parameters (requestActions
2nd parameter) with the request->params member array and does not explicitly place them under
the pass key. Any additional keys in the $option array will be made available in the requested
actions request->params property:
echo $this->requestAction('/articles/view/5');
You can also pass querystring arguments, post data or cookies using the appropriate keys. Cookies
can be passed using the cookies key. Get parameters can be set with query and post data can be
sent using the post key:
$vars = $this->requestAction('/articles/popular', [
'query' => ['page' = > 1],
'cookies' => ['remember_me' => 1],
]);
When using an array URL in conjunction with requestAction() you must specify all parameters that
you will need in the requested action. This includes parameters like $this->request->data.
In addition to passing all required parameters, passed arguments must be done in the second array as
seen above.
Dispatcher Filters
There are several reasons to want a piece of code to be run before any controller code is executed or right
before the response is sent to the client, such as response caching, header tuning, special authentication or
just to provide access to a mission-critical API response in lesser time than a complete request dispatching
cycle would take.
CakePHP provides a clean interface for attaching filters to the dispatch cycle. It is similar to a middleware
layer, but re-uses the existing event subsystem used in other parts of CakePHP. Since they do not work
exactly like traditional middleware, we refer to them as Dispatcher Filters.
Built-in Filters
CakePHP comes with several dispatcher filters built-in. They handle common features that all applications
are likely to need. The built-in filters are:
AssetFilter checks whether the request is referring to a theme or plugin asset file, such as a
CSS, JavaScript or image file stored in either a plugins webroot folder or the corresponding one for a
Theme. It will serve the file accordingly if found, stopping the rest of the dispatching cycle:
164
Chapter 8. Routing
rules
to
the
request
URL.
Populates
ControllerFactory uses $request->params to locate the controller that will handle the
current request.
LocaleSelector enables automatic language switching from the Accept-Language header
sent by the browser.
Using Filters
Filters are usually enabled in your applications bootstrap.php file, but you could easily load
them any time before the request is dispatched. Adding and removing filters is done through
Cake\Routing\DispatcherFactory. By default, the CakePHP application template comes with
a couple filter classes already enabled for all requests; lets take a look at how they are added:
DispatcherFactory::add('Routing');
DispatcherFactory::add('ControllerFactory');
// Plugin syntax is also possible
DispatcherFactory::add('PluginName.DispatcherName');
// Use options to set priority
DispatcherFactory::add('Asset', ['priority' => 1]);
Dispatcher filters with higher priority will be executed first. Priority defaults to 10.
While using the string name is convenient, you can also pass instances into add():
use Cake\Routing\Filter\RoutingFilter;
DispatcherFactory::add(new RoutingFilter());
When adding filters, you can control the order they are invoked in using event handler priorities. While
filters can define a default priority using the $_priority property, you can set a specific priority when
attaching the filter:
DispatcherFactory::add('Asset', ['priority' => 1]);
DispatcherFactory::add(new AssetFilter(['priority' => 1]));
The higher the priority the later this filter will be invoked.
RequestActionTrait
165
If you dont want to run a filter on every request, you can use conditions to only apply it some of the
time. You can apply conditions using the for and when options. The for option lets you match on URL
substrings, while the when option allows you to run a callable:
// Only runs on requests starting with `/blog`
DispatcherFactory::add('BlogHeader', ['for' => '/blog']);
// Only run on GET requests.
DispatcherFactory::add('Cache', [
'when' => function ($request, $response) {
return $request->is('get');
}
]);
The callable provided to when should return true when the filter should run. The callable can expect to
get the current request and response as arguments.
Building a Filter
To create a filter, define a class in src/Routing/Filter. In this example, well be making a filter that adds a
tracking cookie for the first landing page. First, create the file. Its contents should look like:
namespace App\Routing\Filter;
use Cake\Event\Event;
use Cake\Routing\DispatcherFilter;
class TrackingCookieFilter extends DispatcherFilter
{
public function beforeDispatch(Event $event)
{
$request = $event->data['request'];
$response = $event->data['response'];
if (!$request->cookie('landing_page')) {
$response->cookie([
'name' => 'landing_page',
'value' => $request->here(),
'expire' => '+ 1 year',
]);
}
}
}
Save this file into src/Routing/Filter/TrackingCookieFilter.php. As you can see, like other classes in
CakePHP, dispatcher filters have a few conventions:
Class names end in Filter.
Classes are in the Routing\Filter namespace. For example, App\Routing\Filter.
166
Chapter 8. Routing
// In our bootstrap.php
DispatcherFactory::add('HttpCache', ['for' => '/pages'])
This filter will send a expiration header to 1 day in the future for all responses produced by the pages
controller. You could of course do the same in the controller, this is just an example of what could be done
with filters. For instance, instead of altering the response, you could cache it using Cake\Cache\Cache
and serve the response from the beforeDispatch() callback.
While powerful, dispatcher filters have the potential to make your application more difficult to maintain.
Filters are an extremely powerful tool when used wisely and adding response handlers for each URL in
your app is not a good use for them. Keep in mind that not everything needs to be a filter; Controllers and
Components are usually a more accurate choice for adding any request handling code to your app.
RequestActionTrait
167
168
Chapter 8. Routing
CHAPTER 9
The request and response objects provide an abstraction around HTTP requests and responses. The request
object in CakePHP allows you to easily introspect an incoming request, while the response object allows
you to effortlessly create HTTP responses from your controllers.
Request
class Cake\Network\Request
Request is the default request object used in CakePHP. It centralizes a number of features for interrogating and interacting with request data. On each request one Request is created and then passed by reference to the various layers of an application that use request data. By default the request is assigned to
$this->request, and is available in Controllers, Cells, Views and Helpers. You can also access it in
Components using the controller reference. Some of the duties Request performs include:
Processing the GET, POST, and FILES arrays into the data structures you are familiar with.
Providing environment introspection pertaining to the request. Information like the headers sent, the
clients IP address, and the subdomain/domain names the server your application is running on.
Providing access to request parameters both as array indexes and object properties.
Request Parameters
Request exposes several interfaces for accessing request parameters:
$this->request->params['controller'];
$this->request->param('controller');
All of the above will access the same value. All Route Elements are accessed through this interface.
In addition to Route Elements, you also often need access to Passed Arguments. These are both available on
the request object as well:
169
// Passed arguments
$this->request->pass;
$this->request['pass'];
$this->request->params['pass'];
Will all provide you access to the passed arguments. There are several important/useful parameters that
CakePHP uses internally, these are also all found in the request parameters:
plugin The plugin handling the request. Will be null when there is no plugin.
controller The controller handling the current request.
action The action handling the current request.
prefix The prefix for the current action. See Prefix Routing for more information.
bare Present when the request came from Controller\Controller::requestAction()
and included the bare option. Bare requests do not have layouts rendered.
requested
Present
and
set
to
true
when
Controller\Controller::requestAction().
the
action
came
from
You can either directly access the query property, or you can use query() method to read the URL query
array in an error-free manner. Any keys that do not exist will return null:
$foo = $this->request->query('value_that_does_not_exist');
// $foo === null
$this->request->data['title'];
$this->request->data['comments'][1]['author'];
Some deserializing methods require additional parameters when called, such as the as array
parameter on json_decode.
If you want XML converted into a DOMDocument object,
Network\Request::input() supports passing in additional parameters as well:
// Get Xml encoded data submitted to a PUT/POST action
$data = $this->request->input('Xml::build', ['return' => 'domdocument']);
Request
171
Path Information
The request object also provides useful information about the paths in your application.
$request->base and $request->webroot are useful for generating URLs, and determining
whether or not your application is in a subdirectory. The various properties you can use are:
// Assume the current request URL is /subdir/articles/edit/1?page=1
// Holds /subdir/articles/edit/1?page=1
$request->here;
// Holds /subdir
$request->base;
// Holds /subdir/
$request->webroot;
You can also easily extend the request detectors that are available,
by using
Cake\Network\Request::addDetector() to create new kinds of detectors. There are four
different types of detectors that you can create:
Environment value comparison - Compares a value fetched from env() for equality with the provided value.
Pattern value comparison - Pattern value comparison allows you to compare a value fetched from
env() to a regular expression.
Option based comparison - Option based comparisons use a list of options to create a regular expression. Subsequent calls to add an already defined options detector will merge the options.
Callback detectors - Callback detectors allow you to provide a callback type to handle the check.
The callback will receive the request object as its only parameter.
Cake\Network\Request::addDetector($name, $options)
Some examples would be:
// Add an environment detector.
$this->request->addDetector(
'post',
['env' => 'REQUEST_METHOD', 'value' => 'POST']
);
172
Request
also
includes
methods
like
Cake\Network\Request::domain(),
Cake\Network\Request::subdomains() and Cake\Network\Request::host() to
help applications with subdomains, have a slightly easier life.
There are several built-in detectors that you can use:
is(get) Check to see whether the current request is a GET.
is(put) Check to see whether the current request is a PUT.
is(patch) Check to see whether the current request is a PATCH.
is(post) Check to see whether the current request is a POST.
is(delete) Check to see whether the current request is a DELETE.
is(head) Check to see whether the current request is HEAD.
is(options) Check to see whether the current request is OPTIONS.
is(ajax) Check to see whether the current request came with X-Requested-With = XMLHttpRequest.
is(ssl) Check to see whether the request is via SSL.
is(flash) Check to see whether the request has a User-Agent of Flash.
is(requested) Check to see whether the request has a query param requested with value 1.
is(json) Check to see whether the request has json extension and accept application/json
mimetype.
is(xml) Check to see whether the request has xml extension and accept application/xml or
text/xml mimetype.
Request
173
Session Data
To access the session for a given request use the session() method:
$this->request->session()->read('Auth.User.name');
For more information, see the Sessions documentation for how to use the session object.
Cake\Network\Request::subdomains($tldLength = 1)
Returns the subdomains your application is running on as an array:
// Returns ['my', 'dev'] for 'my.dev.example.org'
$request->subdomains();
Cake\Network\Request::host()
Returns the host your application is on:
// Prints 'my.dev.example.org'
echo $request->host();
Cake\Network\Request::allowMethod($methods)
Set allowed HTTP methods. If not matched, will throw MethodNotAllowedException. The 405 response
will include the required Allow header with the passed methods
Cake\Network\Request::header($name)
Allows you to access any of the HTTP_* headers that were used for the request. For example:
$this->request->header('User-Agent');
Cake\Network\Request::acceptLanguage($language = null)
Get all the languages accepted by the client, or check whether a specific language is accepted.
Get the list of accepted languages:
$this->request->acceptLanguage();
Response
class Cake\Network\Response
Response
175
Cake\Network\Response is the default response class in CakePHP. It encapsulates a number of features and functionality for generating HTTP responses in your application. It also assists in testing, as it can
be mocked/stubbed allowing you to inspect headers that will be sent. Like Cake\Network\Request,
Cake\Network\Response consolidates a number of methods previously found on Controller,
RequestHandlerComponent and Dispatcher. The old methods are deprecated in favour of using Cake\Network\Response.
Response provides an interface to wrap the common response-related tasks such as:
Sending headers for redirects.
Sending content type headers.
Sending any header.
Sending the response body.
Usually, youll want to map additional content types in your controllers beforeFilter() callback,
so you can leverage the automatic view switching features of RequestHandlerComponent if you are
using it.
176
Sending Files
Cake\Network\Response::file($path, $options =[])
There are times when you want to send files as responses for your requests. You can accomplish that by
using Cake\Network\Response::file():
public function sendFile($id)
{
$file = $this->Attachments->getFile($id);
$this->response->file($file['path']);
// Return response object to prevent controller from trying to render
// a view.
return $this->response;
}
As shown in the above example, you must pass the file path to the method. CakePHP will send
a proper content type header if its a known file type listed in Cake\Network\Reponse::$_mimeTypes.
You can add new types prior to calling Cake\Network\Response::file() by using the
Cake\Network\Response::type() method.
If you want, you can also force a file to be downloaded instead of displayed in the browser by specifying the
options:
$this->response->file(
$file['path'],
['download' => true, 'name' => 'foo']
);
Response
177
Setting Headers
Cake\Network\Response::header($header = null, $value = null)
Setting headers is done with the Cake\Network\Response::header() method. It can be called
with a few different parameter configurations:
// Set a single header
$this->response->header('Location', 'http://example.com');
// Set multiple headers
$this->response->header([
'Location' => 'http://example.com',
'X-Extra' => 'My header'
]);
$this->response->header([
'WWW-Authenticate: Negotiate',
'Content-type: application/pdf'
]);
Setting the same header() multiple times will result in overwriting the previous values, just as regular
header calls. Headers are not sent when Cake\Network\Response::header() is called; instead
they are buffered until the response is actually sent.
You can now use the convenience method Cake\Network\Response::location() to directly set
or get the redirect location header.
Warning: Using disableCache() with downloads from SSL domains while trying to send files to Internet
Explorer can result in errors.
Cake\Network\Response::cache($since, $time = +1 day)
178
want
them
to
cache
responses.
By
using
The above would tell clients to cache the resulting response for 5 days, hopefully speeding up your visitors experience. CakeResponse::cache() sets the Last-Modified value to the first argument.
Expires header and the max-age directive are set based on the second parameter. Cache-Controls
public directive is set as well.
Response class helps you set this header with some utility methods that will produce a final valid
Cache-Control header. The first is the Cake\Network\Response::sharable() method, which
indicates whether a response is to be considered sharable across different users or clients. This method actually controls the public or private part of this header. Setting a response as private indicates that all
or part of it is intended for a single user. To take advantage of shared caches, the control directive must be
set as public.
The second parameter of this method is used to specify a max-age for the cache, which is the number of
seconds after which the response is no longer considered fresh:
public function view()
{
// ...
// Set the Cache-Control as public for 3600 seconds
$this->response->sharable(true, 3600);
}
Response
179
Response exposes separate methods for setting each of the directives in the Cache-Control header.
The Expiration Header
Cake\Network\Response::expires($time = null)
You can set the Expires header to a date and time after which the response is no longer considered fresh.
This header can be set using the Cake\Network\Response::expires() method:
public function view()
{
$this->response->expires('+5 days');
}
This method also accepts a DateTime instance or any string that can be parsed by the DateTime class.
The Etag Header
Cake\Network\Response::etag($tag = null, $weak = false)
Cache validation in HTTP is often used when content is constantly changing, and asks the application to
only generate the response contents if the cache is no longer fresh. Under this model, the client continues to
store pages in the cache, but it asks the application every time whether the resource has changed, instead of
using it directly. This is commonly used with static resources such as images and other assets.
The etag() method (called entity tag) is a string that uniquely identifies the requested resource, as a
checksum does for a file, in order to determine whether it matches a cached resource.
To take advantage of this header, you must either call the Cake\Network\Response::checkNotModified()
method manually or include the RequestHandlerComponent in your controller:
public function index()
{
$articles = $this->Articles->find('all');
$this->response->etag($this->Articles->generateHash($articles));
if ($this->response->checkNotModified($this->request)) {
return $this->response;
}
// ...
}
180
Response
181
Once you are done creating a response, calling send() will send all the set headers as well as the body.
This is done automatically at the end of each request by Dispatcher.
182
CHAPTER 10
Controllers
class Cake\Controller\Controller
Controllers are the C in MVC. After routing has been applied and the correct controller has been found,
your controllers action is called. Your controller should handle interpreting the request data, making sure
the correct models are called, and the right response or view is rendered. Controllers can be thought of as
middle man between the Model and View. You want to keep your controllers thin, and your models fat. This
will help you more easily reuse your code and makes your code easier to test.
Commonly, a controller is used to manage the logic around a single model. For example, if you were
building a site for an online bakery, you might have a RecipesController managing your recipes and an
IngredientsController managing your ingredients. However, its also possible to have controllers work with
more than one model. In CakePHP, a controller is named after the primary model it handles.
Your applications controllers extend the AppController class, which in turn extends the core
Controller class. The AppController class can be defined in src/Controller/AppController.php
and it should contain methods that are shared between all of your applications controllers.
Controllers provide a number of methods that handle requests. These are called actions. By default, each
public method in a controller is an action, and is accessible from a URL. An action is responsible for
interpreting the request and creating the response. Usually responses are in the form of a rendered view, but
there are other ways to create responses as well.
183
{
}
Controller attributes and methods created in your AppController will be available in all controllers that
extend it. Components (which youll learn about later) are best used for code that is used in many (but not
necessarily all) controllers.
You can use your AppController to load components that will be used in every controller in your
application. CakePHP provides a initialize() method that is invoked at the end of a Controllers
constructor for this kind of use:
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
// Always enable the CSRF component.
$this->loadComponent('Csrf');
}
}
In addition to the initialize() method, the older $components property will also allow you to
declare which components should be loaded. While normal object-oriented inheritance rules apply, the
components and helpers used by a controller are treated specially. In these cases, AppController property values are merged with child controller class arrays. The values in the child class will always override
those in AppController.
Request Flow
When a request is made to a CakePHP application, CakePHPs Cake\Routing\Router and
Cake\Routing\Dispatcher classes use Connecting Routes to find and create the correct controller
instance. The request data is encapsulated in a request object. CakePHP puts all of the important request
information into the $this->request property. See the section on Request for more information on the
CakePHP request object.
Controller Actions
Controller actions are responsible for converting the request parameters into a response for the browser/user
making the request. CakePHP uses conventions to automate this process and remove some boilerplate code
you would otherwise need to write.
By convention, CakePHP renders a view with an inflected version of the action name. Returning to our
online bakery example, our RecipesController might contain the view(), share(), and search()
184
The
template
files
for
these
actions
would
be
src/Template/Recipes/view.ctp,
src/Template/Recipes/share.ctp, and src/Template/Recipes/search.ctp. The conventional view file
name is the lowercased and underscored version of the action name.
Controller actions generally use Controller::set() to create a context that View uses to render the
view layer. Because of the conventions that CakePHP uses, you dont need to create and render the view
manually. Instead, once a controller action has completed, CakePHP will handle rendering and delivering
the View.
If for some reason youd like to skip the default behavior, you can return a Cake\Network\Response
object from the action with the fully created response.
When you use controller methods with Routing\RequestActionTrait::requestAction()
you will typcially return a Response instance. If you have controller methods that are used for normal
web requests + requestAction, you should check the request type before returning:
// src/Controller/RecipesController.php
class RecipesController extends AppController
{
public function popular()
{
$popular = $this->Recipes->find('popular');
if (!$this->request->is('requested')) {
$this->response->body(json_encode($popular));
return $this->response;
}
$this->set('popular', $popular);
}
}
The
above
controller
Controller Actions
action
is
an
example
of
how
method
can
be
used
with
185
The Controller::set() method also takes an associative array as its first parameter. This can often
be a quick way to assign a set of information to the view:
$data = [
'color' => 'pink',
'type' => 'sugar',
'base_price' => 23.95
];
// Make $color, $type, and $base_price
// available to the view:
$this->set($data);
Rendering a View
Cake\Controller\Controller::render(string $view, string $layout)
The Controller::render() method is automatically called at the end of each requested controller action. This method performs all the view logic (using the data youve submitted using the
Controller::set() method), places the view inside its View::$layout, and serves it back to the
end user.
186
The default view file used by render is determined by convention. If the search() action of the
RecipesController is requested, the view file in src/Template/Recipes/search.ctp will be rendered:
namespace App\Controller;
class RecipesController extends AppController
{
// ...
public function search()
{
// Render the view in src/Template/Recipes/search.ctp
$this->render();
}
// ...
}
Although CakePHP will automatically call it after every actions logic (unless youve set
$this->autoRender to false), you can use it to specify an alternate view file by specifying a view
file name as first argument of Controller::render() method.
If $view starts with /, it is assumed to be a view or element file relative to the src/Template folder. This
allows direct rendering of elements, very useful in AJAX calls:
// Render the element in src/Template/Element/ajaxreturn.ctp
$this->render('/Element/ajaxreturn');
The second parameter $layout of Controller::render() allows you to specify the layout with
which the view is rendered.
Rendering a Specific Template
In your controller, you may want to render a different view than the conventional one. You can do this
by calling Controller::render() directly. Once you have called Controller::render(),
CakePHP will not try to re-render the view:
namespace App\Controller;
class PostsController extends AppController
{
public function my_action()
{
$this->render('custom_file');
}
}
187
{
public function my_action()
{
$this->render('Users.UserDetails/custom_file');
}
}
The method will return the response instance with appropriate headers set. You should return the response
instance from your action to prevent view rendering and let the dispatcher handle actual redirection.
You can also use a relative or absolute URL as the $url argument:
return $this->redirect('/orders/thanks');
return $this->redirect('http://www.example.com');
The second parameter of Controller::redirect() allows you to define an HTTP status code to
accompany the redirect. You may want to use 301 (moved permanently) or 303 (see other), depending on
the nature of the redirect.
If you need to redirect to the referer page you can use:
return $this->redirect($this->referer());
188
return $this->redirect([
'controller' => 'Orders',
'action' => 'confirm',
'?' => [
'product' => 'pizza',
'quantity' => 5
],
'#' => 'top'
]);
If you are using a table provider other than the built-in ORM you can link that table system into CakePHPs
controllers by connecting its factory method:
// In a controller method.
$this->modelFactory(
'ElasticIndex',
['ElasticIndexes', 'factory']
);
After registering a table factory, you can use loadModel to load instances:
189
// In a controller method.
$this->loadModel('Locations', 'ElasticIndex');
Note: The built-in ORMs TableRegistry is connected by default as the Table provider.
Paginating a Model
Cake\Controller\Controller::paginate()
This method is used for paginating results fetched by your models. You can specify page sizes, model find
conditions and more. See the pagination section for more details on how to use paginate()
The paginate attribute gives you an easy way to customize how paginate() behaves:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [
'conditions' => ['published' => 1]
]
];
}
property Cake\Controller\Controller::$components
The $components property on your controllers allows you to configure components. Configured components and their dependencies will be created by CakePHP for you. Read the Configuring Components
section for more information. As mentioned earlier the $components property will be merged with the
property defined in each of you controllers parent classes.
Lets look at how to tell a CakePHP Controller that you plan to use additional MVC classes:
class RecipesController extends AppController
{
public $helpers = ['Form'];
}
Each of these variables are merged with their inherited values, therefore it is not necessary (for example) to
redeclare the FormHelper, or anything that is declared in your AppController.
Deprecated since version 3.0: Loading Helpers from the controller is provided for backwards compatibility
reasons. You should see Configuring Helpers for how to load helpers.
More on Controllers
The Pages Controller
CakePHP ships with a default controller PagesController.php. This is a simple and optional controller for
serving up static content. The home page you see after installation is generated using this controller and
the view file src/Template/Pages/home.ctp. If you make the view file src/Template/Pages/about_us.ctp
191
you can access it using the URL http://example.com/pages/about_us. You are free to modify the Pages
Controller to meet your needs.
When you bake an app using Composer the Pages Controller is created in your src/Controller/ folder.
Components
Components are packages of logic that are shared between controllers. CakePHP comes with a fantastic set
of core components you can use to aid in various common tasks. You can also create your own components.
If you find yourself wanting to copy and paste things between controllers, you should consider creating your
own component to contain the functionality. Creating components keeps controller code clean and allows
you to reuse code between projects.
For more information on the components included in CakePHP, check out the chapter for each component:
Authentication
class AuthComponent(ComponentCollection $collection, array $config =[])
Identifying, authenticating, and authorizing users is a common part of almost every web application. In
CakePHP AuthComponent provides a pluggable way to do these tasks. AuthComponent allows you to
combine authentication objects and authorization objects to create flexible ways of identifying and checking
user authorization.
Suggested Reading Before Continuing
Configuring authentication requires several steps including defining a users table, creating a model, controller & views, etc.
This is all covered step by step in the Blog Tutorial.
Authentication
Authentication is the process of identifying users by provided credentials and ensuring that users are who
they say they are. Generally this is done through a username and password, that are checked against a known
list of users. In CakePHP, there are several built-in ways of authenticating users stored in your application.
FormAuthenticate allows you to authenticate users based on form POST data. Usually this is a
login form that users enter information into.
BasicAuthenticate allows you to authenticate users using Basic HTTP authentication.
DigestAuthenticate allows you to authenticate users using Digest HTTP authentication.
By default AuthComponent uses FormAuthenticate.
192
Choosing an Authentication Type Generally youll want to offer form based authentication. It is the
easiest for users using a web-browser to use. If you are building an API or webservice, you may want
to consider basic authentication or digest authentication. The key differences between digest and basic
authentication are mostly related to how passwords are handled. In basic authentication, the username
and password are transmitted as plain-text to the server. This makes basic authentication un-suitable for
applications without SSL, as you would end up exposing sensitive passwords. Digest authentication uses
a digest hash of the username, password, and a few other details. This makes digest authentication more
appropriate for applications without SSL encryption.
You can also use authentication systems like openid as well; however, openid is not part of CakePHP core.
Configuring Authentication Handlers You configure authentication handlers using the
authenticate config. You can configure one or many handlers for authentication. Using multiple handlers allows you to support different ways of logging users in. When logging users in, authentication
handlers are checked in the order they are declared. Once one handler is able to identify the user, no other
handlers will be checked. Conversely you can halt all authentication by throwing an exception. You will
need to catch any thrown exceptions and handle them as needed.
You can configure authentication handlers in your controllers beforeFilter() or initialize()
methods. You can pass configuration information into each authentication object using an array:
// Basic setup
$this->Auth->config('authenticate', ['Form']);
// Pass settings in
$this->Auth->config('authenticate', [
'Basic' => ['userModel' => 'Members'],
'Form' => ['userModel' => 'Members']
]);
In the second example youll notice that we had to declare the userModel key twice. To help you keep
your code DRY, you can use the all key. This special key allows you to set settings that are passed to every
attached object. The all key is also exposed as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authenticate', [
AuthComponent::ALL => ['userModel' => 'Members'],
'Basic',
'Form'
]);
In the above example, both Form and Basic will get the settings defined for the all key. Any settings
passed to a specific authentication object will override the matching key in the all key. The core authentication objects support the following configuration keys.
fields The fields to use to identify a user by. You can use keys username and password to
specify your username and password fields respectively.
userModel The model name of the users table; defaults to Users.
scope Additional conditions to use when looking up and authenticating users,
[Users.is_active => true].
More on Controllers
i.e.
193
contain Extra models to contain and return with identified users info.
passwordHasher Password hasher class; defaults to Default.
To configure different fields for user in your initialize() method:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email', 'password' => 'passwd']
]
]
]);
}
Do not put other Auth configuration keys, such as authError, loginAction, etc., within the
authenticate or Form element. They should be at the same level as the authenticate key. The setup
above with other Auth configuration should look like:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'plugin' => 'Users'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email']
]
]
]);
}
In addition to the common configuration, Basic authentication supports the following keys:
realm The realm being authenticated. Defaults to env(SERVER_NAME).
In addition to the common configuration Digest authentication supports the following keys:
realm The realm authentication is for. Defaults to the servername.
nonce A nonce used for authentication. Defaults to uniqid().
qop Defaults to auth; no other values are supported at this time.
opaque A string that must
md5($config[realm])
194
be
returned
unchanged
by
clients.
Defaults
to
The above code will attempt to first identify a user by using the POST data. If successful we set the user info
to the session so that it persists across requests and then redirect to either the last page they were visiting or
a URL specified in the loginRedirect config. If the login is unsuccessful, a flash message is set.
Warning: $this->Auth->setUser($data) will log the user in with whatever data is passed to
the method. It wont actually check the credentials against an authentication class.
More on Controllers
195
Using Digest and Basic Authentication for Logging In Basic and digest are stateless authentication schemes and dont require an initial POST or a form. If using only basic / digest authenticators
you dont require a login action in your controller. Also you can set $this->Auth->sessionKey
to false to ensure AuthComponent doesnt try to read user info from session. You may also want
to set config unauthorizedRedirect to false which will cause AuthComponent to throw a
ForbiddenException instead of default behavior of redirecting to referrer. Stateless authentication
will re-verify the users credentials on each request; this creates a small amount of additional overhead, but
allows clients to login in without using cookies and makes is suitable for APIs.
Creating Custom Authentication Objects Because authentication objects are pluggable, you can create
custom authentication objects in your application or plugins. If for example you wanted to create an OpenID
authentication object. In src/Auth/OpenidAuthenticate.php you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthenticate;
class OpenidAuthenticate extends BaseAuthenticate
{
public function authenticate(Request $request, Response $response)
{
// Do things for OpenID here.
// Return an array of user if they could authenticate the user,
// return false if not.
}
}
Authentication objects should return false if they cannot identify the user and an array of user information
if they can. Its not required that you extend BaseAuthenticate, only that your authentication object
implements Cake\Event\EventListenerInterface. The BaseAuthenticate class provides
a number of helpful methods that are commonly used. You can also implement a getUser() method if
your authentication object needs to support stateless or cookie-less authentication. See the sections on basic
and digest authentication below for more information.
AuthComponent triggers two events, Auth.afterIdentify and Auth.logout, after a user has
been identified and before a user is logged out respectively. You can set callback functions for these events
by returning a mapping array from implementedEvents() method of your authenticate class:
public function implementedEvents()
{
return [
'Auth.afterIdentify' => 'afterIdentify',
'Auth.logout' => 'logout'
];
}
Using Custom Authentication Objects Once youve created your custom authentication object, you can
use them by including them in AuthComponents authenticate array:
196
$this->Auth->config('authenticate', [
'Openid', // app authentication object.
'AuthBag.Openid', // plugin authentication object.
]);
Note: Note that when using simple notation theres no Authenticate word when initiating the authentication object. Instead, if using namespaces, youll need to set the full namespace of the class, including the
Authenticate word.
The above is how you could implement getUser method for HTTP basic authentication.
The
_findUser() method is part of BaseAuthenticate and identifies a user based on a username and
password.
Handling Unauthenticated Requests When an unauthenticated user tries to access a protected page first
the unauthenticated() method of the last authenticator in the chain is called. The authenticate object
can handle sending response or redirection by returning a response object to indicate no further action is
necessary. Due to this, the order in which you specify the authentication provider in authenticate
config matters.
If authenticator returns null, AuthComponent redirects user to login action. If its an AJAX request and
config ajaxLogin is specified that element is rendered else a 403 HTTP status code is returned.
Displaying Auth Related Flash Messages In order to display the session error messages that Auth
generates, you need to add the following code to your layout. Add the following two lines to the
src/Template/Layout/default.ctp file in the body section:
More on Controllers
197
echo $this->Flash->render();
echo $this->Flash->render('auth');
You can customize the error messages and flash settings AuthComponent uses. Using flash config you
can configure the parameters AuthComponent uses for setting flash messages. The available keys are
key - The key to use, defaults to auth.
params - The array of additional params to use, defaults to [].
In addition to the flash message settings you can customize other error messages AuthComponent uses. In
your controllers beforeFilter, or component settings you can use authError to customize the error used
for when authorization fails:
$this->Auth->config('authError', "Woopsie, you are not authorized to access this area.");
Sometimes, you want to display the authorization error only after the user has already logged-in. You can
suppress this message by setting its value to boolean false.
In your controllers beforeFilter() or component settings:
if (!$this->Auth->user()) {
$this->Auth->config('authError', false);
}
Hashing Passwords You are responsible for hashing the passwords before they are persisted to the
database, the easiest way is to use a setter function in your User entity:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}
198
Creating Custom Password Hasher Classes In order to use a different password hasher, you need to create the class in src/Auth/LegacyPasswordHasher.php and implement the hash() and check() methods. This class needs to extend the AbstractPasswordHasher class:
namespace App\Auth;
use Cake\Auth\AbstractPasswordHasher;
class LegacyPasswordHasher extends AbstractPasswordHasher
{
public function hash($password)
{
return sha1($password);
}
public function check($password, $hashedPassword)
{
return sha1($password) === $hashedPassword;
}
}
Then you are required to configure the AuthComponent to use your own password hasher:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Legacy',
]
]
]
]);
}
Supporting legacy systems is a good idea, but it is even better to keep your database with the latest security
advancements. The following section will explain how to migrate from one hashing algorithm to CakePHPs
default
Changing Hashing Algorithms CakePHP provides a clean way to migrate your users passwords from
one algorithm to another, this is achieved through the FallbackPasswordHasher class. Assuming
you are migrating your app from CakePHP 2.x which uses sha1 password hashes, you can configure the
AuthComponent as follows:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
More on Controllers
199
'Form' => [
'passwordHasher' => [
'className' => 'Fallback',
'hashers' => [
'Default',
'Weak' => ['hashType' => 'sha1']
]
]
]
]
]);
}
The first name appearing in the hashers key indicates which of the classes is the preferred one, but it will
fallback to the others in the list if the check was unsuccessful.
When using the WeakPasswordHasher you will need to set the Security.salt configure value to
ensure passwords are salted.
In order to update old users passwords on the fly, you can change the login function accordingly:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->authenticationProvider()->needsPasswordRehash()) {
$user = $this->Users->get($this->Auth->user('id'));
$user->password = $this->request->data('password');
$this->Users->save($user);
}
return $this->redirect($this->Auth->redirectUrl());
}
...
}
}
As you can see we are just setting the plain password again so the setter function in the entity will hash the
password as shown in the previous example and then save the entity.
Hashing Passwords For Digest Authentication Because Digest authentication requires a password
hashed in the format defined by the RFC, in order to correctly hash a password for use with Digest authentication you should use the special password hashing function on DigestAuthenticate. If you are
going to be combining digest authentication with any other authentication strategies, its also recommended
that you store the digest password in a separate column, from the normal password hash:
namespace App\Model\Table;
use Cake\Auth\DigestAuthenticate;
use Cake\Event\Event;
use Cake\ORM\Table;
200
Passwords for digest authentication need a bit more information than other password hashes, based on the
RFC for digest authentication.
Note:
The third parameter of DigestAuthenticate::password() must match the realm config value
defined when DigestAuthentication was configured in AuthComponent::$authenticate. This defaults to
env(SCRIPT_NAME). You may wish to use a static string if you want consistent hashes in multiple
environments.
Warning: Be sure to manually add the new User id to the array passed to the setUser() method.
Otherwise you wont have the user id available.
201
Once a user is logged in, you will often need some particular information about the current user. You can
access the currently logged in user using AuthComponent::user():
// From inside a controller or other component.
$this->Auth->user('id');
If the current user is not logged in or the key doesnt exist, null will be returned.
Logging Users Out
AuthComponent::logout()
Eventually youll want a quick way to de-authenticate someone and redirect them to where they need to
go. This method is also useful if you want to provide a Log me out link inside a members area of your
application:
public function logout()
{
return $this->redirect($this->Auth->logout());
}
Logging out users that logged in with Digest or Basic auth is difficult to accomplish for all clients. Most
browsers will retain credentials for the duration they are still open. Some clients can be forced to logout
by sending a 401 status code. Changing the authentication realm is another solution that works for some
clients.
Authorization
Authorization is the process of ensuring that an identified/authenticated user is allowed to access the resources they are requesting. If enabled AuthComponent can automatically check authorization handlers
and ensure that logged in users are allowed to access the resources they are requesting. There are several
built-in authorization handlers and you can create custom ones for your application or as part of a plugin.
ControllerAuthorize Calls isAuthorized() on the active controller, and uses the return
of that to authorize a user. This is often the most simple way to authorize users.
Note: The ActionsAuthorize & CrudAuthorize adapter available in CakePHP 2.x have now been
moved to a separate plugin cakephp/acl1 .
Configuring Authorization Handlers You configure authorization handlers using the authorize config key. You can configure one or many handlers for authorization. Using multiple handlers allows you
to support different ways of checking authorization. When authorization handlers are checked, they will
be called in the order they are declared. Handlers should return false, if they are unable to check authorization, or the check has failed. Handlers should return true if they were able to check authorization
successfully. Handlers will be called in sequence until one passes. If all checks fail, the user will be redirected to the page they came from. Additionally you can halt all authorization by throwing an exception.
You will need to catch any thrown exceptions and handle them.
1
https://github.com/cakephp/acl
202
Much like authenticate, authorize, helps you keep your code DRY, by using the all key. This
special key allows you to set settings that are passed to every attached object. The all key is also exposed
as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authorize', [
AuthComponent::ALL => ['actionPath' => 'controllers/'],
'Actions',
'Controller'
]);
In the above example, both the Actions and Controller will get the settings defined for the all key.
Any settings passed to a specific authorization object will override the matching key in the all key.
If an authenticated user tries to go to a URL hes not authorized to access, hes redirected back to the
referrer. If you do not want such redirection (mostly needed when using stateless authentication adapter)
you can set config option unauthorizedRedirect to false. This causes AuthComponent to throw a
ForbiddenException instead of redirecting.
Creating Custom Authorize Objects Because authorize objects are pluggable, you can create custom
authorize objects in your application or plugins. If for example you wanted to create an LDAP authorize
object. In src/Auth/LdapAuthorize.php you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthorize;
use Cake\Network\Request;
class LdapAuthorize extends BaseAuthorize
{
public function authorize($user, Request $request)
{
// Do things for ldap here.
}
}
Authorize objects should return false if the user is denied access, or if the object is unable to perform a
check. If the object is able to verify the users access, true should be returned. Its not required that you
extend BaseAuthorize, only that your authorize object implements an authorize() method. The
BaseAuthorize class provides a number of helpful methods that are commonly used.
More on Controllers
203
Using Custom Authorize Objects Once youve created your custom authorize object, you can use them
by including them in your AuthComponents authorize array:
$this->Auth->config('authorize', [
'Ldap', // app authorize object.
'AuthBag.Combo', // plugin authorize object.
]);
Using No Authorization If youd like to not use any of the built-in authorization objects and want to handle things entirely outside of AuthComponent, you can set $this->Auth->config(authorize,
false);. By default AuthComponent starts off with authorize set to false. If you dont use an
authorization scheme, make sure to check authorization yourself in your controllers beforeFilter or with
another component.
Making Actions Public
AuthComponent::allow($actions = null)
There are often times controller actions that you wish to remain entirely public or that dont require users to
be logged in. AuthComponent is pessimistic and defaults to denying access. You can mark actions as public
actions by using AuthComponent::allow(). By marking actions as public, AuthComponent will not
check for a logged in user nor will authorize objects be checked:
// Allow all actions
$this->Auth->allow();
// Allow only the index action.
$this->Auth->allow('index');
// Allow only the view and index actions.
$this->Auth->allow(['view', 'index']);
By calling it empty you allow all actions to be public. For a single action you can provide the action name
as string. Otherwise use an array.
Note: You should not add the login action of your UsersController to allow list. Doing so would
cause problems with normal functioning of AuthComponent.
204
By calling it empty you deny all actions. For a single action you can provide the action name as string.
Otherwise use an array.
Using ControllerAuthorize ControllerAuthorize allows you to handle authorization checks in a controller
callback. This is ideal when you have very simple authorization or you need to use a combination of models
and components to do your authorization and dont want to create a custom authorize object.
The callback is always called isAuthorized() and it should return a boolean as to whether or not the
user is allowed to access resources in the request. The callback is passed the active user so it can be checked:
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => 'Controller',
]);
}
public function isAuthorized($user = null)
{
// Any registered user can access public functions
if (empty($this->request->params['prefix'])) {
return true;
}
// Only admins can access admin functions
if ($this->request->params['prefix'] === 'admin') {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
}
The above callback would provide a very simple authorization system where only users with role = admin
could access actions that were in the admin prefix.
Configuration options
The following settings can all be defined either in your controllers initialize() method or using
$this->Auth->config() in your beforeFilter():
ajaxLogin The name of an optional view element to render when an AJAX request is made with an invalid
or expired session.
More on Controllers
205
See the Testing Actions That Require Authentication section for tips on how to test controller actions that
are protected by AuthComponent.
Cookie
class Cake\Controller\Component\CookieComponent(ComponentRegistry $collection,
array $config =[])
The CookieComponent is a wrapper around the native PHP setcookie() method. It makes it easier to
manipulate cookies, and automatically encrypt cookie data.
206
Configuring Cookies
Cookies can be configured either globally or per top-level name. The global configuration data will be
merged with the top-level configuration. So only need to override the parts that are different. To configure
the global settings use the config() method:
$this->Cookie->config('path', '/');
$this->Cookie->config([
'expires' => '+10 days',
'httpOnly' => true
]);
You can also group your variables by using dot notation in the key parameter:
More on Controllers
207
$this->Cookie->write('User.name', 'Larry');
$this->Cookie->write('User.role', 'Lead');
If you want to write more than one value to the cookie at a time, you can pass an array:
$this->Cookie->write('User',
['name' => 'Larry', 'role' => 'Lead']
);
All values in the cookie are encrypted with AES by default. If you want to store the values as plain
text, be sure to configure the key space:
$this->Cookie->configKey('User', 'encryption', false);
Cake\Controller\Component\CookieComponent::check($key)
Parameters
$key (string) The key to check.
Used to check whether a key/path exists and has a non-null value.
Cake\Controller\Component\CookieComponent::delete(mixed $key)
Deletes a cookie variable of the name in $key. Works with dot notation:
// Delete a variable
$this->Cookie->delete('bar');
// Delete the cookie variable bar, but not everything under foo
$this->Cookie->delete('foo.bar');
http://en.wikipedia.org/wiki/Cross-site_request_forgery
208
The CsrfComponent works by setting a cookie to the users browser. When forms are created with the
Cake\View\Helper\FormHelper, a hidden field is added containing the CSRF token. During the
Controller.startup event, if the request is a POST, PUT, DELETE, PATCH request the component
will compare the request data & cookie value. If either is missing or the two values mismatch the component
will throw a Cake\Network\Exception\ForbiddenException.
Using the CsrfComponent
Simply by adding the CsrfComponent to your components array, you can benefit from the CSRF protection it provides:
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
}
Settings can be passed into the component through your components settings. The available configuration
options are:
cookieName The name of the cookie to send. Defaults to csrfToken.
expiry How long the CSRF token should last. Defaults to browser session.
secure Whether or not the cookie will be set with the Secure flag. That is, the cookie will only be
set on a HTTPS connection and any attempt over normal HTTP will fail. Defaults to false.
field The form field to check. Defaults to _csrfToken. Changing this will also require configuring FormHelper.
When enabled, you can access the current CSRF token on the request object:
$token = $this->request->param('_csrfToken');
The CsrfComponent integrates seamlessly with FormHelper. Each time you create a form with
FormHelper, it will insert a hidden field containing the CSRF token.
Note: When using the CsrfComponent you should always start your forms with the FormHelper. If you do
not, you will need to manually create hidden inputs in each of your forms.
In addition to request data parameters, CSRF tokens can be submitted through a special X-CSRF-Token
header. Using a header often makes it easier to integrate a CSRF token with JavaScript heavy applications,
or XML/JSON based API endpoints.
More on Controllers
209
While not recommended, you may want to disable the CsrfComponent on certain requests. You can do this
using the controllers event dispatcher, during the beforeFilter() method:
public function beforeFilter(Event $event)
{
$this->eventManager()->off($this->Csrf);
}
Flash
class Cake\Controller\Component\FlashComponent(ComponentCollection
$collection, array $config =[])
FlashComponent provides a way to set one-time notification messages to be displayed after processing a
form or acknowledging data. CakePHP refers to these messages as flash messages. FlashComponent
writes flash messages to $_SESSION, to be rendered in a View using FlashHelper.
Setting Flash Messages
FlashComponent provides two ways to set flash messages: its __call() magic method and its set()
method. To furnish your application with verbosity, FlashComponents __call() magic method allows
you use a method name that maps to an element located under the src/Template/Element/Flash directory.
By convention, camelcased methods will map to the lowercased and underscored element name:
// Uses src/Template/Element/Flash/success.ctp
$this->Flash->success('This was successful');
// Uses src/Template/Element/Flash/great_success.ctp
$this->Flash->greatSuccess('This was greatly successful');
Alternatively, to set a plain-text message without rendering an element, you can use the set() method:
$this->Flash->set('This is a message');
FlashComponents __call() and set() methods optionally take a second parameter, an array of options:
key Defaults to flash. The array key found under the Flash key in the session.
element Defaults to null, but will automatically be set when using the __call() magic method.
The element name to use for rendering.
params An optional array of keys/values to make available as variables within an element.
An example of using these options:
// In your Controller
$this->Flash->success('The user has been saved', [
'key' => 'positive',
'params' => [
'name' => $user->name,
210
Note that the parameter element will be always overridden while using __call(). In order to retrieve a
specific element from a plugin, you should set the plugin parameter. For example:
// In your Controller
$this->Flash->warning('My message', ['plugin' => 'PluginName']);
The code above will use the warning.ctp element under plugins/PluginName/src/Template/Element/Flash
for rendering the flash message.
Note: By default, CakePHP does not escape the HTML in flash messages. If you are using any request or
user data in your flash messages, you should escape it with h when formatting your messages.
For more information about rendering your flash messages, please refer to the FlashHelper section.
Security
class SecurityComponent(ComponentCollection $collection, array $config =[])
The Security Component creates an easy way to integrate tighter security in your application. It provides
methods for various tasks like:
Restricting which HTTP methods your application accepts.
Form tampering protection
Requiring that SSL be used.
Limiting cross controller communication.
Like all components it is configured through several configurable parameters. All of these properties can be
set directly or through setter methods of the same name in your controllers beforeFilter.
By using the Security Component you automatically get form tampering protection. Hidden token fields
will automatically be inserted into forms and checked by the Security component.
If you are using Security components form protection features and other components that process form
data in their startup() callbacks, be sure to place Security Component before those components in your
initialize() method.
Note: When using the Security Component you must use the FormHelper to create your forms. In
addition, you must not override any of the fields name attributes. The Security Component looks
More on Controllers
211
for certain indicators that are created and managed by the FormHelper (especially those created in
View\Helper\FormHelper::create() and View\Helper\FormHelper::end()). Dynamically altering the fields that are submitted in a POST request (e.g. disabling, deleting or creating new fields
via JavaScript) is likely to cause the request to be send to the blackhole callback. See the $validatePost
or $disabledFields configuration parameters.
SecurityComponent::requireSecure()
Sets the actions that require a SSL-secured request. Takes any number of arguments. Can be called
with no arguments to force all actions to require a SSL-secured.
SecurityComponent::requireAuth()
Sets the actions that require a valid Security Component generated token. Takes any number of
arguments. Can be called with no arguments to force all actions to require a valid authentication.
Restricting Cross Controller Communication
property SecurityComponent::$allowedControllers
A list of controllers which can send requests to this controller. This can be used to control cross
controller requests.
212
property SecurityComponent::$allowedActions
A list of actions which are allowed to send requests to this controllers actions. This can be used to
control cross controller requests.
These configuration options allow you to restrict cross controller communication. Set them with the
config() method.
Form Tampering Prevention
By default the SecurityComponent prevents users from tampering with forms in specific ways. The
SecurityComponent will prevent the following things:
Unknown fields cannot be added to the form.
Fields cannot be removed from the form.
Values in hidden inputs cannot be modified.
Preventing these types of tampering is accomplished by working with the FormHelper and tracking which
fields are in a form. The values for hidden fields are tracked as well. All of this data is combined and turned
into a hash. When a form is submitted, the SecurityComponent will use the POST data to build the
same structure and compare the hash.
Note: The SecurityComponent will not prevent select options from being added/changed. Nor will it
prevent radio options from being added/changed.
property SecurityComponent::$unlockedFields
Set to a list of form fields to exclude from POST validation. Fields can be unlocked either in the
Component, or with FormHelper::unlockField(). Fields that have been unlocked are not
required to be part of the POST and hidden unlocked fields do not have their values checked.
property SecurityComponent::$validatePost
Set to false to completely skip the validation of POST requests, essentially turning off form validation.
Usage
Using the security component is generally done in the controllers beforeFilter(). You would specify
the security restrictions you want and the Security Component will enforce them on its startup:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
More on Controllers
213
parent::initialize();
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
if (isset($this->request->params['admin'])) {
$this->Security->requireSecure();
}
}
}
The above example would force all actions that had admin routing to require secure SSL requests:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']);
}
public function beforeFilter(Event $event)
{
if (isset($this->params['admin'])) {
$this->Security->requireSecure();
}
}
public function forceSSL()
{
return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}
}
This example would force all actions that had admin routing to require secure SSL requests. When the
request is black holed, it will call the nominated forceSSL() callback which will redirect non-secure
requests to secure requests automatically.
CSRF Protection
CSRF or Cross Site Request Forgery is a common vulnerability in web applications. It allows an attacker to
capture and replay a previous request, and sometimes submit data requests using image tags or resources on
other domains. To enable CSRF protection features use the Cross Site Request Forgery.
214
There may be cases where you want to disable all security checks for an action (ex. AJAX requests). You may unlock these actions by listing them in $this->Security->unlockedActions
in your beforeFilter(). The unlockedActions property will not affect other features of
SecurityComponent:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
$this->Security->config('unlockedActions', ['edit']);
}
}
This example would disable all security checks for the edit action.
Pagination
class Cake\Controller\Component\PaginatorComponent
One of the main obstacles of creating flexible and user-friendly web applications is designing an intuitive
user interface. Many applications tend to grow in size and complexity quickly, and designers and programmers alike find they are unable to cope with displaying hundreds or thousands of records. Refactoring takes
time, and performance and user satisfaction can suffer.
Displaying a reasonable number of records per page has always been a critical part of every application and
used to cause many headaches for developers. CakePHP eases the burden on the developer by providing a
quick, easy way to paginate data.
Pagination in CakePHP is offered by a Component in the controller, to make building paginated queries
easier. In the View View\Helper\PaginatorHelper is used to make the generation of pagination
links & buttons simple.
Using Controller::paginate()
In the controller, we start by defining the default query conditions pagination will use in the $paginate
controller variable. These conditions, serve as the basis for your pagination queries. They are augmented by
More on Controllers
215
the sort, direction limit, and page parameters passed in from the URL. It is important to note that the order
key must be defined in an array structure like below:
class ArticlesController extends AppController
{
public $paginate = [
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}
You can also include any of the options supported by ORM\Table::find(), such as fields:
class ArticlesController extends AppController
{
public $paginate = [
'fields' => ['Articles.id', 'Articles.created'],
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}
While you can pass most of the query options from the paginate property it is often cleaner and simpler to
bundle up your pagination options into a Custom Finder Methods. You can define the finder pagination uses
by setting the finder option:
class ArticlesController extends AppController
{
public $paginate = [
'finder' => 'published',
];
}
Because custom finder methods can also take in options, this is how you pass in options into a custom finder
method within the paginate property:
216
In addition to defining general pagination values, you can define more than one set of pagination defaults in
the controller, you just name the keys of the array after the model you wish to configure:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [],
'Authors' => [],
];
}
The values of the Articles and Authors keys could contain all the properties that a model/key less
$paginate array could.
Once
the
$paginate
property
has
been
defined,
we
can
use
the
Controller\Controller::paginate() method to create the pagination data, and add the
PaginatorHelper if it hasnt already been added. The controllers paginate method will return
the result set of the paginated query, and set pagination metadata to the request. You can access the
pagination metadata at $this->request->params[paging]. A more complete example of using
paginate() would be:
class ArticlesController extends AppController
{
public function index()
More on Controllers
217
{
$this->set('articles', $this->paginate());
}
}
By default the paginate() method will use the default model for a controller. You can also pass the
resulting query of a find method:
public function index()
{
$query = $this->Articles->find('popular')->where(['author_id' => 1]);
$this->set('articles', $this->paginate($query));
}
If you want to paginate a different model you can provide a query for it, the table object itself, or its name:
// Using a query
$comments = $this->paginate($commentsTable->find());
// Using the model name.
$comments = $this->paginate('Comments');
// Using a table object.
$comments = $this->paginate($commentTable);
If you need to paginate data from another component you may want to use the PaginatorComponent directly.
It features a similar API to the controller method:
$articles = $this->Paginator->paginate($articleTable->find(), $config);
// Or
$articles = $this->Paginator->paginate($articleTable, $config);
The first parameter should be the query object from a find on table object you wish to paginate results from.
Optionally, you can pass the table object and let the query be constructed for you. The second parameter
should be the array of settings to use for pagination. This array should have the same structure as the
$paginate property on a controller.
Control which Fields Used for Ordering
By default sorting can be done on any non-virtual column a table has. This is sometimes undesirable as it
allows users to sort on un-indexed columns that can be expensive to order by. You can set the whitelist of
fields that can be sorted using the sortWhitelist option. This option is required when you want to sort
on any associated data, or computed fields that may be part of your pagination query:
public $paginate = [
'sortWhitelist' => [
'id', 'title', 'Users.username', 'created'
218
]
];
Any requests that attempt to sort on fields not in the whitelist will be ignored.
Limit the Maximum Number of Rows that can be Fetched
The number of results that are fetched is exposed to the user as the limit parameter. It is generally
undesirable to allow users to fetch all rows in a paginated set. By default CakePHP limits the maximum
number of rows that can be fetched to 100. If this default is not appropriate for your application, you can
adjust it as part of the pagination options:
public $paginate = [
// Other keys here.
'maxLimit' => 10
];
If the requests limit param is greater than this value, it will be reduced to the maxLimit value.
Joining Additional Associations
Additional associations can be loaded to the paginated table by using the contain parameter:
public function index()
{
$this->paginate = [
'contain' => ['Authors', 'Comments']
];
$this->set('articles', $this->paginate($this->Articles));
}
The PaginatorComponent will throw a NotFoundException when trying to access a non-existent page,
i.e. page number requested is greater than total page count.
So you could either let the normal error page be rendered or use a try catch block and take appropriate action
when a NotFoundException is caught:
use Cake\Network\Exception\NotFoundException;
public function index()
{
try {
$this->paginate();
} catch (NotFoundException $e) {
// Do something here like redirecting to first or last page.
// $this->request->params['paging'] will give you required info.
More on Controllers
219
}
}
Check the View\Helper\PaginatorHelper documentation for how to create links for pagination
navigation.
Request Handling
class RequestHandlerComponent(ComponentCollection $collection, array $config =[])
The Request Handler component is used in CakePHP to obtain additional information about the HTTP
requests that are made to your applications. You can use it to inform your controllers about AJAX as well as
gain additional insight into content types that the client accepts and automatically changes to the appropriate
layout when file extensions are enabled.
By default RequestHandler will automatically detect AJAX requests based on the HTTP-XRequested-With header that many JavaScript libraries use.
When used in conjunction with
Cake\Routing\Router::extensions(), RequestHandler will automatically switch the layout
and template files to those that match the requested type. Furthermore, if a helper with the same
name as the requested extension exists, it will be added to the Controllers Helper array. Lastly, if
XML/JSON data is POSTed to your Controllers, it will be parsed into an array which is assigned to
$this->request->data, and can then be saved as model data. In order to make use of RequestHandler
it must be included in your initialize() method:
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
// Rest of controller
}
Request Handler has several methods that provide information about the client and its request.
RequestHandlerComponent::accepts($type = null)
$type can be a string, or an array, or null. If a string, accepts will return true if the client accepts the
content type. If an array is specified, accepts return true if any one of the content types is accepted
by the client. If null returns an array of the content-types that the client accepts. For example:
220
More on Controllers
221
MIDP
NetFront
Nokia
Opera Mini
Opera Mobi
PalmOS
PalmSource
portalmmm
Plucker
ReqwirelessWeb
SonyEricsson
Symbian
UP.Browser
webOS
Windows CE
Windows Phone OS
Xiino
RequestHandlerComponent::isWap()
Returns true if the client accepts WAP content.
All of the above request detection methods can be used in a similar fashion to filter functionality intended
for specific content types. For example when responding to AJAX requests, you often will want to disable
browser caching, and change the debug level. However, you want to allow caching for non-AJAX requests.
The following would accomplish that:
if ($this->request->is('ajax')) {
$this->disableCache();
}
// Continue Controller action
RequestHandlerComponent::addInputType($type, $handler)
Add a request data decoder. The handler should contain a callback, and any additional arguments for the
callback. The callback should return an array of data contained in the request input. For example adding a
CSV handler in your controllers beforeFilter could look like:
222
You can use any callable3 for the handling function. You can also pass additional arguments to the callback,
this is useful for callbacks like json_decode:
$this->RequestHandler->addInputType('json', ['json_decode', true]);
The above will make $this->request->data an array of the JSON input data, without the additional
true youd get a set of StdClass objects.
Checking Content-Type Preferences
RequestHandlerComponent::prefers($type = null)
Determines which content-types the client prefers. If no parameter is given the most likely content type
is returned. If $type is an array the first type the client accepts will be returned. Preference is determined
primarily by the file extension parsed by Router if one has been provided, and secondly by the list of contenttypes in HTTP\_ACCEPT:
$this->RequestHandler->prefers('json');
Responding To Requests
RequestHandlerComponent::renderAs($controller, $type)
Change the render mode of a controller to the specified type. Will also append the appropriate helper to the
controllers helper array if available and not already in the array:
// Force the controller to render an xml response.
$this->RequestHandler->renderAs($this, 'xml');
This method will also attempt to add a helper that matches your current content type. For example if you
render as rss, the RssHelper will be added.
RequestHandlerComponent::respondAs($type, $options)
Sets the response header based on content-type map names. This method lets you set a number of response
properties at once:
$this->RequestHandler->respondAs('xml', [
// Force download
'attachment' => true,
3
http://php.net/callback
More on Controllers
223
RequestHandlerComponent::responseType()
Returns the current response type Content-type header or null if one has yet to be set.
Taking Advantage of HTTP Cache Validation
The HTTP cache validation model is one of the processes used for cache gateways, also known as reverse
proxies, to determine if they can serve a stored copy of a response to the client. Under this model, you
mostly save bandwidth, but when used correctly you can also save some CPU processing, reducing this way
response times.
Enabling the RequestHandlerComponent in your controller automatically activates a check done before
rendering the view. This check compares the response object against the original request to determine
whether the response was not modified since the last time the client asked for it.
If response is evaluated as not modified, then the view rendering process is stopped, saving processing time,
saving bandwidth and no content is returned to the client. The response status code is then set to 304 Not
Modified.
You can opt-out this automatic checking by setting the checkHttpCache setting to false:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'checkHttpCache' => false
]);
}
RequestHandlerComponent::viewClassMap($type, $viewClass)
When using JsonView/XmlView you might want to override the default serialization with a custom View
class, or add View classes for other types.
You can map existing and new types to your custom classes. You can also set this automatically by using
the viewClassMap setting:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'viewClassMap' => [
'json' => 'ApiKit.MyJson',
'xml' => 'ApiKit.MyXml',
'csv' => 'ApiKit.Csv'
]
224
]);
}
Configuring Components
Many of the core components require configuration. Some examples of components requiring configuration are Authentication and Cookie. Configuration for these components, and for components in general, is usually done via loadComponent() in your Controllers initialize() method or via the
$components array:
class PostsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => ['controller'],
'loginAction' => ['controller' => 'Users', 'action' => 'login']
]);
$this->loadComponent('Cookie', ['expiry' => '1 day']);
}
}
You can configure components at runtime using the config() method. Often, this is done in your controllers beforeFilter() method. The above could also be expressed as:
public function beforeFilter()
{
$this->Auth->config('authorize', ['controller']);
$this->Auth->config('loginAction', ['controller' => 'Users', 'action' => 'login']);
$this->Cookie->config('name', 'CookieMonster');
}
Like helpers, components implement a config() method that is used to get and set any configuration data
for a component:
// Read config data.
$this->Auth->config('loginAction');
// Set config
$this->Csrf->config('cookieName', 'token');
As with helpers, components will automatically merge their $_defaultConfig property with constructor configuration to create the $_config property which is accessible with config().
More on Controllers
225
Aliasing Components
One common setting to use is the className option, which allows you to alias components. This feature
is useful when you want to replace $this->Auth or another common Component reference with a custom
implementation:
// src/Controller/PostsController.php
class PostsController extends AppController
{
public function initialize()
{
$this->loadComponent('Auth', [
'className' => 'MyAuth'
]);
}
}
// src/Controller/Component/MyAuthComponent.php
use Cake\Controller\Component\AuthComponent;
class MyAuthComponent extends AuthComponent
{
// Add your code to override the core AuthComponent
}
You might not need all of your components available on every controller action. In situations like this you
can load a component at runtime using the loadComponent() method in your controller:
// In a controller action
$this->loadComponent('OneTimer');
$time = $this->OneTimer->getTime();
Note: Keep in mind that components loaded on the fly will not have missed callbacks called. If you rely on
the beforeFilter or startup callbacks being called, you may need to call them manually depending
on when you load your component.
Using Components
Once youve included some components in your controller, using them is pretty simple.
Each component you use is exposed as a property on your controller.
If you
had
loaded
up
the
Cake\Controller\Component\FlashComponent
and
the
226
Note: Since both Models and Components are added to Controllers as properties they share the same
namespace. Be sure to not give a component and a model the same name.
Creating a Component
Suppose our application needs to perform a complex mathematical operation in many different parts of the
application. We could create a component to house this shared logic for use in many different controllers.
The first step is to create a new component file and class.
Create the file in
src/Controller/Component/MathComponent.php.
The basic structure for the component would
look something like this:
namespace App\Controller\Component;
use Cake\Controller\Component;
class MathComponent extends Component
{
public function doComplexOperation($amount1, $amount2)
{
return $amount1 + $amount2;
}
}
Note: All components must extend Cake\Controller\Component. Failing to do this will trigger an
exception.
More on Controllers
227
Once our component is finished, we can use it in the applications controllers by loading it during the
controllers initialize() method. Once loaded, the controller will be given a new attribute named after
the component, through which we can access an instance of it:
// In a controller
// Make the new component available at $this->Math,
// as well as the standard $this->Csrf
public function initialize()
{
parent::initialize();
$this->loadComponent('Math');
$this->loadComponent('Csrf');
}
When including Components in a Controller you can also declare a set of parameters that will be passed on
to the Components constructor. These parameters can then be handled by the Component:
// In your controller.
public function initialize()
{
parent::initialize();
$this->loadComponent('Math', [
'precision' => 2,
'randomGenerator' => 'srand'
]);
$this->loadComponent('Csrf');
}
and
randomGenerator
to
Sometimes one of your components may need to use another component. In this case you can include
other components in your component the exact same way you include them in controllers - using the
$components var:
// src/Controller/Component/CustomComponent.php
namespace App\Controller\Component;
use Cake\Controller\Component;
class CustomComponent extends Component
{
// The other component your component uses
public $components = ['Existing'];
// Execute any other additional setup for your component.
public function initialize(array $config)
{
228
$this->Existing->foo();
}
public function bar()
{
// ...
}
}
// src/Controller/Component/ExistingComponent.php
namespace App\Controller\Component;
use Cake\Controller\Component;
class ExistingComponent extends Component
{
public function foo()
{
// ...
}
}
From within a Component you can access the current controller through the registry:
$controller = $this->_registry->getController();
You can also easily access the controller in any callback method from the event object:
$controller = $event->subject();
Component Callbacks
Components also offer a few request life-cycle callbacks that allow them to augment the request cycle.
beforeFilter(Event $event)
Is called before the controllers beforeFilter method, but after the controllers initialize() method.
startup(Event $event)
Is called after the controllers beforeFilter method but before the controller executes the current action
handler.
beforeRender(Event $event)
Is called after the controller executes the requested actions logic, but before the controllers renders
views and layout.
More on Controllers
229
shutdown(Event $event)
Is called before output is sent to the browser.
beforeRedirect(Event $event, $url, Response $response)
Is invoked when the controllers redirect method is called but before any further action. If this method
returns false the controller will not continue on to redirect the request. The $url, and $response
parameters allow you to inspect and modify the location or any other headers in the response.
230
CHAPTER 11
Views
class Cake\View\View
Views are the V in MVC. Views are responsible for generating the specific output required for the request.
Often this is in the form of HTML, XML, or JSON, but streaming files and creating PDFs that users can
download are also responsibilities of the View Layer.
CakePHP comes with a few built-in View classes for handling the most common rendering scenarios:
To create XML or JSON webservices you can use the JSON and XML views.
To serve protected files, or dynamically generated files, you can use Sending Files.
To create multiple themed views, you can use Themes.
You can use your AppView to load helpers that will be used for every view rendered in your application.
CakePHP provides an initialize() method that is invoked at the end of a Views constructor for this
kind of use:
<?php
namespace App\View;
231
use Cake\View\View;
class AppView extends View
{
public function initialize()
{
// Always enable the MyUtils Helper
$this->loadHelper('MyUtils');
}
}
View Templates
The view layer of CakePHP is how you speak to your users. Most of the time your views will be showing
(X)HTML documents to browsers, but you might also need to reply to a remote application via JSON, or
output a CSV file for a user.
By default CakePHP template files are written in plain PHP and have a default extension of .ctp (CakePHP
Template). These files contain all the presentational logic needed to get the data it received from the controller in a format that is ready for the audience youre serving to. If youd prefer using a templating language
like Twig, a subclass of View will bridge your templating language and CakePHP.
Template files are stored in src/Template/, in a folder named after the controller that uses the files, and
named after the action it corresponds to. For example, the view file for the Products controllers view()
action, would normally be found in src/Template/Products/view.ctp.
The view layer in CakePHP can be made up of a number of different parts. Each part has different uses, and
will be covered in this chapter:
views: Templates are the part of the page that is unique to the action being run. They form the meat
of your applications response.
elements: small, reusable bits of view code. Elements are usually rendered inside views.
layouts: template files that contain presentational code that wraps many interfaces in your application.
Most views are rendered inside a layout.
helpers: these classes encapsulate view logic that is needed in many places in the view layer. Among
other things, helpers in CakePHP can help you build forms, build AJAX functionality, paginate model
data, or serve RSS feeds.
cells: these classes provide miniature controller-like features for creating self contained UI components. See the View Cells documentation for more information.
View Variables
Any variables you set in your controller with set() will be available in both the view and the layout your
action renders. In addition, any set variables will also be available in any element. If you need to pass
232
additional variables from the view to the layout you can either call set() in the view template, or use a
Using View Blocks.
You should remember to always escape any user data before outputting it as CakePHP does not automatically escape output. You can escape user content with the h() function:
<?= h($user->bio); ?>
Then, in your layout, the $activeMenuButton variable will be available and contain the value posts.
Extending Views
View extending allows you to wrap one view in another. Combining this with view blocks gives you a
powerful way to keep your views DRY. For example, your application has a sidebar that needs to change
depending on the specific view being rendered. By extending a common view file, you can avoid repeating
the common markup for your sidebar, and only define the parts that change:
<!-- src/Template/Common/view.ctp -->
<h1><?= $this->fetch('title') ?></h1>
<?= $this->fetch('content') ?>
<div class="actions">
<h3>Related actions</h3>
<ul>
<?= $this->fetch('sidebar') ?>
</ul>
</div>
The above view file could be used as a parent view. It expects that the view extending it will define the
sidebar and title blocks. The content block is a special block that CakePHP creates. It will contain
all the uncaptured content from the extending view. Assuming our view file has a $post variable with the
data about our post, the view could look like:
<!-- src/Template/Posts/view.ctp -->
<?php
$this->extend('/Common/view');
$this->assign('title', $post);
View Templates
233
$this->start('sidebar');
?>
<li>
<?php
echo $this->Html->link('edit', [
'action' => 'edit',
$post->id
]); ?>
</li>
<?php $this->end(); ?>
// The remaining content will be available as the 'content' block
// In the parent view.
<?= h($post->body) ?>
The post view above shows how you can extend a view, and populate a set of blocks. Any content not already
in a defined block will be captured and put into a special block named content. When a view contains
a call to extend(), execution continues to the bottom of the current view file. Once it is complete, the
extended view will be rendered. Calling extend() more than once in a view file will override the parent
view that will be processed next:
$this->extend('/Common/view');
$this->extend('/Common/index');
The above will result in /Common/index.ctp being rendered as the parent view to the current view.
You can nest extended views as many times as necessary. Each view can extend another view if desired.
Each parent view will get the previous views content as the content block.
Note: You should avoid using content as a block name in your application. CakePHP uses this for
uncaptured content in extended views.
You can get the list of all populated blocks using the blocks() method:
$list = $this->blocks();
234
Assigning a blocks content is often useful when you want to convert a view variable into a block. For
example, you may want to use a block for the page title, and sometimes assign the title as a view variable in
the controller:
// In view file or layout above $this->fetch('title')
$this->assign('title', $title);
Note: You should avoid using content as a block name. This is used by CakePHP internally for extended
views, and view content in the layout.
Displaying Blocks
You can display blocks using the fetch() method. fetch() will output a block, returning if a block
does not exist:
<?= $this->fetch('sidebar') ?>
You can also use fetch to conditionally show content that should surround a block should it exist. This is
helpful in layouts, or extended views where you want to conditionally show headings or other markup:
// In src/Template/Layout/default.ctp
<?php if ($this->fetch('menu')): ?>
<div class="menu">
<h3>Menu options</h3>
<?= $this->fetch('menu') ?>
235
</div>
<?php endif; ?>
You can also provide a default value for a block should it not have any content. This allows you to easily
add placeholder content for empty states. You can provide a default value using the second argument:
<div class="shopping-cart">
<h3>Your Cart</h3>
<?= $this->fetch('cart', 'Your cart is empty') ?>
</div>
The Cake\View\Helper\HtmlHelper also allows you to control which block the scripts and CSS go
to:
// In your view
$this->Html->script('carousel', ['block' => 'scriptBottom']);
// In your layout
<?= $this->fetch('scriptBottom') ?>
Layouts
A layout contains presentation code that wraps around a view. Anything you want to see in all of your views
should be placed in a layout.
CakePHPs default layout is located at src/Template/Layout/default.ctp. If you want to change the overall
look of your application, then this is the right place to start, because controller-rendered view code is placed
inside of the default layout when the page is rendered.
236
Other layout files should be placed in src/Template/Layout. When you create a layout, you need to tell
CakePHP where to place the output of your views. To do so, make sure your layout includes a place for
$this->fetch(content) Heres an example of what a default layout might look like:
<!DOCTYPE html>
<html lang="en">
<head>
<title><?= h($this->fetch('title')) ?></title>
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<!-- Include external files and scripts here (See HTML helper for more info.) -->
<?php
echo $this->fetch('meta');
echo $this->fetch('css');
echo $this->fetch('script');
?>
</head>
<body>
<!-- If you'd like some sort of menu to
show up on all of your views, include it here -->
<div id="header">
<div id="menu">...</div>
</div>
<!-- Here's where I want my views to be displayed -->
<?= $this->fetch('content') ?>
<!-- Add a footer to each displayed page -->
<div id="footer">...</div>
</body>
</html>
The script, css and meta blocks contain any content defined in the views using the built-in HTML
helper. Useful for including JavaScript and CSS files from views.
Note: When using HtmlHelper::css() or HtmlHelper::script() in template files, specify
block => true to place the HTML source in a block with the same name. (See API for more details
on usage).
The content block contains the contents of the rendered view.
You can set the title block content from inside your view file:
$this->assign('title', 'View Active Users');
You can create as many layouts as you wish: just place them in the src/Template/Layout directory, and
switch between them inside of your controller actions using the controller or views $layout property:
// From a controller
public function admin_view()
{
// Stuff
Layouts
237
$this->layout = 'admin';
}
// From a view file
$this->layout = 'loggedin';
For example, if a section of my site included a smaller ad banner space, I might create a new layout with the
smaller advertising space and specify it as the layout for all controllers actions using something like:
namespace App\Controller;
class UsersController extends AppController
{
public function view_active()
{
$this->set('title', 'View Active Users');
$this->layout = 'default_small_ad';
}
public function view_image()
{
$this->layout = 'image';
// Output user image
}
}
Besides a default layout CakePHPs official skeleton app also has an ajax layout. The Ajax layout is handy
for crafting AJAX responses - its an empty layout. (Most AJAX calls only require a bit of markup in return,
rather than a fully-rendered interface.)
The skeleton app also has a default layout to help generate RSS.
Elements
Cake\View\View::element(string $elementPath, array $data, array $options =[])
238
Many applications have small blocks of presentation code that need to be repeated from page to page,
sometimes in different places in the layout. CakePHP can help you repeat parts of your website that need to
be reused. These reusable parts are called Elements. Ads, help boxes, navigational controls, extra menus,
login forms, and callouts are often implemented in CakePHP as elements. An element is basically a miniview that can be included in other views, in layouts, and even within other elements. Elements can be used
to make a view more readable, placing the rendering of repeating elements in its own file. They can also
help you re-use content fragments in your application.
Elements live in the src/Template/Element/ folder, and have the .ctp filename extension. They are output
using the element method of the view:
echo $this->element('helpbox');
Inside the element file, all the passed variables are available as members of the parameter array (in the same
way that Controller::set() in the controller works with template files). In the above example, the
src/Template/Element/helpbox.ctp file can use the $helptext variable:
// Inside src/Template/Element/helpbox.ctp
echo $helptext; // Outputs "Oh, this text is very helpful."
The View::element() method also supports options for the element. The options supported are cache
and callbacks. An example:
echo $this->element('helpbox', [
"helptext" => "This is passed to the element as $helptext",
"foobar" => "This is passed to the element as $foobar",
],
[
// uses the "long_view" cache configuration
"cache" => "long_view",
// set to true to have before/afterRender called for the element
"callbacks" => true
]
);
Element caching is facilitated through the Cache class. You can configure elements to be stored in any
Cache configuration youve set up. This gives you a great amount of flexibility to decide where and for
how long elements are stored. To cache different versions of the same element in an application, provide a
unique cache key value using the following format:
$this->element('helpbox', [], [
"cache" => ['config' => 'short', 'key' => 'unique value']
]
);
Elements
239
You can take full advantage of elements by using requestAction(), which fetches view variables from
a controller action and returns them as an array. This enables your elements to perform in true MVC style.
Create a controller action that prepares the view variables for your elements, then call requestAction()
inside the second parameter of element() to feed the element the view variables from your controller.
To do this, in your controller add something like the following for the Post example:
namespace App\Controller;
class PostsController extends AppController
{
// ...
public function index()
{
$posts = $this->paginate();
if ($this->request->is('requested')) {
return $posts;
} else {
$this->set('posts', $posts);
}
}
}
And then in the element we can access the paginated posts model. To get the latest five posts in an ordered
list, we would do something like the following:
<h2>Latest Posts</h2>
<?php $posts = $this->requestAction('posts/index?sort=created&direction=asc&limit=5'); ?>
<ol>
<?php foreach ($posts as $post): ?>
<li><?= $post['Post']['title'] ?></li>
<?php endforeach; ?>
</ol>
Caching Elements
You can take advantage of CakePHP view caching if you supply a cache parameter. If set to true, it will
cache the element in the default Cache configuration. Otherwise, you can set which cache configuration
should be used. See Caching for more information on configuring Cache. A simple example of caching an
element would be:
echo $this->element('helpbox', [], ['cache' => true]);
If you render the same element more than once in a view and have caching enabled, be sure to set the
key parameter to a different name each time. This will prevent each successive call from overwriting the
previous element() calls cached result. For example:
echo $this->element(
'helpbox',
['var' => $var],
['cache' => ['key' => 'first_use', 'config' => 'view_long']]
);
240
echo $this->element(
'helpbox',
['var' => $differenVar],
['cache' => ['key' => 'second_use', 'config' => 'view_long']]
);
The above will ensure that both element results are cached separately. If you want all element caching to
use the same cache configuration, you can avoid some repetition by setting View::$elementCache to
the cache configuration you want to use. CakePHP will use this configuration when none is given.
If your view is a part of a plugin, you can omit the plugin name. For example, if you are in the
ContactsController of the Contacts plugin, the following:
echo $this->element('helpbox');
// and
echo $this->element('Contacts.helpbox');
are equivalent and will result in the same element being rendered.
For elements inside subfolder of a plugin (e.g., plugins/Contacts/Template/Element/sidebar/helpbox.ctp),
use the following:
echo $this->element('Contacts.sidebar/helpbox');
The element first be looked for in src/Template/Admin/Element/. If such a file does not exist, it will be
looked for in the default location.
Elements
241
Sometimes generating a section of your view output can be expensive because of rendered View Cells or
expensive helper operations. To help make your application run faster CakePHP provides a way to cache
view sections:
// Assuming some local variables
echo $this->cache(function () use ($user, $article) {
echo $this->cell('UserProfile', [$user]);
echo $this->cell('ArticleFull', [$article]);
}, ['key' => 'my_view_key']);
By default cached view content will go into the View::$elementCache cache config, but you can use
the config option to change this.
For example:
Replacing the render method lets you take full control over how your content is rendered.
242
Save this file into src/View/Cell/InboxCell.php. As you can see, like other classes in CakePHP, Cells have
a few conventions:
Cells live in the App\View\Cell namespace. If you are making a cell in a plugin, the namespace
would be PluginName\View\Cell.
Class names should end in Cell.
Classes should inherit from Cake\View\Cell.
We added an empty display() method to our cell; this is the conventional default method when
rendering a cell. Well cover how to use other methods later in the docs. Now, create the file
src/Template/Cell/Inbox/display.ctp. This will be our template for our new cell.
You can generate this stub code quickly using bake:
bin/cake bake cell Inbox
https://github.com/apotonick/cells
243
Assume that we are working on an application that allows users to send messages to each other. We have a
Messages model, and we want to show the count of unread messages without having to pollute AppController. This is a perfect use case for a cell. In the class we just made, add the following:
namespace App\View\Cell;
use Cake\View\Cell;
class InboxCell extends Cell
{
public function display()
{
$this->loadModel('Messages');
$unread = $this->Messages->find('unread');
$this->set('unread_count', $unread->count());
}
}
Because Cells use the ModelAwareTrait and ViewVarsTrait, they behave very much like a controller would. We can use the loadModel() and set() methods just like we would in a controller. In
our template file, add the following:
<!-- src/Template/Cell/Inbox/display.ctp -->
<div class="notification-icon">
You have <?= $unread_count ?> unread messages.
</div>
Note: Cell templates have an isolated scope that does not share the same View instance as the one used to
render template and layout for the current controller action or other cells. Hence they are unaware of any
helper calls made or blocks set in the actions template / layout and vice versa.
Loading Cells
Cells can be loaded from views using the cell() method and works the same in both contexts:
// Load an application cell
$cell = $this->cell('Inbox');
// Load a plugin cell
$cell = $this->cell('Messaging.Inbox');
The above will load the named cell class and execute the display() method. You can execute other
methods using the following:
// Run the expanded() method on the Inbox cell
$cell = $this->cell('Inbox::expanded');
244
If you need controller logic to decide which cells to load in a request, you can use the CellTrait in your
controller to enable the cell() method there:
namespace App\Controller;
use App\Controller\AppController;
use Cake\View\CellTrait;
class DashboardsController extends AppController
{
use CellTrait;
// More code.
}
You will often want to parameterize cell methods to make cells more flexible. By using the second and third
arguments of cell(), you can pass action parameters and additional options to your cell classes:
$cell = $this->cell('Inbox::recent', ['since' => '-3 days']);
Rendering a Cell
Once a cell has been loaded and executed, youll probably want to render it. The easiest way to render a cell
is to echo it:
<?= $cell ?>
This will render the template matching the lowercased and underscored version of our action name, e.g.
display.ctp.
Because cells use View to render templates, you can load additional cells within a cell template if required.
Rendering Alternate Templates
By convention cells render templates that match the action they are executing. If you need to render a
different view template, you can specify the template to use when rendering the cell:
// Calling render() explicitly
echo $this->cell('Inbox::recent', ['since' => '-3 days'])->render('messages');
// Set template before echoing the cell.
$cell = $this->cell('Inbox');
245
$cell->template = 'messages';
echo $cell;
When rendering a cell you may want to cache the rendered output if the contents dont change often or to
help improve performance of your application. You can define the cache option when creating a cell to
enable & configure caching:
// Cache using the default config and a generated key
$cell = $this->cell('Inbox', [], ['cache' => true]);
// Cache to a specific cache config and a generated key
$cell = $this->cell('Inbox', [], ['cache' => ['config' => 'cell_cache']]);
// Specify the key and config to use.
$cell = $this->cell('Inbox', [], [
'cache' => ['config' => 'cell_cache', 'key' => 'inbox_' . $user->id]
]);
If a key is generated the underscored version of the cell class and template name will be used.
Themes
You can take advantage of themes, making it easy to switch the look and feel of your page quickly and easily.
Themes in CakePHP are simply plugins that focus on providing template files. In addition to template files,
they can also provide helpers and cells if your theming requires that. When using cells and helpers from
your theme, you will need to continue using the plugin syntax.
To use themes, specify the theme name in your controller:
class ExamplesController extends AppController
{
public $theme = 'Modern';
}
You can also set or change the theme name within an action or within the beforeFilter or
beforeRender callback functions:
$this->theme = 'AnotherExample';
Theme template files need to be within a plugin with the same name. For example, the above
theme would be found in plugins/AnotherExample/src/Template. Its important to remember that
CakePHP expects CamelCase plugin/theme names. Beyond that, the folder structure within the plugins/AnotherExample/src/Template folder is exactly the same as src/Template/.
For example, the view file for an edit
at plugins/Modern/src/Template/Posts/edit.ctp.
ins/Modern/src/Template/Layout/.
246
reside
plug-
If a view file cant be found in the theme, CakePHP will try to locate the view file in the src/Template/
folder. This way, you can create master template files and simply override them on a case-by-case basis
within your theme folder.
Theme Assets
Because themes are standard CakePHP plugins, they can include any necessary assets in their webroot
directory. This allows for easy packaging and distribution of themes. Whilst in development, requests for
theme assets will be handled by Cake\Routing\Dispatcher. To improve performance for production
environments, its recommended that you Improve Your Applications Performance.
All of CakePHPs built-in helpers are aware of themes and will create the correct paths automatically. Like
template files, if a file isnt in the theme folder, it will default to the main webroot folder:
// When in a theme with the name of 'purple_cupcake'
$this->Html->css('main.css');
// creates a path like
/purple_cupcake/css/main.css
// and links to
plugins/PurpleCupcake/webroot/css/main.css
load
the
This can be done in your AppController and will enable automatic view class switching on content types.
You can also set the component up with the viewClassMap setting, to map types to your custom classes
and/or map other data types.
247
You can optionally enable the json and or xml extensions with Routing File Extensions. This will allow you
to access the JSON, XML or any other special format views by using a custom URL ending with the name
of the response type as a file extension such as http://example.com/articles.json.
By default, when not enabling Routing File Extensions, the request the Accept header is used for selecting
which type of format should be rendered to the user. An example Accept format that is used to render
JSON responses is application/json.
Using Data Views with the Serialize Key
The _serialize key is a special view variable that indicates which other view variable(s) should be
serialized when using a data view. This lets you skip defining template files for your controller actions if
you dont need to do any custom formatting before your data is converted into json/xml.
If you need to do any formatting or manipulation of your view variables before generating the response, you
should use template files. The value of _serialize can be either a string or an array of view variables to
serialize:
namespace App\Controller;
class ArticlesController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function index()
{
// Set the view vars that have to be serialized.
$this->set('articles', $this->paginate());
// Specify which view vars JsonView should serialize.
$this->set('_serialize', ['articles']);
}
}
248
Defining _serialize as an array has the added benefit of automatically appending a top-level
<response> element when using XmlView. If you use a string value for _serialize and XmlView,
make sure that your view variable has a single top-level element. Without a single top-level element the Xml
will fail to generate.
Using a Data View with Template Files
You should use template files if you need to do some manipulation of your view content before creating
the final output. For example if we had articles, that had a field containing generated HTML, we would
probably want to omit that from a JSON response. This is a situation where a view file would be useful:
// Controller code
class ArticlesController extends AppController
{
public function index()
{
$articles = $this->paginate('Articles');
$this->set(compact('articles'));
}
}
// View code - src/Template/Articles/json/index.ctp
foreach ($articles as &$$article) {
unset($article->generated_html);
}
echo json_encode(compact('articles'));
249
The XmlView class supports the _xmlOptions variable that allows you to customize the options used to
generate XML, e.g. tags vs attributes.
Creating JSON Views
class JsonView
The JsonView class supports the _jsonOptions variable that allows you to customize the bit-mask used
to generate JSON. See the json_encode2 documentation for the valid values of this option.
JSONP Responses
When using JsonView you can use the special view variable _jsonp to enable returning a JSONP response. Setting it to true makes the view class check if query string parameter named callback is set
and if so wrap the json response in the function name provided. If you want to use a custom query string
parameter name instead of callback set _jsonp to required name instead of true.
Helpers
Helpers are the component-like classes for the presentation layer of your application. They contain presentational logic that is shared between many views, elements, or layouts. This chapter will show you how to
create your own helpers, and outline the basic tasks CakePHPs core helpers can help you accomplish.
CakePHP features a number of helpers that aid in view creation. They assist in creating well-formed markup
(including forms), aid in formatting text, times and numbers, and can even speed up AJAX functionality.
For more information on the helpers included in CakePHP, check out the chapter for each helper:
Flash
class Cake\View\Helper\FlashHelper(View $view, array $config =[])
FlashHelper provides a way to render flash messages that were set in $_SESSION by FlashComponent.
FlashComponent and FlashHelper primarily use elements to render flash messages. Flash elements are
found under the src/Template/Element/Flash directory. Youll notice that CakePHPs App template comes
with two flash elements: success.ctp and error.ctp.
Rendering Flash Messages
To render a flash message, you can simply use FlashHelpers render() method:
<?= $this->Flash->render() ?>
By default, CakePHP uses a flash key for flash messages in a session. But, if youve specified a key when
setting the flash message in FlashComponent, you can specify which flash key to render:
2
http://php.net/json_encode
250
You can also override any of the options that were set in FlashComponent:
// In your Controller
$this->Flash->set('The user has been saved.', [
'element' => 'success'
]);
// In your View: Will use great_success.ctp instead of succcess.ctp
<?= $this->Flash->render('flash', [
'element' => 'great_success'
]);
Note: By default, CakePHP does not escape the HTML in flash messages. If you are using any request or
user data in your flash messages, you should escape it with h when formatting your messages.
For more information about the available array options, please refer to the FlashComponent section.
Routing Prefix and Flash Messages
The FlashHelper uses normal elements to render the messages and will therefore obey any theme you might
have specified. So when your theme has a src/Template/Element/Flash/error.ctp file it will be used, just
as with any Elements and Views.
Form
class Cake\View\Helper\FormHelper(View $view, array $config =[])
The FormHelper does most of the heavy lifting in form creation. The FormHelper focuses on creating forms
quickly, in a way that will streamline validation, re-population and layout. The FormHelper is also flexible
- it will do almost everything for you using conventions, or you can use specific methods to get only what
you need.
Starting a Form
251
The first method youll need to use in order to take advantage of the FormHelper is create(). This
method outputs an opening form tag.
All parameters are optional. If create() is called with no parameters supplied, it assumes you are building
a form that submits to the current controller, via the current URL. The default method for form submission is
POST. If you were to call create() inside the view for UsersController::add(), you would see something
like the following output in the rendered view:
<form method="post" action="/users/add">
The $model argument is used as the forms context. There are several built-in form contexts and you can
add your own, which well cover in the next section. The built-in providers map to the following values of
$model:
An Entity instance or, an iterator map to the EntityContext, this context allows FormHelper
to work with results from the built-in ORM.
An array containing the schema key, maps to ArrayContext which allows you to create simple
data structures to build forms against.
null and false map to the NullContext, this context class simply satisifies the interface
FormHelper requires. This context is useful if you want to build a short form that doesnt require
ORM persistence.
All contexts classes also have access to the request data, making it simpler to build forms.
Once a form has been created with a context, all inputs you create will use the active context. In the case of
an ORM backed form, FormHelper can access associated data, validation errors and schema metadata easily
making building forms simple. You can close the active context using the end() method, or by calling
create() again. To create a form for an entity, do the following:
// If you are on /articles/add
// $article should be an empty Article entity.
echo $this->Form->create($article);
Output:
<form method="post" action="/articles/add">
This will POST the form data to the add() action of ArticlesController. However, you can also use the
same logic to create an edit form. The FormHelper uses the $this->request->data property to
automatically detect whether to create an add or edit form. If the provided entity is not new, the form will
be created as an edit form. For example, if we browse to http://example.org/articles/edit/5, we could do the
following:
// src/Controller/ArticlesController.php:
public function edit($id = null)
{
if (empty($id)) {
throw new NotFoundException;
}
$article = $this->Articles->get($id);
// Save logic goes here
$this->set('article', $article);
252
}
// View/Articles/edit.ctp:
// Since $article->isNew() is false, we will get an edit form
<?= $this->Form->create($article) ?>
Output:
<form method="post" action="/articles/edit/5">
<input type="hidden" name="_method" value="PUT" />
Note: Since this is an edit form, a hidden input field is generated to override the default HTTP method.
The $options array is where most of the form configuration happens. This special array can contain a
number of different key-value pairs that affect the way the form tag is generated.
Changing the HTTP Method for a Form By using the type option you can change the HTTP method
a form will use:
echo $this->Form->create($article, ['type' => 'get']);
Output:
<form method="get" action="/articles/edit/5">
Specifying file changes the form submission method to post, and includes an enctype of multipart/formdata on the form tag. This is to be used if there are any file elements inside the form. The absence of the
proper enctype attribute will cause the file uploads not to function:
echo $this->Form->create($article, ['type' => 'file']);
Output:
<form enctype="multipart/form-data" method="post" action="/articles/add">
When using put, patch or delete, your form will be functionally equivalent to a post form, but when
submitted, the HTTP request method will be overridden with PUT, PATCH or DELETE, respectively.
This allows CakePHP to emulate proper REST support in web browsers.
Setting the Controller Action for the Form Using the action option allows you to point the form to a
specific action in your current controller. For example, if youd like to point the form to the login() action of
the current controller, you would supply an $options array like the following:
echo $this->Form->create($article, ['action' => 'login']);
Output:
<form method="post" action="/users/login">
253
Setting a URL for the Form If the desired form action isnt in the current controller, you can specify a
URL for the form action using the url key of the $options array. The supplied URL can be relative to your
CakePHP application:
echo $this->Form->create(null, [
'url' => ['controller' => 'Articles', 'action' => 'publish']
]);
Output:
<form method="post" action="/articles/publish">
Output:
<form method="get" action="http://www.google.com/search">
Using Custom Validators Often models will have multiple validation sets, and you will want FormHelper
to mark fields required based on a the specific validation rules your controller action is going to apply. For
example, your Users table has specific validation rules that only apply when an account is being registered:
echo $this->Form->create($user, [
'context' => ['validator' => 'register']
]);
The above will use the register validator for the $user and all related associations. If you are creating
a form for associated entities, you can define validation rules for each association by using an array:
echo $this->Form->create($user, [
'context' => [
'validator' => [
'Users' => 'register',
'Comments' => 'default'
]
]
]);
The above would use register for the user, and default for the users comments.
Creating context classes While the built-in context classes are intended to cover the basic cases youll
encounter you may need to build a new context class if you are using a different ORM. In these situations
you need to implement the Cake\View\Form\ContextInterface3 . Once you have implemented this interface
you can wire your new context into the FormHelper. It is often best to do this in a View.beforeRender
event listener, or in an application view class:
3
http://api.cakephp.org/3.0/class-Cake.View.Form.ContextInterface.html
254
Context factory functions are where you can add logic for checking the form options for the correct type of
entity. If matching input data is found you can return an object. If there is no match return null.
Creating Form Inputs
The wrapping div will have a required class name appended if the validation rules for the models field
indicate that it is required and not allowed to be empty. You can disable automatic required flagging using
the required option:
255
To skip browser validation triggering for the whole form you can set option formnovalidate
=> true for the input button you generate using View\Helper\FormHelper::submit() or set
novalidate => true in options for View\Helper\FormHelper::create().
For example, lets assume that your User model includes fields for a username (varchar), password (varchar), approved (datetime) and quote (text). You can use the input() method of the FormHelper to create
appropriate inputs for all of these form fields:
echo $this->Form->create($user);
// Text
echo $this->Form->input('username');
// Password
echo $this->Form->input('password');
// Day, month, year, hour, minute, meridian
echo $this->Form->input('approved');
// Textarea
echo $this->Form->input('quote');
echo $this->Form->button('Add');
echo $this->Form->end();
Besides the specific options for input() found below, you can specify any option for the input type & any
HTML attribute (for instance onfocus).
If you want to create a select field while using a belongsTo - or hasOne - Relation, you can add the following
to your Users-controller (assuming your User belongsTo Group):
$this->set('groups', $this->Users->Groups->find('list'));
To make a select box for a belongsToMany Groups association you can add the following to your UsersController:
$this->set('groups', $this->Users->Groups->find('list'));
If your model name consists of two or more words, e.g., UserGroup, when passing the data using set()
you should name your data in a pluralised and camelCased format as follows:
256
$this->set('userGroups', $this->UserGroups->find('list'));
Note:
You should not use FormHelper::input() to generate submit buttons.
View\Helper\FormHelper::submit() instead.
Use
Field Naming Conventions When creating input widgets you should name your fields after the matching
attributes in the forms entity. For example, if you created a form for an $article, you would create fields
named after the properities. E.g title, body and published.
You can create inputs for associated models,
association.fieldname as the first parameter:
or
arbitrary
models
by
passing
in
echo $this->Form->input('association.fieldname');
Any dots in your field names will be converted into nested request data. For example, if you created a field
with a name 0.comments.body you would get a name attribute that looks like 0[comments][body].
This convention makes it easy to save data with the ORM. Details for the various association types can be
found in the Creating Inputs for Associated Data section.
When creating datetime related inputs, FormHelper will append a field-suffix. You may notice additional
fields named year, month, day, hour, minute, or meridian being added. These fields will be
automatically converted into DateTime objects when entities are marshalled.
Options FormHelper::input() supports a large number of options. In addition to its own options
input() accepts options for the generated input types, as well as HTML attributes. The following will
cover the options specific to FormHelper::input().
$options[type] You can force the type of an input, overriding model introspection, by specifying a type. In addition to the field types found in the Creating Form Inputs, you can also create
file, password, and any type supported by HTML5:
echo $this->Form->input('field', ['type' => 'file']);
echo $this->Form->input('email', ['type' => 'email']);
Output:
<div class="input file">
<label for="field">Field</label>
<input type="file" name="field" value="" id="field" />
</div>
<div class="input email">
<label for="email">Email</label>
<input type="email" name="email" value="" id="email" />
</div>
$options[label] Set this key to the string you would like to be displayed within the label that
usually accompanies the input:
257
echo $this->Form->input('name', [
'label' => 'The User Alias'
]);
Output:
<div class="input">
<label for="name">The User Alias</label>
<input name="name" type="text" value="" id="name" />
</div>
Alternatively, set this key to false to disable the output of the label:
echo $this->Form->input('name', ['label' => false]);
Output:
<div class="input">
<input name="name" type="text" value="" id="name" />
</div>
Set this to an array to provide additional options for the label element. If you do this, you can use
a text key in the array to customize the label text:
echo $this->Form->input('name', [
'label' => [
'class' => 'thingy',
'text' => 'The User Alias'
]
]);
Output:
<div class="input">
<label for="name" class="thingy">The User Alias</label>
<input name="name" type="text" value="" id="name" />
</div>
$options[error] Using this key allows you to override the default model error messages and
can be used, for example, to set i18n messages.
To disable error message output & field classes set the error key to false:
echo $this->Form->input('name', ['error' => false]);
To override the model error messages use an array with the keys matching the original validation error
messages:
$this->Form->input('name', [
'error' => ['Not long enough' => __('This is not long enough')]
]);
As seen above you can set the error message for each validation rule you have in your models. In
addition you can provide i18n messages for your forms.
258
In addition to the generic input() method, FormHelper has specific methods for generating a number of different types of inputs. These can be used to generate just the input widget itself, and combined with other methods like View\Helper\FormHelper::label() and
View\Helper\FormHelper::error() to generate fully custom form layouts.
Common Options Many of the various input element methods support a common set of options. All of
these options are also supported by input(). To reduce repetition the common options shared by all input
methods are as follows:
$options[id] Set this key to force the value of the DOM id for the input. This will override
the idPrefix that may be set.
$options[default] Used to set a default value for the input field. The value is used if the
data passed to the form does not contain a value for the field (or if no data is passed at all).
Example usage:
echo $this->Form->text('ingredient', ['default' => 'Sugar']);
Note:
You cannot use default to check a checkbox - instead you might set the value in
$this->request->data in your controller, or set the input option checked to true.
Date and datetime fields default values can be set by using the selected key.
Beware of using false to assign a default value. A false value is used to disable/exclude options of
an input field, so default => false would not set any value at all. Instead use default
=> 0.
In addition to the above options, you can mixin any HTML attribute you wish to use. Any non-special
option name will be treated as an HTML attribute, and applied to the generated HTML input element.
Options for Select, Checkbox and Radio Inputs
$options[value] Used in combination with a select-type input (i.e. For types select, date,
time, datetime). Set value to the value of the item you wish to be selected by default when the input
is rendered:
echo $this->Form->time('close_time', [
'value' => '13:30:00'
]);
Note: The value key for date and datetime inputs may also be a UNIX timestamp, or a DateTime
object.
259
For select input where you set the multiple attribute to true, you can use an array of the values you
want to select by default:
echo $this->Form->select('rooms', [
'multiple' => true,
// options with values 1 and 3 will be selected as default
'default' => [1, 3]
]);
Output:
<select name="field">
<option value="">(choose one)</option>
<option value="0">1</option>
<option value="1">2</option>
<option value="2">3</option>
<option value="3">4</option>
<option value="4">5</option>
</select>
Which outputs:
<input type="checkbox" name="published" value="1">
If you want to create multiple blocks of inputs on a form that are all grouped together, you should use
this parameter on all inputs except the first. If the hidden input is on the page in multiple places, only
the last group of inputs values will be saved
In this example, only the tertiary colors would be passed, and the primary colors would be overridden:
260
<h2>Primary Colors</h2>
<input type="hidden" name="color" value="0" />
<label for="color-red">
<input type="checkbox" name="color[]" value="5" id="color-red" />
Red
</label>
<label for="color-blue">
<input type="checkbox" name="color[]" value="5" id="color-blue" />
Blue
</label>
<label for="color-yellow">
<input type="checkbox" name="color[]" value="5" id="color-yellow" />
Yellow
</label>
<h2>Tertiary Colors</h2>
<input type="hidden" name="color" value="0" />
<label for="color-green">
<input type="checkbox" name="color[]" value="5" id="color-green" />
Green
</label>
<label for="color-purple">
<input type="checkbox" name="color[]" value="5" id="color-purple" />
Purple
</label>
<label for="color-orange">
<input type="checkbox" name="color[]" value="5" id="color-orange" />
Orange
</label>
Disabling the hiddenField on the second input group would prevent this behavior.
You can set a different hidden field value other than 0 such as N:
echo $this->Form->checkbox('published', [
'value' => 'Y',
'hiddenField' => 'N',
]);
Datetime Options
$options[timeFormat] Used to specify the format of the select inputs for a time-related set
of inputs. Valid values include 12, 24, and null.
$options[minYear], $options[maxYear] Used in combination with a
date/datetime input. Defines the lower and/or upper end of values shown in the years select
field.
$options[orderYear] Used in combination with a date/datetime input. Defines the order in
which the year values will be set. Valid values include asc, desc. The default value is desc.
261
$options[interval] This option specifies the number of minutes between each option in the
minutes select box:
echo $this->Form->input('time', [
'type' => 'time',
'interval' => 15
]);
Would create 4 options in the minute select. One for each 15 minutes.
$options[round] Can be set to up or down to force rounding in either direction. Defaults to
null which rounds half up according to interval.
$options[monthNames] If false, 2 digit numbers will be used instead of text. If it is given
an array like [01 => Jan, 02 => Feb, ...] then the given array will be used.
Creating Input Elements
Will output:
<input name="username" type="text" class="users">
Will output:
<input name="password" value="" type="password">
Will output:
<input name="id" value="10" type="hidden" />
262
Creating Textareas
Cake\View\Helper\FormHelper::textarea(string $fieldName, array $options)
Creates a textarea input field.
echo $this->Form->textarea('notes');
Will output:
<textarea name="notes"></textarea>
If the form is edited (that is, the array $this->request->data will contain the information saved
for the User model), the value corresponding to notes field will automatically be added to the HTML
generated. Example:
<textarea name="notes" id="notes">
This text is to be edited.
</textarea>
Note: The textarea input type allows for the $options attribute of escape which determines
whether or not the contents of the textarea should be escaped. Defaults to true.
echo $this->Form->textarea('notes', ['escape' => false]);
// OR....
echo $this->Form->input('notes', ['type' => 'textarea', 'escape' => false]);
Options
In addition to the Common Options, textarea() supports a few specific options:
$options[rows], $options[cols] These two keys specify the number of rows and
columns:
echo $this->Form->textarea('textarea', ['rows' => '5', 'cols' => '5']);
Output:
<textarea name="textarea" cols="5" rows="5">
</textarea>
Creating Checkboxes
Cake\View\Helper\FormHelper::checkbox(string $fieldName, array $options)
Creates a checkbox form element. This method also generates an associated hidden form input to force the
submission of data for the specified field.
echo $this->Form->checkbox('done');
Will output:
<input type="hidden" name="done" value="0">
<input type="checkbox" name="done" value="1">
It is possible to specify the value of the checkbox by using the $options array:
263
Will output:
<input type="hidden" name="done" value="0">
<input type="checkbox" name="done" value="555">
Will output:
<input type="checkbox" name="done" value="1">
// Will output
<input type="hidden" name="favorite_color" value="">
<label for="favorite-color-r">
<input type="radio" name="favorite_color" value="r" style="color:red;" id="favorite-col
Red
</label>
<label for="favorite-color-u">
<input type="radio" name="favorite_color" value="u" style="color:blue;" id="favorite-co
264
Blue
</label>
<label for="favorite-color-g">
<input type="radio" name="favorite_color" value="g" style="color:green;" id="favorite-c
Green
</label>
Will output:
<select name="gender">
<option value=""></option>
<option value="M">Male</option>
<option value="F">Female</option>
</select>
The select input type allows for a special $option attribute called escape which accepts a bool
and determines whether to HTML entity encode the contents of the select options. Defaults to true:
$options = ['M' => 'Male', 'F' => 'Female'];
echo $this->Form->select('gender', $options, ['escape' => false]);
$attributes[options] This key allows you to manually specify options for a select input,
or for a radio group. Unless the type is specified as radio, the FormHelper will assume that the
target output is a select input:
echo $this->Form->select('field', [1,2,3,4,5]);
Output:
<select name="field">
<option value="0">1</option>
<option value="1">2</option>
<option value="2">3</option>
<option value="3">4</option>
<option value="4">5</option>
</select>
265
Output:
<select name="field">
<option value="Value 1">Label 1</option>
<option value="Value 2">Label 2</option>
<option value="Value 3">Label 3</option>
</select>
If you would like to generate a select with optgroups, just pass data in hierarchical format. This works
on multiple checkboxes and radio buttons too, but instead of optgroups wraps elements in fieldsets:
$options = [
'Group 1' => [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2'
],
'Group 2' => [
'Value 3' => 'Label 3'
]
];
echo $this->Form->select('field', $options);
Output:
<select name="field">
<optgroup label="Group 1">
<option value="Value 1">Label 1</option>
<option value="Value 2">Label 2</option>
</optgroup>
<optgroup label="Group 2">
<option value="Value 3">Label 3</option>
</optgroup>
</select>
$attributes[multiple] If multiple has been set to true for an input that outputs a select,
the select will allow multiple selections:
echo $this->Form->select('field', $options, ['multiple' => true]);
Output:
266
$attributes[disabled] When creating checkboxes, this option can be set to disable all or
some checkboxes. To disable all checkboxes set disabled to true:
$options = [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2'
];
echo $this->Form->select('field', $options, [
'multiple' => 'checkbox',
'disabled' => ['Value 1']
]);
Output:
<input name="field" value="" type="hidden">
<div class="checkbox">
<label for="field-1">
<input name="field[]" disabled="disabled" value="Value 1" type="checkbox">
Label 1
</label>
</div>
<div class="checkbox">
<label for="field-2">
<input name="field[]" value="Value 2" id="field-2" type="checkbox">
Label 2
</label>
</div>
Next add either of the two lines to your form view file:
267
echo $this->Form->input('submittedfile', [
'type' => 'file'
]);
// OR
echo $this->Form->file('submittedfile');
Due to the limitations of HTML itself, it is not possible to put default values into input fields of type file.
Each time the form is displayed, the value inside will be empty.
Upon submission, file fields provide an expanded data array to the script receiving the form data.
For the example above, the values in the submitted data array would be organized as follows, if the CakePHP
was installed on a Windows server. tmp_name will have a different path in a Unix environment:
$this->request->data['submittedfile'] = [
'name' => 'conference_schedule.pdf',
'type' => 'application/pdf',
'tmp_name' => 'C:/WINDOWS/TEMP/php1EE.tmp',
'error' => 0, // On Windows this can be a string.
'size' => 41737,
];
This array is generated by PHP itself, so for more detail on the way PHP handles data passed via file fields
read the PHP manual section on file uploads4 .
Note: When using $this->Form->file(), remember to set the form encoding-type, by setting the
type option to file in $this->Form->create().
http://php.net/features.file-upload
268
269
<option value="45">45</option>
</select>
Will output:
270
<select name="mob[month]">
<option value=""></option>
<option value="01">January</option>
<option value="02">February</option>
<option value="03">March</option>
<option value="04">April</option>
<option value="05">May</option>
<option value="06">June</option>
<option value="07">July</option>
<option value="08">August</option>
<option value="09">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
You can pass in your own array of months to be used by setting the monthNames attribute, or have months
displayed as numbers by passing false. (Note: the default months can be localized with CakePHP Internationalization & Localization features.):
echo $this->Form->month('mob', ['monthNames' => false]);
Will output:
<select name="created[day]">
<option value=""></option>
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
...
<option value="31">31</option>
</select>
271
'format' => 24
]);
Output:
<label for="user-name">Name</label>
<label for="user-name">Your username</label>
$options can either be an array of HTML attributes, or a string that will be used as a class name:
echo $this->Form->label('User.name', null, ['id' => 'user-label']);
echo $this->Form->label('User.name', 'Your username', 'highlight');
Output:
<label for="user-name" id="user-label">Name</label>
<label for="user-name" class="highlight">Your username</label>
272
Options:
escape bool Whether or not to HTML escape the contents of the error.
Cake\View\Helper\FormHelper::isFieldError(string $fieldName)
Returns true if the supplied $fieldName has an active validation error.
if ($this->Form->isFieldError('gender')) {
echo $this->Form->error('gender');
}
Will output:
<div class="submit"><input value="Submit" type="submit"></div>
You can pass a relative or absolute URL to an image for the caption parameter instead of caption text:
echo $this->Form->submit('ok.png');
Will output:
<div class="submit"><input type="image" src="/img/ok.png"></div>
Submit inputs are useful when you only need basic text or images. If you need more complex button content
you should use button().
Creating Button Elements
Cake\View\Helper\FormHelper::button(string $title, array $options =[])
Creates an HTML button with the specified title and a default type of button.
$options[type] will output one of the three possible button types:
Setting
$this->Form->button('A Button');
$this->Form->button('Another Button', ['type' => 'button']);
$this->Form->button('Reset the Form', ['type' => 'reset']);
$this->Form->button('Submit Form', ['type' => 'submit']);
273
Will output:
<button
<button
<button
<button
type="submit">A Button</button>
type="button">Another Button</button>
type="reset">Reset the Form</button>
type="submit">Submit Form</button>
The button input type supports the escape option, which accepts a boolean and defaults to false. It
determines whether to HTML encode the $title of the button:
// Will render escaped HTML.
echo $this->Form->button('<em>Submit Form</em>', [
'type' => 'submit',
'escape' => true
]);
Cake\View\Helper\FormHelper::end($secureAttributes =[])
The end() method closes and completes a form. Often, end() will only output a closing form
tag, but using end() is a good practice as it enables FormHelper to insert hidden form elements that
Cake\Controller\Component\SecurityComponent requires:
<?= $this->Form->create(); ?>
<!-- Form elements go here -->
<?= $this->Form->end(); ?>
The $secureAttributes parameter allows you to pass additional HTML attributes to the hidden inputs
that are generated when your application is using SecurityComponent. If you need to add additional
attributes to the generated hidden inputs you can use the $secureAttributes argument:
echo $this->Form->end(['data-type' => 'hidden']);
Will output:
<div style="display:none;">
<input type="hidden" name="_Token[fields]" data-type="hidden"
value="2981c38990f3f6ba935e6561dc77277966fabd6d%3AAddresses.id">
<input type="hidden" name="_Token[unlocked]" data-type="hidden"
value="address%7Cfirst_name">
</div>
274
Like many helpers in CakePHP, FormHelper uses string templates to format the HTML it creates. While the
default templates are intended to be a reasonable set of defaults. You may need to customize the templates
to suit your application.
To change the templates when the helper is loaded you can set the templates option when including the
helper in your controller:
// In a View class
$this->loadHelper('Form', [
'templates' => 'app_form',
]);
This would load the tags in config/app_form.php. This file should contain an array of templates indexed
by name:
// in config/app_form.php
return [
'inputContainer' => '<div class="form-control">{{content}}</div>',
];
Any templates you define will replace the default ones included in the helper. Templates that are not replaced, will continue to use the default values. You can also change the templates at runtime using the
templates() method:
$myTemplates = [
'inputContainer' => '<div class="form-control">{{content}}</div>',
];
$this->Form->templates($myTemplates);
Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>
More About Views
275
List of Templates A list of the default templates and the variables they can expect are:
button {{attrs}}, {{text}}
checkbox {{name}}, {{value}}, {{attrs}}
checkboxFormGroup {{label}}
checkboxWrapper {{label}}
dateWidget {{year}}, {{month}}, {{day}}, {{hour}}, {{minute}}, {{second}}, {{meridian}}
error {{content}}
errorList {{content}}
errorItem {{text}}
file {{name}}, {{attrs}}
formGroup {{label}}, {{input}}, {{error}}
formStart {{attrs}}
formEnd No variables are provided.
hiddenBlock {{content}}
input {{type}}, {{name}}, {{attrs}}
inputContainer {{type}}, {{required}}, {{content}}
inputContainerError {{type}}, {{required}}, {{content}}, {{error}}
inputSubmit {{type}}, {{attrs}}
label {{attrs}}, {{text}}, {{hidden}}, {{input}}
nestingLabel {{hidden}}, {{attrs}}, {{input}}, {{text}}
legend {{text}}
option {{value}}, {{attrs}}, {{text}}
optgroup {{label}}, {{attrs}}, {{content}}
radio {{name}}, {{value}}, {{attrs}}
radioWrapper {{input}}, {{label}}
select {{name}}, {{attrs}}, {{content}}
selectMultiple {{name}}, {{attrs}}, {{content}}
submitContainer {{content}}
textarea {{name}}, {{attrs}}, {{value}}
276
In addition to these templates, the input() method will attempt to use distinct templates for each input
container. For example, when creating a datetime input the datetimeContainer will be used if it is
present. If that container is missing the inputContainer template will be used. For example:
// Add custom radio wrapping HTML
$this->Form->templates([
'radioContainer' => '<div class="form-radio">{{content}}</div>'
]);
// Create a radio set with our custom wrapping div.
echo $this->Form->radio('User.email_notifications', ['y', 'n']);
Similar to input containers, the input() method will also attempt to use distinct templates for each
form group. A form group is a combo of label and input. For example, when creating a radio input the
radioFormGroup will be used if it is present. If that template is missing by default each set of label &
input is rendered using the formGroup template. For example:
// Add custom radio form group
$this->Form->templates([
'radioFormGroup' => '<div class="radio">{{label}}{{input}}</div>'
]);
Moving Checkboxes & Radios Outside of a Label By default CakePHP nests checkboxes and radio
buttons within label elements. This helps make it easier to integrate popular CSS frameworks. If you need
to place checkbox/radio inputs outside of the label you can do so by modifying the templates:
$this->Form->templates([
'nestingLabel' => '{{input}}<label{{attrs}}>{{text}}</label>',
'formGroup' => '{{input}}{{label}}',
]);
This will make radio buttons and checkboxes render outside of their labels.
Generating Entire Forms
You can customize the generated inputs by defining additional options in the $fields parameter:
277
echo $this->Form->inputs([
'name' => ['label' => 'custom label']
]);
When customizing, fields, you can use the $options parameter to control the generated legend/fieldset.
fieldset Set to false to disable the fieldset. You can also pass an array of parameters to be
applied as HTML attributes to the fieldset tag. If you pass an empty array, the fieldset will be displayed
without attributes.
legend Set to false to disable the legend for the generated input set. Or supply a string to customize the legend text.
For example:
echo $this->Form->allInputs(
[
'name' => ['label' => 'custom label']
],
null,
['legend' => 'Update your post']
);
Creating forms for associated data is straightforward and is closely related to the paths in your entitys data.
Assuming the following table relations:
Authors HasOne Profiles
Authors HasMany Articles
Articles HasMany Comments
Articles BelongsTo Authors
Articles BelongsToMany Tags
If we were editing an article with its associations loaded we could create the following inputs:
$this->Form->create($article);
// Article inputs.
echo $this->Form->input('title');
278
The above inputs could then be marshalled into a completed entity graph using the following code in your
controller:
$article = $this->Articles->patchEntity($article, $this->request->data, [
'associated' => [
'Authors',
'Authors.Profiles',
'Tags',
'Comments'
]
]);
CakePHP makes it easy to add custom input widgets in your application, and use them like any other input
type. All of the core input types are implemented as wigets, which means you can easily override any core
widget with your own implemenation as well.
279
Building a Widget Class Widget classes have a very simple required interface. They must implement the
Cake\View\Widget\WidgetInterface. This interface requires the render(array $data)
and secureFields(array $data) methods to be implemented. The render() method expects
an array of data to build the widget and is expected to return a string of HTML for the widget. The
secureFields() method expects an array of data as well and is expected to return an array containing the list of fields to secure for this widget. If CakePHP is constructing your widget you can expect to
get a Cake\View\StringTemplate instance as the first argument, followed by any dependencies you
define. If we wanted to build an Autocomplete widget you could do the following:
namespace App\View\Widget;
use Cake\View\Form\ContextInterface;
use Cake\View\Widget\WidgetInterface;
class AutocompleteWidget implements WidgetInterface
{
protected $_templates;
public function __construct($templates)
{
$this->_templates = $templates;
}
public function render(array $data, ContextInterface $context)
{
$data += [
'name' => '',
];
return $this->_templates->format('autocomplete', [
'name' => $data['name'],
'attrs' => $this->_templates->formatAttributes($data, ['name'])
]);
}
public function secureFields(array $data)
{
return [$data['name']];
}
}
Obviously, this is a very simple example, but it demonstrates how a custom widget could be built.
Using Widgets You can load custom widgets when loading FormHelper or by using the addWidget()
method. When loading FormHelper, widgets are defined as a setting:
// In View class
$this->loadHelper('Form', [
'widgets' => [
'autocomplete' => ['Autocomplete']
]
]);
280
If your widget requires other widgets, you can have FormHelper populate those dependencies by declaring
them:
$this->loadHelper('Form', [
'widgets' => [
'autocomplete' => [
'App\View\Widget\AutocompleteWidget',
'text',
'label'
]
]
]);
In the above example, the autocomplete widget would depend on the text and label widgets. If your
widget needs access to the View, you should use the _view widget. When the autocomplete widget is
created, it will be passed the widget objects that are related to the text and label names. To add widgets
using the addWidget() method would look like:
// Using a classname.
$this->Form->addWidget(
'autocomplete',
['Autocomplete', 'text', 'label']
);
// Using an instance - requires you to resolve dependencies.
$autocomplete = new AutocompleteWidget(
$this->Form->getTemplater(),
$this->Form->widgetRegistry()->get('text'),
$this->Form->widgetRegistry()->get('label'),
);
$this->Form->addWidget('autocomplete', $autocomplete);
This will create the custom widget with a label and wrapping div just like input() always does. Alternatively, you can create just the input widget using the magic method:
echo $this->Form->autocomplete('search', $options);
281
Unlocks a field making it exempt from the SecurityComponent field hashing. This also allows
the fields to be manipulated by JavaScript. The $name parameter should be the entity property name
for the input:
$this->Form->unlockField('id');
The most important task the HtmlHelper accomplishes is creating well formed markup. This section will
cover some of the methods of the HtmlHelper and how to use them.
Creating Charset Tags
Cake\View\Helper\HtmlHelper::charset($charset=null)
Used to create a meta tag specifying the documents character. The default value is UTF-8. An example use:
echo $this->Html->charset();
Will output:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
Alternatively,
echo $this->Html->charset('ISO-8859-1');
Will output:
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
282
Will output:
<link rel="stylesheet" href="/css/forms.css" />
Will output:
<link rel="stylesheet" href="/css/forms.css" />
<link rel="stylesheet" href="/css/tables.css" />
<link rel="stylesheet" href="/css/menu.css" />
You can include CSS files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/css/toolbar.css you could use the following:
To include plug-
echo $this->Html->css('DebugKit.toolbar.css');
If you want to include a CSS file which shares a name with a loaded plugin you can do the following. For
example if you had a Blog plugin, and also wanted to include webroot/css/Blog.common.css, you would:
echo $this->Html->css('Blog.common.css', ['plugin' => false]);
Will output:
283
translated value
text/html
application/rss+xml
application/atom+xml
image/x-icon
<?= $this->Html->meta(
'favicon.ico',
'/favicon.ico',
['type' => 'icon']
);
?>
// Output (line breaks added)
<link
href="http://example.com/favicon.ico"
title="favicon.ico" type="image/x-icon"
rel="alternate"
/>
<?= $this->Html->meta(
'Comments',
'/comments/index.rss',
['type' => 'rss']
);
?>
// Output (line breaks added)
<link
href="http://example.com/comments/index.rss"
title="Comments"
type="application/rss+xml"
rel="alternate"
/>
This method can also be used to add the meta keywords and descriptions. Example:
<?= $this->Html->meta(
'keywords',
'enter any meta keyword here'
);
?>
// Output
<meta name="keywords" content="enter any meta keyword here" />
284
<?= $this->Html->meta(
'description',
'enter any meta description here'
);
?>
// Output
<meta name="description" content="enter any meta description here" />
translated value
HTML4 Strict
HTML4 Transitional
HTML4 Frameset
HTML5
XHTML1 Strict
XHTML1 Transitional
XHTML1 Frameset
XHTML1.1
echo $this->Html->docType();
// Outputs: <!DOCTYPE html>
echo $this->Html->docType('html4-trans');
// Outputs:
// <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
//
"http://www.w3.org/TR/html4/loose.dtd">
Linking to Images
Cake\View\Helper\HtmlHelper::image(string $path, array $options =[])
Creates a formatted image tag. The path supplied should be relative to webroot/img/.
echo $this->Html->image('cake_logo.png', ['alt' => 'CakePHP']);
Will output:
<img src="/img/cake_logo.png" alt="CakePHP" />
To create an image link specify the link destination using the url option in $attributes.
echo $this->Html->image("recipes/6.jpg", [
"alt" => "Brownies",
'url' => ['controller' => 'Recipes', 'action' => 'view', 6]
]);
Will output:
285
<a href="/recipes/view/6">
<img src="/img/recipes/6.jpg" alt="Brownies" />
</a>
If you are creating images in emails, or want absolute paths to images you can use the fullBase option:
echo $this->Html->image("logo.png", ['fullBase' => true]);
Will output:
<img src="http://example.com/img/logo.jpg" alt="" />
You can include image files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/img/icon.png You could use the following:
To include plug-
echo $this->Html->image('DebugKit.icon.png');
If you want to include an image file which shares a name with a loaded plugin you can do the following.
For example if you had a Blog plugin, and also wanted to include webroot/js/Blog.icon.png, you
would:
echo $this->Html->image('Blog.icon.png', ['plugin' => false]);
Creating Links
Cake\View\Helper\HtmlHelper::link(string $title, mixed $url = null, array $options =[
])
General purpose method for creating HTML links. Use $options to specify attributes for the element and
whether or not the $title should be escaped.
echo $this->Html->link(
'Enter',
'/pages/home',
['class' => 'button', 'target' => '_blank']
);
Will output:
<a href="/pages/home" class="button" target="_blank">Enter</a>
Will output:
<a href="http://www.yourdomain.com/dashboards/index">Dashboard</a>
286
echo $this->Html->link(
'Delete',
['controller' => 'Recipes', 'action' => 'delete', 6],
['confirm' => 'Are you sure you wish to delete this recipe?'],
);
Will output:
<a href="/recipes/delete/6"
onclick="return confirm(
'Are you sure you wish to delete this recipe?'
);">
Delete
</a>
Will output:
<a href="/images/view/1?height=400&width=500">View image</a>
HTML special characters in $title will be converted to HTML entities. To disable this conversion, set
the escape option to false in the $options array.
echo $this->Html->link(
$this->Html->image("recipes/6.jpg", ["alt" => "Brownies"]),
"recipes/view/6",
['escape' => false]
);
Will output:
<a href="/recipes/view/6">
<img src="/img/recipes/6.jpg" alt="Brownies" />
</a>
Setting escape to false will also disable escaping of attributes of the link. You can use the option
escapeTitle to disable just escaping of title and not the attributes.
echo $this->Html->link(
$this->Html->image('recipes/6.jpg', ['alt' => 'Brownies']),
'recipes/view/6',
['escapeTitle' => false, 'title' => 'hi "howdy"']
);
Will output:
287
<?= $this->Html->media(
['video.mp4', ['src' => 'video.ogg', 'type' => "video/ogg; codecs='theora, vorbis'"]],
['autoplay']
) ?>
// Output
<video autoplay="autoplay">
<source src="/files/video.mp4" type="video/mp4"/>
<source src="/files/video.ogg" type="video/ogg;
codecs='theora, vorbis'"/>
</video>
can print elsewhere in the document. If you wish to override which block name is used, you can do so by
setting $options[block].
$options[once] controls whether or not you want to include this script once per request or more
than once. This defaults to true.
You can use $options to set additional properties to the generated script tag. If an array of script tags is used,
the attributes will be applied to all of the generated script tags.
This method of JavaScript file inclusion assumes that the JavaScript file specified resides inside the webroot/js directory:
echo $this->Html->script('scripts');
Will output:
<script src="/js/scripts.js"></script>
You can link to files with absolute paths as well to link files that are not in webroot/js:
echo $this->Html->script('/otherdir/script_file');
Will output:
<script src="http://code.jquery.com/jquery.min.js"></script>
Will output:
<script src="/js/jquery.js"></script>
<script src="/js/wysiwyg.js"></script>
<script src="/js/scripts.js"></script>
You can append the script tag to a specific block using the block option:
echo $this->Html->script('wysiwyg', ['block' => 'scriptBottom']);
In your layout you can output all the script tags added to scriptBottom:
echo $this->fetch('scriptBottom');
You can include script files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/js/toolbar.js You could use the following:
To include plug-
echo $this->Html->script('DebugKit.toolbar.js');
If you want to include a script file which shares a name with a loaded plugin you can do the following. For
example if you had a Blog plugin, and also wanted to include webroot/js/Blog.plugins.js, you
would:
More About Views
289
Output:
// Output (minus the whitespace)
<ul>
<li>Languages
<ul>
<li>English
<ul>
<li>American</li>
<li>Canadian</li>
<li>British</li>
</ul>
290
</li>
<li>Spanish</li>
<li>German</li>
</ul>
</li>
</ul>
Output:
<tr>
<th>Date</th>
<th>Title</th>
<th>Active</th>
</tr>
echo $this->Html->tableHeaders(
['Date','Title','Active'],
['class' => 'status'],
['class' => 'product_table']
);
Output:
<tr class="status">
<th class="product_table">Date</th>
<th class="product_table">Title</th>
<th class="product_table">Active</th>
</tr>
You can set attributes per column, these are used instead of the defaults provided in the $thOptions:
echo $this->Html->tableHeaders([
'id',
['Name' => ['class' => 'highlight']],
['Date' => ['class' => 'sortable']]
]);
Output:
<tr>
<th>id</th>
<th class="highlight">Name</th>
<th class="sortable">Date</th>
</tr>
291
Output:
<tr><td>Jul 7th, 2007</td><td>Best Brownies</td><td>Yes</td></tr>
<tr><td>Jun 21st, 2007</td><td>Smart Cookies</td><td>Yes</td></tr>
<tr><td>Aug 1st, 2006</td><td>Anti-Java Cake</td><td>No</td></tr>
echo $this->Html->tableCells([
['Jul 7th, 2007', ['Best Brownies', ['class' => 'highlight']] , 'Yes'],
['Jun 21st, 2007', 'Smart Cookies', 'Yes'],
['Aug 1st, 2006', 'Anti-Java Cake', ['No', ['id' => 'special']]],
]);
Output:
<tr>
<td>
Jul 7th, 2007
</td>
<td class="highlight">
Best Brownies
</td>
<td>
Yes
</td>
</tr>
<tr>
<td>
Jun 21st, 2007
</td>
<td>
Smart Cookies
</td>
<td>
Yes
</td>
</tr>
<tr>
<td>
Aug 1st, 2006
</td>
292
<td>
Anti-Java Cake
</td>
<td id="special">
No
</td>
</tr>
echo $this->Html->tableCells(
[
['Red', 'Apple'],
['Orange', 'Orange'],
['Yellow', 'Banana'],
],
['class' => 'darker']
);
Output:
<tr class="darker"><td>Red</td><td>Apple</td></tr>
<tr><td>Orange</td><td>Orange</td></tr>
<tr class="darker"><td>Yellow</td><td>Banana</td></tr>
Cake\View\Helper\HtmlHelper::templates($templates)
The $templates parameter can be either a string file path to the PHP file containing the tags you want to
load, or an array of templates to add/replace:
// Load templates from config/my_html.php
$this->Html->templates('my_html.php');
// Load specific templates.
$this->Html->templates([
'javascriptlink' => '<script src="{{url}}" type="text/javascript"{{attrs}}></script>'
]);
Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>
293
The $startText option can also accept an array. This gives more control over the generated first link:
echo $this->Html->getCrumbs(' > ', [
'text' => $this->Html->image('home.png'),
'url' => ['controller' => 'Pages', 'action' => 'display', 'home'],
'escape' => false
]);
Any keys that are not text or url will be passed to link() as the $options parameter.
Now, in your view youll want to add the following to start the breadcrumb trails on each of the pages:
$this->Html->addCrumb('Users', '/users');
$this->Html->addCrumb('Add User', ['controller' => 'Users', 'action' => 'add']);
This will add the output of Home > Users > Add User in your layout where getCrumbs was added.
You can also fetch the crumbs formatted inside an HTML list:
echo $this->Html->getCrumbList();
As options you can use regular HTML parameter that fits in the <ul> (Unordered List) such as class and
for the specific options, you have: separator (will be between the <li> elements), firstClass and
lastClass like:
echo $this->Html->getCrumbList(
[
'firstClass' => false,
'lastClass' => 'active',
'class' => 'breadcrumb'
],
'Home'
);
294
is useful when you always want to include a root link. This option works the same as the $startText
option for View\Helper\HtmlHelper::getCrumbs().
Number
class Cake\View\Helper\NumberHelper(View $view, array $config =[])
The NumberHelper contains convenient methods that enable display numbers in common formats in your
views. These methods include ways to format currency, percentages, data sizes, format numbers to specific
precisions and also to give you more flexibility with formatting numbers.
All of these functions return the formatted number; they do not automatically echo the output into the view.
Formatting Currency Values
The first parameter, $value, should be a floating point number that represents the amount of money you
are expressing. The second parameter is a string used to choose a predefined currency formatting scheme:
$currency
EUR
GBP
USD
The third parameter is an array of options for further defining the output. The following options are available:
Option
before
after
zero
places
precision
locale
fractionSymbol
fractionPosition
pattern
useIntlCode
Description
Text to display before the rendered number.
Text to display before the rendered number.
The text to use for zero values; can be a string or a number. ie. 0, Free!.
Number of decimal places to use, ie. 2
Maximal number of decimal places to use, ie. 2
The locale name to use for formating number, ie. fr_FR.
String to use for fraction numbers, ie. cents.
Either before or after to place the fraction symbol.
An ICU number pattern to use for formatting the number ie. #,###.00
Set to true to replace the currency symbol with the international currency code.
If
$currency
value
is
null,
the
default
Cake\I18n\Number::defaultCurrency()
More About Views
currency
will
be
retrieved
from
295
Cake\View\Helper\NumberHelper::defaultCurrency($currency)
Setter/getter for the default currency.
This removes the need to always pass the currency to
Cake\I18n\Number::currency() and change all currency outputs by setting other default. If
$currency is set to false, it will clear the currently stored value. By default, it will retrieve the
intl.default_locale if set and en_US if not.
Formatting Floating Point Numbers
Formatting Percentages
Description
Boolean to indicate whether the value has to be multiplied by 100. Useful for decimal
percentages.
296
Cake\View\Helper\NumberHelper::toReadableSize(string $size)
This method formats data sizes in human readable forms. It provides a shortcut way to convert bytes to
KB, MB, GB, and TB. The size is displayed with a two-digit precision level, according to the size of data
supplied (i.e. higher sizes are expressed in larger terms):
// Called as NumberHelper
echo $this->Number->toReadableSize(0); // 0 Byte
echo $this->Number->toReadableSize(1024); // 1 KB
echo $this->Number->toReadableSize(1321205.76); // 1.26 MB
echo $this->Number->toReadableSize(5368709120); // 5 GB
// Called as Number
echo Number::toReadableSize(0); // 0 Byte
echo Number::toReadableSize(1024); // 1 KB
echo Number::toReadableSize(1321205.76); // 1.26 MB
echo Number::toReadableSize(5368709120); // 5 GB
Formatting Numbers
The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter is where the real magic for this method resides.
If you pass an integer then this becomes the amount of precision or places for the function.
If you pass an associated array, you can use the following keys:
Option
places
precision
pattern
locale
before
after
Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
An ICU number pattern to use for formatting the number ie. #,###.00
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.
Example:
297
// Called as NumberHelper
echo $this->Number->format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo $this->Number->format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'
// Called as Number
echo Number::format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo Number::format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'
Format Differences
The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter takes the same keys as Number::format() itself:
Option
places
precision
locale
before
after
Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.
Example:
298
// Called as NumberHelper
echo $this->Number->formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
// Called as Number
echo Number::formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
Paginator
class Cake\View\Helper\PaginatorHelper(View $view, array $config =[])
The Pagination helper is used to output pagination controls such as page numbers and next/previous links.
It works in tandem with PaginatorComponent.
See also Pagination for information on how to create paginated datasets and do paginated queries.
PaginatorHelper Templates
Internally PaginatorHelper uses a series of simple HTML templates to generate markup. You can modify
these templates to customize the HTML generated by the PaginatorHelper.
Templates use {{var}} style placeholders. It is important to not add any spaces around the {{}} or the
replacements will not work.
Loading Templates from a File When adding the PaginatorHelper in your controller, you can define the
templates setting to define a template file to load. This allows you easily customize multiple templates and
keep your code DRY:
// In a controller.
public $helpers = [
'Paginator' => ['templates' => 'paginator-templates']
];
This will load the file located at config/paginator-templates.php. See the example below for
how the file should look like. You can also load templates from a plugin using plugin syntax:
299
// In a controller.
public $helpers = [
'Paginator' => ['templates' => 'MyPlugin.paginator-templates']
];
Whether your templates are in the primary application or a plugin, your templates file should look something
like:
return [
'number' => '<a href="{{url}}">{{text}}</a>',
];
Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>
Output:
<a href="/posts/index?page=1&sort=user_id&direction=asc">User Id</a>
You can use the title parameter to create custom text for your link:
echo $this->Paginator->sort('user_id', 'User account');
Output:
<a href="/posts/index?page=1&sort=user_id&direction=asc">User account</a>
If you are using HTML like images in your links remember to set escaping off:
echo $this->Paginator->sort(
'user_id',
'<em>User account</em>',
['escape' => false]
);
Output:
301
The direction option can be used to set the default direction for a link. Once a link is active, it will automatically switch directions like normal:
echo $this->Paginator->sort('user_id', null, ['direction' => 'desc']);
Output:
<a href="/posts/index?page=1&sort=user_id&direction=desc">User Id</a>
The lock option can be used to lock sorting into the specified direction:
echo $this->Paginator->sort('user_id', null, ['direction' => 'asc', 'lock' => true]);
Cake\View\Helper\PaginatorHelper::numbers($options =[])
Returns a set of numbers for the paged result set. Uses a modulus to decide how many numbers to show on
each side of the current page By default 8 links on either side of the current page will be created if those
pages exist. Links will not be generated for pages that do not exist. The current page is also not a link.
Supported options are:
before Content to be inserted before the numbers.
after Content to be inserted after the numbers.
model Model to create numbers for, defaults to PaginatorHelper::defaultModel().
modulus how many numbers to include on either side of the current page, defaults to 8.
first Whether you want first links generated, set to an integer to define the number of first links
to generate. Defaults to false. If a string is set a link to the first page will be generated with the
value as the title:
echo $this->Paginator->numbers(['first' => 'First page']);
last Whether you want last links generated, set to an integer to define the number of last links to
generate. Defaults to false. Follows the same logic as the first option. There is a last()
method to be used separately as well if you wish.
While this method allows a lot of customization for its output. It is also ok to just call the method without
any params.
302
echo $this->Paginator->numbers();
Using the first and last options you can create links to the beginning and end of the page set. The following
would create a set of page links that include links to the first 2 and last 2 pages in the paged results:
echo $this->Paginator->numbers(['first' => 2, 'last' => 2]);
In addition to generating links that go directly to specific page numbers, youll often want links that go to
the previous and next links, first and last pages in the paged data set.
Cake\View\Helper\PaginatorHelper::prev($title = << Previous, $options =[])
Parameters
$title (string) Title for the link.
$options (mixed) Options for pagination link.
Generates a link to the previous page in a set of paged records.
$options supports the following keys:
escape Whether you want the contents HTML entity encoded, defaults to true.
model The model to use, defaults to PaginatorHelper::defaultModel().
disabledTitle The text to use when the link is disabled. Defaults to the $title parameter.
A simple example would be:
echo $this->Paginator->prev(' << ' . __('previous'));
If you were currently on the second page of posts, you would get the following:
<li class="prev">
<a rel="prev" href="/posts/index?page=1&sort=title&order=desc">
<< previous
</a>
</li>
303
The above creates a single link for the first page. Will output nothing if you are on the first page. You
can also use an integer to indicate how many first paging links you want generated:
echo $this->Paginator->first(3);
The above will create links for the first 3 pages, once you get to the third or greater page. Prior to that
nothing will be output.
The options parameter accepts the following:
model The model to use defaults to PaginatorHelper::defaultModel()
escape Whether or not the text should be escaped. Set to false if your content contains
HTML.
Cake\View\Helper\PaginatorHelper::last($last = last >>, $options =[])
This method works very much like the first() method. It has a few differences though. It will not
generate any links if you are on the last page for a string values of $last. For an integer value of
$last no links will be generated once the user is inside the range of last pages.
Checking the Pagination State
Cake\View\Helper\PaginatorHelper::counter($options =[])
Returns a counter string for the paged result set. Using a provided format string and a number of options
you can create localized and application specific indicators of where a user is in the paged data set.
There are a number of options for counter(). The supported ones are:
304
format Format of the counter. Supported formats are range, pages and custom. Defaults to pages
which would output like 1 of 10. In the custom mode the supplied string is parsed and tokens are
replaced with actual values. The available tokens are:
{{page}} - the current page displayed.
{{pages}} - total number of pages.
{{current}} - current number of records being shown.
{{count}} - the total number of records in the result set.
{{start}} - number of the first record being displayed.
{{end} - number of the last record being displayed.
{{model}} - The pluralized human form of the model name. If your model was RecipePage,
{{model}} would be recipe pages.
You could also supply only a string to the counter method using the tokens available. For example:
echo $this->Paginator->counter(
'Page {{page}} of {{pages}}, showing {{current}} records out of
{{count}} total, starting on record {{start}}, ending on {{end}}'
);
model
The
name
of
the
model
being
paginated,
defaults
to
PaginatorHelper::defaultModel(). This is used in conjunction with the custom
string on format option.
Modifying the Options PaginatorHelper Uses
Cake\View\Helper\PaginatorHelper::options($options =[])
Sets all the options for the Paginator Helper. Supported options are:
url The URL of the paginating action. url has a few sub options as well:
sort The key that the records are sorted by.
direction The direction of the sorting. Defaults to ASC.
page The page number to display.
The above mentioned options can be used to force particular pages/directions. You can also append
additional URL content into all URLs generated in the helper:
$this->Paginator->options([
'url' => [
'sort' => 'email',
305
The above adds the en route parameter to all links the helper will generate. It will also create links
with specific sort, direction and page values. By default PaginatorHelper will merge in all of the
current passed arguments and query string parameters.
escape Defines if the title field for links should be HTML escaped. Defaults to true.
model
The
name
of
the
model
PaginatorHelper::defaultModel().
being
paginated,
defaults
to
Pagination in Views
Its up to you to decide how to show records to the user, but most often this will be done inside HTML
tables. The examples below assume a tabular layout, but the PaginatorHelper available in views doesnt
always need to be restricted as such.
See the details on PaginatorHelper5 in the API. As mentioned, the PaginatorHelper also offers sorting features which can be easily integrated into your table column headers:
<!-- src/Template/Posts/index.ctp -->
<table>
<tr>
<th><?= $this->Paginator->sort('id', 'ID') ?></th>
<th><?= $this->Paginator->sort('title', 'Title') ?></th>
</tr>
<?php foreach ($recipes as $recipe): ?>
<tr>
<td><?= $recipe->id ?> </td>
<td><?= h($recipe->title) ?> </td>
</tr>
<?php endforeach; ?>
</table>
The links output from the sort() method of the PaginatorHelper allow users to click on table headers
to toggle the sorting of the data by a given field.
It is also possible to sort a column based on associations:
<table>
<tr>
<th><?= $this->Paginator->sort('title', 'Title') ?></th>
<th><?= $this->Paginator->sort('Authors.name', 'Author') ?></th>
</tr>
<?php foreach ($recipes as $recipe): ?>
<tr>
<td><?= h($recipe->title) ?> </td>
5
http://api.cakephp.org/3.0/class/paginator-helper
306
The final ingredient to pagination display in views is the addition of page navigation, also supplied by the
PaginationHelper:
// Shows the page numbers
<?= $this->Paginator->numbers() ?>
// Shows the next and previous links
<?= $this->Paginator->prev(' Previous') ?>
<?= $this->Paginator->next('Next ') ?>
// Prints X of Y, where X is current page and Y is number of pages
<?= $this->Paginator->counter() ?>
The wording output by the counter() method can also be customized using special markers:
<?= $this->Paginator->counter([
'format' => 'Page {{page}} of {{pages}}, showing {{current}} records out of
{{count}} total, starting on record {{start}}, ending on {{end}}'
]) ?>
Rss
class Cake\View\Helper\RssHelper(View $view, array $config =[])
The RSS helper makes generating XML for RSS feeds6 easy.
Creating an RSS Feed with the RssHelper
This example assumes you have a Articles Controller, Articles Table and an Article Entity already created
and want to make an alternative view for RSS.
Creating an XML/RSS version of articles/index is a snap with CakePHP. After a few simple steps you can simply append the desired extension .rss to articles/index making your URL
6
https://en.wikipedia.org/wiki/RSS
307
articles/index.rss. Before we jump too far ahead trying to get our webservice up and running
we need to do a few things. First extensions parsing needs to be activated, this is done in config/routes.php:
Router::extensions('rss');
In
the
call
above
weve
activated
the
.rss
extension.
When
using
Cake\Routing\Router::extensions() you can pass a string or an array of extensions as
first argument. This will activate each extension/content-type for use in your application. Now when the
address articles/index.rss is requested you will get an XML version of your articles/index.
However, first we need to edit the controller to add in the rss-specific code.
Controller Code It is a good idea to add RequestHandler to your ArticlesControllers initialize()
method. This will allow a lot of automagic to occur:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
Before we can make an RSS version of our articles/index we need to get a few things in order. It may be tempting to put the channel metadata in the controller action and pass it to your view
using the Cake\Controller\Controller::set() method but this is inappropriate. That information can also go in the view. That will come later though, for now if you have a different
set of logic for the data used to make the RSS feed and the data for the HTML view you can use
the Cake\Controller\Component\RequestHandler::isRss() method, otherwise your controller can stay the same:
// Modify the Posts Controller action that corresponds to
// the action which deliver the rss feed, which is the
// Index action in our example.
public function index()
{
if ($this->RequestHandler->isRss() ) {
$articles = $this->Articles
->find()
->limit(20)
->order(['created' => 'desc']);
$this->set(compact('articles'));
} else {
// this is not an Rss request, so deliver
// data used by website's interface.
$this->paginate = [
'order' => ['created' => 'desc'],
'limit' => 10
];
$this->set('articles', $this->paginate($this->Articles));
$this->set('_serialize', ['articles']);
}
}
308
With all the View variables set we need to create an rss layout.
Layout An Rss layout is very simple, put the following contents in src/Template/Layout/rss/default.ctp:
if (!isset($documentData)) {
$documentData = [];
}
if (!isset($channelData)) {
$channelData = [];
}
if (!isset($channelData['title'])) {
$channelData['title'] = $this->fetch('title');
}
$channel = $this->Rss->channel([], $channelData, $this->fetch('content'));
echo $this->Rss->document($documentData, $channel);
It doesnt look like much but thanks to the power in the RssHelper its doing a lot of lifting for us. We
havent set $documentData or $channelData in the controller, however in CakePHP your views can
pass variables back to the layout. Which is where our $channelData array will come from setting all of
the meta data for our feed.
Next up is view file for my articles/index. Much like the layout file we created, we need to create a
src/Template/Posts/rss/ directory and create a new index.ctp inside that folder. The contents of the
file are below.
View Our view, located at src/Template/Posts/rss/index.ctp, begins by setting the $documentData
and $channelData variables for the layout, these contain all the metadata for our RSS feed.
This is done by using the Cake\View\View::set() method which is analogous to the
Cake\Controller\Controller::set() method. Here though we are passing the channels metadata back to the layout:
$this->set('channelData', [
'title' => __("Most Recent Posts"),
'link' => $this->Url->build('/', true),
'description' => __("Most recent posts."),
'language' => 'en-us'
]);
The second part of the view generates the elements for the actual records of the feed. This is accomplished
by looping through the data that has been passed to the view ($items) and using the RssHelper::item()
method. The other method you can use, RssHelper::items() which takes a callback and an array of
items for the feed. The callback method is usually called transformRss(). There is one downfall to this
method, which is that you cannot use any of the other helper classes to prepare your data inside the callback
method because the scope inside the method does not include anything that is not passed inside, thus not
giving access to the TimeHelper or any other helper that you may need. The RssHelper::item()
transforms the associative array into an element for each key value pair.
Note: You will need to modify the $link variable as appropriate to your application. You might also want
to use a virtual property in your Entity.
309
$this->Rss->item([], [
'title' => $article->title,
'link' => $link,
'guid' => ['url' => $link, 'isPermaLink' => 'true'],
'description' => $body,
'pubDate' => $article->created
]);
}
You can see above that we can use the loop to prepare the data to be transformed into XML elements. It is
important to filter out any non-plain text characters out of the description, especially if you are using a rich
text editor for the body of your blog. In the code above we used strip_tags() and h() to remove/escape
any XML special characters from the content, as they could cause validation errors. Once we have set up the
data for the feed, we can then use the RssHelper::item() method to create the XML in RSS format.
Once you have all this setup, you can test your RSS feed by going to your site /posts/index.rss
and you will see your new feed. It is always important that you validate your RSS feed before making it
live. This can be done by visiting sites that validate the XML such as Feed Validator or the w3c site at
http://validator.w3.org/feed/.
Note: You may need to set the value of debug in your core configuration to false to get a valid feed,
because of the various debug information added automagically under higher debug settings that break XML
syntax or feed validation rules.
Session
class Cake\View\Helper\SessionHelper(View $view, array $config =[])
As a natural counterpart to the Session Component, the Session Helper replicates most of the components
functionality and makes it available in your view.
310
The major difference between the Session Helper and the Session Component is that the helper does not
have the ability to write to the session.
As with the session object, data is read by using dot notation array structures:
['User' => [
'username' => '[email protected]'
]];
Given the previous array structure, the node would be accessed by User.username, with the dot indicating the nested array. This notation is used for all Session helper methods wherever a $key is used.
Cake\View\Helper\SessionHelper::read(string $key)
Return type mixed
Read from the Session. Returns a string or array depending on the contents of the session.
Cake\View\Helper\SessionHelper::check(string $key)
Return type boolean
Check to see whether a key is in the Session. Returns a boolean representing the keys existence.
Text
class Cake\View\Helper\TextHelper(View $view, array $config =[])
The TextHelper contains methods to make text more usable and friendly in your views. It aids in enabling
links, formatting URLs, creating excerpts of text around chosen words or phrases, highlighting key words
in blocks of text, and gracefully truncating long stretches of text.
Linking Email addresses
Output:
For more information regarding our world-famous pastries and desserts,
contact <a href="mailto:[email protected]">[email protected]</a>
This method automatically escapes its input. Use the escape option to disable this if necessary.
311
Linking URLs
Cake\View\Helper\TextHelper::autoParagraph(string $text)
Adds proper <p> around text where double-line returns are found, and <br> where single-line returns are
found.
$myText = 'For more information
regarding our world-famous pastries and desserts.
contact [email protected]';
$formattedText = $this->Text->autoParagraph($myText);
Output:
<p>For more information<br />
regarding our world-famous pastries and desserts.<p>
<p>contact [email protected]</p>
Highlighting Substrings
312
Example:
// Called as TextHelper
echo $this->Text->highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
// Called as Text
use Cake\Utility\Text;
echo Text::highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
Output:
Highlights $needle in $haystack <span class="highlight">using</span>
the $options['format'] string specified or a default string.
Removing Links
Cake\View\Helper\TextHelper::stripLinks($text)
Strips the supplied $text of any HTML links.
Truncating Text
Example:
313
// Called as TextHelper
echo $this->Text->truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
Output:
The killer crept...
Example:
$sampleText = 'I packed my bag and in it I put a PSP, a PS3, a TV, ' .
'a C# program that can divide by zero, death metal t-shirts'
// Called as TextHelper
echo $this->Text->tail(
$sampleText,
70,
314
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);
Output:
...a TV, a C# program that can divide by zero, death metal t-shirts
Extracting an Excerpt
Output:
... by $radius, and prefix/suffix with $ellipsis. This method is
especially handy for search results. The query...
315
// Called as TextHelper
echo $this->Text->toList($colors);
// Called as Text
use Cake\Utility\Text;
echo Text::toList($colors);
Output:
red, orange, yellow, green, blue, indigo and violet
Time
class Cake\View\Helper\TimeHelper(View $view, array $config =[])
The Time Helper does what it says on the tin: saves you time. It allows for the quick processing of time
related information. The Time Helper has two main tasks that it can perform:
1. It can format time strings.
2. It can test time (but cannot bend time, sorry).
Using the Helper
A common use of the Time Helper is to offset the date and time to match a users time zone. Lets use a
forum as an example. Your forum has many users who may post messages at any time from any part of the
world. An easy way to manage the time is to save all dates and times as GMT+0 or UTC. Uncomment the
line date_default_timezone_set(UTC); in config/bootstrap.php to ensure your applications
time zone is set to GMT+0.
Next add a time zone field to your users table and make the necessary modifications to allow your users to
set their time zone. Now that we know the time zone of the logged in user we can correct the date and time
on our posts using the Time Helper:
echo $this->Time->format(
$post->created,
\IntlDateFormatter::FULL,
null,
$user->time_zone
);
// Will display 'Saturday, August 22, 2011 at 11:53:00 PM GMT'
// for a user in GMT+0. While displaying,
// 'Saturday, August 22, 2011 at 03:53 PM GMT-8:00'
// for a user in GMT-8
Most of TimeHelpers features are intended as backwards compatible interfaces for applications that are
upgrading from older versions of CakePHP. Because the ORM returns Cake\I18n\Time instances for
316
every timestamp and datetime column, you can use the methods there to do most tasks. E.g. to read
about the accepted formatting strings take a look at the Cake\I18n\Time::i18nFormat()7 method.
Url
class Cake\View\UrlHelper\UrlHelper(View $view, array $config =[])
The UrlHelper makes it easy for you to generate URLs from your other helpers. It also gives you a single
place to customize how URLs are generated by overriding the core helper with an application one. See the
Aliasing Helpers section for how to do this.
Generating URLs
http://api.cakephp.org/3.0/class-Cake.I18n.Time.html#_i18nFormat
317
// Output
/posts/list.rss
http://api.cakephp.org/3.0/class-Cake.Routing.Router.html#_url
318
$this->loadHelper('Html');
$this->loadHelper('Form');
$this->loadHelper('Flash');
}
}
Loading helpers from plugins uses the plugin syntax used elsewhere in CakePHP:
$this->loadHelper('Blog.Comment');
You dont have to explicitly load Helpers that come from CakePHP or your application. These helpers can
be lazily loaded upon first use. For example:
// Loads the FormHelper if it has not already been loaded.
$this->Form->create($article);
From within a plugins views, plugin helpers can also be lazily loaded. For example, view templates in the
Blog plugin, can lazily load helpers from the same plugin.
Conditionally Loading Helpers
You can use the current action name to conditionally load helpers:
class AppView extends View
{
public function initialize()
{
parent::initialize();
if ($this->request->action === 'index') {
$this->loadHelper('ListPage');
}
}
}
You can also use your controllers beforeRender method to load helpers:
class ArticlesController extends AppController
{
public function beforeRender(Event $event)
{
parent::beforeRender($event);
$this->getView()->loadHelper('MyHelper');
}
}
Configuration options
You can pass configuration options to helpers. These options can be used to set attribute values or modify
behavior of a helper:
319
namespace App\View\Helper;
use Cake\View\Helper;
class AwesomeHelper extends Helper
{
public function __construct(View $view, $config = [])
{
parent::__construct($view, $config);
debug($config);
}
}
class AwesomeController extends AppController
{
public $helpers = ['Awesome' => ['option1' => 'value1']];
}
By default all configuration options will be merged with the $_defaultConfig property. This property
should define the default values of any configuration your helper requires. For example:
namespace App\View\Helper;
use Cake\View\Helper;
use Cake\View\StringTemplateTrait;
class AwesomeHelper extends Helper
{
use StringTemplateTrait;
protected $_defaultConfig = [
'errorClass' => 'error',
'templates' => [
'label' => '<label for="{{for}}">{{content}}</label>',
],
];
}
Any configuration provided to your helpers constructor will be merged with the default values during construction and the merged data will be set to _config. You can use the config() method to read runtime
configuration:
// Read the errorClass config option.
$class = $this->Awesome->config('errorClass');
Using helper configuration allows you to declaratively configure your helpers and keep configuration logic
out of your controller actions. If you have configuration options that cannot be included as part of a class
declaration, you can set those in your controllers beforeRender callback:
class PostsController extends AppController
{
public function beforeRender(Event $event)
320
{
parent::beforeRender($event);
$view = $this->getView();
$view->loadHelper('CustomStuff', $this->_getCustomStuffConfig());
}
}
Aliasing Helpers
One common setting to use is the className option, which allows you to create aliased helpers in your
views. This feature is useful when you want to replace $this->Html or another common Helper reference
with a custom implementation:
// src/View/AppView.php
class AppView extends View
{
public function initialize()
{
$this->loadHelper('Html', [
'className' => 'MyHtml'
]);
}
}
// src/View/Helper/MyHtmlHelper.php
namespace App\View\Helper;
use Cake\View\Helper\HtmlHelper;
class MyHtmlHelper extends HtmlHelper
{
// Add your code to override the core HtmlHelper
}
Using Helpers
Once youve configured which helpers you want to use in your controller, each helper is exposed as a public
property in the view. For example, if you were using the HtmlHelper you would be able to access it by
doing the following:
echo $this->Html->css('styles');
The above would call the css() method on the HtmlHelper. You can access any loaded helper using
$this->{$helperName}.
321
There may be situations where you need to dynamically load a helper from inside a view. You can use the
views Cake\View\HelperRegistry to do this:
// Either one works.
$mediaHelper = $this->loadHelper('Media', $mediaConfig);
$mediaHelper = $this->helpers()->load('Media', $mediaConfig);
The HelperRegistry is a registry and supports the registry API used elsewhere in CakePHP.
Callback Methods
Helpers feature several callbacks that allow you to augment the view rendering process. See the Helper
Class and the Events System documentation for more information.
Creating Helpers
If a core helper (or one showcased on GitHub or in the Bakery) doesnt fit your needs, helpers are easy to
create.
Lets say we wanted to create a helper that could be used to output a specifically crafted CSS-styled link
you needed at many different places in your application. In order to fit your logic into CakePHPs existing
helper structure, youll need to create a new class in src/View/Helper. Lets call our helper LinkHelper.
The actual PHP class file would look something like this:
/* src/View/Helper/LinkHelper.php */
namespace App\View\Helper;
use Cake\View\Helper;
class LinkHelper extends Helper
{
public function makeEdit($title, $url)
{
// Logic to create specially formatted link goes here...
}
}
You may wish to use some functionality already existing in another helper. To do so, you can specify helpers
you wish to use with a $helpers array, formatted just as you would in a controller:
/* src/View/Helper/LinkHelper.php (using other helpers) */
namespace App\View\Helper;
use Cake\View\Helper;
322
Once youve created your helper and placed it in src/View/Helper/, you can load it in your views:
class AppView extends View
{
public function initialize()
{
parent::initialize();
$this->loadHelper('Link');
}
}
Once your helper has been loaded, you can use it in your views by accessing the matching view property:
<!-- make a link using the new helper -->
<?= $this->Link->makeEdit('Change this Recipe', '/recipes/edit/5') ?>
Helper Class
class Helper
Callbacks
By implementing a callback method in a helper, CakePHP will automatically subscribe your helper to the
relevant event. Unlike previous versions of CakePHP you should not call parent in your callbacks, as the
base Helper class does not implement any of the callback methods.
Helper::beforeRenderFile(Event $event, $viewFile)
Is called before each view file is rendered. This includes elements, views, parent views and layouts.
Helper::afterRenderFile(Event $event, $viewFile, $content)
Is called after each view file is rendered. This includes elements, views, parent views and layouts. A
323
callback can modify and return $content to change how the rendered content will be displayed in
the browser.
Helper::beforeRender(Event $event, $viewFile)
The beforeRender method is called after the controllers beforeRender method but before the controller renders view and layout. Receives the file being rendered as an argument.
Helper::afterRender(Event $event, $viewFile)
Is called after the view has been rendered but before layout rendering has started.
Helper::beforeLayout(Event $event, $layoutFile)
Is called before layout rendering starts. Receives the layout filename as an argument.
Helper::afterLayout(Event $event, $layoutFile)
Is called after layout rendering is complete. Receives the layout filename as an argument.
324
CHAPTER 12
In CakePHP working with data through the database is done with two primary object types. The first are
repositories or table objects. These objects provide access to collections of data. They allow you to save
new records, modify/delete existing ones, define relations, and perform bulk operations. The second type of
objects are entities. Entities represent individual records and allow you to define row/record level behavior
& functionality.
These two classes are usually responsible for managing almost everything that happens regarding your data,
its validity, interactions and evolution of the information workflow in your domain of work.
CakePHPs built-in ORM specializes in relational databases, but can be extended to support alternative
datasources.
The CakePHP ORM borrows ideas and concepts from both ActiveRecord and Datamapper patterns. It aims
to create a hybrid implementation that combines aspects of both patterns to create a fast, simple to use ORM.
Before we get started exploring the ORM, make sure you configure your database connections.
Note: If you are familiar with previous versions of CakePHP, you should read the New ORM Upgrade
Guide for important differences between CakePHP 3.0 and older versions of CakePHP.
Quick Example
To get started you dont have to write any code. If youve followed the CakePHP conventions for your
database tables you can just start using the ORM. For example if we wanted to load some data from our
articles table we could do:
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');
$query = $articles->find();
foreach ($query as $row) {
echo $row->title;
}
325
Note that we didnt have to create any code or wire any configuration up. The conventions in CakePHP
allow us to skip some boilerplate code and allow the framework to insert base classes when your application
has not created a concrete class. If we wanted to customize our ArticlesTable class adding some associations
or defining some additional methods we would add the following to src/Model/Table/ArticlesTable.php
after the <?php opening tag:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
}
Table classes use the CamelCased version of the table name with the Table suffix as the class name. Once
your class has been created you get a reference to it using the ORM\TableRegistry as before:
use Cake\ORM\TableRegistry;
// Now $articles is an instance of our ArticlesTable class.
$articles = TableRegistry::get('Articles');
Now that we have a concrete table class, well probably want to use a concrete entity class. Entity classes let
you define accessor and mutator methods, define custom logic for individual records and much more. Well
start off by adding the following to src/Model/Entity/Article.php after the <?php opening tag:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
}
Entities use the singular CamelCase version of the table name as their class name by default. Now that we
have created our entity class, when we load entities from the database well get instances of our new Article
class:
use Cake\ORM\TableRegistry;
// Now an instance of ArticlesTable.
$articles = TableRegistry::get('Articles');
$query = $articles->find();
foreach ($query as $row) {
// Each row is now an instance of our Article class.
echo $row->title;
}
CakePHP uses naming conventions to link the Table and Entity class together. If you need to customize
which entity a table uses you can use the entityClass() method to set a specific classname.
See the chapters on Table Objects and Entities for more information on how to use table objects and entities
326
in your application.
More Information
Database Basics
The CakePHP database access layer abstracts and provides help with most aspects of dealing with relational
databases such as, keeping connections to the server, building queries, preventing SQL injections, inspecting
and altering schemas, and with debugging and profiling queries sent to the database.
Quick Tour
The functions described in this chapter illustrate what is possible to do with the lower-level database access
API. If instead you want to learn more about the complete ORM, you can read the Query Builder and Table
Objects sections.
The easiest way to create a database connection is using a DSN string:
use Cake\Datasource\ConnectionManager;
$dsn = 'mysql://root:password@localhost/my_database';
ConnectionManager::config('default', ['url' => $dsn]);
Once created, you can access the connection object to start using it:
$connection = ConnectionManager::get('default');
Supported Databases
More Information
327
use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$results = $connection->execute('SELECT * FROM articles')->fetchAll('assoc');
Instead of writing the SQL manually, you can use the query builder:
$results = $connection
->newQuery()
->select('*')
->from('articles')
->where(['created >' => new DateTime('1 day ago'), ['created' => 'datetime']])
->order(['title' => 'DESC'])
->execute()
->fetchAll('assoc');
Updating rows in the database is equally intuitive, the following example will update the article with id 10:
use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$connection->update('articles', ['title' => 'New title'], ['id' => 10]);
328
Similarly, the delete() method is used to delete rows from the database, the following example deletes
the article with id 10:
use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$connection->delete('articles', ['id' => 10]);
Configuration
By convention database connections are configured in config/app.php. The connection information defined
in this file is fed into Cake\Datasource\ConnectionManager creating the connection configuration
your application will be using. Sample connection information can be found in config/app.default.php. A
sample connection configuration would look like:
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'my_app',
'password' => 'sekret',
'database' => 'my_app',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
]
],
The above will create a default connection, with the provided parameters. You can define as many connections as you want in your configuration file. You can also define additional connections at runtime using
Cake\Datasource\ConnectionManager::config(). An example of that would be:
use Cake\Datasource\ConnectionManager;
ConnectionManager::config('default', [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'my_app',
'password' => 'sekret',
'database' => 'my_app',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
]);
Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
More Information
329
ConnectionManager::config('default', [
'url' => 'mysql://my_app:sekret@localhost/my_app?encoding=utf8&timezone=UTC&cacheMetada
]);
When using a DSN string you can define any additional parameters/options as query string arguments.
By default, all Table objects will use the default connection. To use a non-default connection, see
Configuring Connections.
There are a number of keys supported in database configuration. A full list is as follows:
className The fully namespaced class name of the class that represents the connection to a database server.
This class is responsible for loading the database driver, providing SQL transaction mechanisms and
preparing SQL statements among other things.
driver The class name of the driver used to implements all specificities for a database engine. This can
either be a short classname using plugin syntax, a fully namespaced name, or a constructed driver
instance. Examples of short classnames are Mysql, Sqlite, Postgres, and Sqlserver.
persistent Whether or not to use a persistent connection to the database.
host The database servers hostname (or IP address).
username The username for the account.
password The password for the account.
database The name of the database for this connection to use.
port (optional) The TCP port or Unix socket used to connect to the server.
encoding Indicates the character set to use when sending SQL statements to the server. This defaults to the
databases default encoding for all databases other than DB2. If you wish to use UTF-8 encoding with
MySQL connections you must use utf8 without the hyphen.
timezone Server timezone to set.
schema Used in PostgreSQL database setups to specify which schema to use.
unix_socket Used by drivers that support it to connect via Unix socket files. If you are using PostgreSQL
and want to use Unix sockets, leave the host key blank.
ssl_key The file path to the SSL key file. (Only supported by MySQL).
ssl_cert The file path to the SSL certificate file. (Only supported by MySQL).
ssl_ca The file path to the SSL certificate authority. (Only supported by MySQL).
init A list of queries that should be sent to the database server as when the connection is created.
log Set to true to enable query logging. When enabled queries will be logged at a debug level with the
queriesLog scope.
quoteIdentifiers Set to true if you are using reserved words or special characters in your table or column
names. Enabling this setting will result in queries built using the Query Builder having identifiers
quoted when creating SQL. It should be noted that this decreases performance because each query
needs to be traversed and manipulated before being executed.
330
flags An associative array of PDO constants that should be passed to the underlying PDO instance. See the
PDO documentation for the flags supported by the driver you are using.
cacheMetadata Either boolean true, or a string containing the cache configuration to store meta data in.
Having metadata caching disable is not advised and can result in very poor performance. See the
Metadata Caching section for more information.
At this point, you might want to take a look at the CakePHP Conventions. The correct naming for your tables
(and the addition of some columns) can score you some free functionality and help you avoid configuration.
For example, if you name your database table big_boxes, your table BigBoxesTable, and your controller
BigBoxesController, everything will work together automatically. By convention, use underscores, lower
case, and plural forms for your database table names - for example: bakers, pastry_stores, and savory_cakes.
Managing Connections
class Cake\Datasource\ConnectionManager
The ConnectionManager class acts as a registry to access database connections your application has. It
provides a place that other objects can get references to existing connections.
Accessing Connections
static Cake\Datasource\ConnectionManager::get($name)
Once configured connections can be fetched using Cake\Datasource\ConnectionManager::get().
This method will construct and load a connection if it has not been built before, or return the existing known
connection:
use Cake\Datasource\ConnectionManager;
$conn = ConnectionManager::get('default');
Using config() and get() you can create new connections that are not defined in your configuration
files at runtime:
ConnectionManager::config('my_connection', $config);
$conn = ConnectionManager::get('my_connection');
See the Configuration for more information on the configuration data used when creating connections.
Data Types
class Cake\Database\Type
More Information
331
Since not every database vendor includes the same set of data types, or the same names for similar data
types, CakePHP provides a set of abstracted data types for use with the database layer. The types CakePHP
supports are:
string Generally backed by CHAR or VARCHAR columns. Using the fixed option will force a CHAR
column. In SQL Server, NCHAR and NVARCHAR types are used.
text Maps to TEXT types
uuid Maps to the UUID type if a database provides one, otherwise this will generate a CHAR(36) field.
integer Maps to the INTEGER type provided by the database.
biginteger Maps to the BIGINT type provided by the database.
float Maps to either DOUBLE or FLOAT depending on the database. The precision option can be used
to define the precision used.
decimal Maps to the DECIMAL type. Supports the length and precision options.
boolean Maps to BOOLEAN except in MySQL, where TINYINT(1) is used to represent booleans.
binary Maps to the BLOB or BYTEA type provided by the database.
date Maps to a timezone naive DATE column type.
datetime Maps to a timezone naive DATETIME column type. In PostgreSQL, and SQL Server this turns
into a TIMESTAMP type. The default return value of this column type is Cake\I18n\Time which
extends the built-in DateTime class and Carbon1 .
timestamp Maps to the TIMESTAMP type.
time Maps to a TIME type in all databases.
These types are used in both the schema reflection features that CakePHP provides, and schema generation
features CakePHP uses when using test fixtures.
Each type can also provide translation functions between PHP and SQL representations. These methods
are invoked based on the type hints provided when doing queries. For example a column that is marked
as datetime will automatically convert input parameters from DateTime instances into a timestamp or
formatted datestrings. Likewise, binary columns will accept file handles, and generate file handles when
reading data.
Adding Custom Types
https://github.com/briannesbitt/Carbon
332
marshal
An easy way to fulfill the basic interface is to extend Cake\Database\Type. For example if we wanted
to add a JSON type, we could make the following type class:
// in src/Database/Type/JsonType.php
namespace App\Database\Type;
use Cake\Database\Driver;
use Cake\Database\Type;
use PDO;
class JsonType extends Type
{
public function toPHP($value, Driver $driver)
{
if ($value === null) {
return null;
}
return json_decode($value, true);
}
public function marshal($value)
{
if (is_array($value) || $value === null) {
return $value;
}
return json_decode($value, true);
}
public function toDatabase($value, Driver $driver)
{
return json_encode($value);
}
public function toStatement($value, Driver $driver)
{
if ($value === null) {
return PDO::PARAM_NULL;
}
return PDO::PARAM_STR;
}
}
By default the toStatement() method will treat values as strings which will work for our new type.
Once weve created our new type, we need to add it into the type mapping. During our application bootstrap
we should do the following:
use Cake\Database\Type;
Type::map('json', 'App\Database\Type\JsonType');
More Information
333
We can then overload the reflected schema data to use our new type, and CakePHPs database layer will
automatically convert our JSON data when creating queries. You can use the custom types youve created
by mapping the types in your Tables _initializeSchema() method:
use Cake\Database\Schema\Table as Schema;
class WidgetsTable extends Table
{
protected function _initializeSchema(Schema $schema)
{
$schema->columnType('widget_prefs', 'json');
return $schema;
}
}
Connection Classes
class Cake\Database\Connection
Connection classes provide a simple interface to interact with database connections in a consistent way.
They are intended as a more abstract interface to the driver layer and provide features for executing queries,
logging queries, and doing transactional operations.
Executing Queries
Cake\Database\Connection::query($sql)
Once youve gotten a connection object, youll probably want to issue some queries with it. CakePHPs
database abstraction layer provides wrapper features on top of PDO and native drivers. These wrappers
provide a similar interface to PDO. There are a few different ways you can run queries depending on the
type of query you need to run and what kind of results you need back. The most basic method is query()
which allows you to run already completed SQL queries:
$stmt = $conn->query('UPDATE posts SET published = 1 WHERE id = 2');
Without any type hinting information, execute will assume all placeholders are string values. If you need
to bind specific types of data, you can use their abstract type names when creating a query:
334
$stmt = $conn->execute(
'UPDATE posts SET published_date = ? WHERE id = ?',
[new DateTime('now'), 2],
['date', 'integer']
);
Cake\Database\Connection::newQuery()
This allows you to use rich data types in your applications and properly convert them into SQL statements.
The last and most flexible way of creating queries is to use the Query Builder. This approach allows you to
build complex and expressive queries without having to use platform specific SQL:
$query = $conn->newQuery();
$query->update('posts')
->set(['publised' => true])
->where(['id' => 2]);
$stmt = $query->execute();
When using the query builder, no SQL will be sent to the database server until the execute() method is
called, or the query is iterated. Iterating a query will first execute it and then start iterating over the result
set:
$query = $conn->newQuery();
$query->select('*')
->from('posts')
->where(['published' => true]);
foreach ($query as $row) {
// Do something with the row.
}
Note: When you have an instance of Cake\ORM\Query you can use all() to get the result set for
SELECT queries.
Using Transactions
The connection objects provide you a few simple ways you do database transactions. The most basic way of
doing transactions is through the begin(), commit() and rollback() methods, which map to their
SQL equivalents:
$conn->begin();
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [true, 2]);
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [false, 4]);
$conn->commit();
Cake\Database\Connection::transactional(callable $callback)
In addition to this interface connection instances also provide the transactional() method which
makes handling the begin/commit/rollback calls much simpler:
More Information
335
$conn->transactional(function ($conn) {
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [true, 2]);
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [false, 4]);
});
In addition to basic queries, you can execute more complex queries using either the Query Builder or Table
Objects. The transactional method will do the following:
Call begin.
Call the provided closure.
If the closure raises an exception, a rollback will be issued. The original exception will be re-thrown.
If the closure returns false, a rollback will be issued.
If the closure executes successfully, the transaction will be committed.
Interacting with Statements
When using the lower level database API, you will often encounter statement objects. These objects allow
you to manipulate the underlying prepared statement from the driver. After creating and executing a query
object, or using execute() you will have a StatementDecorator instance. It wraps the underlying
basic statement object and provides a few additional features.
Preparing a Statement
You can create a statement object using execute(), or prepare(). The execute() method returns
a statement with the provided values bound to it. While prepare() returns an incomplete statement:
// Statements from execute will have values bound to them already.
$stmt = $conn->execute(
'SELECT * FROM articles WHERE published = ?',
[true]
);
// Statements from prepare will be parameters for placeholders.
// You need to bind parameters before attempting to execute it.
$stmt = $conn->prepare('SELECT * FROM articles WHERE published = ?');
Once youve prepared a statement you can bind additional data and execute it.
Binding Values
Once youve created a prepared statement, you may need to bind additional data. You can bind multiple
values at once using the bind() method, or bind individual elements using bindValue:
$stmt = $conn->prepare(
'SELECT * FROM articles WHERE published = ? AND created > ?'
);
336
When creating statements you can also use named array keys instead of positional ones:
$stmt = $conn->prepare(
'SELECT * FROM articles WHERE published = :published AND created > :created'
);
// Bind multiple values
$stmt->bind(
['published' => true, 'created' => new DateTime('2013-01-01')],
['published' => 'boolean', 'created' => 'date']
);
// Bind a single value
$stmt->bindValue('published', true, 'boolean');
$stmt->bindValue('created', new DateTime('2013-01-01'), 'date');
Warning: You cannot mix positional and named array keys in the same statement.
After preparing a statement and binding data to it, you can execute it and fetch rows. Statements should
be executed using the execute() method. Once executed, results can be fetched using fetch(),
fetchAll() or iterating the statement:
$stmt->execute();
// Read one row.
$row = $stmt->fetch('assoc');
// Read all rows.
$rows = $stmt->fetchAll('assoc');
// Read rows through iteration.
foreach ($rows as $row) {
// Do work
}
Note: Reading rows through iteration will fetch rows in both mode. This means you will get both the
numerically indexed and associatively indexed results.
More Information
337
After executing a statement, you can fetch the number of affected rows:
$rowCount = count($stmt);
$rowCount = $stmt->rowCount();
If your query was not successful, you can get related error information using the errorCode() and
errorInfo() methods. These methods work the same way as the ones provided by PDO:
$code = $stmt->errorCode();
$info = $stmt->errorInfo();
Query Logging
Query logging can be enabled when configuring your connection by setting the log option to true. You
can also toggle query logging at runtime, using logQueries:
// Turn query logging on.
$conn->logQueries(true);
// Turn query logging off
$conn->logQueries(false);
When query logging is enabled, queries will be logged to Cake\Log\Log using the debug level, and the
queriesLog scope. You will need to have a logger configured to capture this level & scope. Logging to
stderr can be useful when working on unit tests, and logging to files/syslog can be useful when working
with web requests:
use Cake\Log\Log;
// Console logging
Log::config('queries', [
'className' => 'Console',
'stream' => 'php://stderr',
'scopes' => ['queriesLog']
]);
// File logging
Log::config('queries', [
'className' => 'File',
'path' => LOGS,
'file' => 'queries.log',
'scopes' => ['queriesLog']
]);
Note: Query logging is only intended for debugging/development uses. You should never leave query
logging on in production as it will negatively impact the performance of your application.
338
Identifier Quoting
By default CakePHP does not quote identifiers in generated SQL queries. The reason for this is identifier
quoting has a few drawbacks:
Performance overhead - Quoting identifiers is much slower and complex than not doing it.
Not necessary in most cases - In non-legacy databases that follow CakePHPs conventions there is no
reason to quote identifiers.
If you are using a legacy schema that requires identifier quoting you can enable it using the
quoteIdentifiers setting in your Configuration. You can also enable this feature at runtime:
$conn->driver()->autoQuoting(true);
When enabled, identifier quoting will cause additional query traversal that converts all identifiers into
IdentifierExpression objects.
Note: SQL snippets contained in QueryExpression objects will not be modified.
Metadata Caching
CakePHPs ORM uses database reflection to determine the schema, indexes and foreign keys your application contains. Because this metadata changes infrequently and can be expensive to access, it is typically
cached. By default, metadata is stored in the _cake_model_ cache configuration. You can define a
custom cache configuration using the cacheMetatdata option in your datasource configuration:
'Datasources' => [
'default' => [
// Other keys go here.
// Use the 'orm_metadata' cache config for metadata.
'cacheMetadata' => 'orm_metadata',
]
],
You can also configure the metadata caching at runtime with the cacheMetadata() method:
// Disable the cache
$connection->cacheMetadata(false);
// Enable the cache
$connection->cacheMetadata(true);
// Use a custom cache config
$connection->cacheMetadata('orm_metadata');
CakePHP also includes a CLI tool for managing metadata caches. See the ORM Cache Shell chapter for
more information.
More Information
339
Query Builder
class Cake\ORM\Query
The ORMs query builder provides a simple to use fluent interface for creating and running queries. By
composing queries together, you can create advanced queries using unions and subqueries with ease.
Underneath the covers, the query builder uses PDO prepared statements which protect against SQL injection
attacks.
The Query Object
The easiest way to create a Query object is to use find() from a Table object. This method will return
an incomplete query ready to be modified. You can also use a tables connection object to access the lower
level Query builder that does not include ORM features, if necessary. See the Executing Queries section for
more information:
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');
// Start a new query.
$query = $articles->find();
When inside a controller, you can use the automatic table variable that is created using the conventions
system:
// Inside ArticlesController.php
$query = $this->Articles->find();
For the remaining examples, assume that $articles is a ORM\Table. When inside controllers, you can
use $this->Articles instead of $articles.
Almost every method in a Query object will return the same query, this means that Query objects are lazy,
and will not be executed unless you tell them to:
$query->where(['id' => 1]); // Return the same query object
$query->order(['title' => 'DESC']); // Still same object, no SQL executed
You can of course chain the methods you call on Query objects:
340
$query = $articles
->find()
->select(['id', 'name'])
->where(['id !=' => 1])
->order(['created' => 'DESC']);
foreach ($query as $article) {
debug($article->created);
}
If you try to call debug() on a Query object, you will see its internal state and the SQL that will be
executed in the database:
debug($articles->find()->where(['id' => 1]));
//
//
//
//
Outputs
...
'sql' => 'SELECT * FROM articles where id = ?'
...
You can execute a query directly without having to use foreach on it. The easiest way is to either call the
all() or toArray() methods:
$resultsIteratorObject = $articles
->find()
->where(['id >' => 1])
->all();
foreach ($resultsIteratorObject as $article) {
debug($article->id);
}
$resultsArray = $articles
->find()
->where(['id >' => 1])
->toArray();
foreach ($resultsArray as $article) {
debug($article->id);
}
debug($resultsArray[0]->title);
More Information
341
You can use the first() method to get the first result in the query:
$article = $articles
->find()
->where(['id' => 1])
->first();
debug($article->title);
Once you get familiar with the Query object methods, it is strongly encouraged that you visit the Collection
section to improve your skills in efficiently traversing the data. In short, it is important to remember that
anything you can call on a Collection object, you can also do in a Query object:
// Use the combine() method from the collections library
// This is equivalent to find('list')
$keyValueList = $articles->find()->combine('id', 'title');
// An advanced example
$results = $articles->find()
->where(['id >' => 1])
->order(['title' => 'DESC'])
->map(function ($row) { // map() is a collection method, it executes the query
$row->trimmedTitle = trim($row->title);
return $row;
})
->combine('id', 'trimmedTitle') // combine() is another collection method
->toArray(); // Also a collections library method
342
Query objects are lazily evaluated. This means a query is not executed until one of the following things
occur:
The query is iterated with foreach().
The querys execute() method is called. This will return the underlying statement object, and is
to be used with insert/update/delete queries.
The querys first() method is called. This will return the first result in the set built by SELECT (it
adds LIMIT 1 to the query).
The querys all() method is called. This will return the result set and can only be used with SELECT
statements.
The querys toArray() method is called.
Until one of these conditions are met, the query can be modified without additional SQL being sent to the
database. It also means that if a Query hasnt been evaluated, no SQL is ever sent to the database. Once
executed, modifying and re-evaluating a query will result in additional SQL being run.
If you want to take a look at what SQL CakePHP is generating, you can turn database query logging on.
The following sections will show you everything there is to know about using and combining the Query
object methods to construct SQL statements and extract data.
Selecting Data
Most web applications make heavy use of SELECT queries. CakePHP makes building them a snap. To limit
the fields fetched, you can use the select() method:
$query = $articles->find();
$query->select(['id', 'title', 'body']);
foreach ($query as $row) {
debug($row->title);
}
You can set aliases for fields by providing fields as an associative array:
// Results in SELECT id AS pk, title AS aliased_title, body ...
$query = $articles->find();
$query->select(['pk' => 'id', 'aliased_title' => 'title', 'body']);
More Information
343
To set some basic conditions you can use the where() method:
// Conditions are combined with AND
$query = $articles->find();
$query->where(['title' => 'First Post', 'published' => true]);
// You can call where() multiple times
$query = $articles->find();
$query->where(['title' => 'First Post'])
->where(['published' => true]);
See the Advanced Conditions section to find out how to construct more complex WHERE conditions. To
apply ordering, you can use the order method:
$query = $articles->find()
->order(['title' => 'ASC', 'id' => 'ASC']);
To limit the number of rows or set the row offset you can use the limit() and page() methods:
// Fetch rows 50 to 100
$query = $articles->find()
->limit(50)
->page(2);
As you can see from the examples above, all the methods that modify the query provide a fluent interface,
allowing you to build a query through chained method calls.
Using SQL Functions
CakePHPs ORM offers abstraction for some commonly used SQL functions. Using the abstraction allows
the ORM to select the platform specific implementation of the function you want. For example, concat is
implemented differently in MySQL, PostgreSQL and SQL Server. Using the abstraction allows your code
to be portable:
// Results in SELECT COUNT(*) count FROM ...
$query = $articles->find();
$query->select(['count' => $query->func()->count('*')]);
A number of commonly used functions can be created with the func() method:
sum() Calculate a sum. The arguments will be treated as literal values.
avg() Calculate an average. The arguments will be treated as literal values.
min() Calculate the min of a column. The arguments will be treated as literal values.
max() Calculate the max of a column. The arguments will be treated as literal values.
count() Calculate the count. The arguments will be treated as literal values.
344
concat() Concatenate two values together. The arguments are treated as bound parameters unless
marked as literal.
coalesce() Coalesce values. The arguments are treated as bound parameters unless marked as
literal.
dateDiff() Get the difference between two dates/times. The arguments are treated as bound
parameters unless marked as literal.
now() Take either time or date as an argument allowing you to get either the current time, or
current date.
When providing arguments for SQL functions, there are two kinds of parameters you can use, literal arguments and bound parameters. Literal parameters allow you to reference columns or other SQL literals.
Bound parameters can be used to safely add user data to SQL functions. For example:
$query = $articles->find();
$concat = $query->func()->concat([
'title' => 'literal',
' NEW'
]);
$query->select(['title' => $concat]);
By making arguments with a value of literal, the ORM will know that the key should be treated as a
literal SQL value. The above would generate the following SQL on MySQL:
SELECT CONCAT(title, :c0) FROM articles;
The :c0 value will have the NEW text bound when the query is executed.
In addition to the above functions, the func() method can be used to create any generic SQL function
such as year, date_format, convert, etc. For example:
$query = $articles->find();
$year = $query->func()->year([
'created' => 'literal'
]);
$time = $query->func()->date_format([
'created' => 'literal',
"'%H:%i'" => 'literal'
]);
$query->select([
'yearCreated' => $year,
'timeCreated' => $time
]);
When using aggregate functions like count and sum you may want to use group by and having
clauses:
More Information
345
$query = $articles->find();
$query->select([
'count' => $query->func()->count('view_count'),
'published_date' => 'DATE(created)'
])
->group('published_date')
->having(['count >' => 3]);
Case statements
The ORM also offers the SQL case expression. The case expression allows for implementing if ...
then ... else logic inside your SQL. This can be useful for reporting on data where you need to
conditionally sum or count data, or where you need to specific data based on a condition.
If we wished to know how many published articles are in our database, wed need to generate the following
SQL:
SELECT SUM(CASE published = 'Y' THEN 1 ELSE 0) AS number_published, SUM(CASE published = 'N
FROM articles GROUP BY published
To do this with the query builder, wed use the following code:
$query = $articles->find();
$publishedCase = $query->newExpr()->addCase($query->newExpr()->add(['published' => 'Y']), 1
$notPublishedCase = $query->newExpr()->addCase($query->newExpr()->add(['published' => 'N'])
$query->select([
'number_published' => $query->func()->sum($publishedCase),
'number_unpublished' => $query->func()->sum($unpublishedCase)
])
->group('published');
The addCase function can also chain together multiple statements to create if ..
[elseif .. then .. ] [ .. else ] logic inside your SQL.
then ..
If we wanted to classify cities into SMALL, MEDIUM, or LARGE based on population size, we could do
the following:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->addCase(
[
$q->newExpr()->lt('population', 100000),
$q->newExpr()->between('population', 100000, 999000),
$q->newExpr()->gte('population', 999001),
],
['SMALL', 'MEDIUM', 'LARGE'], # values matching conditions
['string', 'string', 'string'] # type of each value
);
});
# WHERE CASE
#
WHEN population < 100000 THEN 'SMALL'
346
#
#
#
Any time there are fewer case conditions than values, addCase will automatically produce an if ..
then .. else statement:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->addCase(
[
$q->newExpr()->eq('population', 0),
],
['DESERTED', 'INHABITED'], # values matching conditions
['string', 'string'] # type of each value
);
});
# WHERE CASE
#
WHEN population = 0 THEN 'DESERTED' ELSE 'INHABITED' END
Disabling Hydration
While ORMs and object result sets are powerful, hydrating entities is sometimes unnecessary. For example,
when accessing aggregated data, building an Entity may not make sense. In these situations you may want
to disable entity hydration:
$query = $articles->find();
$query->hydrate(false);
Advanced Conditions
The query builder makes it simple to build complex where clauses. Grouped conditions can be expressed
by providing combining where(), andWhere() and orWhere(). The where() method works similar
to the conditions arrays in previous versions of CakePHP:
$query = $articles->find()
->where([
'author_id' => 3,
'OR' => [['view_count' => 2], ['view_count' => 3]],
]);
If youd prefer to avoid deeply nested arrays, you can use the orWhere() and andWhere() methods
to build your queries. Each method sets the combining operator used between the current and previous
More Information
347
By combining orWhere() and andWhere(), you can express complex conditions that use a mixture of
operators:
$query = $articles->find()
->where(['author_id' => 2])
->orWhere(['author_id' => 3])
->andWhere([
'published' => true,
'view_count >' => 10
])
->orWhere(['promoted' => true]);
By using functions as the parameters to orWhere() and andWhere(), you can easily compose conditions together with the expression objects:
$query = $articles->find()
->where(['title LIKE' => '%First%'])
->andWhere(function ($exp) {
return $exp->or_([
'author_id' => 2,
'is_highlighted' => true
]);
});
The expression object that is passed into where() functions has two kinds of methods. The first type of
methods are combinators. The and_() and or_() methods create new expression objects that change
how conditions are combined. The second type of methods are conditions. Conditions are added into an
expression where they are combined with the current combinator.
348
For example, calling $exp->and_(...) will create a new Expression object that combines all conditions it contains with AND. While $exp->or_() will create a new Expression object that combines
all conditions added to it with OR. An example of adding conditions with an Expression object would
be:
$query = $articles->find()
->where(function ($exp) {
return $exp
->eq('author_id', 2)
->eq('published', true)
->notEq('spam', true)
->gt('view_count', 10);
});
Since we started off using where(), we dont need to call and_(), as that happens implicitly. Much like
how we would not need to call or_(), had we started our query with orWhere(). The above shows a
few new condition methods being combined with AND. The resulting SQL would look like:
SELECT *
FROM articles
WHERE (
author_id = 2
AND published = 1
AND spam != 1
AND view_count > 10)
However, if we wanted to use both AND & OR conditions we could do the following:
$query = $articles->find()
->where(function ($exp) {
$orConditions = $exp->or_(['author_id' => 2])
->eq('author_id', 5);
return $exp
->add($orConditions)
->eq('published', true)
->gte('view_count', 10);
});
The or_() and and_() methods also allow you to use functions as their parameters. This is often easier
to read than method chaining:
$query = $articles->find()
->where(function ($exp) {
$orConditions = $exp->or_(function ($or) {
return $or->eq('author_id', 2)
More Information
349
->eq('author_id', 5);
});
return $exp
->not($orConditions)
->lte('view_count', 10);
});
When using the expression objects you can use the following methods to create conditions:
eq() Creates an equality condition:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->eq('population', '10000');
350
});
# WHERE population = 10000
More Information
351
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->gte('population', '10000');
});
# WHERE population >= 10000
When building queries using the ORM, you will generally not have to indicate the data types of the columns
you are interacting with, as CakePHP can infer the types based on the schema data. If in your queries youd
like CakePHP to automatically convert equality to IN comparisons, youll need to indicate the column data
type:
352
$query = $articles->find()
->where(['id' => $ids], ['id' => 'integer[]']);
// Or include IN to automatically cast to an array.
$query = $articles->find()
->where(['id IN' => $ids]);
The above will automatically create id IN (...) instead of id = ?. This can be useful when you
do not know whether you will get a scalar or array of parameters. The [] suffix on any data type name
indicates to the query builder that you want the data handled as an array. If the data is not an array, it will
first be cast to an array. After that, each value in the array will be cast using the type system. This works
with complex types as well. For example, you could take a list of DateTime objects using:
$query = $articles->find()
->where(['post_date' => $dates], ['post_date' => 'date[]']);
When a condition value is expected to be null or any other value, you can use the IS operator to automatically create the correct expression:
$query = $categories->find()
->where(['parent_id IS' => $parentId]);
The above will create parent_id = :c1 or parent_id IS NULL depending on the type of
$parentId
Automatic IS NOT NULL Creation
When a condition value is expected not to be null or any other value, you can use the IS NOT operator
to automatically create the correct expression:
$query = $categories->find()
->where(['parent_id IS NOT' => $parentId]);
The above will create parent_id != :c1 or parent_id IS NOT NULL depending on the type of
$parentId
Raw Expressions
When you cannot construct the SQL you need using the query builder, you can use expression objects to
add snippets of SQL to your queries:
$query = $articles->find();
$expr = $query->newExpr()->add('1 + 1');
$query->select(['two' => $expr]);
More Information
353
Expression objects can be used with any query builder methods like where(), limit(), group(),
select() and many other methods.
Warning: Using expression objects leaves you vulnerable to SQL injection. You should avoid interpolating user data into expressions.
Getting Results
Once youve made your query, youll want to retrieve rows from it. There are a few ways of doing this:
// Iterate the query
foreach ($query as $row) {
// Do stuff.
}
// Get the results
$results = $query->all();
You can use any of the collection methods on your query objects to pre-process or transform the results:
// Use one of the collection methods.
$ids = $query->map(function ($row) {
return $row->id;
});
$maxAge = $query->max(function ($row) {
return $max->age;
});
You can use first or firstOrFail to retrieve a single record. These methods will alter the query
adding a LIMIT 1 clause:
// Get just the first row
$row = $query->first();
// Get the first row or an exception.
$row = $query->firstOrFail();
Using a single query object, it is possible to obtain the total number of rows found for a set of conditions:
$total = $articles->find()->where(['is_active' => true])->count();
The count() method will ignore the limit, offset and page clauses, thus the following will return
the same result:
$total = $articles->find()->where(['is_active' => true])->limit(10)->count();
354
This is useful when you need to know the total result set size in advance, without having to construct
another Query object. Likewise, all result formatting and map-reduce routines are ignored when using the
count() method.
Moreover, it is possible to return the total count for a query containing group by clauses without having to
rewrite the query in any way. For example, consider this query for retrieving article ids and their comments
count:
$query = $articles->find();
$query->select(['Articles.id', $query->func()->count('Comments.id')])
->matching('Comments')
->group(['Articles.id']);
$total = $query->count();
After counting, the query can still be used for fetching the associated records:
$list = $query->all();
Sometimes, you may want to provide an alternate method for counting the total records of a query. One
common use case for this is providing a cached value or an estimate of the total rows, or to alter the query
to remove expensive unneeded parts such as left joins. This becomes particularly handy when using the
CakePHP built-in pagination system which calls the count() method:
$query = $query->where(['is_active' => true])->counter(function ($query) {
return 100000;
});
$query->count(); // Returns 100000
In the example above, when the pagination component calls the count method, it will receive the estimated
hard-coded number of rows.
Caching Loaded Results
When fetching entities that dont change often you may want to cache the results. The Query class makes
this simple:
$query->cache('recent_articles');
Will enable caching on the querys result set. If only one argument is provided to cache() then the
default cache configuration will be used. You can control which caching configuration is used with the
second parameter:
// String config name.
$query->cache('recent_articles', 'dbResults');
// Instance of CacheEngine
$query->cache('recent_articles', $memcache);
In addition to supporting static keys, the cache() method accepts a function to generate the key. The
function you give it will receive the query as an argument. You can then read aspects of the query to
dynamically generate the cache key:
More Information
355
The cache method makes it simple to add cached results to your custom finders or through event listeners.
When the results for a cached query are fetched the following happens:
1. The Model.beforeFind event is triggered.
2. If the query has results set, those will be returned.
3. The cache key will be resolved and cache data will be read. If the cache data is not empty, those
results will be returned.
4. If the cache misses, the query will be executed and a new ResultSet will be created. This
ResultSet will be written to the cache and returned.
Note: You cannot cache a streaming query result.
Loading Associations
The builder can help you retrieve data from multiple tables at the same time with the minimum amount of
queries possible. To be able to fetch associated data, you first need to setup associations between the tables
as described in the Associations - Linking Tables Together section. This technique of combining queries to
fetch associated data from other tables is called eager loading.
Eager loading helps avoid many of the potential performance problems surrounding lazy-loading in an
ORM. The queries generated by eager loading can better leverage joins, allowing more efficient queries to
be made. In CakePHP you define eager loaded associations using the contain method:
// In a controller or table method.
// As an option to find()
$query = $articles->find('all', ['contain' => ['Authors', 'Comments']]);
// As a method on the query object
$query = $articles->find('all');
$query->contain(['Authors', 'Comments']);
The above will load the related author and comments for each article in the result set. You can load nested
associations using nested arrays to define the associations to be loaded:
$query = $articles->find()->contain([
'Authors' => ['Addresses'], 'Comments' => ['Authors']
]);
Alternatively, you can express nested associations using the dot notation:
356
$query = $articles->find()->contain([
'Authors.Addresses',
'Comments.Authors'
]);
If you need to reset the containments on a query you can set the second argument to true:
$query = $articles->find();
$query->contain(['Authors', 'Comments'], true);
When using contain you are able to restrict the data returned by the associations and filter them by
conditions:
// In a controller or table method.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q
->select(['body', 'author_id'])
->where(['Comments.approved' => true]);
}
]);
Note: When you limit the fields that are fetched from an association, you must ensure that the foreign key
columns are selected. Failing to select foreign key fields will cause associated data to not be present in the
final result.
It is also possible to restrict deeply nested associations using the dot notation:
$query = $articles->find()->contain([
'Comments',
'Authors.Profiles' => function ($q) {
return $q->where(['Profiles.is_published' => true]);
}
]);
If you have defined some custom finder methods in your associated table, you can use them inside
contain:
// Bring all articles, but only bring the comments that are approved and
// popular.
$query = $articles->find()->contain([
More Information
357
Note: For BelongsTo and HasOne associations only the where and select clauses are used when
loading the associated records. For the rest of the association types you can use every clause that the query
object provides.
If you need full control over the query that is generated, you can tell contain to not append
the foreignKey constraints to the generated query. In that case you should use an array passing
foreignKey and queryBuilder:
$query = $articles->find()->contain([
'Authors' => [
'foreignKey' => false,
'queryBuilder' => function ($q) {
return $q->where(...); // Full conditions for filtering
}
]
]);
If you have limited the fields you are loading with select() but also want to load fields off of contained
associations, you can use autoFields():
// Select id & title from articles, but all fields off of Users.
$query->select(['id', 'title'])
->contain(['Users' => function($q) {
return $q->autoFields(true);
}]);
A fairly common query case with associations is finding records matching specific associated data. For
example if you have Articles belongsToMany Tags you will probably want to find Articles that have the
CakePHP tag. This is extremely simple to do with the ORM in CakePHP:
// In a controller or table method.
$query = $articles->find();
$query->matching('Tags', function ($q) {
return $q->where(['Tags.name' => 'CakePHP']);
});
You can apply this strategy to HasMany associations as well. For example if Authors HasMany Articles,
you could find all the authors with recently published articles using the following:
$query = $authors->find();
$query->matching('Articles', function ($q) {
return $q->where(['Articles.created >=' => new DateTime('-10 days')]);
});
358
Filtering by deep associations is surprisingly easy, and the syntax should be already familiar to you:
// In a controller or table method.
$query = $products->find()->matching(
'Shops.Cities.Countries', function ($q) {
return $q->where(['Countries.name' => 'Japan']);
}
);
// Bring unique articles that were commented by 'markstory' using passed variable
$username = 'markstory';
$query = $articles->find()->matching('Comments.Users', function ($q) use ($username) {
return $q->where(['username' => $username]);
});
Note: As this function will create an INNER JOIN, you might want to consider calling distinct on
the find query as you might get duplicate rows if your conditions dont filter them already. This might be
the case, for example, when the same users comments more than once on a single article.
The data from the association that is matched will be available on the _matchingData property of entities. If you both match and contain the same association, you can expect to get both the _matchingData
and standard association properties in your results.
Adding Joins
In addition to loading related data with contain(), you can also add additional joins with the query
builder:
$query = $articles->find()
->hydrate(false)
->join([
'table' => 'comments',
'alias' => 'c',
'type' => 'LEFT',
'conditions' => 'c.article_id = articles.id',
]);
You can append multiple joins at the same time by passing an associative array with multiple joins:
$query = $articles->find()
->hydrate(false)
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => 'c.article_id = articles.id',
],
'u' => [
'table' => 'users',
More Information
359
As seen above, when adding joins the alias can be the outer array key. Join conditions can also be expressed
as an array of conditions:
$query = $articles->find()
->hydrate(false)
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => [
'c.created >' => new DateTime('-5 days'),
'c.moderated' => true,
'c.article_id = articles.id'
]
],
], ['a.created' => 'datetime', 'c.moderated' => 'boolean']);
When creating joins by hand and using array based conditions, you need to provide the datatypes for each
column in the join conditions. By providing datatypes for the join conditions, the ORM can correctly
convert data types into SQL. In addition to join() you can use rightJoin(), leftJoin() and
innerJoin() to create joins:
// Join with an alias and string conditions
$query = $articles->find();
$query->leftJoin(
['Authors' => 'authors'],
['Authors.id = Articles.author_id']);
// Join with an alias, array conditions, and types
$query = $articles->find();
$query->innerJoin(
['Authors' => 'authors'],
[
'Authors.promoted' => true,
'Authors.created' => new DateTime('-5 days'),
'Authors.id = Articles.author_id'
],
['Authors.promoted' => 'boolean', 'Authors.created' => 'datetime']);
It should be noted that if you set the quoteIdentifiers option to true when defining your
Connection, join conditions between table fields should be set as follow:
$query = $articles->find()
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => [
360
This ensures that all of your identifiers will be quoted across the Query, avoiding errors with some database
Drivers (PostgreSQL notably)
Inserting Data
Unlike earlier examples, you should not use find() to create insert queries. Instead, create a new Query
object using query():
$query = $articles->query();
$query->insert(['title', 'body'])
->values([
'title' => 'First post',
'body' => 'Some body text'
])
->execute();
Generally, it is easier to insert data using entities and ORM\Table::save(). By composing a SELECT
and INSERT query together, you can create INSERT INTO ... SELECT style queries:
$select = $articles->find()
->select(['title', 'body', 'published'])
->where(['id' => 3]);
$query = $articles->query()
->insert(['title', 'body', 'published'])
->values($select)
->execute();
Updating Data
As with insert queries, you should not use find() to create update queries. Instead, create new a Query
object using query():
$query = $articles->query();
$query->update()
->set(['published' => true])
->where(['id' => $id])
->execute();
361
$query = $articles->query();
$query->delete()
->where(['id' => $id])
->execute();
You can create UNION ALL queries using the unionAll() method:
$inReview = $articles->find()
->where(['need_review' => true]);
$unpublished = $articles->find()
->where(['published' => false]);
$unpublished->unionAll($inReview);
Subqueries
Subqueries are a powerful feature in relational databases and building them in CakePHP is fairly intuitive.
By composing queries together, you can make subqueries:
$matchingComment = $articles->association('Comments')->find()
->select(['article_id'])
->distinct()
->where(['comment LIKE' => '%CakePHP%']);
$query = $articles->find()
->where(['id' => $matchingComment]);
Subqueries are accepted anywhere a query expression can be used. For example, in the select() and
join() methods.
362
As you can see in the example above, formatting callbacks will get a ResultSetDecorator as their first
argument. The second argument will be the Query instance the formatter was attached to. The $results
argument can be traversed and modified as necessary.
Result formatters are required to return an iterator object, which will be used as the return value for the query.
Formatter functions are applied after all the Map/Reduce routines have been executed. Result formatters
can be applied from within contained associations as well. CakePHP will ensure that your formatters are
properly scoped. For example, doing the following would work as you may expect:
// In a method in the Articles table
$query->contain(['Authors' => function ($q) {
return $q->formatResults(function ($authors) {
return $authors->map(function ($author) {
$author['age'] = $author['birth_date']->diff(new \DateTime)->y;
return $author;
});
});
});
// Get results
$results = $query->all();
// Outputs 29
echo $results->first()->author->age;
As seen above, the formatters attached to associated query builders are scoped to operate only on the data in
the association. CakePHP will ensure that computed values are inserted into the correct entity.
Table Objects
class Cake\ORM\Table
Table objects provide access to the collection of entities stored in a specific table. Each table in your
application should have an associated Table class which is used to interact with a given table. If you do not
need to customize the behavior of a given table CakePHP will generate a Table instance for you to use.
More Information
363
Before trying to use Table objects and the ORM, you should ensure that you have configured your database
connection.
Basic Usage
To get started, create a Table class. These classes live in src/Model/Table. Tables are a type model collection
specific to relational databases, and the main interface to your database in CakePHPs ORM. The most basic
table class would look like:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
}
Note that we did not tell the ORM which table to use for our class. By convention table objects will use
a table that matches the lower cased and underscored version of the class name. In the above example the
articles table will be used. If our table class was named BlogPosts your table should be named
blog_posts. You can specify the table to using the table() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->table('my_table');
}
}
No inflection conventions will be applied when specifying a table. By convention the ORM also expects each table to have a primary key with the name of id. If you need to modify this you can use
the primaryKey() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->primaryKey('my_id');
}
}
364
By default table objects use an entity class based on naming conventions. For example if your table class is
called ArticlesTable the entity would be Article. If the table class was PurchaseOrdersTable
the entity would be PurchaseOrder. If however, you want to use an entity that doesnt follow the
conventions you can use the entityClass() method to change things up:
class PurchaseOrdersTable extends Table
{
public function initialize(array $config)
{
$this->entityClass('App\Model\PO');
}
}
As seen in the examples above Table objects have an initialize() method which is called at the end of
the constructor. It is recommended that you use this method to do initialization logic instead of overriding
the constructor.
Getting Instances of a Table Class
Before you can query a table, youll need to get an instance of the table. You can do this by using the
TableRegistry class:
// In a controller or table method.
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');
The TableRegistry class provides the various dependencies for constructing a table, and maintains a registry
of all the constructed table instances making it easier to build relations and configure the ORM. See Using
the TableRegistry for more information.
Lifecycle Callbacks
As you have seen above table objects trigger a number of events. Events are useful if you want to hook into
the ORM and add logic in without subclassing or overriding methods. Event listeners can be defined in table
or behavior classes. You can also use a tables event manager to bind listeners in.
When using callback methods behaviors attached in the initialize() method will have their listeners
fired before the table callback methods are triggered. This follows the same sequencing as controllers &
components.
To add an event listener to a Table class or Behavior simply implement the method signatures as described
below. See the Events System for more detail on how to use the events subsystem.
More Information
365
beforeMarshal
366
afterRules
More Information
367
afterDeleteCommit
As with associations, you can use plugin syntax and provide additional configuration options:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'modified_at' => 'always'
]
]
]);
}
}
368
You can find out more about behaviors, including the behaviors provided by CakePHP in the chapter on
Behaviors.
Configuring Connections
By default all table instances use the default database connection. If your application uses multiple database connections you will want to configure which tables use which connections. This is the
defaultConnectionName() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public static function defaultConnectionName() {
return 'slavedb';
}
}
Pay attention to the connection and schema configuration settings, they arent string values but
objects.
The connection will take an object of Cake\Database\Connection and schema
Cake\Database\Schema\Collection.
More Information
369
Note: If your table also does additional configuration in its initialize() method, those values will
overwrite the ones provided to the registry.
You can also pre-configure the registry using the config() method. Configuration data is stored per alias,
and can be overridden by an objects initialize() method:
TableRegistry::config('Users', ['table' => 'my_users']);
Note: You can only configure a table before or during the first time you access that alias. Doing it after the
registry is populated will have no effect.
static Cake\ORM\TableRegistry::clear
During test cases you may want to flush the registry. Doing so is often useful when you are using mock
objects, or modifying a tables dependencies:
TableRegistry::clear();
Entities
class Cake\ORM\Entity
While Table Objects represent and provide access to a collection of objects, entities represent individual rows
or domain objects in your application. Entities contain persistent properties and methods to manipulate and
access the data they contain.
Entities are created for you by CakePHP each time you use find() on a table object.
Creating Entity Classes
You dont need to create entity classes to get started with the ORM in CakePHP. However, if you want
to have custom logic in your entities you will need to create classes. By convention entity classes live in
src/Model/Entity/. If our application had an articles table we could create the following entity:
// src/Model/Entity/Article.php
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
}
Right now this entity doesnt do very much. However, when we load data from our articles table, well get
instances of this class.
370
Note: If you dont define an entity class CakePHP will use the basic Entity class.
Creating Entities
Entities can be directly instantiated:
use App\Model\Entity\Article;
$article = new Article();
When instantiating an entity you can pass the properties with the data you want to store in them:
use App\Model\Entity\Article;
$article = new Article([
'id' => 1,
'title' => 'New Article',
'created' => new DateTime('now')
]);
Another way of getting new entities is using the newEntity() method from the Table objects:
use Cake\ORM\TableRegistry;
$article = TableRegistry::get('Articles')->newEntity();
$article = TableRegistry::get('Articles')->newEntity([
'id' => 1,
'title' => 'New Article',
'created' => new DateTime('now')
]);
When using set() you can update multiple properties at once using an array:
More Information
371
$article->set([
'title' => 'My first post',
'body' => 'It is the best ever!'
]);
Warning: When updating entities with request data you should whitelist which fields can be set with
mass assignment.
Accessors use the convention of _get followed by the CamelCased version of the field name. They receive
the basic value stored in the _properties array as their only argument. Accessors will be used when
saving entities, so be careful when defining methods that format data, as the formatted data will be persisted.
You can customize how properties get set by defining a mutator:
namespace App\Model\Entity;
use Cake\ORM\Entity;
use Cake\Utility\Inflector;
class Article extends Entity
{
protected function _setTitle($title)
{
$this->set('slug', Inflector::slug($title));
return $title;
}
}
Mutator methods should always return the value that should be stored in the property. As you can see above,
you can also use mutators to set other calculated properties. When doing this, be careful to not introduce any
loops, as CakePHP will not prevent infinitely looping mutator methods. Mutators allow you easily convert
372
properties as they are set, or create calculated data. Mutators and accessors are applied when properties are
read using object notation, or using get() and set().
Creating Virtual Properties
By defining accessors you can provide access to properties that do not actually exist. For example if your
users table has first_name and last_name you could create a method for the full name:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected function _getFullName()
{
return $this->_properties['first_name'] . '
$this->_properties['last_name'];
}
' .
You can access virtual properties as if they existed on the entity. The property name will be the lower case
and underscored version of the method:
echo $user->full_name;
You can also flag fields as being modified. This is handy when appending into array properties:
// Add a comment and mark the field as changed.
$article->comments[] = $newComment;
$article->dirty('comments', true);
In addition you can also base you conditional code on the original properties values by using the
getOriginal() method. This method will either return the original value of the property if it has been
modified or its actual value.
You can also check for changes to any property in the entity:
More Information
373
To remove the dirty mark from fields in an entity, you can use the clean() method:
$article->clean();
When creating a new entity, you can avoid the fields from being marked as dirty by passing an extra option:
$article = new Article(['title' => 'New Article'], ['markClean' => true]);
Validation Errors
Cake\ORM\Entity::errors($field = null, $errors = null)
After you save an entity any validation errors will be stored on the entity itself. You can access any validation
errors using the errors() method:
// Get all the errors
$errors = $user->errors();
// Get the errors for a single field.
$errors = $user->errors('password');
The errors() method can also be used to set the errors on an entity, making it easier to test code that
works with error messages:
$user->errors('password', ['Password is required.']);
Mass Assignment
While setting properties to entities in bulk is simple and convenient, it can create significant security issues.
Bulk assigning user data from the request into an entity allows the user to modify any and all columns.
When using anonymous entity classes CakePHP does not protect against mass-assignment. You can easily
protect against mass-assignment by using Bake Console to generate your entities.
The _accessible property allows you to provide a map of properties and whether or not they can be
mass-assigned. The values true and false indicate whether a field can or cannot be mass-assigned:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
protected $_accessible = [
'title' => true,
'body' => true,
];
}
374
In addition to concrete fields there is a special * field which defines the fallback behavior if a field is not
specifically named:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
protected $_accessible = [
'title' => true,
'body' => true,
'*' => false,
];
}
When creating a new entity using the new keyword you can tell it to not protect itself against mass assignment:
use App\Model\Entity\Article;
$article = new Article(['id' => 1, 'title' => 'Foo'], ['guard' => false]);
You can modify the list of guarded fields at runtime using the accessible method:
// Make user_id accessible.
$article->accessible('user_id', true);
// Make title guarded.
$article->accessible('title', false);
Note: Modifying accessible fields effects only the instance the method is called on.
When using the newEntity() and patchEntity() methods in the Table objects you can customize
mass assignment protection with options. Please refer to the Changing Accessible Fields section for more
information.
Bypassing Field Guarding
There are sometimes situations when you want to allow mass-assignment to guarded fields:
More Information
375
By setting the guard option to false, you can ignore the accessible field list for a single call to set().
Checking if an Entity was Persisted
It is often necessary to know if an entity represents a row that is already in the database. In those situations
use the isNew() method:
if (!$article->isNew()) {
echo 'This article was saved already!';
}
If you are certain that an entity has already been persisted, you can use isNew() as a setter:
$article->isNew(false);
$article->isNew(true);
376
}
}
You could then use this trait in your entity class by importing it and including it:
namespace App\Model\Entity;
use Cake\ORM\Entity;
use SoftDelete\Model\Entity\SoftDeleteTrait;
class Article extends Entity
{
use SoftDeleteTrait;
}
Converting to Arrays/JSON
When building APIs, you may often need to convert entities into arrays or JSON data. CakePHP makes this
simple:
More Information
377
// Get an array.
$array = $user->toArray();
// Convert to JSON
$json = json_encode($user);
When converting an entity to an array/JSON the virtual & hidden field lists are applied. Entities are converted recursively as well. This means that if you eager loaded entities and their associations CakePHP will
correctly handle converting the associated data into the correct format.
Exposing Virtual Properties
By default virtual properties are not exported when converting entities to arrays or JSON. In order to expose
virtual properties you need to make them visible. When defining your entity class you can provide a list of
virtual properties that should be exposed:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected $_virtual = ['full_name'];
}
Hiding Properties
There are often fields you do not want exported in JSON or array formats. For example it is often unwise
to expose password hashes or account recovery questions. When defining an entity class, define which
properties should be hidden:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected $_hidden = ['password'];
}
378
$user->hiddenProperties(['password', 'recovery_question']);
More Information
379
Optionally you can get() an entity using Custom Finder Methods. For example you may want to get all
translations for an entity. You can achieve that by using the finder option:
$article = $articles->get($id, [
'finder' => 'translations',
]);
The return value of any find() method is always a Cake\ORM\Query object. The Query class allows
you to further refine a query after creating it. Query objects are evaluated lazily, and do not execute until
you start fetching rows, convert it to an array, or when the all() method is called:
// In a controller or table method.
// Find all the articles.
// At this point the query has not run.
$query = $articles->find('all');
// Iteration will execute the query.
380
Note: Once youve started a query you can use the Query Builder interface to build more complex queries,
adding additional conditions, limits, or include associations using the fluent interface.
// In a controller or table method.
$query = $articles->find('all')
->where(['Articles.created >' => new DateTime('-10 days')])
->contain(['Comments', 'Authors'])
->limit(10);
You can also provide many commonly used options to find(). This can help with testing as there are
fewer methods to mock:
// In a controller or table method.
$query = $articles->find('all', [
'conditions' => ['Articles.created >' => new DateTime('-10 days')],
'contain' => ['Authors', 'Comments'],
'limit' => 10
]);
381
While you can very easily pass query objects to your controllers, we recommend that you package your
queries up as Custom Finder Methods instead. Using custom finder methods will let you re-use your queries
more easily and make testing easier.
By default queries and result sets will return Entities objects. You can retrieve basic arrays by disabling
hydration:
$query->hydrate(false);
// $data is ResultSet that contains array data.
$data = $query->all();
This approach replaces find(first) in previous versions of CakePHP. You may also want to use the
get() method if you are loading entities by primary key.
Getting a Count of Results
Once you have created a query object, you can use the count() method to get a result count of that query:
// In a controller or table method.
$query = $articles->find('all', [
'conditions' => ['Articles.title LIKE' => '%Ovens%']
]);
$number = $query->count();
See Returning the Total Count of Records for additional usage of the count() method.
Finding Key/Value Pairs
It is often useful to generate an associative array of data from your applications data. For example, this is
very useful when creating <select> elements. CakePHP provides a simple to use method for generating
lists of data:
// In a controller or table method.
$query = $articles->find('list');
$data = $query->toArray();
// Data now looks like
$data = [
382
With no additional options the keys of $data will be the primary key of your table, while the values will be
the displayField of the table. You can use the displayField() method on a table object to configure
the display field of a table:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->displayField('title');
}
}
When calling list you can configure the fields used for the key and value with the keyField and
valueField options respectively:
// In a controller or table method.
$query = $articles->find('list', [
'keyField' => 'slug',
'valueField' => 'title'
]);
$data = $query->toArray();
// Data now looks like
$data = [
'first-post' => 'First post',
'second-article-i-wrote' => 'Second article I wrote',
];
Results can be grouped into nested sets. This is useful when you want bucketed sets, or want to build
<optgroup> elements with FormHelper:
// In a controller or table method.
$query = $articles->find('list', [
'keyField' => 'slug',
'valueField' => 'title',
'groupField' => 'author_id'
]);
$data = $query->toArray();
// Data now looks like
$data = [
1 => [
'first-post' => 'First post',
'second-article-i-wrote' => 'Second article I wrote',
],
2 => [
// More data.
]
];
More Information
383
You can also create list data from associations that can be reached with joins:
$query = $articles->find('list', [
'keyField' => 'id',
'valueField' => 'author.name'
])->contain(['Authors']);
The parentField and keyField keys can be used to define the fields that threading will occur on.
Tip: If you need to manage more advanced trees of data, consider using Tree instead.
384
Finder methods can modify the query as required, or use the $options to customize the finder operation
with relevant application logic. You can also stack finders, allowing you to express complex queries
effortlessly. Assuming you have both the published and recent finders, you could do the following:
// In a controller or table method.
$articles = TableRegistry::get('Articles');
$query = $articles->find('published')->find('recent');
While all the examples so far have show finder methods on table classes, finder methods can also be defined
on Behaviors.
If you need to modify the results after they have been fetched you should use a Modifying Results with
Map/Reduce function to modify the results. The map reduce features replace the afterFind callback found
in previous versions of CakePHP.
Dynamic Finders
CakePHPs ORM provides dynamically constructed finder methods which allow you to easily express simple queries with no additional code. For example if you wanted to find a user by username you could do:
// In a controller
// The following two calls are equal.
$query = $this->Users->findByUsername('joebob');
$query = $this->Users->findAllByUsername('joebob');
// In a table method
$users = TableRegistry::get('Users');
// The following two calls are equal.
$query = $users->findByUsername('joebob');
$query = $users->findAllByUsername('joebob');
While you can use either OR or AND conditions, you cannot combine the two in a single dynamic finder.
Other query options like contain are also not supported with dynamic finders. You should use Custom
More Information
385
Finder Methods to encapsulate more complex queries. Lastly, you can also combine dynamic finders with
custom finders:
$query = $users->findTrollsByUsername('bro');
Once you have a query object from a dynamic finder, youll need to call first() if you want the first
result.
Note: While dynamic finders make it simple to express queries, they come with some additional performance overhead.
386
$query = $articles->find('all');
$query->contain(['Authors', 'Comments']);
The above will load the related author and comments for each article in the result set. You can load nested
associations using nested arrays to define the associations to be loaded:
$query = $articles->find()->contain([
'Authors' => ['Addresses'], 'Comments' => ['Authors']
]);
Alternatively, you can express nested associations using the dot notation:
$query = $articles->find()->contain([
'Authors.Addresses',
'Comments.Authors'
]);
If you need to reset the containments on a query you can set the second argument to true:
$query = $articles->find();
$query->contain(['Authors', 'Comments'], true);
When using contain you are able to restrict the data returned by the associations and filter them by
conditions:
// In a controller or table method.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q
->select(['body', 'author_id'])
->where(['Comments.approved' => true]);
}
]);
Note: When you limit the fields that are fetched from an association, you must ensure that the foreign key
columns are selected. Failing to select foreign key fields will cause associated data to not be present in the
final result.
It is also possible to restrict deeply nested associations using the dot notation:
More Information
387
$query = $articles->find()->contain([
'Comments',
'Authors.Profiles' => function ($q) {
return $q->where(['Profiles.is_published' => true]);
}
]);
If you have defined some custom finder methods in your associated table, you can use them inside
contain:
// Bring all articles, but only bring the comments that are approved and
// popular.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q->find('approved')->find('popular');
}
]);
Note: For BelongsTo and HasOne associations only the where and select clauses are used when
loading the associated records. For the rest of the association types you can use every clause that the query
object provides.
If you need full control over the query that is generated, you can tell contain to not append
the foreignKey constraints to the generated query. In that case you should use an array passing
foreignKey and queryBuilder:
$query = $articles->find()->contain([
'Authors' => [
'foreignKey' => false,
'queryBuilder' => function ($q) {
return $q->where(...); // Full conditions for filtering
}
]
]);
If you have limited the fields you are loading with select() but also want to load fields off of contained
associations, you can use autoFields():
// Select id & title from articles, but all fields off of Users.
$query->select(['id', 'title'])
->contain(['Users' => function($q) {
return $q->autoFields(true);
}]);
A fairly common query case with associations is finding records matching specific associated data. For
example if you have Articles belongsToMany Tags you will probably want to find Articles that have the
CakePHP tag. This is extremely simple to do with the ORM in CakePHP:
388
You can apply this strategy to HasMany associations as well. For example if Authors HasMany Articles,
you could find all the authors with recently published articles using the following:
$query = $authors->find();
$query->matching('Articles', function ($q) {
return $q->where(['Articles.created >=' => new DateTime('-10 days')]);
});
Filtering by deep associations is surprisingly easy, and the syntax should be already familiar to you:
// In a controller or table method.
$query = $products->find()->matching(
'Shops.Cities.Countries', function ($q) {
return $q->where(['Countries.name' => 'Japan']);
}
);
// Bring unique articles that were commented by 'markstory' using passed variable
$username = 'markstory';
$query = $articles->find()->matching('Comments.Users', function ($q) use ($username) {
return $q->where(['username' => $username]);
});
Note: As this function will create an INNER JOIN, you might want to consider calling distinct on
the find query as you might get duplicate rows if your conditions dont filter them already. This might be
the case, for example, when the same users comments more than once on a single article.
The data from the association that is matched will be available on the _matchingData property of entities. If you both match and contain the same association, you can expect to get both the _matchingData
and standard association properties in your results.
Changing Fetching Strategies
As you may know already, belongsTo and hasOne associations are loaded using a JOIN in the main
finder query. While this improves query and fetching speed and allows for creating more expressive conditions when retrieving data, this may be a problem when you want to apply certain clauses to the finder query
for the association, such as order() or limit().
For example, if you wanted to get the first comment of an article as an association:
$articles->hasOne('FirstComment', [
'className' => 'Comments',
'foreignKey' => 'article_id'
]);
More Information
389
In order to correctly fetch the data from this association, we will need to tell the query to use the select
strategy, since we want order by a particular column:
$query = $articles->find()->contain([
'FirstComment' => [
'strategy' => 'select',
'queryBuilder' => function ($q) {
return $q->order(['FirstComment.created' =>'ASC'])->limit(1);
}
]
]);
Dynamically changing the strategy in this way will only apply to a specific query. If you want to make the
strategy change permanent you can do:
$articles->FirstComment->strategy('select');
Using the select strategy is also a great way of making associations with tables in another database, since
it would not be possible to fetch records using joins.
Fetching With The Subquery Strategy
As your tables grow in size, fetching associations from them can become slower, especially if you
are querying big batches at once. A good way of optimizing association loading for hasMany and
belongsToMany associations is by using the subquery strategy:
$query = $articles->find()->contain([
'Comments' => [
'strategy' => 'subquery',
'queryBuilder' => function ($q) {
return $q->where(['Comments.approved' => true]);
}
]
]);
The result will remain the same as with using the default strategy, but this can greatly improve the query and
fetching time in some databases, in particular it will allow to fetch big chunks of data at the same time in
databases that limit the amount of bound parameters per query, such as Microsoft SQL Server.
You can also make the strategy permanent for the association by doing:
$articles->Comments->strategy('subquery');
While CakePHP makes it easy to eager load your associations, there may be cases where you need to lazyload associations. You should refer to the Lazy Loading Associations section for more information.
390
Both serializing and JSON encoding result sets work as you would expect. The serialized data can be
unserialized into a working result set. Converting to JSON respects hidden & virtual field settings on all
entity objects within a result set.
In addition to making serialization easy, result sets are a Collection object and support the same methods
that collection objects do. For example, you can extract a list of unique tags on a collection of articles quite
easily:
// In a controller or table method.
$articles = TableRegistry::get('Articles');
$query = $articles->find()->contain(['Tags']);
$reducer = function ($output, $value) {
if (!in_array($value, $output)) {
$output[] = $value;
}
More Information
391
return $output;
};
$uniqueTags = $query->all()
->extract('tags.name')
->reduce($reducer, []);
The Collections chapter has more detail on what can be done with result sets using the collections features.
Getting the First & Last Record From a ResultSet
You can use the first() and last() methods to get the respective records from a result set:
$result = $articles->find('all')->all();
// Get the first and/or last result.
$row = $result->first();
$row = $result->last();
You can use skip() and first() to get an arbitrary record from a ResultSet:
$result = $articles->find('all')->all();
// Get the 5th record
$row = $result->skip(4)->first();
You can use the isEmpty() method on a Query or ResultSet object to see if it has any rows in it. Calling
isEmpty() on a Query object will evaluate the query:
// Check a query.
$query->isEmpty();
// Check results
$results = $query->all();
$results->isEmpty();
A common example of changing the data structure is grouping results together based on certain conditions.
For this task we can use the mapReduce() function. We need two callable functions the $mapper and
the $reducer. The $mapper callable receives the current result from the database as first argument, the
iteration key as second argument and finally it receives an instance of the MapReduce routine it is running:
$mapper = function ($article, $key, $mapReduce) {
$status = 'published';
if ($article->isDraft() || $article->isInReview()) {
$status = 'unpublished';
}
$mapReduce->emitIntermediate($article, $status);
};
In the above example $mapper is calculating the status of an article, either published or unpublished, then
it calls emitIntermediate() on the MapReduce instance. This method stores the article in the list of
articles labelled as either published or unpublished.
The next step in the map-reduce process is to consolidate the final results. For each status created in the
mapper, the $reducer function will be called so you can do any extra processing. This function will
receive the list of articles in a particular bucket as the first parameter, the name of the bucket it needs to
process as the second parameter, and again, as in the mapper() function, the instance of the MapReduce
routine as the third parameter. In our example, we did not have to do any extra processing, so we just
emit() the final results:
$reducer = function ($articles, $status, $mapReduce) {
$mapReduce->emit($articles, $status);
};
Of course, this is a simplistic example that could actually be solved in another way without the help of a
map-reduce process. Now, lets take a look at another example in which the reducer function will be needed
to do something more than just emitting the results.
Calculating the most commonly mentioned words, where the articles contain information about CakePHP,
as usual we need a mapper function:
$mapper = function ($article, $key, $mapReduce) {
if (stripos('cakephp', $article['body']) === false) {
return;
}
More Information
393
It first checks for whether the cakephp word is in the articles body, and then breaks the body into individual words. Each word will create its own bucket where each article id will be stored. Now lets reduce
our results to only extract the count:
$reducer = function ($occurrences, $word, $mapReduce) {
$mapReduce->emit(count($occurrences), $word);
}
This could return a very large array if we dont clean stop words, but it could look something like this:
[
'cakephp' => 100,
'awesome' => 39,
'impressive' => 57,
'outstanding' => 10,
'mind-blowing' => 83
]
One last example and you will be a map-reduce expert. Imagine you have a friends table and you want
to find fake friends in our database, or better said, people who do not follow each other. Lets start with
our mapper() function:
$mapper = function ($rel, $key, $mr) {
$mr->emitIntermediate($rel['source_user_id'], $rel['target_user_id']);
$mr->emitIntermediate($rel['target_user_id'], $rel['source_target_id']);
};
We just duplicated our data to have a list of users each other user follows. Now its time to reduce it. For
each call to the reducer, it will receive a list of followers per user:
// $friends list will look like
// repeated numbers mean that the relationship existed in both directions
[2, 5, 100, 2, 4]
$reducer = function ($friendsList, $user, $mr) {
$friends = array_count_values($friendsList);
foreach ($friends as $friend => $count) {
if ($count < 2) {
$mr->emit($friend, $user);
394
}
}
}
The resulting array means, for example, that user with id 1 follows users 2 and 4, but those do not follow 1
back.
Stacking Multiple Operations
Using mapReduce in a query will not execute it immediately. The operation will be registered to be run as
soon as the first result is attempted to be fetched. This allows you to keep chaining additional methods and
filters to the query even after adding a map-reduce routine:
$query = $articles->find()
->where(['published' => true])
->mapReduce($mapper, $reducer);
// At a later point in your app:
$query->where(['created >=' => new DateTime('1 day ago')]);
This is particularly useful for building custom finder methods as described in the Custom Finder Methods
section:
public function findPublished(Query $query, array $options)
{
return $query->where(['published' => true]);
}
public function findRecent(Query $query, array $options)
{
return $query->where(['created >=' => new DateTime('1 day ago')]);
}
public function findCommonWords(Query $query, array $options)
{
// Same as in the common words example in the previous section
$mapper = ...;
More Information
395
$reducer = ...;
return $query->mapReduce($mapper, $reducer);
}
$commonWords = $articles
->find('commonWords')
->find('published')
->find('recent');
Moreover, it is also possible to stack more than one mapReduce operation for a single query. For example,
if we wanted to have the most commonly used words for articles, but then filter it to only return words that
were mentioned more than 20 times across all articles:
$mapper = function ($count, $word, $mr) {
if ($count > 20) {
$mr->emit($count, $word);
}
};
$articles->find('commonWords')->mapReduce($mapper);
Under some circumstances you may want to modify a Query object so that no mapReduce operations are
executed at all. This can be easily done by calling the method with both parameters as null and the third
parameter (overwrite) as true:
$query->mapReduce(null, null, true);
Validating Data
Before you save your data you will probably want to ensure the data is correct and consistent. In CakePHP
we have two stages of validation:
1. Before request data is converted into entities validation rules around data types, and formatting can be
applied.
2. Before data is saved, domain or application rules can be applied. These rules help ensure that your
applications data remains consistent.
Validating Data Before Building Entities
When marshalling data into entities, you can validate data. Validating data allows you to check the type,
shape and size of data. By default request data will be validated before it is converted into entities. If any
validation rules fail, the returned entity will contain errors. The fields with errors will not be present in the
returned entity:
396
$article = $articles->newEntity($this->request->data);
if ($article->errors()) {
// Entity failed validation.
}
When building an entity with validation enabled the following things happen:
1. The validator object is created.
2. The table and default validation provider are attached.
3. The named validation method is invoked. For example, validationDefault.
4. The Model.buildValidator event will be triggered.
5. Request data will be validated.
6. Request data will be type cast into types that match the column types.
7. Errors will be set into the entity.
8. Valid data will be set into the entity, while fields that failed validation will be left out.
If youd like to disable validation when converting request data, set the validate option to false:
$article = $articles->newEntity(
$this->request->data,
['validate' => false]
);
More Information
397
$validator
->allowEmpty('link')
->add('link', 'valid-url', ['rule' => 'url']);
...
return $validator;
}
}
The available validation methods and rules come from the Validator class and they are documented in
the Creating Validators section.
Note: Validation objects are mainly meant to be used to validate user input, i.e. forms and any other posted
request data.
The above would call the validationUpdate() method on the table instance to build the required rules.
By default the validationDefault() method will be used. A sample validator for our articles table
would be:
class ArticlesTable extends Table
{
public function validationUpdate($validator)
{
$validator
->add('title', 'notEmpty', [
'rule' => 'notEmpty',
'message' => __('You need to provide a title'),
])
->add('body', 'notEmpty', [
'rule' => 'notEmpty',
'message' => __('A body is required')
]);
return $validator;
}
}
You can have as many validation sets as you need. See the validation chapter for more information on
building validation rule-sets.
398
Validation sets can also be defined per association. When using the newEntity() or patchEntity()
methods, you can pass extra options to each of the associations to be converted:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'user' => [
'username' => 'mark'
],
'comments' => [
['body' => 'First comment'],
['body' => 'Second comment'],
]
];
$article = $articles->patchEntity($article, $data, [
'validate' => 'update',
'associated' => [
'Users' => ['validate' => 'signup'],
'Comments' => ['validate' => 'custom']
]
]);
Combining Validators
Because of the way validator objects are built, it is easy to beak their construction process into multiple
reusable steps:
// UsersTable.php
public function validateDefault(Validator $validator)
{
$validator->notEmpty('username');
$validator->notEmpty('password');
$validator->add('email', 'valid-email', ['rule' => 'email']);
...
return $validator;
}
public function validateHardened(Validator $validator)
{
$validator = $this->validateDefault($validator);
$validator->add('password', 'length', ['rule' => 'between', 8, 100]);
return $validator;
}
Given the above setup, when using the hardened validation set, it will also contain the rules from the
More Information
399
default set.
Validation Providers
Validation rules can use functions defined on any known providers. By default CakePHP sets up a few
providers:
1. Methods on the table class, or its behaviors are available on the table provider.
2. The core Validation\Validation class is setup as the default provider.
When a validation rule is created you can name the provider of that rule. For example, if your table had a
isValidRole method you could use it as a validation rule:
use Cake\ORM\Table;
use Cake\Validation\Validator;
class UsersTable extends Table
{
public function validationDefault(Validator $validator)
{
$validator
->add('role', 'validRole', [
'rule' => 'isValidRole',
'message' => __('You need to provide a valid role'),
'provider' => 'table',
]);
return $validator;
}
public function isValidRole($value, array $context)
{
return in_array($value, ['admin', 'editor', 'author'], true);
}
}
Validation methods can return error messages when they fail. This is a simple way to make error messages
dynamic based on the provided value.
400
Rules checker classes are generally defined by the buildRules() method in your table class. Behaviors
and other event subscribers can use the Model.buildRules event to augment the rules checker for a
given Table class:
use Cake\ORM\RulesChecker;
// In a table class
public function buildRules(RulesChecker $rules)
{
More Information
401
Your rules functions can expect to get the Entity being checked, and an array of options. The options
array will contain errorField, message, and repository. The repository option will contain
the table class the rules are attached to. Because rules accept any callable, you can also use instance
functions:
$rules->addCreate([$this, 'uniqueEmail'], 'uniqueEmail');
or callable classes:
$rules->addCreate(new IsUnique(['email']), 'uniqueEmail');
When adding rules you can define the field the rule is for, and the error message as options:
$rules->add([$this, 'isValidState'], 'validState', [
'errorField' => 'status',
'message' => 'This invoice cannot be moved to that status.'
]);
The error will be visible when calling the errors() method in the entity:
$entity->errors(); // Contains the domain rules error messages
Because unique rules are quite common, CakePHP includes a simple Rule class that allows you to easily
define unique field sets:
use Cake\ORM\Rule\IsUnique;
// A single field.
$rules->add($rules->isUnique(['email']));
402
// A list of fields
$rules->add($rules->isUnique(['username', 'account_id']));
When setting rules on foreign key fields it is important to remember, that only the fields listed are used in
the rule. This means that setting $user->account->id will not trigger the above rule.
Foreign Key Rules
While you could rely on database errors to enforce constraints, using rules code can help provide a nicer
user experience. Because of this CakePHP includes an ExistsIn rule class:
// A single field.
$rules->add($rules->existsIn('article_id', 'articles'));
// Multiple keys, useful for composite primary keys.
$rules->add($rules->existsIn(['site_id', 'article_id'], 'articles'));
The fields to check existence against in the related table must be part of the primary key.
Using Entity Methods as Rules
If your application has rules that are commonly reused, it is helpful to package those rules into re-usable
classes:
// in src/Model/Rule/CustomRule.php
namespace App\Model\Rule;
use Cake\Datasource\EntityInterface;
class CustomRule
{
public function __invoke(EntityInterface $entity, array $options)
{
// Do work
return false;
}
}
More Information
403
By creating custom rule classes you can keep your code DRY and make your domain rules easy to test.
Disabling Rules
Validation is meant for forms, and request data. This means that validation rule sets can assume things about
the structure of a form, and validate fields not in the schema of the database. Validation assumes strings or
array are passed as that is what is received from any request:
// In src/Model/Table/UsersTable.php
public function validatePasswords($validator)
{
$validator->add('confirm_password', 'no-misspelling', [
'rule' => ['compareWith', 'password'],
'message' => 'Passwords are not equal',
]);
...
return $validator;
}
In the above example the entity will be saved as validation is only triggered for the newEntity() and
patchEntity() methods. The second level of validation is meant to deal with this situation.
404
Application rules, as explained above will be checked whenever save() or delete() are called:
// In src/Model/Table/UsersTable.php
public function buildRules(RulesChecker $rules)
{
$rules->add($rules->isUnique('email'));
return $rules;
}
// Elsewhere in application code
$useEntity->email = '[email protected]';
$usersTable->save($entity); // Returns false
While Validation is meant for direct user input, application rules are specific for data transitions generated
inside your application:
// In src/Model/Table/OrdersTable.php
public function buildRules(RulesChecker $rules)
{
$check = function ($order) {
return $order->price < 100 && $order->shipping_mode === 'free';
};
$rules->add($check, [
'errorField' => 'shipping_mode',
'message' => 'No free shipping for order under 100!'
]);
return $rules;
}
// Elsewhere in application code
$order->price = 50;
$oder->shipping_mode = 'free';
$ordersTable->save($order); // Returns false
In certain situations you may want to run the same data validation routines for data that was both generated
by users and inside your application. This could come up when running a CLI script that directly sets
properties to entities:
// In src/Model/Table/UsersTable.php
public function validationDefault(Validator $validator)
{
$validator->add('email', 'valid', [
'rule' => 'email',
'message' => 'Invalid email'
]);
...
return $validator;
}
public function buildRules(RulesChecker $rules)
More Information
405
{
// Add validation rules
$rules->add(function ($entity) {
$data = $entity->extract($this->schema()->columns(), true);
$validator = $this->validator('default');
$errors = $validator->errors($data, $entity->isNew());
$entity->errors($errors);
return empty($errors);
});
...
return $rules;
}
When executed, the following code will fail saving thanks to the new application rule that was added:
$userEntity->email = 'not an email!!!';
$usersTable->save($userEntity);
$userEntity->errors('email'); // Invalid email
Saving Data
class Cake\ORM\Table
After you have loaded your data you will probably want to update & save the changes.
A Glance Over Saving Data
Applications will usually have a couple ways in which data is saved. The first one is obviously though web
forms and the other is by directly generating or changing data in the code to be sent to the database.
Inserting Data
The easiest way to insert data in the database is creating a new entity and passing it to the save() method
in the Table class:
use Cake\ORM\TableRegistry;
$articlesTable = TableRegistry::get('Articles');
$article = $articlesTable->newEntity();
$article->title = 'A New Article';
$article->body = 'This is the body of the article';
406
if ($articlesTable->save($article)) {
// The $article entity contain the id now
$id = $article->id;
}
Updating Data
Updating is equally easy, and the save() method is also used for that purpose:
use Cake\ORM\TableRegistry;
$articlesTable = TableRegistry::get('Articles');
$article = $articlesTable->get(12); // article with id 12
$article->title = 'A new title for the article';
$articlesTable->save($article);
CakePHP will know whether to do an insert or an update based on the return value of the isNew() method.
Entities that were retrieved with get() or find() will always return false when isNew() is called
on them.
Saving With Associations
By default the save() method will also save one level of associations:
$articlesTable = TableRegistry::get('Articles');
$author = $articlesTable->Authors->findByUserName('mark')->first();
$article = $articlesTable->newEntity();
$article->title = 'An article by mark';
$article->author = $author;
if ($articlesTable->save($article)) {
// The foreign key value was set automatically.
echo $article->author_id;
}
The save() method is also able to create new records for associations:
$firstComment = $articlesTable->Comments->newEntity();
$firstComment->body = 'This is a great article';
$secondComment = $articlesTable->Comments->newEntity();
$secondComment->body = 'I like reading this!';
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag2 = $articlesTable->Tags->newEntity();
$tag2->name = 'awesome';
$article = $articlesTable->get(12);
More Information
407
In the code above there was already an example of linking an article to a couple tags. There is another way
of doing the same by using the link() method in the association:
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag2 = $articlesTable->Tags->newEntity();
$tag2->name = 'awesome';
$articlesTable->Tags->link($article, [$tag1, $tag2]);
Saving data to the join table is done by using the special _joinData property. This property should be an
Entity instance from the join Table class:
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag1->_joinData = $articlesTable->ArticlesTags->newEntity();
$tag1->_joinData->tagComment = 'I think this is related to cake';
$articlesTable->Tags->link($article, [$tag1]);
When modifying records by directly setting or changing the properties no validation happens, which is a
problem when accepting form data. The following sections will show you how to efficiently convert form
data into entities so that they can be validated and saved.
Converting Request Data into Entities
Before editing and saving data back into the database, youll need to convert the request data from the array
format held in the request, and the entities that the ORM uses. The Table class provides an easy way to
408
convert one or many entities from request data. You can convert a single entity using:
// In a controller.
$articles = TableRegistry::get('Articles');
// Validate and convert to an Entity object
$entity = $articles->newEntity($this->request->data());
The request data should follow the structure of your entities. For example if you had an article, which
belonged to a user, and had many comments, your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'user' => [
'username' => 'mark'
],
'comments' => [
['body' => 'First comment'],
['body' => 'Second comment'],
]
];
By default, the newEntity() method validates the data that gets passed to it, as explained in the Validating Data Before Building Entities section. If you wish to prevent data from being validated, pass the
validate => false option:
$entity = $articles->newEntity($data, ['validate' => false]);
When building forms that save nested associations, you need to define which associations should be marshalled:
// In a controller
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => [
'Tags', 'Comments' => ['associated' => ['Users']]
]
]);
The above indicates that the Tags, Comments and Users for the Comments should be marshalled.
Alternatively, you can use dot notation for brevity:
// In a controller.
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => ['Tags', 'Comments.Users']
]);
Associated data is also validated by default unless told otherwise. You may also change the validation set to
be used per association:
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
More Information
409
'associated' => [
'Tags' => ['validate' => false],
'Comments.Users' => ['validate' => 'signup']
]
]);
If you are saving belongsToMany associations you can either use a list of entity data or a list of ids. When
using a list of entity data your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
['tag' => 'CakePHP'],
['tag' => 'Internet'],
]
];
The above will create 2 new tags. If you want to link an article with existing tags you can use a list of ids.
Your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
'_ids' => [1, 2, 3, 4]
]
];
If you need to link against some existing belongsToMany records, and create new ones at the same time you
can use an expanded format:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
['name' => 'A new tag'],
['name' => 'Another new tag'],
['id' => 5],
['id' => 21]
]
];
When the above data is converted into entities, you will have 4 tags. The first two will be new objects, and
the second two will be references to existing records.
410
If you are saving hasMany associations and want to link existing records to a new parent record you can use
the _ids format:
$data = [
'title' => 'My new article',
'body' => 'The text',
'user_id' => 1,
'comments' => [
'_ids' => [1, 2, 3, 4]
]
];
When creating forms that create/update multiple records at once you can use newEntities():
// In a controller.
$articles = TableRegistry::get('Articles');
$entities = $articles->newEntities($this->request->data());
In this situation, the request data for multiple articles should look like:
$data = [
[
'title' => 'First post',
'published' => 1
],
[
'title' => 'Second post',
'published' => 1
],
];
Its also possible to allow newEntity() to write into non accessible fields. For example, id is usually
absent from the _accessible property. In such case, you can use the accessibleFields option. It
could be useful to keep ids of associated entities:
// In a controller
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => [
'Tags', 'Comments' => [
'associated' => [
'Users' => [
'accessibleFields' => ['id' => true]
]
More Information
411
]
]
]
]);
The above will keep the association unchanged between Comments and Users for the concerned entity.
Once youve converted request data into entities you can save() or delete() them:
// In a controller.
foreach ($entities as $entity) {
// Save entity
$articles->save($entity);
// Delete entity
$articles->delete($entity);
}
The above will run a separate transaction for each entity saved. If youd like to process all the entities as a
single transaction you can use transactional():
// In a controller.
$articles->connection()->transactional(function () use ($articles, $entities) {
foreach ($entities as $entity) {
$articles->save($entity, ['atomic' => false]);
}
});
Note: If you are using newEntity() and the resulting entities are missing some or all of the data they were
passed, double check that the columns you want to set are listed in the $_accessible property of your
entity.
In order to update entities you may choose to apply request data directly to an existing entity. This has
the advantage that only the fields that actually changed will be saved, as opposed to sending all fields
to the database to be persisted. You can merge an array of raw data into an existing entity using the
patchEntity() method:
// In a controller.
$articles = TableRegistry::get('Articles');
$article = $articles->get(1);
$articles->patchEntity($article, $this->request->data());
$articles->save($article);
Validation and patchEntity Similar to newEntity(), the patchEntity method will validate the
data before it is copied to the entity. The mechanism is explained in the Validating Data Before Building
Entities section. If you wish to disable validation while patching an entity, pass the validate option as
follows:
412
// In a controller.
$articles = TableRegistry::get('Articles');
$article = $articles->get(1);
$articles->patchEntity($article, $data, ['validate' => false]);
You may also change the validation set used for the entity or any of the associations:
$articles->patchEntity($article, $this->request->data(), [
'validate' => 'custom',
'associated' => ['Tags', 'Comments.Users' => ['validate' => 'signup']]
]);
Patching HasMany and BelongsToMany As explained in the previous section, the request data should
follow the structure of your entity. The patchEntity() method is equally capable of merging associations, by default only the first level of associations are merged, but if you wish to control the list of
associations to be merged or merge deeper to deeper levels, you can use the third parameter of the method:
// In a controller.
$article = $articles->get(1);
$articles->patchEntity($article, $this->request->data(), [
'associated' => ['Tags', 'Comments.Users']
]);
$articles->save($article);
Associations are merged by matching the primary key field in the source entities to the corresponding fields
in the data array. For belongsTo and hasOne associations, new entities will be constructed if no previous
entity is found for the target property.
For example give some request data like the following:
$data = [
'title' => 'My title',
'user' => [
'username' => 'mark'
]
];
Trying to patch an entity without an entity in the user property will create a new user entity:
// In a controller.
$entity = $articles->patchEntity(new Article, $data);
echo $entity->user->username; // Echoes 'mark'
The same can be said about hasMany and belongsToMany associations, but an important note should be
made.
Note: For belongsToMany associations, ensure the relevant entity has a property accessible for the associated entity.
If a Product belongsToMany Tag:
More Information
413
// in the
protected
// ..
'tags'
];
Product Entity
$_accessible = [
other properties
=> true,
Note: For hasMany and belongsToMany associations, if there were any entities that could not be matched
by primary key to any record in the data array, then those records will be discarded from the resulting entity.
Remember that using either patchEntity() or patchEntities() does not persist the data, it just
edits (or creates) the given entities. In order to save the entity you will have to call the save() method.
For example, consider the following case:
$data = [
'title' => 'My title',
'body' => 'The text',
'comments' => [
['body' => 'First comment', 'id' => 1],
['body' => 'Second comment', 'id' => 2],
]
];
$entity = $articles->newEntity($data);
$articles->save($article);
$newData = [
'comments' => [
['body' => 'Changed comment', 'id' => 1],
['body' => 'A new comment'],
]
];
$articles->patchEntity($entity, $newData);
$articles->save($article);
At the end, if the entity is converted back to an array you will obtain the following result:
[
'title' => 'My title',
'body' => 'The text',
'comments' => [
['body' => 'Changed comment', 'id' => 1],
['body' => 'A new comment'],
]
];
As you can see, the comment with id 2 is no longer there, as it could not be matched to anything in the
$newData array. This is done this way to better capture the intention of a request data post. The sent data
is reflecting the new state that the entity should have.
Some additional advantages of this approach is that it reduces the number of operations to be executed when
persisting the entity again.
Please note that this does not mean that the comment with id 2 was removed from the database, if you wish
414
to remove the comments for that article that are not present in the entity, you can collect the primary keys
and execute a batch delete for those not in the list:
// In a controller.
$comments = TableRegistry::get('Comments');
$present = (new Collection($entity->comments))->extract('id');
$comments->deleteAll([
'article_id' => $article->id,
'id NOT IN' => $present
]);
As you can see, this also helps creating solutions where an association needs to be implemented like a single
set.
You can also patch multiple entities at once. The consideration made for patching hasMany and belongsToMany associations apply for patching multiple entities: Matches are done by the primary key field
value and missing matches in the original entities array will be removed and not present in the result:
// In a controller.
$articles = TableRegistry::get('Articles');
$list = $articles->find('popular')->toArray();
$patched = $articles->patchEntities($list, $this->request->data());
foreach ($patched as $entity) {
$articles->save($entity);
}
Similarly to using patchEntity(), you can use the third argument for controlling the associations that
will be merged in each of the entities in the array:
// In a controller.
$patched = $articles->patchEntities(
$list,
$this->request->data(),
['associated' => ['Tags', 'Comments.Users']]
);
If you need to modify request data before it is converted into entities, you can use the
Model.beforeMarshal event. This event lets you manipulate the request data just before entities are
created:
// In a table or behavior class
public function beforeMarshal(Event $event, ArrayObject $data, ArrayObject $options)
{
$data['username'] .= 'user';
}
The $data parameter is an ArrayObject instance, so you dont have to return it to change the data used
to create entities.
More Information
415
The Validating Data chapter has more information on how to use the validation features of CakePHP to
ensure your data stays correct and consistent.
Avoiding Property Mass Assignment Attacks
When creating or merging entities from request data you need to be careful of what you allow your users to
change or add in the entities. For example, by sending an array in the request containing the user_id an
attacker could change the owner of an article, causing undesirable effects:
// Contains ['user_id' => 100, 'title' => 'Hacked!'];
$data = $this->request->data;
$entity = $this->patchEntity($entity, $data);
$this->save($entity);
There are two ways of protecting you against this problem. The first one is by setting the default columns
that can be safely set from a request using the Mass Assignment feature in the entities.
The second way is by using the fieldList option when creating or merging data into an entity:
// Contains ['user_id' => 100, 'title' => 'Hacked!'];
$data = $this->request->data;
// Only allow title to be changed
$entity = $this->patchEntity($entity, $data, [
'fieldList' => ['title']
]);
$this->save($entity);
You can also control which properties can be assigned for associations:
// Only allow changing the title and tags
// and the tag name is the only column that can be set
$entity = $this->patchEntity($entity, $data, [
'fieldList' => ['title', 'tags'],
'associated' => ['Tags' => ['fieldList' => ['name']]]
]);
$this->save($entity);
Using this feature is handy when you have many different functions your users can access and you want to
let your users edit different data based on their privileges.
The fieldList options is also accepted by the newEntity(),
patchEntities() methods.
newEntities() and
Saving Entities
Cake\ORM\Table::save(Entity $entity, array $options =[])
416
When saving request data to your database you need to first hydrate a new entity using newEntity() for
passing into save(). For example:
// In a controller
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($this->request->data);
if ($articles->save($article)) {
// ...
}
The ORM uses the isNew() method on an entity to determine whether or not an insert or update should be
performed. If the isNew() method returns true and the entity has a primary key value, an exists query
will be issued. The exists query can be suppressed by passing checkExisting => false in the
$options argument:
$articles->save($article, ['checkExisting' => false]);
Once youve loaded some entities youll probably want to modify them and update your database. This is a
pretty simple exercise in CakePHP:
$articles = TableRegistry::get('Articles');
$article = $articles->find('all')->where(['id' => 2])->first();
$article->title = 'My new title';
$articles->save($article);
When saving, CakePHP will apply your rules, and wrap the save operation in a database transaction. It will
also only update properties that have changed. The above save() call would generate SQL like:
UPDATE articles SET title = 'My new title' WHERE id = 2;
417
Saving Associations
When you are saving an entity, you can also elect to save some or all of the associated entities. By default
all first level entities will be saved. For example saving an Article, will also automatically update any dirty
entities that are directly related to articles table.
You can fine tune which associations are saved by using the associated option:
// In a controller.
// Only save the comments association
$articles->save($entity, ['associated' => ['Comments']]);
You can define save distant or deeply nested associations by using dot notation:
// Save the company, the employees and related addresses for each of them.
$companies->save($entity, ['associated' => ['Employees.Addresses']]);
Moreover, you can combine the dot notation for associations with the options array:
$companies->save($entity, [
'associated' => [
'Employees',
'Employees.Addresses'
]
]);
Your entities should be structured in the same way as they are when loaded from the database. See the form
helper documentation for how to build inputs for associations.
If you are building or modifying association data after building your entities you will have to mark the
association property as modified with dirty():
$company->author->name = 'Master Chef';
$company->dirty('author', true);
418
When saving belongsTo associations, the ORM expects a single nested entity at the singular, underscored
version of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'user' => [
'id' => 1,
'username' => 'mark'
]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Users']
]);
$articles->save($article);
When saving hasOne associations, the ORM expects a single nested entity at the singular, underscored
version of the association name. For example:
// In a controller.
$data = [
'id' => 1,
'username' => 'cakephp',
'profile' => [
'twitter' => '@cakephp'
]
];
$users = TableRegistry::get('Users');
$user = $users->newEntity($data, [
'associated' => ['Profiles']
]);
$users->save($user);
When saving hasMany associations, the ORM expects an array of entities at the plural, underscored version
of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'comments' => [
['body' => 'Best post ever'],
['body' => 'I really like this.']
More Information
419
]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Comments']
]);
$articles->save($article);
When saving hasMany associations, associated records will either be updated, or inserted. The ORM will
not remove or sync a hasMany association. Whenever you add new records into an existing association
you should always mark the association property as dirty. This lets the ORM know that the association
property has to be persisted:
$article->comments[] = $comment;
$article->dirty('comments', true);
Without the call to dirty() the updated comments will not be saved.
Saving BelongsToMany Associations
When saving belongsToMany associations, the ORM expects an array of entities at the plural, underscored
version of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'tags' => [
['tag' => 'CakePHP'],
['tag' => 'Framework']
]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Tags']
]);
$articles->save($article);
When converting request data into entities, the newEntity() and newEntities() methods will handle
both arrays of properties, as well as a list of ids at the _ids key. Using the _ids key makes it easy to build
a select box or checkbox based form controls for belongs to many associations. See the Converting Request
Data into Entities section for more information.
When saving belongsToMany associations, you have the choice between 2 saving strategies:
append Only new links will be created between each side of this association. This strategy will not destroy
existing links even though they may not be present in the array of entities to be saved.
replace When saving, existing links will be removed and new links will be created in the joint table. If
there are existing link in the database to some of the entities intended to be saved, those links will be
updated, not deleted and then re-saved.
420
By default the replace strategy is used. Whenever you add new records into an existing association you
should always mark the association property as dirty. This lets the ORM know that the association property
has to be persisted:
$article->tags[] = $tag;
$article->dirty('tags', true);
Without the call to dirty() the updated tags will not be saved.
Often youll find yourself wanting to make an association between two existing entities, eg. a user coauthoring an article. This is done by using the method link(), like this:
$article = $this->Articles->get($articleId);
$user = $this->Users->get($userId);
$this->Articles->Users->link($article, [$user]);
When saving belongsToMany Associations, it can be relevant to save some additional data to the Joint
Table. In the previous example of tags, it could be the vote_type of person who voted on that article.
The vote_type can be either upvote or downvote and is represented by a string. The relation is
between Users and Articles.
Saving that association, and the vote_type is done by first adding some data to _joinData and then
saving the association with link(), example:
$article = $this->Articles->get($articleId);
$user = $this->Users->get($userId);
$user->_joinData = new Entity(['vote_type' => $voteType, ['markNew' => true]]);
$this->Articles->Users->link($article, [$user]);
In some situations the table joining your BelongsToMany association, will have additional columns on it.
CakePHP makes it simple to save properties into these columns. Each entity in a belongsToMany association
has a _joinData property that contains the additional columns on the joint table. This data can be either
an array or an Entity instance. For example if Students BelongsToMany Courses, we could have a joint table
that looks like:
id | student_id | course_id | days_attended | grade
When saving data you can populate the additional columns on the joint table by setting data to the
_joinData property:
$student->courses[0]->_joinData->grade = 80.12;
$student->courses[0]->_joinData->days_attended = 30;
$studentsTable->save($student);
The _joinData property can be either an entity, or an array of data if you are saving entities built from
request data. When saving joint table data from request data your POST data should look like:
More Information
421
$data = [
'first_name' => 'Sally',
'last_name' => 'Parker',
'courses' => [
[
'id' => 10,
'_joinData' => [
'grade' => 80.12,
'days_attended' => 30
]
],
// Other courses.
]
];
$student = $this->Students->newEntity($data, [
'associated' => ['Courses._joinData']
]);
See the Creating Inputs for Associated Data documentation for how to build inputs with FormHelper
correctly.
Saving Complex Types
Tables are capable of storing data represented in basic types, like strings, integers, floats, booleans, etc. But
It can also be extended to accept more complex types such as arrays or objects and serialize this data into
simpler types that can be saved in the database.
This functionality is achieved by using the custom types system. See the Adding Custom Types section to
find out how to build custom column Types:
// In config/bootstrap.php
use Cake\Database\Type;
Type::map('json', 'App\Database\Type\JsonType');
// In src/Model/Table/UsersTable.php
use Cake\Database\Schema\Table as Schema;
class UsersTable extends Table
{
protected function _initializeSchema(Schema $schema)
{
$schema->columnType('preferences', 'json');
return $schema;
}
}
The code above maps the preferences column to the json custom type. This means that when retrieving data for that column, it will be unserialized from a JSON string in the database and put into an entity as
an array.
422
Likewise, when saved, the array will be transformed back into its JSON representation:
$user = new User([
'preferences' => [
'sports' => ['football', 'baseball'],
'books' => ['Mastering PHP', 'Hamlet']
]
]);
$usersTable->save($user);
When using complex types it is important to validate that the data you are receiving from the end user is
the correct type. Failing to correctly handle complex data could result in malicious users being able to store
data they would not normally be able to.
Bulk Updates
Cake\ORM\Table::updateAll($fields, $conditions)
There may be times when updating rows individually is not efficient or necessary. In these cases it is more
efficient to use a bulk-update to modify many rows at once:
// Publish all the unpublished articles.
function publishAllUnpublished()
{
$this->updateAll(['published' => true], ['published' => false]);
}
If you need to do bulk updates and use SQL expressions, you will need to use an expression object as
updateAll() uses prepared statements under the hood:
function incrementCounters()
{
$expression = new QueryExpression('view_count = view_count + 1');
$this->updateAll([$expression], ['published' => true]);
}
Deleting Data
class Cake\ORM\Table
Cake\ORM\Table::delete(Entity $entity, $options =[])
Once youve loaded an entity you can delete it by calling the originating tables delete method:
More Information
423
// In a controller.
$entity = $this->Articles->get(2);
$result = $this->Articles->delete($entity);
Cascading Deletes
When deleting entities, associated data can also be deleted. If your HasOne and HasMany associations are
configured as dependent, delete operations will cascade to those entities as well. By default entities
in associated tables are removed using ORMTable::deleteAll(). You can elect to have the ORM
load related entities, and delete them individually by setting the cascadeCallbacks option to true. A
sample HasMany association with both these options enabled would be:
// In a Table's initialize method.
$this->hasMany('Comments', [
'dependent' => true,
'cascadeCallbacks' => true,
]);
Note: Setting cascadeCallbacks to true, results in considerably slower deletes when compared to
bulk deletes. The cascadeCallbacks option should only be enabled when your application has important
work handled by event listeners.
Bulk Deletes
Cake\ORM\Table::deleteAll($conditions)
There may be times when deleting rows one by one is not efficient or useful. In these cases it is more
performant to use a bulk-delete to remove many rows at once:
424
Association Type
hasOne
hasMany
belongsTo
belongsToMany
Example
A user has one profile.
A user can have multiple articles.
Many articles belong to a user.
Tags belong to many articles.
Associations are defined during the initialize() method of your table object. Methods matching the
association type allow you to define the associations in your application. For example if we wanted to define
a belongsTo association in our ArticlesTable:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Authors');
}
}
The simplest form of any association setup takes the table alias you want to associate with. By default
all of the details of an association will use the CakePHP conventions. If you want to customize how your
associations are handled you can do so with the second parameter:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
More Information
425
$this->belongsTo('Authors', [
'className' => 'Publishing.Authors',
'foreignKey' => 'authorid',
'propertyName' => 'person'
]);
}
}
The same table can be used multiple times to define different types of associations. For example consider a
case where you want to separate approved comments and those that have not been moderated yet:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('Comments', [
'className' => 'Comments',
'conditions' => ['approved' => true]
]);
$this->hasMany('UnapprovedComments', [
'className' => 'Comments',
'conditions' => ['approved' => false],
'propertyName' => 'unnaproved_comments'
]);
}
}
As you can see, by specifying the className key, it is possible to use the same table as different associations for the same table. You can even create self-associated tables to create parent-child relationships:
class CategoriesTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('SubCategories', [
'className' => 'Categories',
]);
$this->belongsTo('ParentCategories', [
'className' => 'Categories',
]);
}
}
You can all setup associations en mass by making a single call to Table::addAssociations(). It
takes an array containing set of table names indexed by association type as argument:
class PostsTable extends Table
{
426
Each association type accepts multiple associations where the keys are the aliases, and the values are association config data. If numeric keys are used the values will be treated as association aliases.
HasOne Associations
Lets set up a Users Table with a hasOne relationship to an Addresses Table.
First, your database tables need to be keyed correctly. For a hasOne relationship to work, one table has to
contain a foreign key that points to a record in the other. In this case the addresses table will contain a field
called user_id. The basic pattern is:
hasOne: the other model contains the foreign key.
Relation
Users hasOne Addresses
Doctors hasOne Mentors
Schema
addresses.user_id
mentors.doctor_id
Note: It is not mandatory to follow CakePHP conventions, you can easily override the use of any foreignKey in your associations definitions. Nevertheless sticking to conventions will make your code less
repetitive, easier to read and to maintain.
If we had the UsersTable and AddressesTable classes made we could make the association with the
following code:
class UsersTable extends Table
{
public function initialize(array $config)
{
$this->hasOne('Addresses');
}
}
If you need more control, you can define your associations using array syntax. For example, you might want
to limit the association to include only certain records:
class UsersTable extends Table
{
public function initialize(array $config)
{
More Information
427
$this->hasOne('Addresses', [
'className' => 'Addresses',
'conditions' => ['Addresses.primary' => '1'],
'dependent' => true
]);
}
}
428
BelongsTo Associations
Now that we have Address data access from the User table, lets define a belongsTo association in the Addresses table in order to get access to related User data. The belongsTo association is a natural complement
to the hasOne and hasMany associations.
When keying your database tables for a belongsTo relationship, follow this convention:
belongsTo: the current model contains the foreign key.
Relation
Addresses belongsTo Users
Mentors belongsTo Doctors
Schema
addresses.user_id
mentors.doctor_id
More Information
429
HasMany Associations
An example of a hasMany association is Article hasMany Comments. Defining this association will allow
us to fetch an articles comments when the article is loaded.
When creating your database tables for a hasMany relationship, follow this convention:
hasMany: the other model contains the foreign key.
Relation
Article hasMany Comment
Product hasMany Option
Doctor hasMany Patient
Schema
Comment.article_id
Option.product_id
Patient.doctor_id
430
conditions
or
SQL
strings
such
as
sort an array of find() compatible order clauses or SQL strings such as [Comments.created
=> ASC]
dependent: When dependent is set to true, recursive model deletion is possible. In this example,
Comment records will be deleted when their associated Article record has been deleted.
cascadeCallbacks: When this and dependent are true, cascaded deletes will load and delete entities
so that callbacks are properly triggered. When false, deleteAll() is used to remove associated
data and no callbacks are triggered.
propertyName: The property name that should be filled with data from the associated table into the
source table results. By default this is the underscored & plural name of the association so comments
in our example.
strategy: Defines the query strategy to use. Defaults to select. The other valid value is subquery,
which replaces the IN list with an equivalent subquery.
finder: The finder method to use when loading associated records.
Once this association has been defined, find operations on the Articles table can contain the Comment
records if they exist:
// In a controller or table method.
$query = $articles->find('all')->contain(['Comments']);
foreach ($query as $article) {
echo $article->comments[0]->text;
}
More Information
431
When the subquery strategy is used, SQL similar to the following will be generated:
SELECT * FROM articles;
SELECT * FROM comments WHERE article_id IN (SELECT id FROM articles);
You may want to cache the counts for your hasMany associations. This is useful when you often need
to show the number of associated records, but dont want to load all the records just to count them. For
example, the comment count on any given article is often cached to make generating lists of articles more
efficient. You can use the CounterCacheBehavior to cache counts of associated records.
You should make sure that your database tables do not contain columns that match association property
names. If for example you have counter fields that conflict with association properties, you must either
rename the association property, or the column name.
BelongsToMany Associations
An example of a BelongsToMany association is Article BelongsToMany Tags, where the tags from one
article are shared with other articles. BelongsToMany is often referred to as has and belongs to many, and
is a classic many to many association.
The main difference between hasMany and BelongsToMany is that the link between the models in a BelongsToMany association are not exclusive. For example, we are joining our Articles table with a Tags
table. Using funny as a Tag for my Article, doesnt use up the tag. I can also use it on the next article I
write.
Three database tables are required for a BelongsToMany association. In the example above we would need
tables for articles, tags and articles_tags. The articles_tags table contains the data that
links tags and articles together. The joining table is named after the two tables involved, separated with an
underscore by convention. In its simplest form, this table consists of article_id and tag_id.
belongsToMany requires a separate join table that includes both model names.
Relationship
Article belongsToMany Tag
Patient belongsToMany
Doctor
432
More Information
433
When the subquery strategy is used, SQL similar to the following will be generated:
SELECT * FROM articles;
SELECT * FROM tags
INNER JOIN articles_tags ON (
tags.id = article_tags.tag_id
AND article_id IN (SELECT id FROM articles)
);
If you plan on adding extra information to the join/pivot table, or if you need to use join columns outside
of the conventions, you will need to define the through option. The through option provides you full
control over how the belongsToMany association will be created.
It is sometimes desirable to store additional data with a many to many association. Consider the following:
Student BelongsToMany Course
Course BelongsToMany Student
A Student can take many Courses and a Course can be taken by many Students. This is a simple many to
many association. The following table would suffice:
id | student_id | course_id
Now what if we want to store the number of days that were attended by the student on the course and their
final grade? The table wed want would be:
id | student_id | course_id | days_attended | grade
The way to implement our requirement is to use a join model, otherwise known as a hasMany through
association. That is, the association is a model itself. So, we can create a new model CoursesMemberships.
Take a look at the following models.
434
The CoursesMemberships join table uniquely identifies a given Students participation on a Course in addition to extra meta-information.
Default Association Conditions
The finder option allows you to use a custom finder to load associated record data. This lets you encapsulate your queries better and keep your code DRYer. There are some limitations when using finders to
load data in associations that are loaded using joins (belongsTo/hasOne). Only the following aspects of the
query will be applied to the root query:
WHERE conditions.
Additional joins.
Contained associations.
Other aspects of the query, such as selected columns, order, group by, having and other sub-statements, will
not be applied to the root query. Associations that are not loaded through joins (hasMany/belongsToMany),
do not have the above restrictions and can also use result formatters or map/reduce functions.
More Information
435
Behaviors
Behaviors are a way to organize and enable horizontal re-use of Model layer logic. Conceptually they are
similar to traits. However, behaviors are implemented as separate classes. This allows them to hook into the
life-cycle callbacks that models emit, while providing trait-like features.
Behaviors provide a convenient way to package up behavior that is common across many models. For
example, CakePHP includes a TimestampBehavior. Many models will want timestamp fields, and the
logic to manage these fields is not specific to any one model. It is these kinds of scenarios that behaviors are
a perfect fit for.
Using Behaviors
Behaviors provide an easy way to create horizontally re-usable pieces of logic related to table classes. You
may be wondering why behaviors are regular classes and not traits. The primary reason for this is event
listeners. While traits would allow for re-usable pieces of logic, they would complicate binding events.
To add a behavior to your table you can call the addBehavior() method. Generally the best place to do
this is in the initialize() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}
As with associations, you can use plugin syntax and provide additional configuration options:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'modified_at' => 'always'
]
]
]);
}
}
436
Core Behaviors
CounterCache
class Cake\ORM\Behavior\CounterCacheBehavior
Often times web applications need to display counts of related objects. For example, when showing a list
of articles you may want to display how many comments it has. Or when showing a user you might want
to show how many friends/followers she has. The CounterCache behavior is intended for these situations.
CounterCache will update a field in the associated models assigned in the options when it is invoked. The
fields should exist in the database and be of the type INT.
Basic Usage You enable the CounterCache behavior like any other behavior, but it wont do anything until
you configure some relations and the field counts that should be stored on each of them. Using our example
below, we could cache the comment count for each article with the following:
class CommentsTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('CounterCache', [
'Articles' => ['comment_count']
]);
}
}
The CounterCache configuration should be a map of relation names and the specific configuration for that
relation.
The counters value will be updated each time an entity is saved or deleted. The counter will not be updated
when you use updateAll() or deleteAll(), or execute SQL you have written.
Advanced Usage If you need to keep a cached counter for less than all of the related records, you can
supply additional conditions or finder methods to generate a counter value:
// Use a specific find method.
// In this case find(published)
$this->addBehavior('CounterCache', [
'Articles' => [
'comment_count' => [
'finder' => 'published'
]
]
]);
If you dont have a custom finder method you can provide an array of conditions to find records instead:
$this->addBehavior('CounterCache', [
'Articles' => [
'comment_count' => [
'conditions' => ['Comments.spam' => false]
More Information
437
]
]
]);
If you want CounterCache to update multiple fields, for example both showing a conditional count and a
basic count you can add these fields in the array:
$this->addBehavior('CounterCache', [
'Articles' => ['comment_count',
'published_comment_count' => [
'finder' => 'published'
]
]
]);
Lastly, if a custom finder and conditions are not suitable you can provide a callback method. This callable
must return the count value to be stored:
$this->addBehavior('CounterCache', [
'Articles' => [
'rating_avg' => function ($event, $entity, $table) {
return 4.5;
}
]
]);
Timestamp
class Cake\ORM\Behavior\TimestampBehavior
The timestamp behavior allows your table objects to update one or more timestamps on each model event.
This is primarily used to populate data into created and modified fields. However, with some additional configuration, you can update any timestamp/datetime column on any event a table publishes.
Basic Usage You enable the timestamp behavior like any other behavior:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}
438
Using and Configuring the Behavior If you need to modify fields with different names, or want to update
additional timestamp fields on custom events you can use some additional configuration:
class OrdersTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'updated_at' => 'always',
],
'Orders.completed' => [
'completed_at' => 'always'
]
]
]);
}
}
As you can see above, in addition to the standard Model.beforeSave event, we are also updating the
completed_at column when orders are completed.
Updating Timestamps on Entities Sometimes youll want to update just the timestamps on an entity
without changing any other properties. This is sometimes referred to as touching a record. In CakePHP
you can use the touch() method to do exactly this:
// Touch based on the Model.beforeSave event.
$articles->touch($article);
// Touch based on a specific event.
$orders->touch($order, 'Orders.completed');
Touching records can be useful when you want to signal that a parent resource has changed when a child
resource is created/updated. For example: updating an article when a new comment is added.
Translate
class Cake\ORM\Behavior\TranslateBehavior
The Translate behavior allows you to create and retrieve translated copies of your entities in multiple languages. It does so by using a separate i18n table where it stores the translation for each of the fields of any
given Table object that its bound to.
Warning: The TranslateBehavior does not support composite primary keys at this point in time.
A Quick Tour After creating the i18n table in your database attach the behavior to any Table object you
want to make translatable:
More Information
439
Now, select a language to be used for retrieving entities by changing the application language, which will
affect all translations:
I18n::locale('spa');
$articles = TableRegistry::get('Articles');
Working with multiple translations can be done easily by using a special trait in your Entity class:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}
Yes, that easy. If you want to go deeper on how it works or how to tune the behavior for your needs, keep
on reading the rest of this chapter.
440
Initializing the i18n Database Table In order to use the behavior, you need to create a i18n table with
the correct schema. Currently the only way of loading the i18n table is by manually running the following
SQL script in your database:
CREATE TABLE i18n (
id int NOT NULL auto_increment,
locale varchar(6) NOT NULL,
model varchar(255) NOT NULL,
foreign_key int(10) NOT NULL,
field varchar(255) NOT NULL,
content text,
PRIMARY KEY
(id),
UNIQUE INDEX I18N_LOCALE_FIELD(locale, model, foreign_key, field),
INDEX I18N_FIELD(model, foreign_key, field)
);
Attaching the Translate Behavior to Your Tables Attaching the behavior can be done in the
initialize() method in your Table class:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', ['fields' => ['title', 'body']]);
}
}
The first thing to note is that you are required to pass the fields key in the configuration array. This list
of fields is needed to tell the behavior what columns will be able to store translations.
Using a Separate Translations Table If you wish to use a table other than i18n for translating a particular repository, you can specify it in the behaviors configuration. This is common when you have multiple
tables to translate and you want a cleaner separation of the data that is stored for each different table:
class Articles extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', [
'fields' => ['title', 'body'],
'translationTable' => 'ArticlesI18n'
]);
}
}
You need to make sure that any custom table you use has the columns field, foreign_key, locale
and model.
More Information
441
Reading Translated Content As shown above you can use the locale() method to choose the active
translation for entities that are loaded:
I18n::locale('spa');
$articles = TableRegistry::get('Articles');
// All entities in results will contain spanish translation
$results = $articles->find()->all();
This method works with any finder in your tables. For example, you can use TranslateBehavior with
find(list):
I18n::locale('spa');
$data = $articles->find('list')->toArray();
// Data will contain
[1 => 'Mi primer artculo', 2 => 'El segundo artculo', 15 => 'Otro articulo' ...]
Retrieve All Translations For An Entity When building interfaces for updating translated content, it is
often helpful to show one or more translation(s) at the same time. You can use the translations finder
for this:
// Find the first article with all corresponding translations
$article = $articles->find('translations')->first();
In the example above you will get a list of entities back that have a _translations property set. This
property will contain a list of translation data entities. For example the following properties would be
accessible:
// Outputs 'eng'
echo $article->_translations['eng']->locale;
// Outputs 'title'
echo $article->_translations['eng']->field;
// Outputs 'My awesome post!'
echo $article->_translations['eng']->body;
A more elegant way for dealing with this data is by adding a trait to the entity class that is used for your
table:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}
This trait contains a single method called translation, which lets you access or create new translation
entities on the fly:
442
// Outputs 'title'
echo $article->translation('eng')->title;
// Adds a new translation data entity to the article
$article->translation('deu')->title = 'Wunderbar';
Limiting the Translations to be Retrieved You can limit the languages that are fetched from the database
for a particular set of records:
$results = $articles->find('translations', ['locales' => ['eng', 'spa']]);
$article = $results->first();
$spanishTranslation = $article->translation('spa');
$englishTranslation = $article->translation('eng');
Preventing Retrieval of Empty Translations Translation records can contain any string, if a record has
been translated and stored as an empty string () the translate behavior will take and use this to overwrite
the original field value.
If this is undesired, you can ignore translations which are empty using the allowEmptyTranslations
config key:
class Articles extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', [
'fields' => ['title', 'body'],
'allowEmptyTranslations' => false
]);
}
}
The above would only load translated data that had content.
Retrieving All Translations For Associations It is also possible to find translations for any association
in a single find operation:
$article = $articles->find('translations')->contain([
'Categories' => function ($query) {
return $query->find('translations');
}
])->first();
// Outputs 'Programacin'
echo $article->categories[0]->translation('spa')->name;
This assumes that Categories has the TranslateBehavior attached to it. It simply uses the query builder
function for the contain clause to use the translations custom finder in the association.
More Information
443
Retrieving one language without using I18n::locale calling I18n::locale(spa); changes the
default locale for all translated finds, there may be times you wish to retrieve translated content without
modifying the applications state. For these scenarios use the behavior locale() method:
I18n::locale('eng'); // reset for illustration
$articles = TableRegistry::get('Articles');
$articles->locale('spa'); // specific locale
$article = $articles->get(12);
echo $article->title; // Echoes 'Un Artculo', yay piece of cake!
Note that this only changes the locale of the Articles table, it would not affect the langauge of associated
data. To use this technique to affect associated data its necessary to call locale on each table for example:
I18n::locale('eng'); // reset for illustration
$articles = TableRegistry::get('Articles');
$articles->locale('spa');
$articles->categories->locale('spa');
$data = $articles->find('all', ['contain' => ['Categories']]);
This example also assumes that Categories has the TranslateBehavior attached to it.
Saving in Another Language The philosophy behind the TranslateBehavior is that you have an entity
representing the default language, and multiple translations that can override certain fields in such entity.
Keeping this in mind, you can intuitively save translations for any given entity. For example, given the
following setup:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', ['fields' => ['title', 'body']]);
}
}
class Article extends Entity
{
use TranslateTrait;
}
$articles = TableRegistry::get('Articles');
$article = new Article([
'title' => 'My First Article',
'body' => 'This is the content',
'footnote' => 'Some afterwords'
]);
$articles->save($article);
So, after you save your first article, you can now save a translation for it, there are a couple ways to do it.
The first one is setting the language directly into the entity:
444
$article->_locale = 'spa';
$article->title = 'Mi primer Artculo';
$articles->save($article);
After the entity has been saved, the translated field will be persisted as well, one thing to note is that values
from the default language that were not overridden will be preserved:
// Outputs 'This is the content'
echo $article->body;
// Outputs 'Mi primer Artculo'
echo $article->title;
Once you override the value, the translation for that field will be saved and can be retrieved as usual:
$article->body = 'El contendio';
$articles->save($article);
The second way to use for saving entities in another language is to set the default language directly to the
table:
I18n::locale('spa');
$article->title = 'Mi Primer Artculo';
$articles->save($article);
Setting the language directly in the table is useful when you need to both retrieve and save entities for the
same language or when you need to save multiple entities at once.
Saving Multiple Translations It is a common requirement to be able to add or edit multiple translations
to any database record at the same time. This can be easily done using the TranslateTrait:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}
More Information
445
Tree
class Cake\ORM\Behavior\TreeBehavior
Its fairly common to want to store hierarchical data in a database table. Examples of such data might be
categories with unlimited subcategories, data related to a multilevel menu system or a literal representation
of hierarchy such as departments in a company.
Relational databases are usually not well suited for storing and retrieving this type of data, but there are a
few known techniques that can make them effective for working with multi-level information.
The TreeBehavior helps you maintain a hierarchical data structure in the database that can be queried without
much overhead and helps reconstruct the tree data for finding and displaying processes.
Requirements This behavior requires the following columns in your table:
parent_id (nullable) The column holding the ID of the parent row
lft (integer, signed) Used to maintain the tree structure
rght (integer, signed) Used to maintain the tree structure
You can configure the name of those fields should you need to customize them. More information on the
meaning of the fields and how they are used can be found in this article describing the MPTT logic2
Warning: The TreeBehavior does not support composite primary keys at this point in time.
A Quick Tour You enable the Tree behavior by adding it to the Table you want to store hierarchical data
in:
class CategoriesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Tree');
}
}
Once added, you can let CakePHP build the internal structure if the table is already holding some rows:
$categories = TableRegistry::get('Categories');
$categories->recover();
You can verify it works by getting any row from the table and asking for the count of descendants it has:
$node = $categories->get(1);
echo $categories->childCount($node);
http://www.sitepoint.com/hierarchical-data-database-2/
446
If you instead need a threaded list, where children for each node are nested in a hierarchy, you can stack the
threaded finder:
$children = $categories
->find('children', ['for' => 1])
->find('threaded')
->toArray();
foreach ($children as $child) {
echo "{$child->name} has " . count($child->children) . " direct children";
}
Traversing threaded results usually requires recursive functions in, but if you only require a result set containing a single field from each level so you can display a list, in an HTML select for example, it is better to
use the treeList finder:
$list = $categories->find('treeList');
// In a CakePHP template file:
echo $this->Form->input('categories', ['options' => $list]);
// Or you can output it in plain text, for example in a CLI script
foreach ($list as $categoryName) {
echo $categoryName . "\n";
}
More Information
447
$query = $categories->find('treeList', [
'keyPath' => 'url',
'valuePath' => 'id',
'spacer' => ' '
]);
One very common task is to find the tree path from a particular node to the root of the tree. This is useful,
for example, for adding the breadcrumbs list for a menu structure:
$nodeId = 5;
$crumbs = $categories->find('path', ['for' => $nodeId]);
foreach ($crumbs as $crumb) {
echo $crumb->name . ' > ';
}
Trees constructed with the TreeBehavior cannot be sorted by any column other than lft, this is because
the internal representation of the tree depends on this sorting. Luckily, you can reorder the nodes inside the
same level without having to change their parent:
$node = $categories->get(5);
// Move the node so it shows up one position up when listing children.
$categories->moveUp($node);
// Move the node to the top of the list inside the same level.
$categories->moveUp($node, true);
// Move the node to the bottom.
$categories->moveDown($node, true);
Configuration If the default column names that are used by this behavior dont match your own schema,
you can provide aliases for them:
public function initialize(array $config)
{
$this->addBehavior('Tree', [
'parent' => 'ancestor_id', // Use this instead of parent_id
'left' => 'tree_left', // Use this instead of lft
'right' => 'tree_right' // Use this instead of rght
]);
}
Node Level (Depth) Knowing the depth of tree nodes can be useful when you want to retrieve nodes only
upto a certain level for e.g. when generating menus. You can use the level option to specify the field that
will save level of each node:
$this->addBehavior('Tree', [
'level' => 'level', // Defaults to null, i.e. no level saving
]);
448
If you dont want to cache the level using a db field you can use TreeBehavior::getLevel() method
to get level of a node.
Scoping and Multi Trees Sometimes you want to persist more than one tree structure inside the same
table, you can achieve that by using the scope configuration. For example, in a locations table you may
want to create one tree per country:
class LocationsTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Tree', [
'scope' => ['country_name' => 'Brazil']
]);
}
}
In the previous example, all tree operations will be scoped to only the rows having the column
country_name set to Brazil. You can change the scoping on the fly by using the config function:
$this->behaviors()->Tree->config('scope', ['country_name' => 'France']);
Optionally, you can have a finer grain control of the scope by passing a closure as the scope:
$this->behaviors()->Tree->config('scope', function ($query) {
$country = $this->getConfigureContry(); // A made-up function
return $query->where(['country_name' => $country]);
});
Saving Hierarchical Data When using the Tree behavior, you usually dont need to worry about the
internal representation of the hierarchical structure. The positions where nodes are placed in the tree are
deduced from the parent_id column in each of your entities:
$aCategory = $categoriesTable->get(10);
$aCategory->parent_id = 5;
$categoriesTable->save($aCategory);
Providing inexistent parent ids when saving or attempting to create a loop in the tree (making a node child
of itself) will throw an exception.
You can make a node a root in the tree by setting the parent_id column to null:
$aCategory = $categoriesTable->get(10);
$aCategory->parent_id = null;
$categoriesTable->save($aCategory);
More Information
449
Deleting Nodes Deleting a node and all its sub-tree (any children it may have at any depth in the tree) is
trivial:
$aCategory = $categoriesTable->get(10);
$categoriesTable->delete($aCategory);
The TreeBehavior will take care of all internal deleting operations for you. It is also possible to only delete
one node and re-assign all children to the immediately superior parent node in the tree:
$aCategory = $categoriesTable->get(10);
$categoriesTable->removeFromTree($aCategory);
$categoriesTable->delete($aCategory);
All children nodes will be kept and a new parent will be assigned to them.
The deletion of a node is based off of the lft and rght values of the entity. This is important to note when
looping through the various children of a node for conditional deletes:
$descendants = $teams->find('children', ['for' => 1]);
foreach ($descendants as $descendant) {
$team = $teams->get($descendant->id); // search for the up-to-date entity object
if ($team->expired) {
$teams->delete($team); // deletion reorders the lft and rght of database entries
}
}
The TreeBehavior reorders the lft and rght values of records in the table when a node is deleted. As such,
the lft and rght values of the entities inside $descendants (saved before the delete operation) will be
inaccurate. Entities will have to be loaded and modified on the fly to prevent inconsistencies in the table.
Creating a Behavior
In the following examples we will create a very simple SluggableBehavior. This behavior will allow
us to populate a slug field with the results of Inflector::slug() based on another field.
Before we create our behavior we should understand the conventions for behaviors:
Behavior files are located in src/Model/Behavior, or MyPlugin\Model\Behavior.
Behavior classes should be in the
MyPlugin\Model\Behavior namespace.
App\Model\Behavior
namespace,
or
450
{
}
Similar to tables, behaviors also have an initialize() hook where you can put your behaviors initialization code, if required:
public function initialize(array $config)
{
// Some initialization code here
}
We can now add this behavior to one of our table classes. In this example well use an ArticlesTable,
as articles often have slug properties for creating friendly URLs:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Sluggable');
}
}
Our new behavior doesnt do much of anything right now. Next, well add a mixin method and an event
listener so that when we save entities we can automatically slug a field.
Defining Mixin Methods
Any public method defined on a behavior will be added as a mixin method on the table object it is attached
to. If you attach two behaviors that provide the same methods an exception will be raised. If a behavior
provides the same method as a table class, the behavior method will not be callable from the table. Behavior
mixin methods will receive the exact same arguments that are provided to the table. For example, if our
SluggableBehavior defined the following method:
public function slug($value)
{
return Inflector::slug($value, $this->_config['replacement']);
}
More Information
451
When creating behaviors, there may be situations where you dont want to expose public methods as mixin
methods. In these cases you can use the implementedMethods configuration key to rename or exclude
mixin methods. For example if we wanted to prefix our slug() method we could do the following:
protected $_defaultConfig = [
'implementedMethods' => [
'superSlug' => 'slug',
]
];
Applying this configuration will make slug() not callable, however it will add a superSlug() mixin
method to the table. Notably if our behavior implemented other public methods they would not be available
as mixin methods with the above configuration.
Since the exposed methods are decided by configuration you can also rename/remove mixin methods when
adding a behavior to a table. For example:
// In a table's initialize() method.
$this->addBehavior('Sluggable', [
'implementedMethods' => [
'superSlug' => 'slug',
]
]);
Now that our behavior has a mixin method to slug fields, we can implement a callback listener to automatically slug a field when entities are saved. Well also modify our slug method to accept an entity instead of
just a plain value. Our behavior should now look like:
namespace App\Model\Behavior;
use
use
use
use
use
Cake\Event\Event;
Cake\ORM\Behavior;
Cake\ORM\Entity;
Cake\ORM\Query;
Cake\Utility\Inflector;
452
$value = $entity->get($config['field']);
$entity->set($config['slug'], Inflector::slug($value, $config['replacement']));
}
public function beforeSave(Event $event, Entity $entity)
{
$this->slug($entity);
}
}
Defining Finders
Now that we are able to save articles with slug values, we should implement a finder method so we can
easily fetch articles by their slug. Behavior finder methods, use the same conventions as Custom Finder
Methods do. Our find(slug) method would look like:
public function findSlug(Query $query, array $options)
{
return $query->where(['slug' => $options['slug']]);
}
Once our behavior has the above method we can call it:
$article = $articles->find('slug', ['slug' => $value])->first();
When creating behaviors, there may be situations where you dont want to expose finder methods, or you need to rename finders to avoid duplicated methods. In these cases you can use the
implementedFinders configuration key to rename or exclude finder methods. For example if we
wanted to rename our find(slug) method we could do the following:
More Information
453
protected $_defaultConfig = [
'implementedFinders' => [
'slugged' => 'findSlug',
]
];
Applying this configuration will make find(slug) trigger an error. However it will make
find(slugged) available. Notably if our behavior implemented other finder methods they would
not be available, as they are not included in the configuration.
Since the exposed methods are decided by configuration you can also rename/remove finder methods when
adding a behavior to a table. For example:
// In a table's initialize() method.
$this->addBehavior('Sluggable', [
'implementedFinders' => [
'slugged' => 'findSlug',
]
]);
Schema System
CakePHP features a schema system that is capable of reflecting and generating schema information for tables
in SQL datastores. The schema system can generate/reflect a schema for any SQL platform that CakePHP
supports.
454
Schema\Table objects allow you build up information about a tables schema. It helps to normalize and
validate the data used to describe a table. For example, the following two forms are equivalent:
$t->addColumn('title', 'string');
// and
$t->addColumn('title', [
'type' => 'string'
]);
While equivalent, the 2nd form allows more detail and control. This emulates the existing features available
in Schema files + the fixture schema in 2.x.
More Information
455
Columns are either added as constructor arguments, or via addColumn(). Once fields are added information
can be fetched using column() or columns():
// Get the array of data about a column
$c = $t->column('title');
// Get the list of all columns.
$cols = $t->columns();
Indexes are added using the addIndex(). Constraints are added using addConstraint(). Indexes &
constraints cannot be added for columns that do not exist, as it would result in an invalid state. Indexes are
different from constraints and exceptions will be raised if you try to mix types between the methods. An
example of both methods is:
$t = new Table('posts');
$t->addColumn('id', 'integer')
->addColumn('author_id', 'integer')
->addColumn('title', 'string')
->addColumn('slug', 'string');
// Add a primary key.
$t->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id']
]);
// Add a unique key
$t->addConstraint('slug_idx', [
'columns' => ['slug'],
'type' => 'unique',
]);
// Add index
$t->addIndex('slug_title', [
'columns' => ['slug', 'title'],
'type' => 'index'
]);
// Add a foreign key
$t->addConstraint('author_id_idx', [
'columns' => ['author_id'],
'type' => 'foreign',
'references' => ['authors', 'id'],
'update' => 'cascade',
'delete' => 'cascade'
]);
If you add a primary key constraint to a single integer column it will automatically be converted into a
auto-increment/serial column depending on the database platform:
456
$t = new Table('posts');
$t->addColumn('id', 'integer')
->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id']
]);
In the above example the id column would generate the following SQL in MySQL:
CREATE TABLE `posts` (
`id` INTEGER AUTO_INCREMENT,
PRIMARY KEY (`id`)
)
If your primary key contains more than one column, none of them will automatically be converted to an
auto-increment value. Instead you will need to tell the table object which column in the composite key you
want to auto-increment:
$t = new Table('posts');
$t->addColumn('id', [
'type' => 'integer',
'autoIncrement' => true,
])
->addColumn('account_id', 'integer')
->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id', 'account_id']
]);
The autoIncrement option only works with integer and biginteger columns.
Reading Indexes and Constraints
Indexes and constraints can be read out of a table object using accessor methods. Assuming that $t is a
populated Table instance you could do the following:
// Get contraints. Will return the
// names of all constraints.
$constraints = $t->constraints()
// Get data about a single constraint.
$constraint = $t->constraint('author_id_idx')
// Get indexes. Will return the
// names of all indexes.
$indexes = $t->indexes()
// Get data about a single index.
$index = $t->index('author_id_idx')
More Information
457
Some drivers (primarily MySQL) support & require additional table metadata. In the case of MySQL the
CHARSET, COLLATE and ENGINE properties are required for maintaining a tables structure in MySQL.
The following could be used to add table options:
$t->options([
'engine' => 'InnoDB',
'collate' => 'utf8_unicode_ci',
]);
Platform dialects only handle the keys they are interested in and ignore the rest. Not all options are support
on all platforms.
Converting Tables into SQL
Using the createSql() or dropSql() you can get platform specific SQL for creating or dropping a
specific table:
$db = ConnectionManager::get('default');
$schema = new Table('posts', $fields, $indexes);
// Create a table
$queries = $schema->createSql($db);
foreach ($queries as $sql) {
$db->execute($sql);
}
// Drop a table
$sql = $schema->dropSql($db);
$db->execute($sql);
By using a connections driver the schema data can be converted into platform specific SQL. The return of
createSql and dropSql is a list of SQL queries required to create a table and the required indexes.
Some platforms may require multiple statements to create tables with comments and/or indexes. An array
of queries is always returned.
Schema Collections
class Cake\Database\Schema\Collection
Collection provides access to the various tables available on a connection. You can use it to get the list
of tables or reflect tables into Table objects. Basic usage of the class looks like:
$db = ConnectionManager::get('default');
// Create a schema collection.
$collection = $db->schemaCollection();
// Get the table names
458
$tables = $collection->listTables();
// Get a single table (instance of Schema\Table)
$table = $collection->describe('posts')
This will rebuild the metadata cache for all tables on the default connection. If you only need to rebuild
a single table you can do that by providing its name:
bin/cake orm_cache build --connection default articles
In addition to building cached data, you can use the OrmCacheShell to remove cached metadata as well:
# Clear all metadata
bin/cake orm_cache clear
# Clear a single table
bin/cake orm_cache clear articles
More Information
459
460
CHAPTER 13
Authentication
Authentication
Authentication is the process of identifying users by provided credentials and ensuring that users are who
they say they are. Generally this is done through a username and password, that are checked against a known
list of users. In CakePHP, there are several built-in ways of authenticating users stored in your application.
FormAuthenticate allows you to authenticate users based on form POST data. Usually this is a
login form that users enter information into.
BasicAuthenticate allows you to authenticate users using Basic HTTP authentication.
DigestAuthenticate allows you to authenticate users using Digest HTTP authentication.
By default AuthComponent uses FormAuthenticate.
461
In the second example youll notice that we had to declare the userModel key twice. To help you keep
your code DRY, you can use the all key. This special key allows you to set settings that are passed to every
attached object. The all key is also exposed as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authenticate', [
AuthComponent::ALL => ['userModel' => 'Members'],
'Basic',
'Form'
]);
In the above example, both Form and Basic will get the settings defined for the all key. Any settings
passed to a specific authentication object will override the matching key in the all key. The core authentication objects support the following configuration keys.
fields The fields to use to identify a user by. You can use keys username and password to
specify your username and password fields respectively.
userModel The model name of the users table; defaults to Users.
462
i.e.
contain Extra models to contain and return with identified users info.
passwordHasher Password hasher class; defaults to Default.
To configure different fields for user in your initialize() method:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email', 'password' => 'passwd']
]
]
]);
}
Do not put other Auth configuration keys, such as authError, loginAction, etc., within the
authenticate or Form element. They should be at the same level as the authenticate key. The setup
above with other Auth configuration should look like:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'plugin' => 'Users'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email']
]
]
]);
}
In addition to the common configuration, Basic authentication supports the following keys:
realm The realm being authenticated. Defaults to env(SERVER_NAME).
In addition to the common configuration Digest authentication supports the following keys:
realm The realm authentication is for. Defaults to the servername.
nonce A nonce used for authentication. Defaults to uniqid().
qop Defaults to auth; no other values are supported at this time.
opaque A string that must
md5($config[realm])
Authentication
be
returned
unchanged
by
clients.
Defaults
to
463
The above code will attempt to first identify a user by using the POST data. If successful we set the user info
to the session so that it persists across requests and then redirect to either the last page they were visiting or
a URL specified in the loginRedirect config. If the login is unsuccessful, a flash message is set.
Warning: $this->Auth->setUser($data) will log the user in with whatever data is passed to
the method. It wont actually check the credentials against an authentication class.
464
Authentication objects should return false if they cannot identify the user and an array of user information
if they can. Its not required that you extend BaseAuthenticate, only that your authentication object
implements Cake\Event\EventListenerInterface. The BaseAuthenticate class provides
a number of helpful methods that are commonly used. You can also implement a getUser() method if
your authentication object needs to support stateless or cookie-less authentication. See the sections on basic
and digest authentication below for more information.
AuthComponent triggers two events, Auth.afterIdentify and Auth.logout, after a user has
been identified and before a user is logged out respectively. You can set callback functions for these events
by returning a mapping array from implementedEvents() method of your authenticate class:
public function implementedEvents()
{
return [
'Auth.afterIdentify' => 'afterIdentify',
'Auth.logout' => 'logout'
];
}
Authentication
465
Note: Note that when using simple notation theres no Authenticate word when initiating the authentication object. Instead, if using namespaces, youll need to set the full namespace of the class, including the
Authenticate word.
The above is how you could implement getUser method for HTTP basic authentication.
The
_findUser() method is part of BaseAuthenticate and identifies a user based on a username and
password.
466
You can customize the error messages and flash settings AuthComponent uses. Using flash config you
can configure the parameters AuthComponent uses for setting flash messages. The available keys are
key - The key to use, defaults to auth.
params - The array of additional params to use, defaults to [].
In addition to the flash message settings you can customize other error messages AuthComponent uses. In
your controllers beforeFilter, or component settings you can use authError to customize the error used
for when authorization fails:
$this->Auth->config('authError', "Woopsie, you are not authorized to access this area.");
Sometimes, you want to display the authorization error only after the user has already logged-in. You can
suppress this message by setting its value to boolean false.
In your controllers beforeFilter() or component settings:
if (!$this->Auth->user()) {
$this->Auth->config('authError', false);
}
Hashing Passwords
You are responsible for hashing the passwords before they are persisted to the database, the easiest way is
to use a setter function in your User entity:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}
Authentication
467
Then you are required to configure the AuthComponent to use your own password hasher:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Legacy',
]
]
]
]);
}
Supporting legacy systems is a good idea, but it is even better to keep your database with the latest security
advancements. The following section will explain how to migrate from one hashing algorithm to CakePHPs
default
468
The first name appearing in the hashers key indicates which of the classes is the preferred one, but it will
fallback to the others in the list if the check was unsuccessful.
When using the WeakPasswordHasher you will need to set the Security.salt configure value to
ensure passwords are salted.
In order to update old users passwords on the fly, you can change the login function accordingly:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->authenticationProvider()->needsPasswordRehash()) {
$user = $this->Users->get($this->Auth->user('id'));
$user->password = $this->request->data('password');
$this->Users->save($user);
}
return $this->redirect($this->Auth->redirectUrl());
}
...
}
}
As you can see we are just setting the plain password again so the setter function in the entity will hash the
password as shown in the previous example and then save the entity.
Authentication
469
Passwords for digest authentication need a bit more information than other password hashes, based on the
RFC for digest authentication.
Note:
The third parameter of DigestAuthenticate::password() must match the realm config value
defined when DigestAuthentication was configured in AuthComponent::$authenticate. This defaults to
env(SCRIPT_NAME). You may wish to use a static string if you want consistent hashes in multiple
environments.
470
$this->Auth->setUser($user->toArray());
return $this->redirect([
'controller' => 'Users',
'action' => 'home'
]);
}
}
Warning: Be sure to manually add the new User id to the array passed to the setUser() method.
Otherwise you wont have the user id available.
If the current user is not logged in or the key doesnt exist, null will be returned.
Logging out users that logged in with Digest or Basic auth is difficult to accomplish for all clients. Most
browsers will retain credentials for the duration they are still open. Some clients can be forced to logout
by sending a 401 status code. Changing the authentication realm is another solution that works for some
clients.
Authorization
Authorization is the process of ensuring that an identified/authenticated user is allowed to access the resources they are requesting. If enabled AuthComponent can automatically check authorization handlers
and ensure that logged in users are allowed to access the resources they are requesting. There are several
built-in authorization handlers and you can create custom ones for your application or as part of a plugin.
Authorization
471
ControllerAuthorize Calls isAuthorized() on the active controller, and uses the return
of that to authorize a user. This is often the most simple way to authorize users.
Note: The ActionsAuthorize & CrudAuthorize adapter available in CakePHP 2.x have now been
moved to a separate plugin cakephp/acl1 .
Much like authenticate, authorize, helps you keep your code DRY, by using the all key. This
special key allows you to set settings that are passed to every attached object. The all key is also exposed
as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authorize', [
AuthComponent::ALL => ['actionPath' => 'controllers/'],
'Actions',
'Controller'
]);
In the above example, both the Actions and Controller will get the settings defined for the all key.
Any settings passed to a specific authorization object will override the matching key in the all key.
If an authenticated user tries to go to a URL hes not authorized to access, hes redirected back to the
referrer. If you do not want such redirection (mostly needed when using stateless authentication adapter)
you can set config option unauthorizedRedirect to false. This causes AuthComponent to throw a
ForbiddenException instead of redirecting.
1
https://github.com/cakephp/acl
472
Authorize objects should return false if the user is denied access, or if the object is unable to perform a
check. If the object is able to verify the users access, true should be returned. Its not required that you
extend BaseAuthorize, only that your authorize object implements an authorize() method. The
BaseAuthorize class provides a number of helpful methods that are commonly used.
Using Custom Authorize Objects
Once youve created your custom authorize object, you can use them by including them in your AuthComponents authorize array:
$this->Auth->config('authorize', [
'Ldap', // app authorize object.
'AuthBag.Combo', // plugin authorize object.
]);
Using No Authorization
If youd like to not use any of the built-in authorization objects and want to handle things entirely outside
of AuthComponent, you can set $this->Auth->config(authorize, false);. By default
AuthComponent starts off with authorize set to false. If you dont use an authorization scheme, make
sure to check authorization yourself in your controllers beforeFilter or with another component.
473
By calling it empty you allow all actions to be public. For a single action you can provide the action name
as string. Otherwise use an array.
Note: You should not add the login action of your UsersController to allow list. Doing so would
cause problems with normal functioning of AuthComponent.
By calling it empty you deny all actions. For a single action you can provide the action name as string.
Otherwise use an array.
Using ControllerAuthorize
ControllerAuthorize allows you to handle authorization checks in a controller callback. This is ideal when
you have very simple authorization or you need to use a combination of models and components to do your
authorization and dont want to create a custom authorize object.
The callback is always called isAuthorized() and it should return a boolean as to whether or not the
user is allowed to access resources in the request. The callback is passed the active user so it can be checked:
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => 'Controller',
474
]);
}
public function isAuthorized($user = null)
{
// Any registered user can access public functions
if (empty($this->request->params['prefix'])) {
return true;
}
// Only admins can access admin functions
if ($this->request->params['prefix'] === 'admin') {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
}
The above callback would provide a very simple authorization system where only users with role = admin
could access actions that were in the admin prefix.
Configuration options
The following settings can all be defined either in your controllers initialize() method or using
$this->Auth->config() in your beforeFilter():
ajaxLogin The name of an optional view element to render when an AJAX request is made with an invalid
or expired session.
allowedActions Controller actions for which user validation is not required.
authenticate Set to an array of Authentication objects you want to use when logging users in. There are
several core authentication objects; see the section on Suggested Reading Before Continuing.
authError Error to display when user attempts to access an object or action to which they do not have
access.
You can suppress authError message from being displayed by setting this value to boolean false.
authorize Set to an array of Authorization objects you want to use when authorizing users on each request;
see the section on Authorization.
flash Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available
keys are:
element - The element to use; defaults to default.
key - The key to use; defaults to auth.
params - The array of additional params to use; defaults to [].
Configuration options
475
loginAction A URL (defined as a string or array) to the controller action that handles logins. Defaults to
/users/login.
loginRedirect The URL (defined as a string or array) to the controller action users should be redirected
to after logging in. This value will be ignored if the user has an Auth.redirect value in their
session.
logoutRedirect The default action to redirect to after the user is logged out.
While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from
AuthComponent::logout(). Defaults to loginAction.
unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or /. If set to false, a ForbiddenException exception
is thrown instead of redirecting.
476
CHAPTER 14
Bake Console
CakePHPs bake console is another effort to get you up and running in CakePHP fast. The bake console can
create any of CakePHPs basic ingredients: models, behaviors, views, helpers, controllers, components, test
cases, fixtures and plugins. And we arent just talking skeleton classes: Bake can create a fully functional
application in just a few minutes. In fact, Bake is a natural step to take once an application has been
scaffolded.
Installation
Before trying to use or extend bake, make sure it is installed in your application. Bake is provided as a
plugin that you can install with Composer:
composer require --dev cakephp/bake:~1.0
The above will install bake as a development dependency. This means that it will not be installed when you
do production deployments. The following sections cover bake in more detail:
477
$ bin/cake bake
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : src
Path: /var/www/cakephp.dev/src/
--------------------------------------------------------------The following commands can be used to generate skeleton code for your application.
Available bake commands:
-
all
behavior
cell
component
controller
fixture
form
helper
model
plugin
shell
template
test
By using `cake bake [name]` you can invoke a specific bake task.
You can get more information on what each task does, and what options are available using the --help
option:
$ bin/cake bake controller --help
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : src
Path: /var/www/cakephp.dev/src/
--------------------------------------------------------------Bake a controller skeleton.
Usage:
cake bake controller [subcommand] [options] [<name>]
Subcommands:
all
478
--plugin, -p
--force, -f
--connection, -c
--theme, -t
--components
--helpers
--prefix
--no-test
--no-actions
Arguments:
name Name of the controller to bake. Can use Plugin.name to bake
controllers into plugins. (optional)
Bake Themes
The theme option is common to all bake commands, and allows changing the bake template files used when
baking. To create your own templates, see the bake theme creation documentation.
Extending Bake
Bake features an extensible architecture that allows your application or plugins to easily modify or add-to
the base functionality. Bake makes use of a dedicated view class which does not use standard PHP syntax.
Bake Events
As a view class, BakeView emits the same events as any other view class, plus one extra initialize event.
However, whereas standard view classes use the event prefix View., BakeView uses the event prefix
Bake..
The initialize event can be used to make changes which apply to all baked output, for example to add another
helper to the bake view class this event can be used:
<?php
// config/bootstrap_cli.php
use Cake\Event\Event;
use Cake\Event\EventManager;
EventManager::instance()->on('Bake.initialize', function (Event $event) {
$view = $event->subject;
// In my bake templates, allow the use of the MySpecial helper
$view->loadHelper('MySpecial', ['some' => 'config']);
// And add an $author variable so it's always available
$view->set('author', 'Andy');
Installation
479
});
Bake events can also be useful for making small changes to existing templates. For example, to change
the variable names used when baking controller/template files one can use a function listening for
Bake.beforeRender to modify the variables used in the bake templates:
<?php
// config/bootstrap_cli.php
use Cake\Event\Event;
use Cake\Event\EventManager;
EventManager::instance()->on('Bake.beforeRender', function (Event $event) {
$view = $event->subject;
// Use $rows for the main data variable in indexes
if ($view->get('pluralName')) {
$view->set('pluralName', 'rows');
}
if ($view->get('pluralVar')) {
$view->set('pluralVar', 'rows');
}
// Use $theOne for the main data variable in view/edit
if ($view->get('singularName')) {
$view->set('singularName', 'theOne');
}
if ($view->get('singularVar')) {
$view->set('singularVar', 'theOne');
}
});
480
One way to see/understand how bake templates works, especially when attempting to modify bake template
files, is to bake a class and compare the template used with the pre-processed template file which is left in
the applications tmp folder.
So, for example, when baking a shell like so:
bin/cake bake shell Foo
The pre-processed template file (tmp/Bake-Shell-shell-ctp.php), which is the file actually rendered, looks
like this:
<CakePHPBakeOpenTagphp
namespace <?= $namespace ?>\Shell;
use Cake\Console\Shell;
/**
* <?= $name ?> shell command.
*/
class <?= $name ?>Shell extends Shell
{
/**
* main() method.
*
* @return bool|int Success or error code.
*/
public function main()
{
}
Installation
481
482
<?php
namespace App\Shell\Task;
use Bake\Shell\Task\SimpleBakeTask;
class FooTask extends SimpleBakeTask
{
public $pathFragment = 'Foo/';
public function name()
{
return 'shell';
}
public function fileName($name)
{
return $name . 'Foo.php';
}
public function template()
{
return 'foo';
}
}
Once this file has been created, we need to create a template that bake can use when generating code. Create
src/Template/Bake/foo.ctp. In this file well add the following content:
<?php
namespace <%= $namespace %>\Foo;
/**
* <%= $name %> foo
*/
class <%= $name %>Foo
{
// Add code.
}
You should now see your new task in the output of bin/cake bake. You can run your new task
by running bin/cake bake foo Example. This will generate a new ExampleFoo class in
src/Foo/ExampleFoo.php for your application to use.
Installation
483
484
CHAPTER 15
Caching
class Cake\Cache\Cache
Caching is frequently used to reduce the time it takes to create or read from other resources. Caching is
often used to make reading from expensive resources less expensive. You can easily store the results of
expensive queries, or remote webservice access that doesnt frequently change in a cache. Once in the
cache, re-reading the stored resource from the cache is much cheaper than accessing the remote resource.
Caching in CakePHP is primarily facilitated by the Cache class. This class provides a set of static methods
that provide a uniform API to dealing with all different types of Caching implementations. CakePHP comes
with several cache engines built-in, and provides an easy system to implement your own caching systems.
The built-in caching engines are:
FileCache File cache is a simple cache that uses local files. It is the slowest cache engine, and
doesnt provide as many features for atomic operations. However, since disk storage is often quite
cheap, storing large objects, or elements that are infrequently written work well in files.
ApcCache APC cache uses the PHP APC1 extension. This extension uses shared memory on the
webserver to store objects. This makes it very fast, and able to provide atomic read/write features.
Wincache Wincache uses the Wincache2 extension. Wincache is similar to APC in features and
performance, but optimized for Windows and IIS.
XcacheEngine Xcache3 is a PHP extension that provides similar features to APC.
MemcachedEngine Uses the Memcached4 extension. It also interfaces with memcache but provides better performance.
RedisEngine Uses the phpredis5 extension. Redis provides a fast and persistent cache system
similar to memcached, also provides atomic operations.
1
http://php.net/apc
http://php.net/wincache
3
http://xcache.lighttpd.net/
4
http://php.net/memcached
5
https://github.com/nicolasff/phpredis
2
485
Regardless of the CacheEngine you choose to use, your application interacts with Cake\Cache\Cache
in a consistent manner. This means you can easily swap cache engines as your application grows.
Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Cache::config('short', [
'url' => 'memcached://user:password@cache-host/?timeout=3600&prefix=myapp_',
]);
When using a DSN string you can define any additional parameters/options as query string arguments.
You can also configure Cache engines at runtime:
// Using a short name
Cache::config('short', [
'className' => 'File',
'duration' => '+1 hours',
'path' => CACHE,
486
The name of these configurations short or long is used as the $config parameter for
Cake\Cache\Cache::write() and Cake\Cache\Cache::read(). When configuring Cache
engines you can refer to the class name using the following syntaxes:
Short classname without Engine or a namespace. This will infer that you want to use a Cache engine
in Cake\Cache\Engine or App\Cache\Engine.
Using plugin syntax which allows you to load engines from a specific plugin.
Using a fully qualified namespaced classname. This allows you to use classes located outside of the
conventional locations.
Using an object that extends the CacheEngine class.
Note: When using the FileEngine you might need to use the mask option to ensure cache files are made
with the correct permissions.
Writing to a Cache
static Cake\Cache\Cache::write($key, $value, $config = default)
Cache::write() will write a $value to the Cache. You can read or delete this value later by referring
to it by $key. You may specify an optional configuration to store the cache in as well. If no $config
is specified, default will be used. Cache::write() can store any type of object and is ideal for storing
results of model finds:
Writing to a Cache
487
Using Cache::write() and Cache::read() to easily reduce the number of trips made to the
database to fetch posts.
Note: If you plan to cache the result of queries made with the CakePHP ORM, it is better to use the built-in
cache capabilities of the Query object as described in the Caching Loaded Results section
488
489
static Cake\Cache\Cache::gc($config)
Garbage collects entries in the cache configuration. This is primarily used by FileEngine. It should be
implemented by any Cache engine that requires manual eviction of cached data.
490
Cache::write('initial_count', 10);
// Later on
Cache::decrement('initial_count');
// Or
Cache::increment('initial_count');
Note: Incrementing and decrementing do not work with FileEngine. You should use APC, Wincache,
Redis or Memcached instead.
Using Groups
Sometimes you will want to mark multiple cache entries to belong to certain group or namespace. This is a
common requirement for mass-invalidating keys whenever some information changes that is shared among
all entries in the same group. This is possible by declaring the groups in cache configuration:
Cache::config('site_home', [
'className' => 'Redis',
'duration' => '+999 days',
'groups' => ['comment', 'article']
]);
491
Groups are shared across all cache configs using the same engine and same prefix. If you are using groups
and want to take advantage of group deletion, choose a common prefix for all your configs.
static Cake\Cache\Cache::enabled
If you need to check on the state of Cache, you can use enabled().
492
adapters must be in a cache directory. If you had a cache engine named MyCustomCacheEngine
it would be placed in either src/Cache/Engine/MyCustomCacheEngine.php as an app/libs. Or in
$plugin/Cache/Engine/MyCustomCacheEngine.php as part of a plugin. Cache configs from
plugins need to use the plugin dot syntax.
Cache::config('custom', [
'className' => 'CachePack.MyCustomCache',
// ...
]);
Custom Cache engines must extend Cake\Cache\CacheEngine which defines a number of abstract
methods as well as provides a few initialization methods.
The required API for a CacheEngine is
class Cake\Cache\CacheEngine
The base class for all cache engines used with Cache.
Cake\Cache\CacheEngine::write($key, $value, $config = default)
Returns boolean for success.
Write value for a key into cache, optional string $config specifies configuration name to write to.
Cake\Cache\CacheEngine::read($key)
Returns The cached value or false for failure.
Read a key from the cache. Return false to indicate the entry has expired or does not exist.
Cake\Cache\CacheEngine::delete($key)
Returns Boolean true on success.
Delete a key from the cache. Return false to indicate that the entry did not exist or could not be
deleted.
Cake\Cache\CacheEngine::clear($check)
Returns Boolean true on success.
Delete all keys from the cache. If $check is true, you should validate that each value is actually
expired.
Cake\Cache\CacheEngine::clearGroup($group)
Returns Boolean true on success.
Delete all keys from the cache belonging to the same group.
Cake\Cache\CacheEngine::decrement($key, $offset = 1)
Returns Boolean true on success.
Decrement a number under the key and return decremented value
Cake\Cache\CacheEngine::increment($key, $offset = 1)
Returns Boolean true on success.
493
494
CHAPTER 16
CakePHP features not only a web framework but also a console framework for creating console applications. Console applications are ideal for handling a variety of background tasks such as maintenance, and
completing work outside of the request-response cycle. CakePHP console applications allow you to reuse
your application classes from the command line.
CakePHP comes with a number of console applications out of the box. Some of these applications are used
in concert with other CakePHP features (like i18n), and others are for general use to get you working faster.
Note: For Windows, the command needs to be bin\cake (note the backslash).
495
The first information printed relates to paths. This is helpful if youre running the console from different
parts of the filesystem.
You could then run the any of the listed shells by using its name:
# run server shell
bin/cake server
# run migrations shell
bin/cake migrations -h
# run bake (with plugin prefix)
bin/cake bake.bake -h
Plugin shells can be invoked without a plugin prefix if the shells name does not overlap with an application
or framework shell. In the case that two plugins provide a shell with the same name, the first loaded plugin
will get the short alias. You can always use the plugin.shell format to unambiguously reference a
shell.
class Cake\Console\Shell
496
Creating a Shell
Lets create a shell for use in the Console. For this example, well create a simple Hello world shell. In your
applications Shell directory create HelloShell.php. Put the following code inside it:
namespace App\Shell;
use Cake\Console\Shell;
class HelloShell extends Shell
{
public function main()
{
$this->out('Hello world.');
}
}
The conventions for shell classes are that the class name should match the file name, with the suffix of
Shell. In our shell we created a main() method. This method is called when a shell is called with no
additional commands. Well add some more commands in a bit, but for now lets just run our shell. From
your application directory, run:
bin/cake hello
As mentioned before, the main() method in shells is a special method called whenever there are no other
commands or arguments given to a shell. Since our main method wasnt very interesting lets add another
command that does something:
namespace App\Shell;
use Cake\Console\Shell;
class HelloShell extends Shell
{
public function main()
{
$this->out('Hello world.');
}
public function heyThere($name = 'Anonymous')
{
$this->out('Hey there ' . $name);
}
}
Creating a Shell
497
After saving this file, you should be able to run the following command and see your name printed out:
bin/cake hello hey_there your-name
Any public method not prefixed by an _ is allowed to be called from the command line. As you can see,
methods invoked from the command line are transformed from the underscored shell argument to the correct
camel-cased method name in the class.
In our heyThere() method we can see that positional arguments are provided to our heyThere()
function. Positional arguments are also available in the args property. You can access switches or options
on shell applications, which are available at $this->params, but well cover that in a bit.
When using a main() method you wont be able to use the positional arguments. This is because the first
positional argument or option is interpreted as the command name. If you want to use arguments, you should
use method names other than main.
The above shell, will fetch a user by username and display the information stored in the database.
Shell Tasks
There will be times when building more advanced console applications, youll want to compose functionality
into re-usable classes that can be shared across many shells. Tasks allow you to extract commands into
498
classes. For example the bake is made almost entirely of tasks. You define a tasks for a shell using the
$tasks property:
class UserShell extends Shell
{
public $tasks = ['Template'];
}
You can use tasks from plugins using the standard plugin syntax. Tasks are stored in Shell/Task/
in files named after their classes. So if we were to create a new FileGenerator task, you would create
src/Shell/Task/FileGeneratorTask.php.
Each task must at least implement a main() method. The ShellDispatcher, will call this method when the
task is invoked. A task class looks like:
namespace App\Shell\Task;
use Cake\Console\Shell;
class FileGeneratorTask extends Shell
{
public function main()
{
}
}
A shell can also access its tasks as properties, which makes tasks great for making re-usable chunks of
functionality similar to Components:
// Found in src/Shell/SeaShell.php
class SeaShell extends Shell
{
// Found in src/Shell/Task/SoundTask.php
public $tasks = ['Sound'];
public function main()
{
$this->Sound->main();
}
}
You can also access tasks directly from the command line:
$ cake sea sound
Note: In order to access tasks directly from the command line, the task must be included in the shell class
$tasks property.
Also, the task name must be added as a sub command to the Shells OptionParser:
public function getOptionParser()
{
Shell Tasks
499
$parser = parent::getOptionParser();
$parser->addSubcommand('sound', [
'help' => 'Execute The Sound Task.'
]);
return $parser;
}
Would load and return a ProjectTask instance. You can load tasks from plugins using:
$progressBar = $this->Tasks->load('ProgressBar.ProgressBar');
The above shows how you can call the schema shell to create the schema for a plugin from inside your
plugins shell.
Creating Files
Cake\Console\Shell::createFile($path, $contents)
Many Shell applications help automate development or deployment tasks. Creating files is often important
in these use cases. CakePHP provides an easy way to create a file at a given path:
$this->createFile('bower.json', $stuff);
If the Shell is interactive, a warning will be generated, and the user asked if they want to overwrite the file
if it already exists. If the shells interactive property is false, no question will be asked and the file will
simply be overwritten.
Console Output
The Shell class provides a few methods for outputting content:
// Write to stdout
$this->out('Normal message');
// Write to stderr
$this->err('Error message');
// Write to stderr and stop the process
$this->error('Fatal error');
Shell also includes methods for clearing output, creating blank lines, or drawing a line of dashes:
// Output 2 newlines
$this->out($this->nl(2));
// Clear the user's screen
$this->clear();
// Draw a horizontal line
$this->hr();
Lastly, you can update the current line of text on the screen using _io->overwrite():
$this->out('Counting down');
$this->out('10', 0);
for ($i = 9; $i > 0; $i--) {
sleep(1);
$this->_io->overwrite($i, 0, 2);
}
It is important to remember, that you cannot overwrite text once a new line has been output.
Creating Files
501
You can control the output level of shells, by using the --quiet and --verbose options. These options
are added by default, and allow you to consistently control output levels inside your CakePHP shells.
Styling Output
Styling output is done by including tags - just like HTML - in your output. ConsoleOutput will replace these
tags with the correct ansi code sequence, or remove the tags if you are on a console that doesnt support ansi
codes. There are several built-in styles, and you can create more. The built-in ones are
error Error messages. Red underlined text.
warning Warning messages. Yellow text.
info Informational messages. Cyan text.
comment Additional text. Blue text.
question Text that is a question, added automatically by shell.
You can create additional styles using $this->stdout->styles(). To declare a new output style you
could do:
$this->_io->styles('flashy', ['text' => 'magenta', 'blink' => true]);
502
This would then allow you to use a <flashy> tag in your shell output, and if ansi colours are enabled, the
following would be rendered as blinking magenta text $this->out(<flashy>Whoooa</flashy>
Something went wrong);. When defining styles you can use the following colours for the text
and background attributes:
black
red
green
yellow
blue
magenta
cyan
white
You can also use the following options as boolean switches, setting them to a truthy value enables them.
bold
underline
blink
reverse
Adding a style makes it available on all instances of ConsoleOutput as well, so you dont have to redeclare
styles for both stdout and stderr objects.
The above will put the output object into raw output mode. In raw output mode, no styling is done at all.
There are three modes you can use.
ConsoleOutput::RAW - Raw output, no styling or formatting will be done. This is a good mode
to use if you are outputting XML or, want to debug why your styling isnt working.
ConsoleOutput::PLAIN - Plain text output, known style tags will be stripped from the output.
ConsoleOutput::COLOR - Output with color escape codes in place.
By default on *nix systems ConsoleOutput objects default to colour output. On Windows systems, plain
output is the default unless the ANSICON environment variable is present.
Console Output
503
Hook Methods
Cake\Console\Shell::initialize()
Initializes the Shell acts as constructor for subclasses allows configuration of tasks prior to shell
execution.
Cake\Console\Shell::startup()
Starts up the Shell and displays the welcome message. Allows for checking and configuring prior to
command or main execution.
Override this method if you want to remove the welcome information, or otherwise modify the precommand flow.
504
])->addOption('method', [
'short' => 'm',
'help' => __('The specific method you want help on.')
])->description(__('Lookup doc block comments for classes in CakePHP.'));
return $parser;
}
Cake\Console\ConsoleOptionParser::epilog($text = null)
Gets or sets the epilog for the option parser. The epilog is displayed after the argument and option information. By passing in either an array or a string, you can set the value of the epilog. Calling with no arguments
will return the current value:
// Set multiple lines at once
$parser->epilog(['line one', 'line two']);
// Read the current value
$parser->epilog();
Adding Arguments
Cake\Console\ConsoleOptionParser::addArgument($name, $params =[])
505
Positional arguments are frequently used in command line tools, and ConsoleOptionParser allows
you to define positional arguments as well as make them required. You can add arguments one at a time
with $parser->addArgument(); or multiple at once with $parser->addArguments();:
$parser->addArgument('model', ['help' => 'The model to bake']);
As with all the builder methods on ConsoleOptionParser, addArguments can be used as part of a fluent
method chain.
Validating Arguments
When creating positional arguments, you can use the required flag, to indicate that an argument must be
present when a shell is called. Additionally you can use choices to force an argument to be from a list of
valid choices:
$parser->addArgument('type', [
'help' => 'The type of node to interact with.',
'required' => true,
'choices' => ['aro', 'aco']
]);
The above will create an argument that is required and has validation on the input. If the argument is either
missing, or has an incorrect value an exception will be raised and the shell will be stopped.
Adding Options
Cake\Console\ConsoleOptionParser::addOption($name, $options =[])
506
Options or flags are also frequently used in command line tools. ConsoleOptionParser supports
creating options with both verbose and short aliases, supplying defaults and creating boolean switches.
Options are created with either $parser->addOption() or $parser->addOptions().
$parser->addOption('connection', [
'short' => 'c',
'help' => 'connection',
'default' => 'default',
]);
The above would allow you to use either cake myshell --connection=other, cake myshell
--connection other, or cake myshell -c other when invoking the shell. You can also create
boolean switches, these switches do not consume values, and their presence just enables them in the parsed
parameters.
$parser->addOption('no-commit', ['boolean' => true]);
With this option, when calling a shell like cake myshell --no-commit something the no-commit
param would have a value of true, and something would be a treated as a positional argument. The builtin --help, --verbose, and --quiet options use this feature.
When creating options you can use the following options to define the behavior of the option:
short - The single letter variant for this option, leave undefined for none.
help - Help text for this option. Used when generating help for the option.
default - The default value for this option. If not defined the default will be true.
boolean - The option uses no value, its just a boolean switch. Defaults to false.
choices - An array of valid choices for this option. If left empty all values are valid. An exception
will be raised when parse() encounters an invalid value.
Cake\Console\ConsoleOptionParser::addOptions(array $options)
If you have an array with multiple options you can use $parser->addOptions() to add multiple
options at once.
$parser->addOptions([
'node' => ['short' => 'n', 'help' => 'The node to create'],
'parent' => ['short' => 'p', 'help' => 'The parent node']
]);
As with all the builder methods on ConsoleOptionParser, addOptions can be used as part of a fluent method
chain.
Validating Options
Options can be provided with a set of choices much like positional arguments can be. When an option has defined choices, those are the only valid choices for an option. All other values will raise an
InvalidArgumentException:
507
$parser->addOption('accept', [
'help' => 'What version to accept.',
'choices' => ['working', 'theirs', 'mine']
]);
The following option would result in $this->params[verbose] always being available. This lets
you omit empty() or isset() checks for boolean flags:
if ($this->params['verbose']) {
// Do something.
}
Since the boolean options are always defined as true or false you can omit additional check methods.
Adding Subcommands
Cake\Console\ConsoleOptionParser::addSubcommand($name, $options =[])
Console applications are often made of subcommands, and these subcommands may require special option
parsing and have their own help. A perfect example of this is bake. Bake is made of many separate tasks
that all have their own help and options. ConsoleOptionParser allows you to define subcommands
and provide command specific option parsers so the shell knows how to parse commands for its tasks:
$parser->addSubcommand('model', [
'help' => 'Bake a model',
'parser' => $this->Model->getOptionParser()
]);
The above is an example of how you could provide help and a specialized option parser for a shells task. By
calling the Tasks getOptionParser() we dont have to duplicate the option parser generation, or mix
concerns in our shell. Adding subcommands in this way has two advantages. First it lets your shell easily
document its subcommands in the generated help. It also gives easy access to the subcommand help. With
the above subcommand created you could call cake myshell --help and see the list of subcommands,
and also run cake myshell model --help to view the help for just the model task.
Note: Once your Shell defines subcommands, all subcommands must be explicitly defined.
When defining a subcommand you can use the following options:
508
Inside the parser spec, you can define keys for arguments, options, description and epilog.
You cannot define subcommands inside an array style builder. The values for arguments, and options,
should follow the format that Cake\Console\ConsoleOptionParser::addArguments() and
Cake\Console\ConsoleOptionParser::addOptions() use. You can also use buildFromArray on its own, to build an option parser:
public function getOptionParser()
{
return ConsoleOptionParser::buildFromArray([
'description' => [
__("Use this command to grant ACL permissions. Once executed, the "),
__("ARO specified (and its children, if any) will have ALLOW access "),
__("to the specified ACO action (and the ACO's children, if any).")
],
'arguments' => [
'aro' => ['help' => __('ARO to check.'), 'required' => true],
'aco' => ['help' => __('ACO to check.'), 'required' => true],
'action' => ['help' => __('Action to check')]
]
]);
}
509
Merging ConsoleOptionParsers
Cake\Console\ConsoleOptionParser::merge($spec)
When building a group command, you maybe want to combine several parsers for this:
$parser->merge($anotherParser);
Note that the order of arguments for each parser must be the same, and that options must also be compatible
for it work. So do not use keys for different things.
Would both generate the help for bake. If the shell supports subcommands you can get help for those in a
similar fashion:
cake bake model --help
cake bake model -h
This would get you the help specific to bakes model task.
The above would return an XML document with the generated help, options, arguments and subcommands
for the selected shell. A sample XML document would look like:
<?xml version="1.0"?>
<shell>
<command>bake fixture</command>
<description>Generate fixtures for use with the test suite. You can use
`bake fixture all` to bake all fixtures.</description>
<epilog>
Omitting all arguments and options will enter into an interactive
mode.
</epilog>
<subcommands/>
<options>
510
511
This asserts that the generated message IDs are valid and fit to the domain the emails are sent from.
More Topics
Interactive Console (REPL)
The CakePHP app skeleton comes with a built in REPL(Read Eval Print Loop) that makes it easy to explore
some CakePHP and your application in an interactive console. You can start the interactive console using:
$ bin/cake console
This will bootstrap your application and start an interactive console. At this point you can interact with your
application code and execute queries using your applications models:
$ bin/cake console
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : App
Path: /Users/mark/projects/cakephp-app/src/
-------------------------------------------------------------->>> $articles = Cake\ORM\TableRegistry::get('Articles');
// object(Cake\ORM\Table)(
//
// )
>>> $articles->find();
Since your application has been bootstrapped you can also test routing using the REPL:
>>> Cake\Routing\Router::parse('/articles/view/1');
// [
//
'controller' => 'Articles',
//
'action' => 'view',
//
'pass' => [
//
0 => '1'
//
],
//
'plugin' => NULL
// ]
512
*/5 *
*
*
* cd /full/path/to/root && bin/cake myshell myparam
*
*
*
*
* command to execute
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\----- day of week (0 - 6) (0 to 6 are Sunday to Saturday,
|
|
|
|
or use names)
|
|
|
\---------- month (1 - 12)
|
|
\--------------- day of month (1 - 31)
|
\-------------------- hour (0 - 23)
\------------------------- min (0 - 59)
I18N Shell
The i18n features of CakePHP use po files1 as their translation source. This makes them easily to integrate
with tools like poedit2 and other common translation tools.
The i18n shell provides a quick and easy way to generate po template files. These templates files can then
be given to translators so they can translate the strings in your application. Once you have translations done,
pot files can be merged with existing translations to help update your translations.
Generating POT Files
POT files can be generated for an existing application using the extract command. This command will
scan your entire application for __() style function calls, and extract the message string. Each unique string
in your application will be combined into a single POT file:
bin/cake i18n extract
The above will run the extraction shell. The result of this command will be the file src/Locale/default.pot.
You use the pot file as a template for creating po files. If you are manually creating po files from the pot file,
be sure to correctly set the Plural-Forms header line.
Generating POT Files for Plugins
This will generate the required POT files used in the plugins.
1
2
http://en.wikipedia.org/wiki/GNU_gettext
http://www.poedit.net/
More Topics
513
Excluding Folders
You can pass a comma separated list of folders that you wish to be excluded. Any path containing a path
segment with the provided values will be ignored:
bin/cake i18n extract --exclude Test,Vendor
By adding overwrite, the shell script will no longer warn you if a POT file already exists and will overwrite
by default:
bin/cake i18n extract --overwrite
By default, the extract shell script will ask you if you like to extract the messages used in the CakePHP core
libraries. Set extract-core to yes or no to set the default behavior:
bin/cake i18n extract --extract-core yes
// or
bin/cake i18n extract --extract-core no
Completion Shell
Working with the console gives the developer a lot of possibilities but having to completely know and write
those commands can be tedious. Especially when developing new shells where the commands differ per
minute iteration. The Completion Shells aids in this matter by providing an API to write completion scripts
for shells like bash, zsh, fish etc.
Sub Commands
The Completion Shell consists of a number of sub commands to assist the developer creating its completion
script. Each for a different step in the autocompletion process.
Commands
For the first step commands outputs the available Shell Commands, including plugin name when applicable.
(All returned possibilities, for this and the other sub commands, are separated by a space.) For example:
bin/cake Completion commands
Returns:
514
acl api bake command_list completion console i18n schema server test testsuite upgrade
Your completion script can select the relevant commands from that list to continue with. (For this and the
following sub commands.)
subCommands
Once the preferred command has been chosen subCommands comes in as the second step and outputs the
possible sub command for the given shell command. For example:
bin/cake Completion subcommands bake
Returns:
controller db_config fixture model plugin project test view
options
As the third and final options outputs options for the given (sub) command as set in getOptionParser. (Including the default options inherited from Shell.) For example:
bin/cake Completion options bake
Returns:
--help -h --verbose -v --quiet -q --connection -c --template -t
Bash Example
The following bash example comes from the original author:
# bash completion for CakePHP console
_cake()
{
local cur prev opts cake
COMPREPLY=()
cake="${COMP_WORDS[0]}"
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
if [[ "$cur" == -* ]] ; then
if [[ ${COMP_CWORD} = 1 ]] ; then
opts=$(${cake} Completion options)
elif [[ ${COMP_CWORD} = 2 ]] ; then
opts=$(${cake} Completion options "${COMP_WORDS[1]}")
else
opts=$(${cake} Completion options "${COMP_WORDS[1]}" "${COMP_WORDS[2]}")
fi
More Topics
515
Upgrade Shell
The upgrade shell will do most of the work to upgrade your CakePHP application from 2.x to 3.x.
It is provided by a standalone Upgrade plugin3 . Please read the README file to get all information on how
to upgrade your application.
Plugin Shell
The plugin shell allows you to load and unload plugins via the command prompt. If you need help, run:
bin/cake plugin --help
3
https://github.com/cakephp/upgrade
516
Loading Plugins
Via the Load task you are able to load plugins in your config/bootstrap.php. You can do this by
running:
bin/cake plugin load MyPlugin
By adding -r or -b to your command you can enable to bootstrap and routes value:
bin/cake plugin load -b MyPlugin
// will return
Plugin::load('MyPlugin', ['bootstrap' => true]);
bin/cake plugin load -r MyPlugin
// will return
Plugin::load('MyPlugin', ['routes' => true]);
Unloading Plugins
You can unload a plugin by specifying its name:
bin/cake plugin unload MyPlugin
Running the above command will symlink all plugins assets under apps webroot. On Windows, which
doesnt support symlinks, the assets will be copied in respective folders instead of being symlinked.
You can symlink assets of one particular plugin by specifying its name:
bin/cake plugin assets symlink MyPlugin
More Topics
517
518
CHAPTER 17
Debugging
Debugging is an inevitable and necessary part of any development cycle. While CakePHP doesnt offer any
tools that directly connect with any IDE or editor, CakePHP does provide several tools to assist in debugging
and exposing what is running under the hood of your application.
Basic Debugging
debug(mixed $var, boolean $showHtml = null, $showFrom = true)
The debug() function is a globally available function that works similarly to the PHP function
print_r(). The debug() function allows you to show the contents of a variable in a number of different
ways. First, if youd like data to be shown in an HTML-friendly way, set the second parameter to true.
The function also prints out the line and file it is originating from by default.
Output from this function is only shown if the core $debug variable has been set to true.
The stackTrace() function is available globally, and allows you to output a stack trace wherever the
function is called.
Outputting Values
static Cake\Error\Debugger::dump($var, $depth = 3)
Dump prints out the contents of a variable. It will print out all properties and methods (if any) of the supplied
variable:
519
$foo = [1,2,3];
Debugger::dump($foo);
// Outputs
array(
1,
2,
3
)
// Simple object
$car = new Car();
Debugger::dump($car);
// Outputs
object(Car) {
color => 'red'
make => 'Toyota'
model => 'Camry'
mileage => (int)15000
}
520
Above is the stack trace generated by calling Debugger::trace() in a controller action. Reading the
stack trace bottom to top shows the order of currently running functions (stack frames).
Although this method is used internally, it can be handy if youre creating your own error messages or log
entries for custom situations.
static Cake\Error\Debugger::getType($var)
Get the type of a variable. Objects will return their class name
The above would write Got here into the debug log. You can use log entries to help debug methods
that involve redirects or complicated loops. You can also use Cake\Log\Log::write() to write log
messages. This method can be called statically anywhere in your application one CakeLog has been loaded:
// At the top of the file you want to log in.
use Cake\Log\Log;
// Anywhere that Log has been imported.
Log::debug('Got here');
521
Debug Kit
DebugKit is a plugin that provides a number of good debugging tools. It primarily provides a toolbar in the
rendered HTML, that provides a plethora of information about your application and the current request. See
the Debug Kit chapter for how to install and use DebugKit.
522
CHAPTER 18
Deployment
Once your application is complete, or even before that youll want to deploy it. There are a few things you
should do when deploying a CakePHP application.
Update config/app.php
Updating app.php, specifically the value of debug is extremely important. Turning debug = false disables
a number of development features that should never be exposed to the Internet at large. Disabling debug
changes the following types of things:
Debug messages, created with pr() and debug() are disabled.
Core CakePHP caches are by default flushed every year (about 365 days), instead of every 10 seconds
as in development.
Error views are less informative, and give generic error messages instead.
PHP Errors are not displayed.
Exception stack traces are disabled.
In addition to the above, many plugins and application extensions use debug to modify their behavior.
You can check against an environment variable to set the debug level dynamically between environments.
This will avoid deploying an application with debug true and also save yourself from having to change the
debug level each time before deploying to a production environment.
For example, you can set an environment variable in your Apache configuration:
SetEnv CAKEPHP_DEBUG 1
And then you can set the debug level dynamically in app.php:
$debug = (bool)getenv('CAKEPHP_DEBUG');
return [
'debug' => $debug,
523
.....
];
Since handling static assets, such as images, JavaScript and CSS files of plugins, through the Dispatcher
is incredibly inefficient, it is strongly recommended to symlink them for production. This can be done easily
using the plugin shell:
bin/cake plugin assets symlink
The above command will symlink the webroot directory of all loaded plugins to appropriate path in the
apps webroot directory.
If your filesystem doesnt allow creating symlinks the directories will be copied instead of being symlinked.
You can also explicitly copy the directories using:
524
525
526
CHAPTER 19
Basic Usage
First of all, you should ensure the class is loaded:
use Cake\Network\Email\Email;
After youve loaded Email, you can send an email with the following:
$email = new Email('default');
$email->from(['[email protected]' => 'My Site'])
->to('[email protected]')
->subject('About')
->send('My message');
Since Emails setter methods return the instance of the class, you are able to set its properties with method
chaining.
Note: Its also a good idea to set the envelope sender when sending mail on another persons behalf. This
prevents them from getting any messages about deliverability.
527
Configuration
Configuration for Email defaults is created using config() and configTransport(). You should
put your email presets in the config/app.php file. The config/app.php.default file is an example
of this file. It is not required to define email configuration in config/app.php. Email can be used without
it and use the respective methods to set all configurations separately or load an array of configs.
By defining profiles and transports, you can keep your application code free of configuration data, and avoid
duplication that makes maintenance and deployment less difficult.
To load a predefined configuration, you can use the profile() method or pass it to the constructor of
Email:
$email = new Email();
$email->profile('default');
// Or in constructor
$email = new Email('default');
Instead of passing a string which matches a preset configuration name, you can also just load an array of
options:
$email = new Email();
$email->profile(['from' => '[email protected]', 'transport' => 'my_custom']);
// Or in constructor
$email = new Email(['from' => '[email protected]', 'transport' => 'my_custom']);
Configuring Transports
static Cake\Network\Email\Email::configTransport($key, $config = null)
Email messages are delivered by transports. Different transports allow you to send messages via PHPs
mail() function, SMTP servers, or not at all which is useful for debugging. Configuring transports allows
you to keep configuration data out of your application code and makes deployment simpler as you can
simply change the configuration data. An example transport configuration looks like:
use Cake\Network\Email\Email;
// Sample Mail configuration
Email::configTransport('default', [
'className' => 'Mail'
]);
// Sample smtp configuration.
Email::configTransport('gmail', [
'host' => 'ssl://smtp.gmail.com',
'port' => 465,
'username' => '[email protected]',
'password' => 'secret',
'className' => 'Smtp'
]);
528
You can configure SSL SMTP servers, like Gmail. To do so, put the ssl:// prefix in the host and configure
the port value accordingly. You can also enable TLS SMTP using the tls option:
use Cake\Network\Email\Email;
Email::configTransport('gmail', [
'host' => 'smtp.gmail.com',
'port' => 587,
'username' => '[email protected]',
'password' => 'secret',
'className' => 'Smtp',
'tls' => true
]);
The above configuration would enable TLS communication for email messages.
Note: To use SSL + SMTP, you will need to have the SSL configured in your PHP install.
Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Email::configTransport('default', [
'url' => 'smtp://[email protected]:[email protected]:465?tls=true',
]);
When using a DSN string you can define any additional parameters/options as query string arguments.
static Cake\Network\Email\Email::dropTransport($key)
Once configured, transports cannot be modified. In order to modify a transport you must first drop it and
then reconfigure it.
Configuration Profiles
Defining delivery profiles allows you to consolidate common email settings into re-usable profiles. Your
application can have as many profiles as necessary. The following configuration keys are used:
from: Email or array of sender. See Email::from().
sender: Email or array of real sender. See Email::sender().
to: Email or array of destination. See Email::to().
cc: Email or array of carbon copy. See Email::cc().
bcc: Email or array of blind carbon copy. See Email::bcc().
replyTo: Email or array to reply the e-mail. See Email::replyTo().
readReceipt: Email address or an array of addresses to receive the receipt of read. See
Email::readReceipt().
returnPath: Email address or and array of addresses to return if have some error. See
Email::returnPath().
Configuration
529
See
template:
If you are using rendered content,
Email::template().
See
Setting Headers
In Email you are free to set whatever headers you want. When migrating to use Email, do not forget to put
the X- prefix in your headers.
See Email::setHeaders() and Email::addHeaders()
530
The templates for emails reside in a special folder in your applications Template directory called Email.
Email views can also use layouts and elements just like normal views:
$email = new Email();
$email->template('welcome', 'fancy')
->emailFormat('html')
->to('[email protected]')
->from('[email protected]')
->send();
The
above
would
use
src/Template/Email/html/welcome.ctp
for
the
view
and
src/Template/Layout/Email/html/fancy.ctp for the layout. You can send multipart templated email
messages as well:
$email = new Email();
$email->template('welcome', 'fancy')
->emailFormat('both')
->to('[email protected]')
->from('[email protected]')
->send();
You can use helpers in emails as well, much like you can in normal template files. By default only the
HtmlHelper is loaded. You can load additional helpers using the helpers() method:
$email->helpers(['Html', 'Custom', 'Text']);
When setting helpers be sure to include Html or it will be removed from the helpers loaded in your email
template.
If you want to send email using templates in a plugin you can use the familiar plugin syntax to do so:
$email = new Email();
$email->template('Blog.new_comment', 'Blog.auto_message');
The above would use templates from the Blog plugin as an example.
531
In some cases, you might need to override the default template provided by plugins. You can do this using
themes by telling Email to use appropriate theme using Email::theme() method:
$email = new Email();
$email->template('Blog.new_comment', 'Blog.auto_message');
$email->theme('TestTheme');
This allows you to override the new_comment template in your theme without modifying the Blog plugin.
The template file needs to be created in the following path:
src/Template/Plugin/TestTheme/Blog/Email/text/new_comment.ctp.
Sending Attachments
Cake\Network\Email\Email::attachments($attachments = null)
You can attach files to email messages as well. There are a few different formats depending on what kind of
files you have, and how you want the filenames to appear in the recipients mail client:
1. String: $email->attachments(/full/file/path/file.png) will attach this file
with the name file.png.
2. Array: $email->attachments([/full/file/path/file.png]) will have the same
behavior as using a string.
3. Array
with
key:
$email->attachments([photo.png =>
/full/some_hash.png]) will attach some_hash.png with the name photo.png. The
recipient will see photo.png, not some_hash.png.
4. Nested arrays:
$email->attachments([
'photo.png' => [
'file' => '/full/some_hash.png',
'mimetype' => 'image/png',
'contentId' => 'my-unique-id'
]
]);
The above will attach the file with different mimetype and with custom Content ID (when set the
content ID the attachment is transformed to inline). The mimetype and contentId are optional in this
form.
4.1. When you are using the contentId, you can use the file in the HTML body like <img
src="cid:my-content-id">.
4.2. You can use the contentDisposition option to disable the Content-Disposition
header for an attachment. This is useful when sending ical invites to clients using outlook.
4.3 Instead of the file option you can provide the file contents as a string using the data option.
This allows you to attach files without needing file paths to them.
532
Using Transports
Transports are classes designed to send the e-mail over some protocol or method. CakePHP supports the
Mail (default), Debug and SMTP transports.
To configure your method, you must use the Cake\Network\Email\Email::transport() method
or have the transport in your configuration:
$email = new Email();
// Use a named transport already configured using Email::configTransport()
$email->transport('gmail');
// Use a constructed object.
$transport = new DebugTransport();
$email->transport($transport);
You must implement the method send(Email $email) with your custom logic. Optionally, you can
implement the config($config) method. config() is called before send() and allows you to accept
user configurations. By default, this method puts the configuration in protected attribute $_config.
If you need to call additional methods on the transport before send, you can use
Cake\Network\Email\Email::transportClass() to get an instance of the transport.
Example:
$yourInstance = $email->transport('your')->transportClass();
$yourInstance->myCustomMethod();
$email->send();
Using Transports
533
If you are having validation issues when sending to non-compliant addresses, you can relax the pattern used
to validate email addresses. This is sometimes necessary when dealing with some Japanese ISPs:
$email = new Email('default');
// Relax the email pattern, so you can send
// to non-conformant addresses.
$email->emailPattern($newPattern);
This method will send an email to [email protected] , from [email protected] with subject Subject and content Message.
The return of deliver() is a Cake\Email\Email instance with all configurations set. If you do not
want to send the email right away, and wish to configure a few things before sending, you can pass the 5th
parameter as false.
The 3rd parameter is the content of message or an array with variables (when using rendered content).
The 4th parameter can be an array with the configurations or a string with the name of configuration in
Configure.
If you want, you can pass the to, subject and message as null and do all configurations in the 4th parameter
(as array or using Configure). Check the list of configurations to see all accepted configs.
1
2
[email protected]
[email protected]
534
CHAPTER 20
Many of PHPs internal methods use errors to communicate failures. These errors will need to be trapped
and dealt with. CakePHP comes with default error trapping that prints and or logs errors as they occur. This
same error handler is used to catch uncaught exceptions from controllers and other parts of your application.
535
Note: If you use a custom error handler, the supported options will depend on your handler.
The BaseErrorHandler defines two abstract methods. _displayError() is used when errors are
triggered. The _displayException() method is called when there is an uncaught exception.
536
Exception Classes
There are a number of exception classes in CakePHP. The built in exception handling will capture any
uncaught exceptions and render a useful page. Exceptions that do not specifically use a 400 range code, will
be treated as an Internal Server Error.
Exception Classes
537
}
$this->set('post', $post);
}
By using exceptions for HTTP errors, you can keep your code both clean, and give RESTful responses to
client applications and users.
In addition, the following framework layer exceptions are available, and will be thrown from a number of
CakePHP core components:
exception Cake\View\Exception\MissingViewException
The chosen view class could not be found.
exception Cake\View\Exception\MissingTemplateException
The chosen template file could not be found.
exception Cake\View\Exception\MissingLayoutException
The chosen layout could not be found.
exception Cake\View\Exception\MissingHelperException
The chosen helper could not be found.
exception Cake\View\Exception\MissingElementException
The chosen element file could not be found.
exception Cake\View\Exception\MissingCellException
The chosen cell class could not be found.
exception Cake\View\Exception\MissingCellViewException
The chosen cell view file could not be found.
exception Cake\Controller\Exception\MissingComponentException
A configured component could not be found.
exception Cake\Controller\Exception\MissingActionException
The requested controller action could not be found.
exception Cake\Controller\Exception\PrivateActionException
Accessing private/protected/_ prefixed actions.
exception Cake\Console\Exception\ConsoleException
A console library class encounter an error.
exception Cake\Console\Exception\MissingTaskException
A configured task could not found.
exception Cake\Console\Exception\MissingShellException
The shell class could not be found.
exception Cake\Console\Exception\MissingShellMethodException
The chosen shell class has no method of that name.
exception Cake\Database\Exception\MissingConnectionException
A models connection is missing.
538
exception Cake\Database\Exception\MissingDriverException
A database driver could not be found.
exception Cake\Database\Exception\MissingExtensionException
A PHP extension is missing for the database driver.
exception Cake\ORM\Exception\MissingTableException
A models table could not be found.
exception Cake\ORM\Exception\MissingEntityException
A models entity could not be found.
exception Cake\ORM\Exception\MissingBehaviorException
A models behavior could not be found.
exception Cake\ORM\Exception\RecordNotFoundException
The requested record could not be found.
exception Cake\Routing\Exception\MissingControllerException
The requested controller could not be found.
exception Cake\Routing\Exception\MissingRouteException
The requested URL cannot be reverse routed or cannot be parsed.
exception Cake\Routing\Exception\MissingDispatcherFilterException
The dispatcher filter could not be found.
exception Cake\Core\Exception\Exception
Base exception class in CakePHP. All framework layer exceptions thrown by CakePHP will extend
this class.
These exception classes all extend Exception. By extending Exception, you can create your own framework errors. All of the standard Exceptions that CakePHP will throw also extend Exception.
Cake\Core\Exception\Exception::responseHeader($header = null, $value = null)
See Cake\Network\Request::header()
All Http and Cake exceptions extend the Exception class, which has a method to add headers to the response.
For instance when throwing a 405 MethodNotAllowedException the rfc2616 says:
"The response MUST include an Allow header containing a list of valid
methods for the requested resource."
539
}
$this->set(compact('post'));
}
The above would cause the configured exception handler to catch and process the NotFoundException.
By default this will create an error page, and log the exception.
Exception Renderer
class Cake\Core\Exception\ExceptionRenderer(Exception $exception)
The ExceptionRenderer class with the help of ErrorController takes care of rendering the error pages
for all the exceptions thrown by you application.
The error page views are located at src/Template/Error/. For all 4xx and 5xx errors the template files
error400.ctp and error500.ctp are used respectively. You can customize them as per your needs. By
default your src/Template/Layout/default.ctp is used for error pages too. If for example, you want to use
another layout src/Template/Layout/my_error.ctp for your error pages, simply edit the error views and
add the statement $this->layout = my_error; to the error400.ctp and error500.ctp.
Each framework layer exception has its own view file located in the core templates but you really dont need
to bother customizing them as they are used only during development. With debug turned off all framework
layer exceptions are converted to InternalErrorException.
http://php.net/manual/en/spl.exceptions.php
540
}
throw new MissingWidgetException(['widget' => 'Pointy']);
When caught by the built in exception handler, you would get a $widget variable in your error view
template. In addition if you cast the exception as a string or use its getMessage() method you will
get Seems that Pointy is missing.. This allows you easily and quickly create your own rich
development errors, just like CakePHP uses internally.
Will create a 501 response code, you can use any HTTP status code you want. In development, if your
exception doesnt have a specific template, and you use a code equal to or greater than 500 you will see the
error500.ctp template. For any other error code youll get the error400.ctp template. If you have defined
an error template for your custom exception, that template will be used in development mode. If youd like
your own exception handling logic even in production, see the next section.
541
// In config/app.php
'Error' => [
'exceptionRenderer' => 'App\Error\AppExceptionRenderer',
// ...
],
// ...
The above would handle any exceptions of the type MissingWidgetException, and allow you to
provide custom display/handling logic for those application exceptions. Exception handling methods get
the exception being handled as their argument. Your custom exception rendering can return either a string
or a Response object. Returning a Response will give you full control over the response.
Note: Your custom renderer should expect an exception in its constructor, and implement a render method.
Failing to do so will cause additional errors.
If you are using a custom exception handling, configuring the renderer will have no effect. Unless you
reference it inside your implementation.
542
// in src/Error/AppExceptionRenderer
namespace App\Error;
use App\Controller\SuperCustomErrorController;
use Cake\Error\ExceptionRenderer;
class AppExceptionRenderer extends ExceptionRenderer
{
protected function _getController($exception)
{
return new SuperCustomErrorController();
}
}
// in config/app.php
'Error' => [
'exceptionRenderer' => 'App\Error\AppExceptionRenderer',
// ...
],
// ...
The error controller, whether custom or conventional, is used to render the error page view and receives all
the standard request life-cycle events.
Logging Exceptions
Using the built-in exception handling, you can log all the exceptions that are dealt with by ErrorHandler
by setting the log option to true in your config/app.php. Enabling this will log every exception to
Cake\Log\Log and the configured loggers.
Note: If you are using a custom exception handler this setting will have no effect. Unless you reference it
inside your implementation.
543
544
CHAPTER 21
Events System
Creating maintainable applications is both a science and an art. It is well-known that a key for having good
quality code is making your objects loosely coupled and strongly cohesive at the same time. Cohesion
means that all methods and properties for a class are strongly related to the class itself and it is not trying
to do the job other objects should be doing, while loosely coupling is the measure of how little a class is
wired to external objects, and how much that class is depending on them.
There are certain cases where you need to cleanly communicate with other parts of an application, without
having to hard code dependencies, thus losing cohesion and increasing class coupling. Using the Observer
pattern, which allows objects to notify other objects and anonymous listeners about changes is a useful
pattern to achieve this goal.
Listeners in the observer pattern can subscribe to events and choose to act upon them if they are relevant. If
you have used JavaScript, there is a good chance that you are already familiar with event driven programming.
CakePHP emulates several aspects of how events are triggered and managed in popular JavaScript libraries
such as jQuery. In the CakePHP implementation, an event object is dispatched to all listeners. The event
object holds information about the event, and provides the ability to stop event propagation at any point.
Listeners can register themselves or can delegate this task to other objects and have the chance to alter the
state and the event itself for the rest of the callbacks.
The event subsystem is at the heart of Model, Behavior, Controller, View and Helper callbacks. If youve
ever used any of them, you are already somewhat familiar with events in CakePHP.
545
Instead, you can use events to allow you to cleanly separate the concerns of your code and allow additional
concerns to hook into your plugin using events. For example, in your Cart plugin you have an Orders model
that deals with creating orders. Youd like to notify the rest of the application that an order has been created.
To keep your Orders model clean you could use events:
// Cart/Model/Table/OrdersTable.php
namespace Cart\Model\Table;
use Cake\Event\Event;
use Cake\ORM\Table;
class OrdersTable extends Table
{
public function place($order)
{
if ($this->save($order)) {
$this->Cart->remove($order);
$event = new Event('Model.Order.afterPlace', $this, [
'order' => $order
]);
$this->eventManager()->dispatch($event);
return true;
}
return false;
}
}
The above code allows you to easily notify the other parts of the application that an order has been created.
You can then do tasks like send email notifications, update stock, log relevant statistics and other tasks in
separate objects that focus on those concerns.
Each model has a separate event manager, while the View and Controller share one. This allows model
events to be self contained, and allow components or controllers to act upon events created in the view if
necessary.
// In any configuration file or piece of code that executes before the event
use Cake\Event\EventManager;
EventManager::instance()->on(
'Model.Order.afterPlace',
$aCallback
);
One important thing you should consider is that there are events that will be triggered having the same name
but different subjects, so checking it in the event object is usually required in any function that gets attached
globally in order to prevent some bugs. Remember that with the flexibility of using the global manager,
some additional complexity is incurred.
Cake\Event\EventManager::dispatch() method accepts the event object as an argument and
notifies all listener and callbacks passing this object along. The listeners will handle all the extra logic
around the afterPlace event, you can log the time, send emails, update user statistics possibly in separate
objects and even delegating it to offline tasks if you have the need.
Registering Listeners
Listeners are the preferred way to register callbacks for an event. This is done by implementing the
Cake\Event\EventListenerInterface interface in any class you wish to register some callbacks.
Classes implementing it need to provide the implementedEvents() method. This method must return
an associative array with all event names that the class will handle.
To continue our previous example, lets imagine we have a UserStatistic class responsible for calculating
a users purchasing history, and compiling into global site statistics. This is a great place to use a listener
class. Doing so allows you concentrate the statistics logic in one place and react to events as necessary. Our
UserStatistics listener might start out like:
use Cake\Event\EventListenerInterface;
class UserStatistic implements EventListenerInterface
{
public function implementedEvents()
{
return [
'Model.Order.afterPlace' => 'updateBuyStatistic',
];
}
public function updateBuyStatistic($event)
{
// Code to update statistics
}
}
// Attach the UserStatistic object to the Order's event manager
$statistics = new UserStatistic();
Registering Listeners
547
$this->Orders->eventManager()->on($statistics);
As you can see in the above code, the on() function will accept instances of the EventListener interface. Internally, the event manager will use implementedEvents() to attach the correct callbacks.
In addition to anonymous functions you can use any other callable type that PHP supports:
$events = [
'email-sending' => 'EmailSender::sendBuyEmail',
'inventory' => [$this->InventoryManager, 'decrement'],
];
foreach ($events as $callable) {
$eventManager->on('Model.Order.afterPlace', $callable);
}
Establishing Priorities
In some cases you might want to control the order that listeners are invoked. For instance, if we go back to
our user statistics example. It would ideal if this listener was called at the end of the stack. By calling it at
the end of the listener stack, we can ensure that the event was not canceled, and that no other listeners raised
exceptions. We can also get the final state of the objects in the case that other listeners have modified the
subject or event object.
Priorities are defined as an integer when adding a listener. The higher the number, the later the method will
be fired. The default priority for all listeners is 10. If you need your method to be run earlier, using any
value below this default will work. On the other hand if you desire to run the callback after the others, using
a number above 10 will do.
If two callbacks happen to have the same priority value, they will be executed with a the order they
were attached. You set priorities using the attach() method for callbacks, and declaring it in the
implementedEvents() function for event listeners:
// Setting priority for a callback
$callback = [$this, 'doSomething'];
$this->eventManager()->on(
548
'Model.Order.afterPlace',
['priority' => 2],
$callback
);
// Setting priority for a listener
class UserStatistic implements EventListenerInterface
{
public function implementedEvents()
{
return [
'Model.Order.afterPlace' => [
'callable' => 'updateBuyStatistic',
'priority' => 100
],
];
}
}
As you see, the main difference for EventListener objects is that you need to use an array for specifying
the callable method and the priority preference. The callable key is an special array entry that the
manager will read to know what function in the class it should be calling.
The listeners of the View.afterRender callback should have the following signature:
function (Event $event, $viewFileName)
Each value provided to the Event constructor will be converted into function parameters in the order they
appear in the data array. If you use an associative array, the result of array_values will determine the
function argument order.
Note: Unlike in 2.x, converting event data to listener arguments is the default behavior and cannot be
disabled.
Dispatching Events
Once you have obtained an instance of an event manager you can dispatch events using
Event\EventManager::dispatch(). This method takes an instance of the Cake\Event\Event
class. Lets look at dispatching an event:
Dispatching Events
549
Cake\Event\Event accepts 3 arguments in its constructor. The first one is the event name, you should
try to keep this name as unique as possible, while making it readable. We suggest a convention as follows: Layer.eventName for general events happening at a layer level (e.g. Controller.startup,
View.beforeRender) and Layer.Class.eventName for events happening in specific classes on a
layer, for example Model.User.afterRegister or Controller.Courses.invalidAccess.
The second argument is the subject, meaning the object associated to the event, usually when it is the
same class triggering events about itself, using $this will be the most common case. Although a Component could trigger controller events too. The subject class is important because listeners will get immediate
access to the object properties and have the chance to inspect or change them on the fly.
Finally, the third argument is any additional event data.This can be any data you consider useful to pass
around so listeners can act upon it. While this can be an argument of any type, we recommend passing an
associative array.
The Event\EventManager::dispatch() method accepts an event object as an argument and notifies all subscribed listeners.
Stopping Events
Much like DOM events, you may want to stop an event to prevent additional listeners from being notified.
You can see this in action during model callbacks (e.g. beforeSave) in which it is possible to stop the saving
operation if the code detects it cannot proceed any further.
In order to stop events you can either return false in your callbacks or call the stopPropagation()
method on the event object:
public function doSomething($event)
{
// ...
return false; // Stops the event
}
public function updateBuyStatistic($event)
{
// ...
$event->stopPropagation();
}
Stopping an event will prevent any additional callbacks from being called. Additionally the code triggering
the event may behave differently based on the event being stopped or not. Generally it does not make
sense to stop after events, but stopping before events is often used to prevent the entire operation from
occurring.
To check if an event was stopped, you call the isStopped() method in the event object:
550
In the previous example the order would not get saved if the event is stopped during the beforePlace
process.
Dispatching Events
551
// ...
}
It is possible to alter any event object property and have the new data passed to the next callback. In most of
the cases, providing objects as event data or result and directly altering the object is the best solution as the
reference is kept the same and modifications are shared across all callback calls.
Conclusion
Events are a great way of separating concerns in your application and make classes both cohesive and decoupled from each other. Events can be utilized to de-couple application code and make extensible plugins.
Keep in mind that with great power comes great responsibility. Using too many events can make debugging
harder and require additional integration testing.
Additional Reading
Behaviors
552
Components
Helpers
Additional Reading
553
554
CHAPTER 22
One of the best ways for your applications to reach a larger audience is to cater for multiple languages.
This can often prove to be a daunting task, but the internationalization and localization features in CakePHP
make it much easier.
First, its important to understand some terminology. Internationalization refers to the ability of an application to be localized. The term localization refers to the adaptation of an application to meet specific language
(or culture) requirements (i.e. a locale). Internationalization and localization are often abbreviated as i18n
and l10n respectively; 18 and 10 are the number of characters between the first and last character.
Setting Up Translations
There are only a few steps to go from a single-language application to a multi-lingual application, the first
of which is to make use of the __() function in your code. Below is an example of some code for a
single-language application:
<h2>Popular Articles</h2>
To internationalize your code, all you need to do is to wrap strings in __() like so:
<h2><?= __('Popular Articles') ?></h2>
If you do nothing further, these two code examples are functionally identical - they will both send the same
content to the browser. The __() function will translate the passed string if a translation is available, or
return it unmodified.
Language Files
Translations can be made available by using language files stored in your application. The default format
for CakePHP translation files is the Gettext1 format. Files need to be placed under src/Locale/ and within
this directory, there should be a subfolder for each language the application needs to support:
1
http://en.wikipedia.org/wiki/Gettext
555
/src
/Locale
/en_US
default.po
/en_GB
default.po
validation.po
/es
default.po
The default domain is default, therefore your locale folder should at least contain the default.po file
as shown above. A domain refers to any arbitrary grouping of translation messages. When no group is used,
then the default group is selected.
Plugins can also contain translation files, the convention is to use the under_scored version of the plugin
name as the domain for the translation messages:
MyPlugin
/src
/Locale
/fr
my_plugin.po
/de
my_plugin.po
Translation folders can either be the two letter ISO code of the language or the full locale name such as
fr_FR, es_AR, da_DK which contains both the language and the country where it is spoken.
An example translation file could look like this:
msgid "My name is {0}"
msgstr "Je m'appelle {0}"
msgid "I'm {0,number} years old"
msgstr "J'ai {0,number} ans"
This will control several aspects of your application, including the default translations language, the date
format, number format and currency whenever any of those is displayed using the localization libraries that
CakePHP provides.
556
This will also change how numbers and dates are formatted when using one of the localization tools.
If you need to group your messages, for example, translations inside a plugin, you can use the __d()
function to fetch messages from another domain:
echo __d('my_plugin', 'Trending right now');
Sometimes translations strings can be ambiguous for people translating them. This can happen if two strings
are identical but refer to different things. For example, letter has multiple meanings in english. To solve
that problem, you can use the __x() function:
echo __x('written communication', 'He read the first letter');
echo __x('alphabet learning', 'He read the first letter');
The first argument is the context of the message and the second is the message to be translated.
Markers are numeric, and correspond to the keys in the passed array. You can also pass variables as independent arguments to the function:
echo __("Small step for {0}, Big leap for {1}", 'Man', 'Humanity');
557
The (single quote) character acts as an escape code in translation messages. Any variables between single
quotes will not be replaced and is treated as literal text. For example:
__("This variable '{0}' be replaced.", 'will not');
These functions take advantage of the ICU MessageFormatter2 so you can translate messages and localize
dates, numbers and currency at the same time:
echo __(
'Hi {0,string}, your balance on the {1,date} is {2,number,currency}',
['Charles', '2014-01-13 11:12:00', 1354.37]
);
// Returns
Hi Charles, your balance on the Jan 13, 2014, 11:12 AM is $ 1,354.37
Numbers in placeholders can be formatted as well with fine grain control of the output:
echo __(
'You have traveled {0,number,decimal} kilometers in {1,number,integer} weeks',
[5423.344, 5.1]
);
// Returns
You have traveled 5,423.34 kilometers in 5 weeks
echo __('There are {0,number,#,###} people on earth', 6.1 * pow(10, 8));
// Returns
There are 6,100,000,000 people on earth
This is the list of formatter specifiers you can put after the word number:
integer: Removes the decimal part
decimal: Formats the number as a float
currency: Puts the locale currency symbol and rounds decimals
percent: Formats the number as a percentage
Dates can also be formatted by using the word date after the placeholder number. A list of extra options
follows:
short
medium
long
full
2
http://php.net/manual/en/messageformatter.format.php
558
The word time after the placeholder number is also accepted and it understands the same options as date.
Note: If you are using PHP 5.5+, you can use also named placeholders like {name} {age}, etc. And pass
the variables in an array having the corresponding key names like [name => Sara, age =>
12]. This feature is not available in PHP 5.4.
If you are planning on making use of the internationalization features it is a good idea to ensure you are
running PHP5.5, and have a version of ICU above 48.x.y. Older versions of PHP and ICU have a number of
problems.
Plurals
One crucial part of internationalizing your application is getting your messages pluralized correctly depending on the language they are shown. CakePHP provides a couple ways to correctly select plurals in your
messages.
Using ICU Plural Selection
The first one is taking advantage of the ICU message format that comes by default in the translation functions. In the translations file you could have the following strings
msgid "{0,plural,=0{No records found} =1{Found 1 record} other{Found # records}}"
msgstr "{0,plural,=0{Ningn resultado} =1{1 resultado} other{# resultados}}"
And in your application use the following code to output either of the translations for such string:
__('{0,plural,=0{No records found }=1{Found 1 record} other{Found # records}}', [0]);
// Returns "Ningn resultado" as the argument {0} is 0
__('{0,plural,=0{No records found} =1{Found 1 record} other{Found # records}}', [1]);
// Returns "1 resultado" because the argument {0} is 1
A closer look to the format we just used will make it evident how messages are built:
{ [count placeholder],plural, case1{message} case2{message} case3{...} ... }
The [count placeholder] can be the array key number of any of the variables you pass to the translation function. It will be used for selecting the correct plural form.
Note that to reference [count placeholder] within {message} you have to use #.
559
You can of course use simpler message ids if you dont want to type the full plural selection sequence in
your code
msgid "search.results"
msgstr "{0,plural,=0{Ningn resultado} =1{1 resultado} other{{1} resultados}}"
The latter version has the downside that you will need to have a translation messages file even for the default
language, but has the advantage that it makes the code more readable and leaves the complicated plural
selection strings in the translation files.
Sometimes using direct number matching in plurals is impractical. For example, languages like Arabic
require a different plural when you refer to few things and other plural form for many things. In those cases
you can use the ICU matching aliases. Instead of writing:
=0{No results} =1{...} other{...}
Make sure you read the Language Plural Rules Guide3 to get a complete overview of the aliases you can use
for each language.
Using Gettext Plural Selection
The second plural selection format accepted is using the built-in capabilities of Gettext. In this case, plurals
will be stored in the .po file by creating a separate message translation line per plural form
msgid "One file removed" # One message identifier for singular
msgid_plural "{0} files removed" # Another one for plural
msgstr[0] "Un fichero eliminado" # Translation in singular
msgstr[1] "{0} ficheros eliminados" # Translation in plural
When using this other format, you are required to use another translation function:
// Returns: "10 ficheros eliminados"
$count = 10;
__n('One file removed', '{0} files removed', $count, $count);
// It is also possible to use it inside a domain
__dn('my_plugin', 'One file removed', '{0} files removed', $count, $count);
The number inside msgstr[] is the number assigned by Gettext for the plural form of the language. Some
languages have more than two plural forms, for example Croatian:
3
http://www.unicode.org/cldr/charts/latest/supplemental/language_plural_rules.html
560
Please visit the Launchpad languages page4 for a detailed explanation of the plural form numbers for each
language.
The above code can be added to your config/bootstrap.php so that translations can be found before any
translation function is used. The absolute minimum that is required for creating a translator is that the
loader function should return a Aura\Intl\Package object. Once the code is in place you can use the
translation functions as usual:
I18n::locale('fr_FR');
__d('animals', 'Dog'); // Returns "Chien"
As you see, Package objects take translation messages as an array. You can pass the setMessages()
method however you like: with inline code, including another file, calling another function, etc. CakePHP
provides a few loader functions you can reuse if you just need to change where messages are loaded. For
example, you can still use .po files, but loaded from another location:
use Cake\I18n\MessagesFileLoader as Loader;
// Load messages from src/Locale/folder/sub_folder/filename.po
4
https://translations.launchpad.net/+languages
561
I18n::translator(
'animals',
'fr_FR',
new Loader('filename', 'folder/sub_folder', 'po')
);
The file should be created in the src/I18n/Parser directory of your application. Next, create the translations
file under src/Locale/fr_FR/animals.yaml
Dog: Chien
Cat: Chat
Bird: Oiseau
And finally, configure the translation loader for the domain and locale:
use Cake\I18n\MessagesFileLoader as Loader;
I18n::translator(
'animals',
'fr_FR',
new Loader('animals', 'fr_FR', 'yaml')
);
562
use Aura\Intl\Package;
I18n::config('default', function ($domain, $locale) {
$locale = Locale::parseLocale($locale);
$language = $locale['language'];
$messages = file_get_contents("http://example.com/translations/$lang.json");
return new Package(
'default', // Formatter
null, // Fallback (none for default domain)
json_decode($messages, true)
)
});
The above example calls an example external service to load a JSON file with the translations and then just
build a Package object for any locale that is requested in the application.
Similarly, you can express Gettext-style plurals using the messages array by having a nested array key per
plural form:
[
'I have read one book' => 'He ledo un libro',
'I have read {0} books' => [
'He ledo un libro',
'He ledo {0} libros'
]
]
563
The messages to be translated will be passed to the sprintf() function for interpolating the variables:
__('Hello, my name is %s and I am %d years old', 'Jos', 29);
It is possible to set the default formatter for all translators created by CakePHP before they are used for the
first time. This does not include manually created translators using the translator() and config()
methods:
I18n::defaultFormatter('sprintf');
Make sure you read the Time and Number sections to learn more about formatting options.
By default dates returned for the ORM results use the Cake\I18n\Time class, so displaying them directly
in you application will be affected by changing the current locale.
564
The default parsing format is the same as the default string format.
The LocaleSelectorFilter will use the Accept-Language header to automatically set the users
preferred locale. You can use the locale list option to restrict which locales will automatically be used.
565
566
CHAPTER 23
Logging
While CakePHP core Configure Class settings can really help you see whats happening under the hood,
there are certain times that youll need to log data to the disk in order to find out whats going on. With
technologies like SOAP, AJAX, and REST APIs, debugging can be rather difficult.
Logging can also be a way to find out whats been going on in your application over time. What search
terms are being used? What sorts of errors are my users being shown? How often is a particular query being
executed?
Logging data in CakePHP is easy - the log() function is provided by the LogTrait, which is the common
ancestor for almost all CakePHP classes. If the context is a CakePHP class (Model, Controller, Component...
almost anything), you can log your data. You can also use Log::write() directly. See Writing to Logs.
Logging Configuration
Configuring Log should be done during your applications bootstrap phase. The config/app.php file is
intended for just this. You can define as many or as few loggers as your application needs. Loggers should
be configured using Cake\Core\Log. An example would be:
use Cake\Log\Log;
// Short classname
Log::config('debug', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => ['notice', 'info', 'debug'],
'file' => 'debug',
]);
// Fully namespaced name.
Log::config('error', [
'className' => 'Cake\Log\Engine\FileLog',
'path' => LOGS,
'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],
567
The above creates two loggers. One named debug the other named error. Each is configured to handle
different levels of messages. They also store their log messages in separate files, so its easy to separate
debug/notice/info logs from more serious errors. See the section on Using Levels for more information on
the different levels and what they mean.
Once a configuration is created you cannot change it. Instead you should drop the configuration and re-create
it using Cake\Log\Log::drop() and Cake\Log\Log::config().
It is also possible to create loggers by providing a closure. This is useful when you need full control over
how the logger object is built. The closure has to return the constructed logger instance. For example:
Log::config('special', function () {
return new \Cake\Log\Engine\FileLog(['path' => LOGS, 'file' => 'log']);
});
Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Log::config('error', [
'url' => 'file:///?levels[]=warning&levels[]=error&file=error',
]);
When configuring a log adapter the className parameter is used to locate and load the log handler. All
of the other configuration properties are passed to the log adapters constructor as an array.
568
namespace App\Log\Engine;
use Cake\Log\Engine\BaseLog;
class DatabaseLog extends BaseLog
{
public function __construct($options = [])
{
// ...
}
public function log($level, $message, array $context = [])
{
// Write to the database.
}
}
CakePHP requires that all logging adapters implement Psr\Log\LoggerInterface. The class
CakeLogEngineBaseLog is an easy way to satisfy the interface as it only requires you to implement the
log() method. FileLog engine takes the following options:
size Used to implement basic log file rotation. If log file size reaches specified size the existing
file is renamed by appending timestamp to filename and new log file is created. Can be integer bytes
value or human reabable string values like 10MB, 100KB etc. Defaults to 10MB.
rotate Log files are rotated specified times before being removed. If value is 0, old versions are
removed rather then rotated. Defaults to 10.
mask Set the file permissions for created files. If left empty the default permissions are used.
Warning: Engines have the suffix Log. You should avoid class names like SomeLogLog which
include the suffix twice at the end.
Note: You should configure loggers during bootstrapping. config/app.php is the conventional place to
configure log adapters.
In debug mode missing directories will be automatically created to avoid unnecessary errors thrown when
using the FileEngine.
569
The configured directory must be writable by the web server user in order for logging to work correctly.
You can configure additional/alternate FileLog locations when configuring a logger.FileLog accepts a path
which allows for custom paths to be used:
Log::config('custom_path', [
'className' => 'File',
'path' => '/path/to/custom/place/'
]);
Warning: If you do not configure a logging adapter, log messages will not be stored.
Logging to Syslog
In production environments it is highly recommended that you setup your system to use syslog instead of
the files logger. This will perform much better as any writes will be done in a (almost) non-blocking fashion
and your operating system logger can be configured separately to rotate files, pre-process writes or use a
completely different storage for your logs.
Using syslog is pretty much like using the default FileLog engine, you just need to specify Syslog as
the engine to be used for logging. The following configuration snippet will replace the default logger with
syslog, this should be done in the bootstrap.php file:
Log::config('default', [
'engine' => 'Syslog'
]);
The configuration array accepted for the Syslog logging engine understands the following keys:
570
format: An sprintf template strings with two placeholders, the first one for the error level, and the
second for the message itself. This key is useful to add additional information about the server or
process in the logged message. For example: %s - Web Server 1 - %s will look like error
- Web Server 1 - An error occurred in this request after replacing the placeholders.
prefix: An string that will be prefixed to every logged message.
flag: An integer flag to be used for opening the connection to the logger, by default LOG_ODELAY
will be used. See openlog documentation for more options
facility: The logging slot to use in syslog. By default LOG_USER is used. See syslog documentation for more options
Writing to Logs
Writing to the log files can be done in 2 different ways.
Cake\Log\Log::write() method:
The second is to use the log() shortcut function available on any using the LogTrait Calling log() will
internally call Log::write():
// Executing this inside a class using LogTrait
$this->log("Something did not work!", 'debug');
All configured log streams are written to sequentially each time Cake\Log\Log::write() is called.
If you have not configured any logging adapters log() will return false and no log messages will be
written.
Using Levels
CakePHP supports the standard POSIX set of logging levels. Each level represents an increasing level of
severity:
Emergency: system is unusable
Alert: action must be taken immediately
Critical: critical conditions
Error: error conditions
Warning: warning conditions
Notice: normal but significant condition
Info: informational messages
Debug: debug-level messages
Writing to Logs
571
You can refer to these levels by name when configuring loggers, and when writing log messages. Alternatively, you can use convenience methods like Cake\Log\Log::error() to clearly and easily indicate
the logging level. Using a level that is not in the above levels will result in an exception.
Logging Scopes
Often times youll want to configure different logging behavior for different subsystems or parts of your
application. Take for example an e-commerce shop. Youll probably want to handle logging for orders and
payments differently than you do other less critical logs.
CakePHP exposes this concept as logging scopes. When log messages are written you can include a scope
name. If there is a configured logger for that scope, the log messages will be directed to those loggers. If a
log message is written to an unknown scope, loggers that handle that level of message will log the message.
For example:
// Configure logs/shops.log to receive all levels, but only
// those with `orders` and `payments` scope.
Log::config('shops', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => [],
'scopes' => ['orders', 'payments'],
'file' => 'shops.log',
]);
// Configure logs/payments.log to receive all levels, but only
// those with `payments` scope.
Log::config('payments', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => [],
'scopes' => ['payments'],
'file' => 'payments.log',
]);
Scopes can also be passed as a single string or a numerically indexed array. Note that using this form will
limit the ability to pass more data as context:
Log::warning('This is a warning', ['orders']);
Log::warning('This is a warning', 'payments');
Log API
class Cake\Log\Log
A simple class for writing to logs.
572
Convenience Methods
The following convenience methods were added to log $message with the appropriate log level.
static Cake\Log\Log::emergency($message, $scope =[])
static Cake\Log\Log::alert($message, $scope =[])
static Cake\Log\Log::critical($message, $scope =[])
static Cake\Log\Log::error($message, $scope =[])
static Cake\Log\Log::warning($message, $scope =[])
static Cake\Log\Log::notice($message, $scope =[])
static Cake\Log\Log::debug($message, $scope =[])
static Cake\Log\Log::info($message, $scope =[])
Log API
573
Logging Trait
trait Cake\Log\LogTrait
A trait that provides shortcut methods for logging
Cake\Log\LogTrait::log($msg, $level = LOG_ERR)
Log a message to the logs. By default messages are logged as ERROR messages. If $msg isnt isnt
a string it will be converted with print_r before being logged.
Using Monolog
Monolog is a popular logger for PHP. Since it implements the same interfaces as the CakePHP loggers, it is
easy to use in your application as the default logger.
After installing Monolog using composer, configure the logger using the Log::config() method:
// config/bootstrap.php
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
Log::config('default', function () {
$log = new Logger('app');
$log->pushHandler(new StreamHandler('path/to/your/combined.log'));
return $log;
});
// Optionally stop using the now redundant default loggers
Log::drop('debug');
Log::drop('error');
Use similar methods if you want to configure a different logger for your console:
// config/bootstrap_cli.php
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
Log::config('default', function () {
$log = new Logger('cli');
$log->pushHandler(new StreamHandler('path/to/your/combined-cli.log'));
return $log;
});
// Optionally stop using the now redundant default CLI loggers
Configure::delete('Log.debug');
Configure::delete('Log.error');
Note: When using a console specific logger, make sure to conditionally configure your application logger.
This will prevent duplicate log entries.
574
CHAPTER 24
Modelless Forms
class Cake\Form\Form
Most of the time you will have forms backed by ORM entities and ORM tables or other peristent stores, but
there are times when youll need to validate user input and then perform an action if the data is valid. The
most common example of this is a contact form.
Creating a Form
Generally when using the Form class youll want to use a subclass to define your form. This makes testing
easier, and lets you re-use your form. Forms are put into src/Form and usually have Form as a class suffix.
For example, a simple contact form would look like:
// in src/Form/ContactForm.php
namespace App\Form;
use Cake\Form\Form;
use Cake\Form\Schema;
use Cake\Validation\Validator;
class ContactForm extends Form
{
protected function _buildSchema(Schema $schema)
{
return $schema->addField('name', 'string')
->addField('email', ['type' => 'string'])
->addField('body', ['type' => 'text']);
}
protected function _buildValidator(Validator $validator)
{
return $validator->add('name', 'length', [
'rule' => ['minLength', 10],
'message' => 'A name is required'
575
])->add('email', 'format', [
'rule' => 'email',
'message' => 'A valid email address is required',
]);
}
protected function _execute(array $data)
{
// Send an email.
return true;
}
}
In the above example we see the 3 hook methods that forms provide:
_buildSchema is used to define the schema data that is used by FormHelper to create an HTML
form. You can define field type, length, and precision.
_buildValidator Gets a Cake\Validation\Validator instance that you can attach validators to.
_execute lets you define the behavior you want to happen when execute() is called and the data
is valid.
You can always define additional public methods as you need as well.
576
In the above example, we use the execute() method to run our forms _execute() method only when
the data is valid, and set flash messages accordingly. We could have also used the validate() method to
only validate the request data:
$isValid = $form->validate($this->request->data);
Values should only be defined if the request method is GET, otherwise you will overwrite your previous
POST Data which might have been incorrect and not been saved.
577
[
'email' => ['A valid email address is required']
]
*/
According to how the validator class would have returned the errors, $errors must be in this format:
["fieldName" => ["validatorName" => "The error message to display"]]
Now you will be able to invalidate form fields by setting the fieldName, then set the error messages:
// In a controller
$contact = new ContactForm();
$contact->setErrors(["email" => ["_required" => "Your email is required"]]);
$this->Form->create($contact);
$this->Form->input('name');
$this->Form->input('email');
$this->Form->input('body');
$this->Form->button('Submit');
$this->Form->end();
The above would create an HTML form for the ContactForm we defined earlier. HTML forms created with FormHelper will use the defined schema and validator to determine field types, maxlengths, and
validation errors.
578
CHAPTER 25
Pagination
class Cake\Controller\Component\PaginatorComponent
One of the main obstacles of creating flexible and user-friendly web applications is designing an intuitive
user interface. Many applications tend to grow in size and complexity quickly, and designers and programmers alike find they are unable to cope with displaying hundreds or thousands of records. Refactoring takes
time, and performance and user satisfaction can suffer.
Displaying a reasonable number of records per page has always been a critical part of every application and
used to cause many headaches for developers. CakePHP eases the burden on the developer by providing a
quick, easy way to paginate data.
Pagination in CakePHP is offered by a Component in the controller, to make building paginated queries
easier. In the View View\Helper\PaginatorHelper is used to make the generation of pagination
links & buttons simple.
Using Controller::paginate()
In the controller, we start by defining the default query conditions pagination will use in the $paginate
controller variable. These conditions, serve as the basis for your pagination queries. They are augmented by
the sort, direction limit, and page parameters passed in from the URL. It is important to note that the order
key must be defined in an array structure like below:
class ArticlesController extends AppController
{
public $paginate = [
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
579
{
parent::initialize();
$this->loadComponent('Paginator');
}
}
You can also include any of the options supported by ORM\Table::find(), such as fields:
class ArticlesController extends AppController
{
public $paginate = [
'fields' => ['Articles.id', 'Articles.created'],
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}
While you can pass most of the query options from the paginate property it is often cleaner and simpler to
bundle up your pagination options into a Custom Finder Methods. You can define the finder pagination uses
by setting the finder option:
class ArticlesController extends AppController
{
public $paginate = [
'finder' => 'published',
];
}
Because custom finder methods can also take in options, this is how you pass in options into a custom finder
method within the paginate property:
class ArticlesController extends AppController
{
// find articles by tag
public function tags()
{
$tags = $this->request->params['pass'];
$customFinderOptions = [
'tags' => $tags
];
// the custom finder method is called findTagged inside ArticlesTable.php
// it should look like this:
580
In addition to defining general pagination values, you can define more than one set of pagination defaults in
the controller, you just name the keys of the array after the model you wish to configure:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [],
'Authors' => [],
];
}
The values of the Articles and Authors keys could contain all the properties that a model/key less
$paginate array could.
Once
the
$paginate
property
has
been
defined,
we
can
use
the
Controller\Controller::paginate() method to create the pagination data, and add the
PaginatorHelper if it hasnt already been added. The controllers paginate method will return
the result set of the paginated query, and set pagination metadata to the request. You can access the
pagination metadata at $this->request->params[paging]. A more complete example of using
paginate() would be:
class ArticlesController extends AppController
{
public function index()
{
$this->set('articles', $this->paginate());
}
}
By default the paginate() method will use the default model for a controller. You can also pass the
resulting query of a find method:
public function index()
{
$query = $this->Articles->find('popular')->where(['author_id' => 1]);
$this->set('articles', $this->paginate($query));
}
Using Controller::paginate()
581
If you want to paginate a different model you can provide a query for it, the table object itself, or its name:
// Using a query
$comments = $this->paginate($commentsTable->find());
// Using the model name.
$comments = $this->paginate('Comments');
// Using a table object.
$comments = $this->paginate($commentTable);
The first parameter should be the query object from a find on table object you wish to paginate results from.
Optionally, you can pass the table object and let the query be constructed for you. The second parameter
should be the array of settings to use for pagination. This array should have the same structure as the
$paginate property on a controller.
Any requests that attempt to sort on fields not in the whitelist will be ignored.
public $paginate = [
// Other keys here.
'maxLimit' => 10
];
If the requests limit param is greater than this value, it will be reduced to the maxLimit value.
583
584
CHAPTER 26
Plugins
CakePHP allows you to set up a combination of controllers, models, and views and release them as a packaged application plugin that others can use in their CakePHP applications. Have a great user management
module, simple blog, or web services module in one of your applications? Package it as a CakePHP plugin
so you can reuse it in other applications and share with the community.
The main tie between a plugin and the application it has been installed into is the applications configuration
(database connection, etc.). Otherwise it operates in its own space, behaving much like it would if it were
an application on its own.
In CakePHP 3.0 each plugin defines its own top-level namespace. For example: DebugKit. By convention,
plugins use their package name as their namespace. If youd like to use a different namespace, you can
configure the plugin namespace, when plugins are loaded.
This would install the latest version of DebugKit and update your composer.json, composer.lock
file, update vendor/cakephp-plugins.php, and update your autoloader.
If the plugin you want to install is not available on packagist.org, you can clone or copy the plugin code
into your plugins directory. Assuming you want to install a plugin named ContactManager, you should
have a folder in plugins named ContactManager. In this directory are the plugins src, tests and any
other directories.
1
http://packagist.org
585
Loading a Plugin
After installing a plugin and setting up the autoloader, you may need to load the plugin. You can load plugins
one by one, or all of them with a single method:
// In config/bootstrap.php
// Loads a single plugin
Plugin::load('ContactManager');
// Loads a plugin with a vendor namespace at top level.
Plugin::load('AcmeCorp/ContactManager');
// Loads all plugins at once
Plugin::loadAll();
loadAll() loads all plugins available, while allowing you to set certain settings for specific plugins.
load() works similarly, but only loads the plugins you explicitly specify.
Note:
Plugin::loadAll() wont load vendor namespaced plugins that are not defined in
vendor/cakephp-plugins.php.
If you are using vendor namespaces for your plugins, the namespace to path mapping should resemble the
following:
586
"psr-4": {
(...)
"AcmeCorp\\Users\\": "./plugins/AcmeCorp/Users/src",
"AcmeCorp\\Users\\Test\\": "./plugins/AcmeCorp/Users/tests"
}
Additionally, you will need to tell Composer to refresh its autoloading cache:
$ php composer.phar dumpautoload
If you are unable to use Composer for any reason, you can also use a fallback autoloading for your plugin:
Plugin::load('ContactManager', ['autoload' => true]);
Plugin Configuration
There is a lot you can do with the load() and loadAll() methods to help with plugin configuration and
routing. Perhaps you want to load all plugins automatically while specifying custom routes and bootstrap
files for certain plugins:
Plugin::loadAll([
'Blog' => ['routes' => true],
'ContactManager' => ['bootstrap' => true],
'WebmasterTools' => ['bootstrap' => true, 'routes' => true],
]);
With this style of configuration you no longer need to manually include() or require() a plugins
configuration or routes file it happens automatically at the right time and place. The exact same parameters
could have also been supplied to the load() method, which would have loaded only those three plugins
and not the rest.
Finally, you can also specify a set of defaults for loadAll() which will apply to every plugin that doesnt
have a more specific configuration.
Load the bootstrap file from all plugins, and additionally the routes from the Blog plugin:
Plugin::loadAll([
['bootstrap' => true],
'Blog' => ['routes' => true]
]);
Note that all files specified should actually exist in the configured plugin(s) or PHP will give warnings for
each file it cannot load. You can avoid potential warnings by using the ignoreMissing option:
Plugin::loadAll([
['ignoreMissing' => true, 'bootstrap' => true],
'Blog' => ['routes' => true]
]);
When loading plugins, the plugin name used should match the namespace. For example, if you have a plugin
with top level namespace Users you would load it using:
Plugin Configuration
587
Plugin::load('User');
If you prefer to have your vendor name as top level and have a namespace like AcmeCorp/Users, then
you would load the plugin as:
Plugin::load('AcmeCorp/Users');
This will ensure that classnames are resolved properly when using plugin syntax.
Most plugins will indicate the proper procedure for configuring them and setting up the database in their
documentation. Some plugins will require more setup than others.
Using Plugins
You can reference a plugins controllers, models, components, behaviors, and helpers by prefixing the name
of the plugin before the class name.
For example, say you wanted to use the ContactManager plugins ContactInfoHelper to output some pretty
contact information in one of your views. In your controller, your $helpers array could look like this:
public $helpers = ['ContactManager.ContactInfo'];
You would then be able to access the ContactInfoHelper just like any other helper in your view, such as:
echo $this->ContactInfo->address($contact);
588
Note the name of the plugin folder, ContactManager. It is important that this folder has the same name
as the plugin.
Inside the plugin folder, youll notice it looks a lot like a CakePHP application, and thats basically what
it is. You dont have to include any of the folders you are not using. Some plugins might only define a
Component and a Behavior, and in that case they can completely omit the Template directory.
A plugin can also have basically any of the other directories that your application can, such as Config,
Console, webroot, etc.
Now you can bake using the same conventions which apply to the rest of your app. For example - baking
controllers:
$ bin/cake bake controller --plugin ContactManager Contacts
Please refer to the chapter Code Generation with Bake if you have any problems with using the command
line. Be sure to re-generate your autoloader once youve created your plugin:
$ php composer.phar dumpautoload
Plugin Controllers
Controllers for our ContactManager plugin will be stored in plugins/ContactManager/src/Controller/.
Since the main thing well be doing is managing contacts, well need a ContactsController for this plugin.
So, we place our new ContactsController in plugins/ContactManager/src/Controller and it looks like so:
// plugins/ContactManager/src/Controller/ContactsController.php
namespace ContactManager\Controller;
use ContactManager\Controller\AppController;
class ContactsController extends AppController
{
public function index()
{
//...
}
}
589
// plugins/ContactManager/src/Controller/AppController.php
namespace ContactManager\Controller;
use App\Controller\AppController as BaseController;
class AppController extends BaseController
{
}
A plugins AppController can hold controller logic common to all controllers in a plugin but is not
required if you dont want to use one.
Before you can access your controllers, youll need to ensure the plugin is loaded and connect some routes.
In your config/bootstrap.php add the following:
Plugin::load('ContactManager', ['routes' => true]);
routes.
Put
the
following
into
plug-
<?php
use Cake\Routing\Router;
Router::plugin('ContactManager', function ($routes) {
$routes->fallbacks('InflectedRoute');
});
The above will connect default routes for you plugin. You can customize this file with more specific routes
later on.
If you want to access what weve got going thus far, visit /contact_manager/contacts. You should
get a Missing Model error because we dont have a Contact model defined yet.
If your application includes the default routing CakePHP provides you will be able to access your plugin
controllers using URLs like:
// Access the index route of a plugin controller.
/contact_manager/contacts
// Any action on a plugin controller.
/contact_manager/contacts/view/1
If your application defines routing prefixes, CakePHPs default routing will also connect routes that use the
following pattern:
/:prefix/:plugin/:controller
/:prefix/:plugin/:controller/:action
See the section on Plugin Configuration for information on how to load plugin specific route files.
For plugins you did not create with bake, you will also need to edit the composer.json file to add your
plugin to the autoload classes, this can be done as per the documentation Autoloading Plugin Classes.
590
Plugin Models
Models for the plugin are stored in plugins/ContactManager/src/Model. Weve already defined a ContactsController for this plugin, so lets create the table and entity for that controller:
// plugins/ContactManager/src/Model/Entity/Contact.php:
namespace ContactManager\Model\Entity;
use Cake\ORM\Entity;
class Contact extends Entity
{
}
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
}
If you need to reference a model within your plugin when building associations or defining entitiy classes,
you need to include the plugin name with the class name, separated with a dot. For example:
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('ContactManager.AltName');
}
}
If you would prefer that the array keys for the association not have the plugin prefix on them, use the
alternative syntax:
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('AltName', [
'className' => 'ContactManager.AltName',
Plugin Models
591
]);
}
}
You can use TableRegistry to load your plugin tables using the familiar plugin syntax:
use Cake\ORM\TableRegistry;
$contacts = TableRegistry::get('ContactManager.Contacts');
Plugin Views
Views behave exactly as they do in normal applications. Just place them in the right folder inside of the
plugins/[PluginName]/src/Template/ folder. For our ContactManager plugin, well need a
view for our ContactsController::index() action, so lets include that as well:
// plugins/ContactManager/src/Template/Contacts/index.ctp:
<h1>Contacts</h1>
<p>Following is a sortable list of your contacts</p>
<!-- A sortable list of contacts would go here....-->
Plugins can provide their own layouts. To add plugin layouts, place your template files inside
plugins/[PluginName]/src/Template/Layout. To use a plugin layout in your controller you
can do the following:
public $layout = 'ContactManager.admin';
If the plugin prefix is omitted, the layout/view file will be located normally.
Note: For information on how to use elements from a plugin, look up Elements
Plugin Assets
A plugins web assets (but not PHP files) can be served through the plugins webroot directory, just like
the main applications assets:
592
/plugins/ContactManager/webroot/
css/
js/
img/
flash/
pdf/
You may put any type of file in any directory, just like a regular webroot.
Warning: Handling static assets (such as images, JavaScript and CSS files) through the Dispatcher is
very inefficient. See Improve Your Applications Performance for more information.
Plugin assets are served using the AssetFilter dispatcher filter by default. This is only recommended
for development. In production you should symlink plugin assets to improve performance.
If you are not using the helpers, you can prepend /plugin_name/ to the beginning of the URL for an asset
within that plugin to serve it. Linking to /contact_manager/js/some_file.js would serve the asset plugins/ContactManager/webroot/js/some_file.js.
593
594
CHAPTER 27
REST
Many newer application programmers are realizing the need to open their core functionality to a greater
audience. Providing easy, unfettered access to your core API can help get your platform accepted, and
allows for mashups and easy integration with other systems.
While other solutions exist, REST is a great way to provide easy access to the logic youve created in your
application. Its simple, usually XML-based (were talking simple XML, nothing like a SOAP envelope),
and depends on HTTP headers for direction. Exposing an API via REST in CakePHP is simple.
595
596
RESTful controllers often use parsed extensions to serve up different views based on different kinds of
requests. Since were dealing with REST requests, well be making XML views. You can also easily make
JSON views using CakePHPs built-in JSON and XML views. By using the built in XmlView we can define
a _serialize view variable. This special view variable is used to define which view variables XmlView
should serialize into XML.
If we wanted to modify the data before it is converted into XML we should not define the _serialize
view variable, and instead use template files. We place the REST views for our RecipesController inside
src/Template/Recipes/xml. We can also use the Xml for quick-and-easy XML output in those views. Heres
what our index view might look like:
// src/Template/Recipes/xml/index.ctp
// Do some formatting and manipulation on
// the $recipes array.
$xml = Xml::fromArray(['response' => $recipes]);
echo $xml->asXML();
Creating the logic for the edit action is a bit trickier, but not by much. Since youre providing an API that outputs XML, its a natural choice to receive XML as input. Not to worry, the
Cake\Controller\Component\RequestHandler and Cake\Routing\Router classes make
things much easier. If a POST or PUT request has an XML content-type, then the input is run through
CakePHPs Xml class, and the array representation of the data is assigned to $this->request->data.
Because of this feature, handling XML and POST data in parallel is seamless: no changes are required to
the controller or model code. Everything you need should end up in $this->request->data.
597
RESTful Routing
CakePHPs Router makes connecting RESTful resource routes easy. See the section on Creating RESTful
Routes for more information.
598
CHAPTER 28
Security
CakePHP provides you some tools to secure your application. The following sections cover those tools:
Security
class Cake\Utility\Security
The security library1 handles basic security measures such as providing methods for hashing and encrypting
data.
http://api.cakephp.org/3.0/class-Cake.Utility.Security.html
http://php.net/openssl
3
http://php.net/mcrypt
2
599
If you do not supply an HMAC salt, the Security.salt value will be used. Encrypted values can be
decrypted using Cake\Utility\Security::decrypt().
Decrypt a previously encrypted value. The $key and $hmacSalt parameters must match the values used
to encrypt or decryption will fail. An example use would be:
// Assuming the key is stored somewhere it can be re-used for
// Decryption later.
$key = 'wt1U5MACWJFTXGenFoZoiLwQGrLgdbHA';
$cipher = $user->secrets;
$result = Security::decrypt($cipher, $key);
If the value cannot be decrypted due to changes in the key or HMAC salt false will be returned.
Choosing a Specific Crypto Implementation
If you are upgrading an application from CakePHP 2.x, data encrypted in 2.x is not compatible with openssl.
This is because the encrypted data is not fully AES compliant. If you dont want to go through the trouble
of re-encrypting your data, you can force CakePHP to use mcrypt using the engine() method:
// In config/bootstrap.php
use Cake\Utility\Crypto\Mcrypt;
Security::engine(new Mcrypt());
The above will allow you to seamlessly read data from older versions of CakePHP, and encrypt new data to
be compatible with OpenSSL.
Hashing Data
static Cake\Utility\Security::hash($string, $type = NULL, $salt = false)
Create a hash from string using given method. Fallback on next available method. If $salt is set to true,
the applications salt value will be used:
// Using the application's salt value
$sha1 = Security::hash('CakePHP Framework', 'sha1', true);
// Using a custom salt value
$sha1 = Security::hash('CakePHP Framework', 'sha1', 'my-salt');
// Using the default hash algorithm
$hash = Security::hash('CakePHP Framework');
600
And any other hash algorithmn that PHPs hash() function supports.
Warning: You should not be using hash() for passwords in new applications. Instead you should use
the DefaultPasswordHasher class which uses bcrypt by default.
Settings can be passed into the component through your components settings. The available configuration
options are:
cookieName The name of the cookie to send. Defaults to csrfToken.
expiry How long the CSRF token should last. Defaults to browser session.
secure Whether or not the cookie will be set with the Secure flag. That is, the cookie will only be
set on a HTTPS connection and any attempt over normal HTTP will fail. Defaults to false.
field The form field to check. Defaults to _csrfToken. Changing this will also require configuring FormHelper.
When enabled, you can access the current CSRF token on the request object:
$token = $this->request->param('_csrfToken');
4
http://en.wikipedia.org/wiki/Cross-site_request_forgery
601
Security
class SecurityComponent(ComponentCollection $collection, array $config =[])
The Security Component creates an easy way to integrate tighter security in your application. It provides
methods for various tasks like:
Restricting which HTTP methods your application accepts.
Form tampering protection
Requiring that SSL be used.
Limiting cross controller communication.
Like all components it is configured through several configurable parameters. All of these properties can be
set directly or through setter methods of the same name in your controllers beforeFilter.
By using the Security Component you automatically get form tampering protection. Hidden token fields
will automatically be inserted into forms and checked by the Security component.
If you are using Security components form protection features and other components that process form
data in their startup() callbacks, be sure to place Security Component before those components in your
initialize() method.
602
Note: When using the Security Component you must use the FormHelper to create your forms. In
addition, you must not override any of the fields name attributes. The Security Component looks
for certain indicators that are created and managed by the FormHelper (especially those created in
View\Helper\FormHelper::create() and View\Helper\FormHelper::end()). Dynamically altering the fields that are submitted in a POST request (e.g. disabling, deleting or creating new fields
via JavaScript) is likely to cause the request to be send to the blackhole callback. See the $validatePost
or $disabledFields configuration parameters.
603
property SecurityComponent::$allowedActions
A list of actions which are allowed to send requests to this controllers actions. This can be used to
control cross controller requests.
These configuration options allow you to restrict cross controller communication. Set them with the
config() method.
Usage
Using the security component is generally done in the controllers beforeFilter(). You would specify
the security restrictions you want and the Security Component will enforce them on its startup:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
604
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
if (isset($this->request->params['admin'])) {
$this->Security->requireSecure();
}
}
}
The above example would force all actions that had admin routing to require secure SSL requests:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']);
}
public function beforeFilter(Event $event)
{
if (isset($this->params['admin'])) {
$this->Security->requireSecure();
}
}
public function forceSSL()
{
return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}
}
This example would force all actions that had admin routing to require secure SSL requests. When the
request is black holed, it will call the nominated forceSSL() callback which will redirect non-secure
requests to secure requests automatically.
CSRF Protection
CSRF or Cross Site Request Forgery is a common vulnerability in web applications. It allows an attacker to
capture and replay a previous request, and sometimes submit data requests using image tags or resources on
other domains. To enable CSRF protection features use the Cross Site Request Forgery.
Security
605
This example would disable all security checks for the edit action.
606
CHAPTER 29
Sessions
CakePHP provides a wrapper and suite of utility features on top of PHPs native session extension.
Sessions allow you to identify unique users across the requests and store persistent data for specific users.
Unlike Cookies, session data is not available on the client side. Usage of $_SESSION is generally avoided
in CakePHP, and instead usage of the Session classes is preferred.
Session Configuration
Session configuration is stored in Configure under the top level Session key, and a number of options
are available:
Session.timeout - The number of minutes before CakePHPs session handler expires the session.
Session.defaults - Allows you to use one the built-in default session configurations as a base
for your session configuration. See below for the built-in defaults.
Session.handler - Allows you to define a custom session handler. The core database and cache
session handlers use this. See below for additional information on Session handlers.
Session.ini - Allows you to set additional session ini settings for your config. This combined
with Session.handler replace the custom session handling features of previous versions
CakePHPs defaults session.cookie_secure to true, when your application is on an SSL protocol. If your application serves from both SSL and non-SSL protocols, then you might have problems with
sessions being lost. If you need access to the session on both SSL and non-SSL domains you will want to
disable this:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_secure' => false
]
]);
607
By default PHP sets the session cookie to expire as soon as the browser is closed, regardless of the configured
Session.timeout value. The cookie timeout is controlled by the session.cookie_lifetime ini
value and can be configured using:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
// Invalidate the cookie after 30 minutes without visiting
// any page on the site.
'session.cookie_lifetime' => 1800
]
]);
The difference between Session.timeout and the session.cookie_lifetime value is that the
latter relies on the client telling the truth about the cookie. If you require stricter timeout checking, without
relying on what the client reports, you should use Session.timeout.
Please note that Session.timeout corresponds to the total time of inactivity for a user (i.e. the time
without visiting any page where the session is used), and does not limit the total amount of minutes a user
can stay on the site.
The above will use the built-in php session configuration. You could augment part or all of it by doing the
following:
Configure::write('Session', [
'defaults' => 'php',
'cookie' => 'my_app',
608
The above overrides the timeout and cookie name for the php session configuration. The built-in configurations are:
php - Saves sessions with the standard settings in your php.ini file.
cake - Saves sessions as files inside app/tmp/sessions. This is a good option when on hosts
that dont allow you to write outside your own home dir.
database - Use the built-in database sessions. See below for more information.
cache - Use the built-in cache sessions. See below for more information.
The accepted values are:
defaults - either php, database, cache or cake as explained above.
handler - An array containing the handler configuration
ini - A list of php.ini directives to set before the session starts.
timeout - The time in minutes the session should stay active
Session Handlers
Session handlers can also be defined in the session config array. By defining the handler.engine config key,
you can name the class name, or provide a handler instance. The class/object must implement the native
PHP SessionHandlerInterface. Implementing this interface will allow Session to automatically
map the methods for the handler. Both the core Cache and Database session handlers use this method for
saving sessions. Additional settings for the handler should be placed inside the handler array. You can then
read those values out from inside your handler:
'Session' => [
'handler' => [
'engine' => 'Database',
'model' => 'CustomSessions'
]
]
The above shows how you could setup the Database session handler with an application model.
When using class names as your handler.engine, CakePHP will expect to find your class in
the Network\Session namespace. For example, if you had a AppSessionHandler class,
the file should be src/Network/Session/AppSessionHandler.php, and the class name should be
App\\Network\\Session\\AppSessionHandler. You can also use session handlers from inside
plugins. By setting the engine to MyPlugin.PluginSessionHandler.
Database Sessions
If you you need to use a database to store your session data, configure as follows:
609
'Session' => [
'defaults' => 'database'
]
This configuration will require a database table to be added with at least these fields:
CREATE TABLE `sessions` (
`id` varchar(255) NOT NULL DEFAULT '',
`data` VARBINARY, -- or BYTEA for postgres
`expires` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
);
You can find a copy of the schema for the sessions table in the application skeleton.
You can also use your own Table class to handle the saving of the sessions:
'Session' => [
'defaults' => 'database',
'handler' => [
'engine' => 'Database',
'model' => 'CustomSessions'
]
]
The above will tell Session to use the built-in database defaults, and specify that a Table called
CustomSessions will be the delegate for saving session information to the database.
Cache Sessions
The Cache class can be used to store sessions as well. This allows you to store sessions in a cache like APC,
memcache, or Xcache. There are some caveats to using cache sessions, in that if you exhaust the cache
space, sessions will start to expire as records are evicted.
To use Cache based sessions you can configure you Session config like:
Configure::write('Session', [
'defaults' => 'cache',
'handler' => [
'config' => 'session'
]
]);
This will configure Session to use the CacheSession class as the delegate for saving the sessions. You
can use the config key which cache configuration to use. The default cache configuration is default.
610
figurations, as well as custom ones. The ini key in the session settings, allows you to specify individual
configuration values. For example you can use it to control settings like session.gc_divisor:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_name' => 'MyCookie',
'session.cookie_lifetime' => 1800, // Valid for 30 minutes
'session.gc_divisor' => 1000,
'session.cookie_httponly' => true
]
]);
611
Our class extends the built-in DatabaseSession so we dont have to duplicate all of its logic and behavior. We wrap each operation with a Cake\Cache\Cache operation. This lets us fetch sessions from the
fast cache, and not have to worry about what happens when we fill the cache. Using this session handler is
also easy. In your app.php make the session block look like the following:
'Session' => [
'defaults' => 'database',
'handler' => [
'engine' => 'ComboSession',
'model' => 'Session',
'cache' => 'apc'
]
],
// Make sure to add a apc cache config
'Cache' => [
'apc' => ['engine' => 'Apc']
]
Now our application will start using our custom session handler for reading & writing session data.
class Session
In addition to the basic session object, you can also use the Cake\View\Helper\SessionHelper to
interact with the session in your views. A basic example of session usage would be:
$name = $this->request->session()->read('User.name');
// If you are accessing the session multiple times,
// you will probably want a local variable.
$session = $this->request->session();
$name = $session->read('User.name');
Session::write($key, $value)
$key should be the dot separated path you wish to write $value to:
$session->write('Config.language', 'eng');
Session::delete($key)
When you need to delete data from the session, you can use delete():
$session->delete('Some.value');
static Session::consume($key)
When you need to read and delete data from the session, you can use consume():
$session->consume('Some.value');
Session::check($key)
If you want to see if data exists in the session, you can use check():
if ($session->check('Config.language')) {
// Config.language exists and is not null.
}
Destroying a session will remove all serverside data in the session, but will not remove the session cookie.
Reading & Writing Session Data
613
Flash Messages
Flash messages are small messages displayed to end users once. They are often used to present error messages, or confirm that actions took place successfully.
To set and display flash messages you should use Flash and Flash
614
CHAPTER 30
Testing
CakePHP comes with comprehensive testing support built-in. CakePHP comes with integration for PHPUnit1 . In addition to the features offered by PHPUnit, CakePHP offers some additional features to make
testing easier. This section will cover installing PHPUnit, and getting started with Unit Testing, and how
you can use the extensions that CakePHP offers.
Installing PHPUnit
CakePHP uses PHPUnit as its underlying test framework. PHPUnit is the de-facto standard for unit testing
in PHP. It offers a deep and powerful set of features for making sure your code does what you think it does.
PHPUnit can be installed through using either a PHAR package2 or Composer3 .
After updating your composer.json, run Composer again inside your application directory:
$ php composer.phar install
http://phpunit.de
http://phpunit.de/#download
3
http://getcomposer.org
2
615
Note: Its a good idea to make the test database and your actual database different databases. This will
prevent embarrassing mistakes later.
The above should run any tests you have, or let you know that no tests were run. To run a specific test
you can supply the path to the test as a parameter to PHPUnit. For example, if you had a test case for
ArticlesTable class you could run it with:
$ vendor/bin/phpunit tests/TestCase/Model/Table/ArticlesTableTest
You should see a green bar with some additional information about the tests run, and number passed.
Note: If you are on a Windows system you probably wont see any colours.
616
This is a very simple example, but it will be useful to show how you can create a simple test case.
After creating and saving our helper, well create the test case file in
tests/TestCase/View/Helper/ProgressHelperTest.php. In that file well start with the following:
namespace App\Test\TestCase\View\Helper;
use App\View\Helper\ProgressHelper;
use Cake\TestSuite\TestCase;
use Cake\View\View;
class ProgressHelperTest extends TestCase
{
public function setUp()
{
617
}
public function testBar()
{
}
}
Well flesh out this skeleton in a minute. Weve added two methods to start with. First is setUp(). This
method is called before every test method in a test case class. Setup methods should initialize the objects
needed for the test, and do any configuration needed. In our setup method well add the following:
public function setUp()
{
parent::setUp();
$View = new View();
$this->Progress = new ProgressHelper($View);
}
Calling the parent method is important in test cases, as TestCase::setUp() does a number things like backing
up the values in Core\Configure and, storing the paths in Core\App.
Next, well fill out the test method. Well use some assertions to ensure that our code creates the output we
expect:
public function testBar()
{
$result = $this->Progress->bar(90);
$this->assertContains('width: 90%', $result);
$this->assertContains('progress-bar', $result);
$result = $this->Progress->bar(33.3333333);
$this->assertContains('width: 33%', $result);
}
The above test is a simple one but shows the potential benefit of using test cases. We use
assertContains() to ensure that our helper is returning a string that contains the content we expect.
If the result did not contain the expected content the test would fail, and we would know that our code is
incorrect.
By using test cases you can easily describe the relationship between a set of known inputs and their expected
output. This helps you be more confident of the code youre writing as you can easily check that the code
you wrote fulfills the expectations and assertions your tests make. Additionally because tests are code, they
are easy to re-run whenever you make a change. This helps prevent the creation of new bugs.
Running Tests
Once you have PHPUnit installed and some test cases written, youll want to run the test cases very frequently. Its a good idea to run tests before committing any changes to help ensure you havent broken
anything.
618
By using phpunit you can run your application tests. To run your applications tests you can simply run:
// composer installs
$ vendor/bin/phpunit
// phar file
php phpunit.phar
From your applications root directory. To run tests for a plugin that is part of your application source, first
cd into the plugin directory, then use phpunit command that matches how you installed phpunit:
cd plugins
// Using composer installed phpunit
../vendor/bin/phpunit
// Using phar file
php ../phpunit.phar
To run tests on a standalone plugin, you should first install the project in a separate directory and install its
dependencies:
git clone git://github.com/cakephp/debug_kit.git
cd debug_kit
php ~/composer.phar install
php ~/phpunit.phar
The filter parameter is used as a case-sensitive regular expression for filtering which test methods to run.
This will put the coverage results in your applications webroot directory. You should be able to view the
results by going to http://localhost/your_app/coverage.
Running Tests
619
Any additional test suites added to the <testsuites> element will automatically be run when you use
phpunit.
Fixtures
When testing code that depends on models and the database, one can use fixtures as a way to generate
temporary data tables loaded with sample data that can be used by the test. The benefit of using fixtures is
that your test has no chance of disrupting live application data. In addition, you can begin testing your code
prior to actually developing live content for an application.
CakePHP uses the connection named test in your config/datasources.php configuration file. If this connection is not usable, an exception will be raised and you will not be able to use database fixtures.
CakePHP performs the following during the course of a fixture based test case:
1. Creates tables for each of the fixtures needed.
2. Populates tables with data, if data is provided in fixture.
620
Test Connections
By default CakePHP will alias each connection in your application. Each connection defined in your applications bootstrap that does not start with test_ will have a test_ prefixed alias created. Aliasing
connections ensures, you dont accidentally use the wrong connection in test cases. Connection aliasing is
transparent to the rest of your application. For example if you use the default connection, instead you will
get the test connection in test cases. If you use the replica connection, the test suite will attempt to use
test_replica.
Creating Fixtures
When creating a fixture you will mainly define two things: how the table is created (which fields are part of
the table), and which records will be initially populated to the table. Lets create our first fixture, that will be
used to test our own Article model. Create a file named ArticlesFixture.php in your tests/Fixture
directory, with the following content:
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class ArticlesFixture extends TestFixture
{
// Optional. Set this property to load fixtures to a different test datasource
public $connection = 'test';
public $fields = [
'id' => ['type' => 'integer'],
'title' => ['type' => 'string', 'length' => 255, 'null' => false],
'body' => 'text',
'published' => ['type' => 'integer', 'default' => '0', 'null' => false],
'created' => 'datetime',
'modified' => 'datetime',
'_constraints' => [
'primary' => ['type' => 'primary', 'columns' => ['id']]
]
];
public $records = [
[
'id' => 1,
'title' => 'First Article',
'body' => 'First Article Body',
'published' => '1',
'created' => '2007-03-18 10:39:23',
'modified' => '2007-03-18 10:41:31'
Fixtures
621
],
[
'id' => 2,
'title' => 'Second Article',
'body' => 'Second Article Body',
'published' => '1',
'created' => '2007-03-18 10:41:23',
'modified' => '2007-03-18 10:43:31'
],
[
'id' => 3,
'title' => 'Third Article',
'body' => 'Third Article Body',
'published' => '1',
'created' => '2007-03-18 10:43:23',
'modified' => '2007-03-18 10:45:31'
]
];
}
The $connection property defines the datasource of which the fixture will use. If your application
uses multiple datasources, you should make the fixtures match the models datasources but prefixed with
test_. For example if your model uses the mydb datasource, your fixture should use the test_mydb
datasource. If the test_mydb connection doesnt exist, your models will use the default test datasource.
Fixture datasources must be prefixed with test to reduce the possibility of accidentally truncating all your
applications data when running tests.
We use $fields to specify which fields will be part of this table, and how they are defined. The format
used to define these fields is the same used with Cake\Database\Schema\Table. The keys available
for table definition are:
type CakePHP internal data type. Currently supported:
string: maps to VARCHAR or CHAR
uuid: maps to UUID
text: maps to TEXT
integer: maps to INT
biginteger: maps to BIGINTEGER
decimal: maps to DECIMAL
float: maps to FLOAT
datetime: maps to DATETIME
timestamp: maps to TIMESTAMP
time: maps to TIME
date: maps to DATE
binary: maps to BLOB
622
fixed Used with string types to create CHAR columns in platforms that support them.
length Set to the specific length the field should take.
precision Set the number of decimal places used on float & decimal fields.
null Set to either true (to allow NULLs) or false (to disallow NULLs).
default Default value the field takes.
We can define a set of records that will be populated after the fixture table is created. The format is fairly
straight forward, $records is an array of records. Each item in $records should be a single row. Inside
each row, should be an associative array of the columns and values for the row. Just keep in mind that each
record in the $records array must have a key for every field specified in the $fields array. If a field for a
particular record needs to have a null value, just specify the value of that key as null.
Fixtures
623
];
parent::init();
}
}
You can naturally import your table definition from an existing model/table, but have your records defined
directly on the fixture as it was shown on previous section. For example:
class ArticlesFixture extends TestFixture
{
public $import = ['table' => 'articles'];
public $records = [
[
'id' => 1,
'title' => 'First Article',
'body' => 'First Article Body',
'published' => '1',
'created' => '2007-03-18 10:39:23',
'modified' => '2007-03-18 10:41:31'
],
[
'id' => 2,
'title' => 'Second Article',
'body' => 'Second Article Body',
'published' => '1',
'created' => '2007-03-18 10:41:23',
'modified' => '2007-03-18 10:43:31'
624
],
[
'id' => 3,
'title' => 'Third Article',
'body' => 'Third Article Body',
'published' => '1',
'created' => '2007-03-18 10:43:23',
'modified' => '2007-03-18 10:45:31'
]
];
}
Finally, you can not load/create any schema in a fixture. This is useful if you already have a test database
setup with all the empty tables created. By defining neither $fields or $import a fixture will only insert
its records and truncate the records on each test method.
The above will load the Article and Comment fixtures from the applications Fixture directory. You can also
load fixtures from CakePHP core, or plugins:
class ArticlesTest extends TestCase
{
public $fixtures = ['plugin.debug_kit.articles', 'core.comments'];
}
Using the core prefix will load fixtures from CakePHP, and using a plugin name as the prefix, will load the
fixture from the named plugin.
You can control when your fixtures are loaded by setting Cake\TestSuite\TestCase::$autoFixtures
to false and later load them using Cake\TestSuite\TestCase::loadFixtures():
class ArticlesTest extends TestCase
{
public $fixtures = ['app.articles', 'app.comments'];
public $autoFixtures = false;
public function testMyFunction()
{
$this->loadFixtures('Article', 'Comment');
}
}
Fixtures
625
You can load fixtures in subdirectories. Using multiple directories can make it easier to organize your
fixtures if you have a larger application. To load fixtures in subdirectories, simply include the subdirectory
name in the fixture name:
class ArticlesTest extends CakeTestCase
{
public $fixtures = ['app.blog/articles', 'app.blog/comments'];
}
We now want to set up a test that will test this table class. Lets now create a file named
ArticlesTableTest.php in your tests/TestCase/Model/Table directory, with the following contents:
namespace App\Test\TestCase\Model\Table;
use App\Model\Table\ArticlesTable;
use Cake\ORM\TableRegistry;
use Cake\TestSuite\TestCase;
class ArticlesTableTest extends TestCase
{
public $fixtures = ['app.articles'];
}
In our test cases variable $fixtures we define the set of fixtures that well use. You should remember to
include all the fixtures that will have queries run against them.
626
namespace App\Test\TestCase\Model\Table;
use App\Model\Table\ArticlesTable;
use Cake\ORM\TableRegistry;
use Cake\TestSuite\TestCase;
class ArticlesTableTest extends TestCase
{
public $fixtures = ['app.articles'];
public function setUp()
{
parent::setUp();
$this->Articles = TableRegistry::get('Articles');
}
public function testFindPublished()
{
$query = $this->Articles->find('published');
$this->assertInstanceOf('Cake\ORM\Query', $query);
$result = $query->hydrate(false)->toArray();
$expected = [
['id' => 1, 'title' => 'First Article'],
['id' => 2, 'title' => 'Second Article'],
['id' => 3, 'title' => 'Third Article']
];
$this->assertEquals($expected, $result);
}
}
You can see we have added a method called testPublished(). We start by creating an instance of our
ArticlesTable class, and then run our find(published) method. In $expected we set what
we expect should be the proper result (that we know since we have defined which records are initially populated to the article table.) We test that the result equals our expectation by using the assertEquals()
method. See the Running Tests section for more information on how to run your test case.
627
->method('send')
->will($this->returnValue(true));
$model->verifyEmail('[email protected]');
}
628
629
$this->assertResponseSuccess();
$articles = TableRegistry::get('Articles');
$query = $articles->find()->where(['title' => $data['title']]);
$this->assertEquals(1, $query->count());
}
}
This example shows a few of the request sending methods and a few of the assertions that
IntegrationTestCase provides. Before you can do any assertions youll need to dispatch a request.
You can use one of the following methods to send a request:
get() Sends a GET request.
post() Sends a POST request.
put() Sends a PUT request.
delete() Sends a DELETE request.
patch() Sends a PATCH request.
All of the methods except get() and delete() accept a second parameter that allows you to
send a request body. After dispatching a request you can use the various assertions provided by
IntegrationTestCase or by PHPUnit to ensure your request had the correct side-effects.
The state set by these helper methods is reset in the tearDown() method.
630
Assertion methods
The IntegrationTestCase class provides a number of assertion methods that make testing responses
much simpler. Some examples are:
// Check for a 2xx response code
$this->assertResponseOk();
// Check for a 2xx/3xx response code
$this->assertResponseSuccess();
// Check for a 4xx response code
$this->assertResponseError();
// Check for a 5xx response code
$this->assertResponseFailure();
// Check for a specific response code, e.g. 200
$this->assertResponseCode(200);
// Check the Location header
$this->assertRedirect(['controller' => 'Articles', 'action' => 'index']);
// Check that no Location header has been set
$this->assertNoRedirect();
631
In addition to the above assertion methods, you can also use all of the assertions in TestSuite4 and those
found in PHPUnit5
http://api.cakephp.org/3.0/class-Cake.TestSuite.TestCase.html
https://phpunit.de/manual/current/en/appendixes.assertions.html
632
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function view($id)
{
$marker = $this->Markers->get($id);
$this->set([
'_serialize' => ['marker'],
'marker' => $marker,
]);
}
}
Now we create the file tests/TestCase/Controller/MarkersControllerTest.php and make sure our web
service is returning the proper response:
class MarkersControllerTest extends IntegrationTestCase
{
public function testGet()
{
$this->configRequest([
'headers' => ['Accept' => 'application/json']
]);
$result = $this->get('/markers/view/1.json');
// Check that the response was a 200
$this->assertResponseOk();
$expected = [
['id' => 1, 'lng' => 66, 'lat' => 45],
];
$expected = json_encode($expected, JSON_PRETTY_PRINT);
$this->assertEquals($expected, $this->_response->body());
}
}
We use the JSON_PRETTY_PRINT option as CakePHPs built in JsonView will use that option when
debug is enabled.
Testing Views
Generally most applications will not directly test their HTML code. Doing so is often results in fragile, difficult to maintain test suites that are prone to breaking. When writing functional tests using
IntegrationTestCase you can inspect the rendered view content by setting the return option to
view. While it is possible to test view content using IntegrationTestCase, a more robust and maintainable
integration/view testing can be accomplished using tools like Selenium webdriver6 .
6
http://seleniumhq.org
Testing Views
633
Testing Components
Lets pretend we have a component called PagematronComponent in our application. This component helps
us set the pagination limit value across all the controllers that use it. Here is our example component located
in src/Controller/Component/PagematronComponent.php:
class PagematronComponent extends Component
{
public $controller = null;
public function setController($controller)
{
$this->controller = $controller;
// Make sure the controller is using pagination
if (!isset($this->controller->paginate)) {
$this->controller->paginate = [];
}
}
public function startup(Event $event)
{
$this->setController($event->subject());
}
public function adjust($length = 'short')
{
switch ($length) {
case 'long':
$this->controller->paginate['limit'] = 100;
break;
case 'medium':
$this->controller->paginate['limit'] = 50;
break;
default:
$this->controller->paginate['limit'] = 20;
break;
}
}
}
Now we can write tests to ensure our paginate limit parameter is being
correctly by the adjust() method in our component.
We create the
tests/TestCase/Controller/Component/PagematronComponentTest.php:
set
file
namespace App\Test\TestCase\Controller\Component;
use
use
use
use
use
use
634
App\Controller\Component\PagematronComponent;
Cake\Controller\Controller;
Cake\Controller\ComponentRegistry;
Cake\Network\Request;
Cake\Network\Response;
Cake\TestSuite\TestCase;
Testing Helpers
Since a decent amount of logic resides in Helper classes, its important to make sure those classes are covered
by test cases.
First we create an example helper to test. The CurrencyRendererHelper will help us display currencies in our views and for simplicity only has one method usd():
Testing Helpers
635
// src/View/Helper/CurrencyRendererHelper.php
namespace App\View\Helper;
use Cake\View\Helper;
class CurrencyRendererHelper extends Helper
{
public function usd($amount)
{
return 'USD ' . number_format($amount, 2, '.', ',');
}
}
Here we set the decimal places to 2, decimal separator to dot, thousands separator to comma, and prefix the
formatted number with USD string.
Now we create our tests:
// tests/TestCase/View/Helper/CurrencyRendererHelperTest.php
namespace App\Test\TestCase\View\Helper;
use App\View\Helper\CurrencyRendererHelper;
use Cake\TestSuite\TestCase;
use Cake\View\View;
class CurrencyRendererHelperTest extends TestCase
{
public $helper = null;
// Here we instantiate our helper
public function setUp()
{
parent::setUp();
$View = new View();
$this->helper = new CurrencyRendererHelper($View);
}
// Testing the usd() function
public function testUsd()
{
$this->assertEquals('USD 5.30', $this->helper->usd(5.30));
// We should always have 2 decimal digits
$this->assertEquals('USD 1.00', $this->helper->usd(1));
$this->assertEquals('USD 2.05', $this->helper->usd(2.05));
// Testing the thousands separator
$this->assertEquals(
'USD 12,000.70',
$this->helper->usd(12000.70)
);
}
636
Here, we call usd() with different parameters and tell the test suite to check if the returned values are equal
to what is expected.
Save this and execute the test. You should see a green bar and messaging indicating 1 pass and 4 assertions.
When you are testing a Helper which uses other helpers, be sure to mock the View clases loadHelpers
method.
CakeTestSuite offers several methods for easily creating test suites based on the file system. It allows
you to run any code you want to prepare your test suite. If we wanted to create a test suite for all our model
tests we could would create tests/TestCase/AllModelTest.php. Put the following in it:
class AllModelTest extends TestSuite
{
public static function suite() {
$suite = new CakeTestSuite('All model tests');
$suite->addTestDirectory(TESTS . 'Case/Model');
return $suite;
}
}
The code above will group all test cases found in the tests/TestCase/Model/ folder. To add an individual file,
use $suite->addTestFile($filename);. You can recursively add a directory for all tests using:
$suite->addTestDirectoryRecursive(TESTS . 'TestCase');
637
/src
/plugins
/Blog
/tests
/TestCase
/Fixture
They work just like normal tests but you have to remember to use the naming conventions for plugins when
importing classes. This is an example of a testcase for the BlogPost model from the plugins chapter of
this manual. A difference from other tests is in the first line where Blog.BlogPost is imported. You also
need to prefix your plugin fixtures with plugin.blog.blog_posts:
namespace Blog\Test\TestCase\Model\Table;
use Blog\Model\Table\BlogPostsTable;
use Cake\TestSuite\TestCase;
class BlogPostsTableTest extends TestCase
{
// Plugin fixtures located in /plugins/Blog/tests/Fixture/
public $fixtures = ['plugin.blog.blog_posts'];
public function testSomething()
{
// Test something.
}
}
If you want to use plugin fixtures in the app tests you can
plugin.pluginName.fixtureName syntax in the $fixtures array.
reference
them
using
Before you can use fixtures you should double check that your phpunit.xml contains the fixture listener:
<!-- Setup a listener for fixtures -->
<listeners>
<listener
class="\Cake\TestSuite\Fixture\FixtureInjector"
file="./vendor/cakephp/cakephp/src/TestSuite/Fixture/FixtureInjector.php">
<arguments>
<object class="\Cake\TestSuite\Fixture\FixtureManager" />
</arguments>
</listener>
</listeners>
"autoload-dev": {
"psr-4": {
"MyPlugin\\Test\\": "./plugins/MyPlugin/tests"
}
}
638
Note: Remember to run composer.phar dumpautoload when adding new autoload mappings.
Create a Job
Start off by creating a job for your application, and connect your repository so that jenkins can access your
code.
7
8
http://jenkins-ci.org
http://jenkins-ci.org/
639
By creating an app_local.php file, you have an easy way to define configuration specific to Jenkins.
You can use this same configuration file to override any other configuration files you need on Jenkins.
Its often a good idea to drop and re-create the database before each build as well. This insulates you from
chained failures, where one broken build causes others to fail. Add another shell script step to the build that
contains the following:
If you use clover coverage, or the junit results, make sure to configure those in Jenkins as well. Failing to
configure those steps will mean you wont see the results.
640
Run a Build
You should be able to run a build now. Check the console output and make any necessary changes to get a
passing build.
641
642
CHAPTER 31
Validation
The validation package in CakePHP provides features to build validators that can validate arbitrary arrays
of data with ease.
Creating Validators
class Cake\Validation\Validator
Validator objects define the rules that apply to a set of fields. Validator objects contain a mapping between
fields and validation sets. In turn, the validation sets contain a collection of rules that apply to the field they
are attached to. Creating a validator is simple:
use Cake\Validation\Validator;
$validator = new Validator();
Once created, you can start defining sets of rules for the fields you want to validate:
$validator
->requirePresence('title')
->notEmpty('title', 'Please fill this field')
->add('title', [
'length' => [
'rule' => ['minLength', 10],
'message' => 'Titles need to be at least 10 characters long',
]
])
->allowEmpty('published')
->add('published', 'boolean', [
'rule' => 'boolean'
])
->requirePresence('body')
->add('body', 'length', [
'rule' => ['minLength', 50],
643
As seen in the example above, validators are built with a fluent interface that allows you to define rules for
each field you want to validate.
There were a few methods called in the example above, so lets go over the various features. The add()
method allows you to add new rules to a validator. You can either add rules individually or in groups as seen
above.
Notice that these examples take a provider key. Adding Validator providers is further explained in
the following sections.
644
If the minLength rule fails in the example above, the maxLength rule will not be run.
Validation providers can be objects, or class names. If a class name is used the methods must be static. To
use a provider other than default, be sure to set the provider key in your rule:
// Use a rule from the table provider
$validator->add('title', 'unique', [
'rule' => 'uniqueTitle',
'provider' => 'table'
]);
Creating Validators
645
Closures or callable methods will receive 2 arguments when called. The first will be the value for the field
being validated. The second is a context array containing data related to the validation process:
data: The original data passed to the validation method, useful if you plan to create rules comparing
values.
providers: The complete list of rule provider objects, useful if you need to create complex rules by
calling multiple providers.
newRecord: Whether the validation call is for a new record or a pre-existent one.
Conditional Validation
When defining validation rules, you can use the on key to define when a validation rule should be applied.
If left undefined, the rule will always be applied. Other valid values are create and update. Using one
of these values will make the rule apply to only create or update operations.
Additionally, you can provide a callable function that will determine whether or not a particular rule should
be applied:
$validator->add('picture', 'file', [
'rule' => ['mimeType', ['image/jpeg', 'image/png']],
'on' => function ($context) {
return !empty($context['data']['show_profile_picture']);
646
}
]);
You can access the other submitted fields values using the $context[data] array. The above example
will make the rule for picture optional depending on whether the value for show_profile_picture
is empty. You could also use the uploadedFile validation rule to create optional file upload inputs:
$validator->add('picture', 'file', [
'rule' => ['uploadedFile', ['optional' => true]],
]);
The allowEmpty() and notEmpty() methods will also accept a callback function as their last argument. If present, the callback determines whether or not the rule should be applied. For example, a field can
be sometimes allowed to be empty:
$validator->allowEmpty('tax', function ($context) {
return !$context['data']['is_taxable'];
});
Likewise, a field can be required to be populated when certain conditions are met:
$validator->notEmpty('email_frequency', 'This field is required', function ($context) {
return !empty($context['data']['wants_newsletter']);
});
In the above example, the email_frequency field cannot be left empty if the the user wants to receive
the newsletter.
Nesting Validators
New in version 3.0.5.
When validating Modelless Forms with nested data, or when working with models that contain array data
types, it is necessary to validate the nested data you have. CakePHP makes it simple to add validators to
specific attributes. For example, assume you are working with a non-relational database and need to store
an article and its comments:
$data = [
'title' => 'Best article',
'comments' => [
['comment' => '']
]
];
Creating Validators
647
You can create 1:1 relationships with addNested() and 1:N relationships with addNestedMany().
With both methods, the nested validators errors will contribute to the parent validators errors and influence
the final result.
Validating Data
Now that youve created a validator and added the rules you want to it, you can start using it to validate data.
Validators are able to validate array based data. For example, if you wanted to validate a contact form before
creating and sending an email you could do the following:
use Cake\Validation\Validator;
$validator = new Validator();
$validator
->requirePresence('email')
->add('email', 'validFormat', [
'rule' => 'email',
'message' => 'E-mail must be valid'
])
->requirePresence('name')
->notEmpty('name', 'We need your name.')
->requirePresence('comment')
->notEmpty('comment', 'You need to give a comment.');
648
$errors = $validator->errors($this->request->data());
if (!empty($errors)) {
// Send an email.
}
The errors() method will return a non-empty array when there are validation failures. The returned array
of errors will be structured like:
$errors = [
'email' => ['E-mail must be valid']
];
If you have multiple errors on a single field, an array of error messages will be returned per field. By default
the errors() method applies rules for the create mode. If youd like to apply update rules you can do
the following:
$errors = $validator->errors($this->request->data(), false);
if (!empty($errors)) {
// Send an email.
}
Note:
If
you
need
to
validate
entities
you
should
use
methods
like
ORM\Table::newEntity(),
ORM\Table::newEntities(),
ORM\Table::patchEntity(), ORM\Table::patchEntities() or ORM\Table::save()
as they are designed for that.
Validating Entities
While entities are validated as they are saved, you may also want to validate entities before attempting to
do any saving. Validating entities before saving is done automatically when using the newEntity(),
newEntities(), patchEntity() or patchEntities():
// In the ArticlesController class
$article = $this->Articles->newEntity($this->request->data());
if ($article->errors()) {
// Do work to show error messages.
}
Similarly, when you need to pre-validate multiple entities at a time, you can use the newEntities()
method:
// In the ArticlesController class
$entities = $this->Articles->newEntities($this->request->data());
foreach ($entities as $entity) {
if (!$entity->errors()) {
$this->Articles->save($entity);
}
}
Validating Entities
649
The newEntity(), patchEntity() and newEntities() methods allow you to specify which associations are validated, and which validation sets to apply using the options parameter:
$valid = $this->Articles->newEntity($article, [
'associated' => [
'Comments' => [
'associated' => ['User'],
'validate' => 'special',
]
]
]);
Validation is commonly used for user-facing forms or interfaces, and thus it is not limited to only validating
columns in the table schema. However, maintaining integrity of data regardless where it came from is
important. To solve this problem CakePHP offers a second level of validation which is called application
rules. You can read more about them in the Applying Application Rules section.
Core rules that take additional parameters should have an array for the rule key that contains the rule as
the first element, and the additional parameters as the remaining parameters.
http://api.cakephp.org/3.0/class-Cake.Validation.Validation.html
650
CHAPTER 32
App Class
class Cake\Core\App
The App class is responsible for resource location and path management.
Finding Classes
static Cake\Core\App::classname($name, $type = , $suffix = )
This method is used to resolve classnames throughout CakePHP. It resolves the short form names CakePHP
uses and returns the fully resolved classname:
// Resolve a short classname with the namespace + suffix.
App::classname('Auth', 'Controller/Component', 'Component');
// Returns Cake\Controller\Component\AuthComponent
// Resolve a plugin name.
App::classname('DebugKit.Toolbar', 'Controller/Component', 'Component');
// Returns DebugKit\Controller\Component\ToolbarComponent
// Names with \ in them will be returned unaltered.
App::classname('App\Cache\ComboCache');
// Returns App\Cache\ComboCache
When resolving classes, the App namespace will be tried, and if the class does not exist the Cake namespace
will be attempted. If both classnames do not exist, false will be returned.
651
This can be done for all namespaces that are part of your application. You can also fetch paths for a plugin:
// Returns the component paths in DebugKit
App::path('Component', 'DebugKit');
App::path() will only return the default path, and will not be able to provide any information about
additional paths the autoloader is configured for.
static Cake\Core\App::core(string $package)
Used for finding the path to a package inside CakePHP:
// Get the path to Cache engines.
App::core('Cache/Engine');
Locating Plugins
static Cake\Core\Plugin::path(string $plugin)
Plugins can be located with Plugin. Using Plugin::path(DebugKit); for example, will give you
the full path to the DebugKit plugin:
$path = Plugin::path('DebugKit');
Locating Themes
Since themes are plugins, you can use the methods above to get the path to a theme.
652
"vendor/Acme/AcmeLib"
]
}
If your vendor library does not use classes, and instead provides functions, you can configure Composer to
load these files at the beginning of each request using the files autoloading strategy:
"autoload": {
"psr-4": {
"App\\": "App",
"App\\Test\\": "Test",
"": "./Plugin"
},
"files": [
"vendor/Acme/AcmeLib/functions.php"
]
}
After configuring the vendor libraries you will need to regenerate your applications autoloader using:
$ php composer.phar dump-autoload
If you happen to not be using Composer in your application, you will need to manually load all vendor
libraries yourself.
653
654
CHAPTER 33
Collections
class Cake\Collection\Collection
The collection classes provide a set of tools to manipulate arrays or Traversable objects. If you have
ever used underscore.js, you have an idea of what you can expect from the collection classes.
Collection instances are immutable; modifying a collection will instead generate a new collection. This
makes working with collection objects more predictable as operations are side-effect free.
Quick Example
Collections can be created using an array or Traversable object. Youll also interact with collections
every time you interact with the ORM in CakePHP. A simple use of a Collection would be:
use Cake\Collection\Collection;
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
// Create a new collection containing elements
// with a value greater than one.
$overOne = $collection->filter(function ($value, $key, $iterator) {
return $value > 1;
});
List of Methods
append
buffered
655
combine
compile
contains
countBy
each
every
extract
filter
first
groupBy
indexBy
insert
isEmpty
last
listNested
map
match
max
min
nest
reduce
reject
sample
shuffle
skip
some
sortBy
stopWhen
take
through
unfold
zip
656
Iterating
Cake\Collection\Collection::each(callable $c)
Collections can be iterated and/or transformed into new collections with the each() and map() methods.
The each() method will not create a new collection, but will allow you to modify any objects within the
collection:
$collection = new Collection($items);
$collection = $collection->each(function ($value, $key) {
echo "Element $key: $value";
});
The return of each() will be the collection object. Each will iterate the collection immediately applying
the callback to each value in the collection.
Cake\Collection\Collection::map(callable $c)
The map() method will create a new collection based on the output of the callback being applied to each
object in the original collection:
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
$new = $collection->map(function ($value, $key) {
return $value * 2;
});
// $result contains ['a' => 2, 'b' => 4, 'c' => 6];
$result = $new->toArray();
The map() method will create a new iterator which lazily creates the resulting items when iterated.
Cake\Collection\Collection::extract($matcher)
One of the most common uses for a map() function is to extract a single column from a collection. If
you are looking to build a list of elements containing the values for a particular property, you can use the
extract() method:
$collection = new Collection($people);
$names = $collection->extract('name');
// $result contains ['mark', 'jose', 'barbara'];
$result = $names->toArray();
As with many other functions in the collection class, you are allowed to specify a dot-separated path for
extracting columns. This example will return a collection containing the author names from a list of articles:
$collection = new Collection($articles);
$names = $collection->extract('author.name');
// $result contains ['Maria', 'Stacy', 'Larry'];
$result = $names->toArray();
Iterating
657
Finally, if the property you are looking after cannot be expressed as a path, you can use a callback function
to return it:
$collection = new Collection($articles);
$names = $collection->extract(function ($article) {
return $article->author->name . ', ' . $article->author->last_name;
});
Often, the properties you need to extract a common key present in multiple arrays or objects that are deeply
nested inside other structures. For those cases you can use the {*} matcher in the path key:
$data = [
[
'name' => 'James',
'phone_numbers' => [
['number' => 'number-1'],
['number' => 'number-2'],
['number' => 'number-3'],
]
],
[
'name' => 'James',
'phone_numbers' => [
['number' => 'number-4'],
['number' => 'number-5'],
]
]
];
$numbers = (new Collection($data))->extract('phone_numbers.{*}.number');
$numbers->toList();
// Returns ['number-1', 'number-2', 'number-3', 'number-4', 'number-5']
You can also optionally use a groupPath to group results based on a path:
658
Finally you can use closures to build keys/values/groups paths dynamically, for example when working with
entities and dates (converted to Cake/Time instances by the ORM) you may want to group results by date:
$combined = (new Collection($entities))->combine(
'id',
function ($entity) { return $entity; },
function ($entity) { return $entity->date->toDateString(); }
);
Cake\Collection\Collection::stopWhen(callable $c)
You can stop the iteration at any point using the stopWhen() method. Calling it in a collection will create
a new one that will stop yielding results if the passed callable returns false for one of the elements:
$items = [10, 20, 50, 1, 2];
$collection = new Collection($items);
$new = $collection->stopWhen(function ($value, $key) {
// Stop on the first value bigger than 30
return $value > 30;
});
// $result contains [10, 20];
$result = $new->toArray();
Cake\Collection\Collection::unfold(callable $c)
Sometimes the internal items of a collection will contain arrays or iterators with more items. If you wish
to flatten the internal structure to iterate once over all elements you can use the unfold() method. It will
create a new collection that will yield every single element nested in the collection:
$items = [[1, 2, 3], [4, 5]];
$collection = new Collection($items);
$new = $collection->unfold();
// $result contains [1, 2, 3, 4, 5];
$result = $new->toList();
When passing a callable to unfold() you can control what elements will be unfolded from each item in
the original collection. This is useful for returning data from paginated services:
Iterating
659
If you are using PHP 5.5+, you can use the yield keyword inside unfold() to return as many elements
for each item in the collection as you may need:
$oddNumbers = [1, 3, 5, 7];
$collection = new Collection($oddNumbers);
$new = $collection->unfold(function ($oddNumber) {
yield $oddNumber;
yield $oddNumber + 1;
});
// $result contains [1, 2, 3, 4, 5, 6, 7, 8];
$result = $new->toList();
Filtering
Cake\Collection\Collection::filter(callable $c)
Collections make it easy to filter and create new collections based on the result of callback functions. You
can use filter() to create a new collection of elements matching a criteria callback:
$collection = new Collection($people);
$ladies = $collection->filter(function ($person, $key) {
return $person->gender === 'female';
});
$guys = $collection->filter(function ($person, $key) {
return $person->gender === 'male';
});
Cake\Collection\Collection::reject(callable $c)
The inverse of filter() is reject(). This method does a negative filter, removing elements that match
the filter function:
$collection = new Collection($people);
$ladies = $collection->reject(function ($person, $key) {
return $person->gender === 'male';
});
Cake\Collection\Collection::every(callable $c)
You can do truth tests with filter functions. To see if every element in a collection matches a test you can
use every():
660
Cake\Collection\Collection::some(callable $c)
You can see if the collection contains at least one element matching a filter function using the some()
method:
$collection = new Collection($people);
$hasYoungPeople = $collection->some(function ($person) {
return $person->age < 21;
});
Cake\Collection\Collection::match(array $conditions)
If you need to extract a new collection containing only the elements that contain a given set of properties,
you should use the match() method:
$collection = new Collection($comments);
$commentsFromMark = $collection->match(['user.name' => 'Mark']);
Cake\Collection\Collection::firstMatch(array $conditions)
The property name can be a dot-separated path. You can traverse into nested entities and match the
values they contain. When you only need the first matching element from a collection, you can use
firstMatch():
$collection = new Collection($comments);
$comment = $collection->firstMatch([
'user.name' => 'Mark',
'active' => true
]);
As you can see from the above, both match() and firstMatch() allow you to provide multiple conditions to match on. In addition, the conditions can be for different paths, allowing you to express complex
conditions to match against.
Aggregation
Cake\Collection\Collection::reduce(callable $c)
The counterpart of a map() operation is usually a reduce. This function will help you build a single result
out of all the elements in a collection:
$totalPrice = $collection->reduce(function ($accumulated, $orderLine) {
return $accumulated + $orderLine->price;
}, 0);
In the above example, $totalPrice will be the sum of all single prices contained in the collection. Note
the second argument for the reduce() function takes the initial value for the reduce operation you are
Aggregation
661
performing:
$allTags = $collection->reduce(function ($accumulated, $article) {
return array_merge($accumulated, $article->tags);
}, []);
Cake\Collection\Collection::min(string|callable
$callback,
SORT_NUMERIC)
$type
To extract the minimum value for a collection based on a property, just use the min() function. This will
return the full element from the collection and not just the smallest value found:
$collection = new Collection($people);
$youngest = $collection->min('age');
echo $youngest->name;
You are also able to express the property to compare by providing a path or a callback function:
$collection = new Collection($people);
$personYoungestChild = $collection->min(function ($person) {
return $person->child->age;
});
$personWithYoungestDad = $collection->min('dad.age');
Cake\Collection\Collection::max(string|callable
$callback,
SORT_NUMERIC)
$type
The same can be applied to the max() function, which will return a single element from the collection
having the highest property value:
$collection = new Collection($people);
$oldest = $collection->max('age');
$personOldestChild = $collection->max(function ($person) {
return $person->child->age;
});
$personWithOldestDad = $collection->min('dad.age');
Cake\Collection\Collection::sumOf(string|callable $callback)
Finally, the sumOf() method will return the sum of a property of all elements:
$collection = new Collection($people);
$sumOfAges = $collection->sumOf('age');
$sumOfChildrenAges = $collection->sumOf(function ($person) {
return $person->child->age;
});
$sumOfDadAges = $collection->sumOf('dad.age');
662
As usual, it is possible to provide either a dot-separated path for nested properties or your own callback
function to generate the groups dynamically:
$commentsByUserId = $comments->groupBy('user.id');
$classResults = $students->groupBy(function ($student) {
return $student->grade > 6 ? 'approved' : 'denied';
});
Cake\Collection\Collection::countBy($callback)
If you only wish to know the number of occurrences per group, you can do so by using the countBy()
method. It takes the same arguments as groupBy so it should be already familiar to you:
$classResults = $students->countBy(function ($student) {
return $student->grade > 6 ? 'approved' : 'denied';
});
// Result could look like this when converted to array:
['approved' => 70, 'denied' => 20]
Cake\Collection\Collection::indexBy($callback)
There will be certain cases where you know an element is unique for the property you want to group by. If
you wish a single result per group, you can use the function indexBy():
Aggregation
663
$usersById = $users->indexBy('id');
// When converted to array result could look like
[
1 => 'markstory',
3 => 'jose_zap',
4 => 'jrbasso'
]
As with the groupBy() function you can also use a property path or a callback:
$articlesByAuthorId = $articles->indexBy('author.id');
$filesByHash = $files->indexBy(function ($file) {
return md5($file);
});
Cake\Collection\Collection::zip($elements)
The elements of different collections can be grouped together using the zip() method. It will return a
new collection containing an array grouping the elements from each collection that are placed at the same
position:
$odds = new Collection([1, 3, 5]);
$pairs = new Collection([2, 4, 6]);
$combined = $odds->zip($pairs)->toList(); // [[1, 2], [3, 4], [5, 6]]
As you can already see, the zip() method is very useful for transposing multidimensional arrays:
$data = [
2014 => ['jan' => 100, 'feb' => 200],
2015 => ['jan' => 300, 'feb' => 500],
2016 => ['jan' => 400, 'feb' => 600],
]
// Getting jan and feb data together
$firstYear = new Collection(array_shift($data));
$firstYear->zip($data[0], $data[1])->toList();
664
Sorting
Cake\Collection\Collection::sortBy($callback)
Collection values can be sorted in ascending or descending order based on a column or custom function. To
create a new sorted collection out of the values of another one, you can use sortBy:
$collection = new Collection($people);
$sorted = $collection->sortBy('age');
As seen above, you can sort by passing the name of a column or property that is present in the collection
values. You are also able to specify a property path instead using the dot notation. The next example will
sort articles by their authors name:
$collection = new Collection($articles);
$sorted = $collection->sortBy('author.name');
The sortBy() method is flexible enough to let you specify an extractor function that will let you dynamically select the value to use for comparing two different values in the collection:
$collection = new Collection($articles);
$sorted = $collection->sortBy(function ($article) {
return $article->author->name . '-' . $article->title;
});
In order to specify in which direction the collection should be sorted, you need to provide either SORT_ASC
or SORT_DESC as the second parameter for sorting in ascending or descending direction respectively. By
default, collections are sorted in ascending direction:
$collection = new Collection($people);
$sorted = $collection->sortBy('age', SORT_ASC);
Sometimes you will need to specify which type of data you are trying to compare so that you get consistent
results. For this purpose, you should supply a third argument in the sortBy() function with one of the
following constants:
SORT_NUMERIC: For comparing numbers
SORT_STRING: For comparing string values
SORT_NATURAL: For sorting string containing numbers and youd like those numbers to be order
in a natural way. For example: showing 10 after 2.
SORT_LOCALE_STRING: For comparing strings based on the current locale.
Sorting
665
Warning: If is often expensive to iterate sorted collections more than once. If you plan to do so,
consider converting the collection to an array or simply use the compile() method on it.
null, 'name'
1, 'name' =>
1, 'name' =>
1, 'name' =>
6, 'name' =>
null, 'name'
=> 'Birds'],
'Land Birds'],
'Eagle'],
'Seagull'],
'Clown Fish'],
=> 'Fish'],
$collection->nest('id', 'parent_id')->toArray();
// Returns
[
[
'id' => 1,
'parent_id' => null,
'name' => 'Birds',
'children' => [
['id' => 2, 'parent_id' => 1, 'name'
['id' => 3, 'parent_id' => 1, 'name'
['id' => 4, 'parent_id' => 1, 'name'
]
],
[
'id' => 6,
'parent_id' => null,
'name' => 'Fish',
'children' => [
['id' => 5, 'parent_id' => 6, 'name'
]
]
];
666
Children elements are nested inside the children property inside each of the items in the collection. This
type of data representation is helpful for rendering menus or traversing elements up to certain level in the
tree.
Cake\Collection\Collection::listNested($dir = desc, $nestingKey = children)
The inverse of nest() is listNested(). This method allows you to flatten a tree structure back into a
linear structure. It takes two parameters; the first one is the traversing mode (asc, desc or leaves), and the
second one is the name of the property containing the children for each element in the collection.
Taking the input the nested collection built in the previous example, we can flatten it:
$nested->listNested()->toArray();
// Returns
[
['id' =>
['id' =>
['id' =>
['id' =>
['id' =>
['id' =>
]
1,
2,
3,
4,
6,
5,
'parent_id'
'parent_id'
'parent_id'
'parent_id'
'parent_id'
'parent_id'
=>
=>
=>
=>
=>
=>
null, 'name'
1, 'name' =>
1, 'name' =>
1, 'name' =>
null, 'name'
6, 'name' =>
=> 'Birds'],
'Land Birds'],
'Eagle'],
'Seagull'],
=> 'Fish'],
'Clown Fish']
By default, the tree is traversed from the root to the leaves. You can also instruct it to only return the leaf
elements in the tree:
$nested->listNested()->toArray();
// Returns
[
['id' => 3, 'parent_id' => 1, 'name' => 'Eagle'],
['id' => 4, 'parent_id' => 1, 'name' => 'Seagull'],
['id' => 5, 'parent_id' => 6, 'name' => 'Clown Fish']
]
Once you have converted a tree into a nested list, you can use the printer() method to configure how
the list output should be formatted:
$nested->listNested()->printer('name', 'id', '--')->toArray();
// Returns
[
3 => 'Eagle',
4 => 'Seagull',
5 -> '--Clown Fish',
]
The printer() method also lets you use a callback to generate the keys and or values:
$nested->listNested()->printer(
function ($el) {
return $el->name;
},
function ($el) {
667
return $el->id;
}
);
Other Methods
Cake\Collection\Collection::isEmpty()
Allows you to see if a collection contains any elements:
$collection = new Collection([]);
// Returns true
$collection->isEmpty();
$collection = new Collection([1]);
// Returns false
$collection->isEmpty();
Cake\Collection\Collection::contains($value)
Collections allow you to quickly check if they contain one particular value: by using the contains()
method:
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
$hasThree = $collection->contains(3);
Comparisons are performed using the === operator. If you wish to do looser comparison types you can use
the some() method.
Cake\Collection\Collection::shuffle()
Sometimes you may wish to show a collection of values in a random order. In order to create a new collection
that will return each value in a randomized position, use the shuffle:
$collection = new Collection(['a' => 1, 'b' => 2, 'c' => 3]);
// This could return [2, 3, 1]
$collection->shuffle()->toArray();
Withdrawing Elements
Cake\Collection\Collection::sample(int $size)
Shuffling a collection is often useful when doing quick statistical analysis. Another common operation
when doing this sort of task is withdrawing a few random values out of a collection so that more tests can
be performed on those. For example, if you wanted to select 5 random users to which youd like to apply
some A/B tests to, you can use the sample() function:
668
sample() will take at most the number of values you specify in the first argument. If there are not enough
elements in the collection to satisfy the sample, the full collection in a random order is returned.
Cake\Collection\Collection::take(int $size, int $from)
Whenever you want to take a slice of a collection use the take() function, it will create a new collection
with at most the number of values you specify in the first argument, starting from the position passed in the
second argument:
$topFive = $collection->sortBy('age')->take(5);
// Take 5 people from the collection starting from position 4
$nextTopFive = $collection->sortBy('age')->take(5, 4);
Cake\Collection\Collection::first()
One of the most common uses of take() is getting the first element in the collection. A shortcut method
for achieving the same goal is using the first() method:
$collection = new Collection([5, 4, 3, 2]);
$collection->first(); // Returns 5
Cake\Collection\Collection::last()
Similarly, you can get the last element of a collection using the last() method:
$collection = new Collection([5, 4, 3, 2]);
$collection->last(); // Returns 2
Expanding Collections
Cake\Collection\Collection::append(array|Traversable $items)
You can compose multiple collections into a single one. This enables you to gather data from various
sources, concatenate it, and apply other collection functions to it very smoothly. The append() method
will return a new collection containing the values from both sources:
Other Methods
669
Warning: When appending from different sources, you can expect some keys from both collections
to be the same. For example, when appending two simple arrays. This can present a problem when
converting a collection to an array using toArray(). If you do not want values from one collection to
override others in the previous one based on their key, make sure that you call toList() in order to
drop the keys and preserve all values.
Modifiying Elements
Cake\Collection\Collection::insert(string $path, array|Traversable $items)
At times, you may have two separate sets of data that you would like to insert the elements of one set into
each of the elements of the other set. This is a very common case when you fetch data from a data source
that does not support data-merging or joins natively.
Collections offer an insert() method that will allow you to insert each of the elements in one collection
into a property inside each of the elements of another collection:
$users = [
['username' => 'mark'],
['username' => 'juan'],
['username' => 'jose']
];
$languages = [
['PHP', 'Python', 'Ruby'],
['Bash', 'PHP', 'Javascript'],
['Javascript', 'Prolog']
];
$merged = (new Collection($users))->insert('skills', $languages);
When converted to an array, the $merged collection will look like this:
[
['username' => 'mark', 'skills' => ['PHP', 'Python', 'Ruby']],
['username' => 'juan', 'skills' => ['Bash', 'PHP', 'Javascript']],
['username' => 'jose', 'skills' => ['Javascript', 'Prolog']]
];
The first parameter for the insert() method is a dot-separated path of properties to follow so that the
elements can be inserted at that position. The second argument is anything that can be converted to a
collection object.
670
Please observe that elements are inserted by the position they are found, thus, the first element of the second
collection is merged into the first element of the first collection.
If there are not enough elements in the second collection to insert into the first one, then the target property
will be filled with null values:
$languages = [
['PHP', 'Python', 'Ruby'],
['Bash', 'PHP', 'Javascript']
];
$merged = (new Collection($users))->insert('skills', $languages);
// Will yield
[
['username' => 'mark', 'skills' => ['PHP', 'Python', 'Ruby']],
['username' => 'juan', 'skills' => ['Bash', 'PHP', 'Javascript']],
['username' => 'jose', 'skills' => null]
];
The insert() method can operate array elements or objects implementing the ArrayAccess interface.
Other Methods
671
{
if (!empty($row['items'])) {
$row['total'] = collection($row['items'])->sumOf('price');
}
if (!empty($row['total'])) {
$row['tax_amount'] = $row['total'] * 0.25;
}
// More code here...
return $modifiedRow;
}
}
// Use the logic in your map() call
$collection->map(new TotalOrderCalculator)
Cake\Collection\Collection::through(callable $c)
Sometimes a chain of collection method calls can become reusable in other parts of your application, but
only if they are called in that specific order. In those cases you can use through() in combination with a
class implementing __invoke to distribute your handy data processing calls:
$collection
->map(new ShippingCostCalculator)
->map(new TotalOrderCalculator)
->map(new GiftCardPriceReducer)
->buffered()
...
The above method calls can be extracted into a new class so they dont need to be repeated every time:
class FinalCheckOutRowProcessor
{
public function __invoke($collection)
{
return $collection
->map(new ShippingCostCalculator)
->map(new TotalOrderCalculator)
->map(new GiftCardPriceReducer)
->buffered()
...
}
}
// Now you can use the through() method to call all methods at once
$collection->through(new FinalCheckOutRowProcessor);
672
Optimizing Collections
Cake\Collection\Collection::buffered()
Collections often perform most operations that you create using its functions in a lazy way. This means
that even though you can call a function, it does not mean it is executed right away. This is true for a great
deal of functions in this class. Lazy evaluation allows you to save resources in situations where you dont
use all the values in a collection. You might not use all the values when iteration stops early, or when an
exception/failure case is reached early.
Additionally, lazy evaluation helps speed up some operations. Consider the following example:
$collection = new Collection($oneMillionItems);
$collection->map(function ($item) {
return $item * 2;
});
$itemsToShow = $collection->take(30);
Had the collections not been lazy, we would have executed one million operations, even though we only
wanted to show 30 elements out of it. Instead, our map operation was only applied to the 30 elements we
used. We can also derive benefits from this lazy evaluation for smaller collections when we do more than
one operation on them. For example: calling map() twice and then filter().
Lazy evaluation comes with its downside too. You could be doing the same operations more than once if
you optimize a collection prematurely. Consider this example:
$ages = $collection->extract('age');
$youngerThan30 = $ages->filter(function ($item) {
return $item < 30;
});
$olderThan30 = $ages->filter(function ($item) {
return $item > 30;
});
If we iterate both youngerThan30 and olderThan30, the collection would unfortunately execute the
extract() operation twice. This is because collections are immutable and the lazy-extracting operation
would be done for both filters.
Luckily we can overcome this issue with a single function. If you plan to reuse the values from certain
operations more than once, you can compile the results into another collection using the buffered()
function:
$ages = $collection->extract('age')->buffered();
$youngerThan30 = ...
$olderThan30 = ...
Now, when both collections are iterated, they will only call the extracting operation once.
Other Methods
673
Cloning Collections
Cake\Collection\Collection::compile(bool $preserveKeys = true)
Sometimes you need to get a clone of the elements from another collection. This is useful when you need to
iterate the same set from different places at the same time. In order to clone a collection out of another use
the compile() method:
$ages = $collection->extract('age')->compile();
foreach ($ages as $age) {
foreach ($collection as $element) {
echo h($element->name) . ' - ' . $age;
}
}
674
CHAPTER 34
The Folder and File utilities are convenience classes to help you read from and write/append to files; list
files within a folder and other common directory related tasks.
Basic Usage
Ensure the classes are loaded:
use Cake\Filesystem\Folder;
use Cake\Filesystem\File;
and search for all .ctp files within that folder using regex:
$files = $dir->find('.*\.ctp');
Now we can loop through the files and read from or write/append to the contents or simply delete the file:
foreach ($files as $file) {
$file = new File($dir->pwd() . DS . $file);
$contents = $file->read();
// $file->write('I am overwriting the contents of this file');
// $file->append('I am adding to the bottom of this file.');
// $file->delete(); // I am deleting this file
$file->close(); // Be sure to close the file when you're done
}
Folder API
class Cake\Filesystem\Folder(string $path = false, boolean $create = false, string|boolean
$mode = false)
675
property Cake\Filesystem\Folder::$path
Path of the current folder. Folder::pwd() will return the same information.
property Cake\Filesystem\Folder::$sort
Whether or not the list results should be sorted by name.
property Cake\Filesystem\Folder::$mode
Mode to be used when creating folders. Defaults to 0755. Does nothing on Windows machines.
static Cake\Filesystem\Folder::addPathElement(string $path, string $element)
Returns $path with $element added, with correct slash in-between:
$path = Folder::addPathElement('/a/path/for', 'testing');
// $path equals /a/path/for/testing
Cake\Filesystem\Folder::cd($path)
Change directory to $path. Returns false on failure:
$folder = new Folder('/foo');
echo $folder->path; // Prints /foo
$folder->cd('/bar');
echo $folder->path; // Prints /bar
$false = $folder->cd('/non-existent-folder');
676
]);
Cake\Filesystem\Folder::dirsize()
Returns the size in bytes of this Folder and its contents.
Cake\Filesystem\Folder::errors()
Get the error from latest method.
Cake\Filesystem\Folder::find(string $regexpPattern = .*, boolean $sort = false)
Returns an array of all matching files in the current directory:
// Find all .png in your webroot/img/ folder and sort the results
$dir = new Folder(WWW_ROOT . 'img');
$files = $dir->find('.*\.png', true);
/*
Array
(
[0] => cake.icon.png
[1] => test-error-icon.png
[2] => test-fail-icon.png
[3] => test-pass-icon.png
[4] => test-skip-icon.png
Folder API
677
)
*/
Note: The folder find and findRecursive methods will only find files. If you would like to get folders and
files see Folder::read() or Folder::tree()
Cake\Filesystem\Folder::findRecursive(string $pattern = .*, boolean $sort =
false)
Returns an array of all matching files in and below the current directory:
// Recursively find files beginning with test or index
$dir = new Folder(WWW_ROOT);
$files = $dir->findRecursive('(test|index).*');
/*
Array
(
[0] => /var/www/cake/webroot/index.php
[1] => /var/www/cake/webroot/test.php
[2] => /var/www/cake/webroot/img/test-skip-icon.png
[3] => /var/www/cake/webroot/img/test-fail-icon.png
[4] => /var/www/cake/webroot/img/test-error-icon.png
[5] => /var/www/cake/webroot/img/test-pass-icon.png
)
*/
Cake\Filesystem\Folder::inCakePath(string $path = )
Returns true if the file is in a given CakePath.
Cake\Filesystem\Folder::inPath(string $path = , boolean $reverse = false)
Returns true if the file is in the given path:
$Folder = new Folder(WWW_ROOT);
$result = $Folder->inPath(APP);
// $result = true, /var/www/example/app/ is in /var/www/example/app/webroot/
678
Cake\Filesystem\Folder::realpath(string $path)
Get the real path (taking .. and such into account).
static Cake\Filesystem\Folder::slashTerm(string $path)
Returns $path with added terminating slash (corrected for Windows or other OS).
Cake\Filesystem\Folder::tree(null|string $path = null, array|boolean $exceptions =
true, null|string $type = null)
Returns an array of nested directories and files in each directory.
File API
class Cake\Filesystem\File(string $path, boolean $create = false, integer $mode = 755)
// Create a new file with 0644 permissions
$file = new File('/path/to/file.php', true, 0644);
File API
679
property Cake\Filesystem\File::$Folder
The Folder object of the file.
property Cake\Filesystem\File::$name
The name of the file with the extension. Differs from File::name() which returns the name
without the extension.
property Cake\Filesystem\File::$info
An array of file info. Use File::info() instead.
property Cake\Filesystem\File::$handle
Holds the file handler resource if the file is opened.
property Cake\Filesystem\File::$lock
Enable locking for file reading and writing.
property Cake\Filesystem\File::$path
The current files absolute path.
Cake\Filesystem\File::append(string $data, boolean $force = false)
Append the given data string to the current file.
Cake\Filesystem\File::close()
Closes the current file if it is opened.
Cake\Filesystem\File::copy(string $dest, boolean $overwrite = true)
Copy the file to $dest.
Cake\Filesystem\File::create()
Creates the file.
Cake\Filesystem\File::delete()
Deletes the file.
Cake\Filesystem\File::executable()
Returns true if the file is executable.
Cake\Filesystem\File::exists()
Returns true if the file exists.
Cake\Filesystem\File::ext()
Returns the file extension.
Cake\Filesystem\File::Folder()
Returns the current folder.
Cake\Filesystem\File::group()
Returns the files group, or false in case of an error.
Cake\Filesystem\File::info()
Returns the file info.
Cake\Filesystem\File::lastAccess()
Returns last access time.
Cake\Filesystem\File::lastChange()
Returns last modified time, or false in case of an error.
680
Cake\Filesystem\File::md5(integer|boolean $maxsize = 5)
Get the MD5 Checksum of file with previous check of filesize, or false in case of an error.
Cake\Filesystem\File::name()
Returns the file name without extension.
Cake\Filesystem\File::offset(integer|boolean $offset = false, integer $seek = 0)
Sets or gets the offset for the currently opened file.
Cake\Filesystem\File::open(string $mode = r, boolean $force = false)
Opens the current file with the given $mode.
Cake\Filesystem\File::owner()
Returns the files owner.
Cake\Filesystem\File::perms()
Returns the chmod (permissions) of the file.
static Cake\Filesystem\File::prepare(string $data, boolean $forceWindows = false)
Prepares a ascii string for writing. Converts line endings to the correct terminator for the current
platform. For Windows rn will be used, n for all other platforms.
Cake\Filesystem\File::pwd()
Returns the full path of the file.
Cake\Filesystem\File::read(string $bytes = false, string $mode = rb, boolean $force =
false)
Return the contents of the current file as a string or return false on failure.
Cake\Filesystem\File::readable()
Returns true if the file is readable.
Cake\Filesystem\File::safe(string $name = null, string $ext = null)
Makes filename safe for saving.
Cake\Filesystem\File::size()
Returns the filesize.
Cake\Filesystem\File::writable()
Returns true if the file is writable.
Cake\Filesystem\File::write(string $data, string $mode = w, boolean$force = false)
Write given data to the current file.
Cake\Filesystem\File::mime()
Get the files mimetype, returns false on failure.
Cake\Filesystem\File::replaceText($search, $replace)
Replaces text in a file. Returns false on failure and true on success.
File API
681
682
CHAPTER 35
Hash
class Cake\Utility\Hash
Array management, if done right, can be a very powerful and useful tool for building smarter, more optimized code. CakePHP offers a very useful set of static utilities in the Hash class that allow you to do just
that.
CakePHPs Hash class can be called from any model or controller in the same way Inflector is called.
Example: Hash::combine().
Expression Types
Expression
{n}
{s}
Foo
Definition
Represents a numeric key. Will match any string or numeric key.
Represents a string. Will match any string value including numeric string values.
Matches keys with the exact same value.
All expression elements are supported by all methods. In addition to expression elements, you can use
attribute matching with certain methods. They are extract(), combine(), format(), check(),
map(), reduce(), apply(), sort(), insert(), remove() and nest().
683
Definition
Match elements with a given array key.
Match elements with id equal to 2.
Match elements with id not equal to 2.
Match elements with id greater than 2.
Match elements with id greater than or equal to 2.
Match elements with id less than 2
Match elements with id less than or equal to 2.
Match elements that have values matching the regular expression inside ....
You can use paths using {n} and {s} to insert data into multiple points:
684
Using {n} and {s} will allow you to remove multiple values at once.
static Cake\Utility\Hash::combine(array $data, $keyPath = null, $valuePath = null,
$groupPath = null)
Creates an associative array using a $keyPath as the path to build its keys, and optionally $valuePath
as path to get the values. If $valuePath is not specified, or doesnt match anything, values will be
initialized to null. You can optionally group the values by what is obtained when following the path
specified in $groupPath.
$a = [
[
'User' => [
'id' => 2,
'group_id' => 1,
'Data' => [
'user' => 'mariano.iglesias',
'name' => 'Mariano Iglesias'
]
]
],
[
'User' => [
'id' => 14,
'group_id' => 2,
'Data' => [
'user' => 'phpnut',
'name' => 'Larry E. Masters'
]
]
],
];
$result = Hash::combine($a, '{n}.User.id');
/* $result now looks like:
685
[
[2] =>
[14] =>
]
*/
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data');
/* $result now looks like:
[
[2] => [
[user] => mariano.iglesias
[name] => Mariano Iglesias
]
[14] => [
[user] => phpnut
[name] => Larry E. Masters
]
]
/
*
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data.name');
/* $result now looks like:
[
[2] => Mariano Iglesias
[14] => Larry E. Masters
]
*/
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data', '{n}.User.group_id');
/* $result now looks like:
[
[1] => [
[2] => [
[user] => mariano.iglesias
[name] => Mariano Iglesias
]
]
[2] => [
[14] => [
[user] => phpnut
[name] => Larry E. Masters
]
]
]
*/
686
You can provide arrays for both $keyPath and $valuePath. If you do this, the first value will be used
as a format string, for values extracted by the other paths:
$result = Hash::combine(
$a,
'{n}.User.id',
['%s: %s', '{n}.User.Data.user', '{n}.User.Data.name'],
'{n}.User.group_id'
);
/* $result now looks like:
[
[1] => [
[2] => mariano.iglesias: Mariano Iglesias
]
[2] => [
[14] => phpnut: Larry E. Masters
]
]
*/
$result = Hash::combine(
$a,
['%s: %s', '{n}.User.Data.user', '{n}.User.Data.name'],
'{n}.User.id'
);
/* $result now looks like:
[
[mariano.iglesias: Mariano Iglesias] => 2
[phpnut: Larry E. Masters] => 14
]
*/
687
=> 'main'],
=> 'about']
=> 'main'],
=> 'about'],
=> 'contact'],
688
689
[0]
[2]
[3]
[4]
=>
=>
=>
=>
0
true
0
[
[0] => one thing
[1] => I can tell you
[2] => is you got to be
]
]
*/
690
[
[
'Post' => ['id' => '1', 'title' => 'First Post'],
'Author' => ['id' => '1', 'user' => 'Kyle'],
],
[
'Post' => ['id' => '2', 'title' => 'Second Post'],
'Author' => ['id' => '3', 'user' => 'Crystal'],
],
];
*/
691
Creates a new array, by extracting $path, and mapping $function across the results. You can use both
expression and matching elements with this method:
// Call the noop function $this->noop() on every element of $data
$result = Hash::map($data, "{n}", [$this, 'noop']);
public function noop(array $array)
{
// Do stuff to array and return the result
return $array;
}
$dir can be either asc or desc. $type can be one of the following values:
regular for regular sorting.
numeric for sorting values as their numeric equivalents.
string for sorting values as their string value.
natural for sorting values in a human friendly way. Will sort foo10 below foo2 as an
example. Natural sorting requires PHP 5.4 or greater.
693
$array1 = ['ModelOne' => ['id' => 1001, 'field_one' => 'a1.m1.f1', 'field_two' => 'a1.
$array2 = ['ModelOne' => ['id' => 1003, 'field_one' => 'a3.m1.f1', 'field_two' => 'a3.
$res = Hash::mergeDiff($array1, $array2);
/* $res now looks like:
[
[ModelOne] => [
[id] => 1001
[field_one] => a1.m1.f1
[field_two] => a1.m1.f2
[field_three] => a3.m1.f3
]
]
*/
Example 2
$array1 = ["a" => "b", 1 => 20938, "c" => "string"];
$array2 = ["b" => "b", 3 => 238, "c" => "string", ["extra_field"]];
$res = Hash::mergeDiff($array1, $array2);
/* $res now looks like:
[
[a] => b
[1] => 20938
[c] => string
[b] => b
[3] => 238
694
[4] => [
[0] => extra_field
]
]
*/
695
parentPath The path to a key that identifies the parent of each entry. Should be compatible
with Hash::extract(). Defaults to {n}.$alias.parent_id
root The id of the desired top-most result.
For example, if you had the following array of data:
$data = [
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
];
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'
=>
=>
=>
=>
=>
=>
=>
=>
=>
=>
696
697
698
CHAPTER 36
Http Client
Doing Requests
Doing requests is simple and straight forward. Doing a get request looks like:
use Cake\Network\Http\Client;
$http = new Client();
// Simple get
$response = $http->get('http://example.com/test.html');
// Simple get with querystring
$response = $http->get('http://example.com/search', ['q' => 'widget']);
// Simple get with querystring & additional headers
$response = $http->get('http://example.com/search', ['q' => 'widget'], [
'headers' => ['X-Requested-With' => 'XMLHttpRequest']
]);
699
$response = $http->put('http://example.com/posts/add', [
'title' => 'testing',
'body' => 'content in the post'
]);
// Other methods as well.
$http->delete(...);
$http->head(...);
$http->patch(...);
The filehandle will be read until its end; it will not be rewound before being read.
Warning: For compatibility reasons, strings beginning with @ will be evaluated as local or remote file
paths.
This functionality is deprecated as of CakePHP 3.0.5 and will be removed in a future version. Until that
happens, user data being passed to the Http Client must be sanitized as follows:
$response = $http->post('http://example.com/api', [
'search' => ltrim($this->request->data('search'), '@'),
]);
If it is necessary to preserve leading @ characters in query strings, you can pass a pre-encoded query string
from http_build_query():
$response = $http->post('http://example.com/api', http_build_query([
'search' => $this->request->data('search'),
]));
700
The type key can either be a one of json, xml or a full mime type. When using the type option, you
should provide the data as a string. If youre doing a GET request that needs both querystring parameters
and a request body you can do the following:
// Send a JSON body in a GET request with query string parameters.
$http = new Client();
$response = $http->get(
'http://example.com/tasks',
['q' => 'test', '_content' => json_encode($data)],
['type' => 'json']
);
701
Authentication
Http\Client supports a few different authentication systems. Different authentication strategies can be added
by developers. Auth strategies are called before the request is sent, and allow headers to be added to the
request context.
By default Http\Client will use basic authentication if there is no type key in the auth option.
702
By setting the type key to digest, you tell the authentication subsystem to use digest authentication.
OAuth 1 Authentication
Many modern web-services require OAuth authentication to access their APIs. The included OAuth authentication assumes that you already have your consumer key and consumer secret:
$http = new Client();
$response = $http->get('http://example.com/profile/1', [], [
'auth' => [
'type' => 'oauth',
'consumerKey' => 'bigkey',
'consumerSecret' => 'secret',
'token' => '...',
'tokenSecret' => '...',
'realm' => 'tickets',
]
]);
OAuth 2 Authentication
Because OAuth2 is often just a simple header, there is not a specialized authentication adapter. Instead you
can create a client with the access token:
$http = new Client([
'headers' => ['Authorization' => 'Bearer ' . $accessToken]
]);
$response = $http->get('https://example.com/api/profile/1');
Proxy Authentication
Some proxies require authentication to use them. Generally this authentication is Basic, but it can be implemented by any authentication adapter. By default Http\Client will assume Basic authentication, unless the
type key is set:
$http = new Client();
$response = $http->get('http://example.com/test.php', [], [
'proxy' => [
'username' => 'mark',
'password' => 'testing',
'port' => 12345,
Authentication
703
]
]);
The above will replace the domain, scheme, and port. However, this request will continue using all the other
options defined when the scoped client was created. See Request Method Options for more information on
the options supported.
704
You can always override the auto-included cookies by setting them in the requests $options parameters:
// Replace a stored cookie with a custom value.
$response = $http->get('/changelogs', [], [
'cookies' => ['sessionid' => '123abc']
]);
Response Objects
class Cake\Network\Http\Response
Response objects have a number of methods for inspecting the response data.
Cake\Network\Http\Response::body($parser = null)
Get the response body. Pass in an optional parser, to decode the response body. For example.
json_decode could be used for decoding response data.
Cake\Network\Http\Response::header($name)
Get a header with $name. $name is case-insensitive.
Cake\Network\Http\Response::headers()
Get all the headers.
Cake\Network\Http\Response::isOk()
Check if the response was ok. Any valid 20x response code will be treated as OK.
Cake\Network\Http\Response::isRedirect()
Check if the response was a redirect.
Cake\Network\Http\Response::cookies()
Get the cookies from the response. Cookies will be returned as an array with all the properties that
were defined in the response header. To access the raw cookie data you can use header()
705
The decoded response data is stored in the response object, so accessing it multiple times has no additional
cost.
706
CHAPTER 37
Inflector
class Cake\Utility\Inflector
The Inflector class takes a string and can manipulate it to handle word variations such as pluralizations
or camelizing and is normally accessed statically. Example: Inflector::pluralize(example)
returns examples.
You can try out the inflections online at inflector.cakephp.org1 .
Note: pluralize() may not always correctly convert a noun that is already in its plural form.
// Person
echo Inflector::singularize('People');
Note: singularize() may not always correctly convert a noun that is already in its singular form.
1
http://inflector.cakephp.org/
707
It should be noted that underscore will only convert camelCase formatted words. Words that contains spaces
will be lower-cased, but will not contain an underscore.
708
// applePie
Inflector::variable('apple_pie');
Inflection Configuration
CakePHPs naming conventions can be really nice - you can name your database table big\_boxes,
your model BigBoxes, your controller BigBoxesController, and everything just works together
automatically. The way CakePHP knows how to tie things together is by inflecting the words between their
singular and plural forms.
There are occasions (especially for our non-English speaking friends) where you may run into situations
where CakePHPs inflector (the class that pluralizes, singularizes, camelCases, and under_scores) might not
work as youd like. If CakePHP wont recognize your Foci or Fish, you can tell CakePHP about your special
cases.
The supplied rules will be merged into the respective inflection sets defined in
Cake/Utility/Inflector, with the added rules taking precedence over the core rules. You
can use Inflector::reset() to clear rules and restore the original Inflector state.
709
710
CHAPTER 38
Number
class Cake\I18n\Number
If you need NumberHelper functionalities outside of a View, use the Number class:
namespace App\Controller;
use Cake\I18n\Number;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth');
}
All of these functions return the formatted number; they do not automatically echo the output into the view.
711
This method is used to display a number in common currency formats (EUR, GBP, USD). Usage in a view
looks like:
// Called as NumberHelper
echo $this->Number->currency($value, $currency);
// Called as Number
echo Number::currency($value, $currency);
The first parameter, $value, should be a floating point number that represents the amount of money you
are expressing. The second parameter is a string used to choose a predefined currency formatting scheme:
$currency
EUR
GBP
USD
The third parameter is an array of options for further defining the output. The following options are available:
Option
before
after
zero
places
precision
locale
fractionSymbol
fractionPosition
pattern
useIntlCode
Description
Text to display before the rendered number.
Text to display before the rendered number.
The text to use for zero values; can be a string or a number. ie. 0, Free!.
Number of decimal places to use, ie. 2
Maximal number of decimal places to use, ie. 2
The locale name to use for formating number, ie. fr_FR.
String to use for fraction numbers, ie. cents.
Either before or after to place the fraction symbol.
An ICU number pattern to use for formatting the number ie. #,###.00
Set to true to replace the currency symbol with the international currency code.
If
$currency
value
is
null,
the
default
Cake\I18n\Number::defaultCurrency()
currency
will
be
retrieved
from
// Called as NumberHelper
echo $this->Number->precision(456.91873645, 2);
// Outputs
456.92
// Called as Number
echo Number::precision(456.91873645, 2);
Formatting Percentages
Cake\I18n\Number::toPercentage(mixed $value, int $precision = 2, array $options =[])
Option
multiply
Description
Boolean to indicate whether the value has to be multiplied by 100. Useful for decimal
percentages.
Formatting Percentages
713
Formatting Numbers
Cake\I18n\Number::format(mixed $value, array $options =[])
This method gives you much more control over the formatting of numbers for use in your views (and is used
as the main method by most of the other NumberHelper methods). Using this method might looks like:
// Called as NumberHelper
$this->Number->format($value, $options);
// Called as Number
Number::format($value, $options);
The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter is where the real magic for this method resides.
If you pass an integer then this becomes the amount of precision or places for the function.
If you pass an associated array, you can use the following keys:
Option
places
precision
pattern
locale
before
after
Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
An ICU number pattern to use for formatting the number ie. #,###.00
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.
Example:
// Called as NumberHelper
echo $this->Number->format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo $this->Number->format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'
// Called as Number
echo Number::format('123456.7890', [
'places' => 2,
'before' => ' ',
714
Format Differences
Cake\I18n\Number::formatDelta(mixed $value, array $options =[])
This method displays differences in value as a signed number:
// Called as NumberHelper
$this->Number->formatDelta($value, $options);
// Called as Number
Number::formatDelta($value, $options);
The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter takes the same keys as Number::format() itself:
Option
places
precision
locale
before
after
Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.
Example:
// Called as NumberHelper
echo $this->Number->formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
// Called as Number
echo Number::formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
Format Differences
715
716
CHAPTER 39
Registry Objects
The registry classes provide a simple way to create and retrieve loaded instances of a given object type.
There are registry classes for Components, Helpers, Tasks, and Behaviors.
While the examples below will use Components, the same behavior can be expected for Helpers, Behaviors,
and Tasks in addition to Components.
Loading Objects
Objects can be loaded on-the-fly using add<registry-object>() Example:
$this->loadComponent('Acl.Acl');
$this->addHelper('Flash')
This will result in the Toolbar property and Flash helper being loaded. Configuration can also be set
on-the-fly. Example:
$this->loadComponent('Cookie', ['name' => 'sweet']);
Any keys and values provided will be passed to the Components constructor. The one exception to this
rule is className. Classname is a special key that is used to alias objects in a registry. This allows you
to have component names that do not reflect the classnames, which can be helpful when extending core
components:
$this->Auth = $this->loadComponent('Auth', ['className' => 'MyCustomAuth']);
$this->Auth->user(); // Actually using MyCustomAuth::user();
Triggering Callbacks
Callbacks are not provided by registry objects.
events/callbacks for your application.
717
Disabling Callbacks
In previous versions, collection objects provided a disable() method to disable objects from receiving
callbacks. You should use the features in the events system to accomplish this now. For example, you could
disable component callbacks in the following way:
// Remove Auth from callbacks.
$this->eventManager()->off($this->Auth);
// Re-enable Auth for callbacks.
$this->eventManager()->on($this->Auth);
718
CHAPTER 40
Text
class Cake\Utility\Text
The Text class includes convenience methods for creating and manipulating strings and is normally accessed
statically. Example: Text::uuid().
If you need Cake\View\Helper\TextHelper functionalities outside of a View, use the Text class:
namespace App\Controller;
use Cake\Utility\Text;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth')
};
public function afterLogin()
{
$message = $this->Users->find('new_message');
if (!empty($message)) {
// Notify user of new message
$this->Flash->success(__(
'You have a new message: {0}',
Text::truncate($message['Message']['body'], 255, ['html' => true])
));
}
}
}
719
Generating UUIDs
static Cake\Utility\Text::uuid
The UUID method is used to generate unique identifiers as per RFC 41221 . The UUID is a 128-bit string
in the format of 485fc381-e790-47a3-9794-1337c0a8fe68.
Text::uuid(); // 485fc381-e790-47a3-9794-1337c0a8fe68
Formatting Strings
static Cake\Utility\Text::insert($string, $data, $options =[])
The insert method is used to create string templates and to allow for key/value replacements:
Text::insert(
'My name is :name and I am :age years old.',
['name' => 'Bob', 'age' => '65']
);
// Returns: "My name is Bob and I am 65 years old."
http://tools.ietf.org/html/rfc4122.html
720
$options = [
'clean' => [
'method' => 'text', // or html
],
'before' => '',
'after' => ''
];
Wrapping Text
static Cake\Utility\Text::wrap($text, $options =[])
Wraps a block of text to a set width and indents blocks as well. Can intelligently wrap text so words are not
sliced across lines:
$text = 'This is the song that never ends.';
$result = Text::wrap($text, 22);
// Returns
This is the song that
never ends.
You can provide an array of options that control how wrapping is done. The supported options are:
width The width to wrap to. Defaults to 72.
wordWrap Whether or not to wrap whole words. Defaults to true.
indent The character to indent lines with. Defaults to .
indentAt The line number to start indenting text. Defaults to 0.
static Cake\Utility\Text::wrapBlock($text, $options =[])
If you need to ensure that the total width of the generated block wont exceed a certain length even with
internal identation, you need to use wrapBlock() instead of wrap(). This is particulary useful to
generate text for the console for example. It accepts the same options than wrap():
$text = 'This is the song that never ends. This is the song that never ends.';
$result = Text::wrapBlock($text, [
'width' => 22,
'indent' => ' ',
'indentAt' => 1
]);
// Returns
This is the song that
never ends. This
is the song that
never ends.
Wrapping Text
721
Highlighting Substrings
Cake\Utility\Text::highlight(string $haystack, string $needle, array $options =[])
Highlights $needle in $haystack using the $options[format] string specified or a default
string.
Options:
format string - The piece of HTML with the phrase that will be highlighted
html bool - If true, will ignore any HTML tags, ensuring that only the correct text is highlighted
Example:
// Called as TextHelper
echo $this->Text->highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
// Called as Text
use Cake\Utility\Text;
echo Text::highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
Output:
Highlights $needle in $haystack <span class="highlight">using</span>
the $options['format'] string specified or a default string.
Removing Links
Cake\Utility\Text::stripLinks($text)
Strips the supplied $text of any HTML links.
Truncating Text
Cake\Utility\Text::truncate(string $text, int $length = 100, array $options)
If $text is longer than $length, this method truncates it at $length and adds a prefix consisting of
ellipsis, if defined. If exact is passed as false, the truncation will occur at the first whitespace
after the point at which $length is exceeded. If html is passed as true, HTML tags will be respected
and will not be cut off.
722
$options is used to pass all extra parameters, and has the following possible keys by default, all of which
are optional:
If ``$text`` is longer than ``$length`` characters, this method truncates it
at ``$length`` and adds a prefix consisting of ``'ellipsis'``, if defined.
If ``'exact'`` is passed as ``false``, the truncation will occur at the
first whitespace after the point at which ``$length`` is exceeded. If
``'html'`` is passed as ``true``, HTML tags will be respected and will not
be cut off.
Example:
// Called as TextHelper
echo $this->Text->truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
Output:
The killer crept...
723
Example:
$sampleText = 'I packed my bag and in it I put a PSP, a PS3, a TV, ' .
'a C# program that can divide by zero, death metal t-shirts'
// Called as TextHelper
echo $this->Text->tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);
Output:
...a TV, a C# program that can divide by zero, death metal t-shirts
Extracting an Excerpt
Cake\Utility\Text::excerpt(string $haystack, string $needle, integer $radius=100, string
$ellipsis=...)
Extracts an excerpt from $haystack surrounding the $needle with a number of characters on each side
determined by $radius, and prefix/suffix with $ellipsis. This method is especially handy for search
results. The query string or keywords can be shown within the resulting document.
// Called as TextHelper
echo $this->Text->excerpt($lastParagraph, 'method', 50, '...');
// Called as Text
use Cake\Utility\Text;
echo Text::excerpt($lastParagraph, 'method', 50, '...');
Output:
724
Output:
red, orange, yellow, green, blue, indigo and violet
725
726
CHAPTER 41
Time
class Cake\I18n\Time
If you need TimeHelper functionalities outside of a View, use the Time class:
use Cake\I18n\Time;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth');
}
public function afterLogin()
{
$time = new Time($this->Auth->user('date_of_birth'));
if ($time->isToday()) {
// Greet user with a happy birthday message
$this->Flash->success(__('Happy birthday to you...'));
}
}
}
Under the hood, CakePHP uses Carbon1 to power its Time utility. Anything you can do with Carbon and
DateTime, you can do with Time.
For details on Carbon please see their documentation2 .
1
2
https://github.com/briannesbitt/Carbon
http://carbon.nesbot.com/docs/
727
The Time class constructor can take any parameter that the internal DateTime PHP class can. When
passing a number or numeric string, it will be interpreted as a UNIX timestamp.
In test cases you can easily mock out now() using setTestNow():
// Fixate time.
$now = new Time('2014-04-12 12:22:30');
Time::setTestNow($now);
// Returns '2014-04-12 12:22:30'
$now = Time::now();
// Returns '2014-04-12 12:22:30'
$now = Time::parse('now');
Manipulation
Once created, you can manipulate Time instances using setter methods:
$now = Time::now();
$now->year(2013)
->month(10)
->day(31);
You can also use the methods provided by PHPs built-in DateTime class:
728
You can get the internal components of a date by accessing its properties:
$now
echo
echo
echo
echo
= Time::now();
$now->year; // 2014
$now->month; // 5
$now->day; // 10
$now->timezone; // America/New_York
Formatting
Cake\I18n\Time::i18nFormat($format = null, $timezone = null, $locale = null)
A very common thing to do with Time instances is to print out formatted dates. CakePHP makes this a
snap:
$now = Time::parse('2014-10-31');
// Prints a localized datetime stamp.
echo $now;
// Outputs '4/20/14, 10:10 PM' for the en-US locale
$now->i18nFormat();
// Use the full date and time format
$now->i18nFormat(\IntlDateFormatter::FULL);
// Use full date but short time format
$now->i18nFormat([\IntlDateFormatter::FULL, \IntlDateFormatter::SHORT]);
// Outputs '2014-04-20 22:10'
$now->i18nFormat('YYYY-MM-dd HH:mm:ss');
It is possible to specify the desired format for the string to be displayed. You can either pass IntlDateFormatter constants3 as the first argument of this function, or pass a full ICU date formatting string as specified
3
http://www.php.net/manual/en/class.intldateformatter.php
Formatting
729
You can alter the timezone in which the date is displayed without altering the Time object itself. This is
useful when you store dates in one timezone, but want to display them in a users own timezone:
$now->i18nFormat(\IntlDateFormatter::FULL, 'Europe/Paris');
Leaving the first parameter as null will use the default formatting string:
$now->i18nFormat(null, 'Europe/Paris');
From now on, dates will be displayed in the Spanish preferred format unless a different locale is specified
directly in the formatting method.
Likewise, it is possible to alter the default formatting string to be used for i18nFormat:
Time::setToStringFormat(\IntlDateFormatter::SHORT);
Time::setToStringFormat([\IntlDateFormatter::FULL, \IntlDateFormatter::SHORT]);
Time::setToStringFormat('YYYY-MM-dd HH:mm:ss');
It is recommended to always use the constants instead of directly passing a date format string.
http://www.php.net/manual/en/intl.configuration.php#ini.intl.default-locale
730
The end option lets you define at which point after which relative times should be formatted using the
format option. The accuracy option lets us control what level of detail should be used for each interval
range:
// If $timestamp is 1 month, 1 week, 5 days and 6 hours ago
echo $timestamp->timeAgoInWords([
'accuracy' => ['month' => 'month'],
'end' => '1 year'
]);
// Outputs '1 month ago'
By setting accuracy to a string, you can specify what is the maximum level of detail you want output:
$time = new Time('+23 hours');
// Outputs 'in about a day'
$result = $time->timeAgoInWords([
'accuracy' => 'day'
]);
Conversion
Cake\I18n\Time::toQuarter()
Once created, you can convert Time instances into timestamps or quarter values:
$time = new Time('2014-06-15');
$time->toQuarter();
$time->toUnixString();
Conversion
731
echo $time->isThisWeek();
echo $time->isThisMonth();
echo $time->isThisYear();
Each of the above methods will return true/false based on whether or not the Time instance matches
the present.
Cake\I18n\Time::wasWithinLast($interval)
You can also compare a Time instance within a range in the past:
// Within past 2 days.
echo $time->wasWithinLast(2);
// Within past 2 weeks.
echo $time->wasWithinLast('2 weeks');
732
CHAPTER 42
Xml
class Cake\Utility\Xml
The Xml class allows you to easily transform arrays into SimpleXMLElement or DOMDocument objects,
and back into arrays again.
733
]
];
$xml = Xml::build($data);
Note: DOMDocument1 and SimpleXML2 implement different APIs. Be sure to use the correct methods
on the object you request from Xml.
Your array must have only one element in the top level and it can not be numeric. If the array is not in this
format, Xml will throw an exception. Examples of invalid arrays:
// Top level with numeric key
[
['key' => 'value']
];
// Multiple keys in top level
[
'key1' => 'first value',
1
2
http://php.net/domdocument
http://php.net/simplexml
734
By default array values will be output as XML tags. If you want to define attributes or text values you can
prefix the keys that are supposed to be attributes with @. For value text, use @ as the key:
$xmlArray = [
'project' => [
'@id' => 1,
'name' => 'Name of project, as tag',
'@' => 'Value of project'
]
];
$xmlObject = Xml::fromArray($xmlArray);
$xmlString = $xmlObject->asXML();
Using Namespaces
To use XML Namespaces, create a key in your array with the name xmlns: in a generic namespace or
input the prefix xmlns: in a custom namespace. See the samples:
$xmlArray = [
'root' => [
'xmlns:' => 'http://cakephp.org',
'child' => 'value'
]
];
$xml1 = Xml::fromArray($xmlArray);
$xmlArray(
'root' => [
'tag' => [
'xmlns:pref' => 'http://cakephp.org',
'pref:item' => [
'item 1',
'item 2'
]
]
]
);
$xml2 = Xml::fromArray($xmlArray);
735
<?xml version="1.0"?>
<root><tag xmlns:pref="http://cakephp.org"><pref:item>item 1</pref:item><pref:item>item 2</
Creating a Child
After you have created your XML document, you just use the native interfaces for your document type to
add, remove, or manipulate child nodes:
// Using SimpleXML
$myXmlOriginal = '<?xml version="1.0"?><root><child>value</child></root>';
$xml = Xml::build($myXmlOriginal);
$xml->root->addChild('young', 'new value');
// Using DOMDocument
$myXmlOriginal = '<?xml version="1.0"?><root><child>value</child></root>';
$xml = Xml::build($myXmlOriginal, ['return' => 'domdocument']);
$child = $xml->createElement('young', 'new value');
$xml->firstChild->appendChild($child);
Tip:
After manipulating your XML using SimpleXMLElement or DomDocument you can use
Xml::toArray() without a problem.
736
CHAPTER 43
While most of your day-to-day work in CakePHP will be utilizing core classes and methods, CakePHP
features a number of global convenience functions that may come in handy. Many of these functions are
for use with CakePHP classes (loading model or component classes), but many others make working with
arrays or strings a little easier.
Well also cover some of the constants available in CakePHP applications. Using these constants will help
make upgrades more smooth, but are also convenient ways to point to certain files or directories in your
CakePHP application.
Global Functions
Here are CakePHPs globally available functions. Most of them are just convenience wrappers for other
CakePHP functionality, such as debugging and translating content.
__(string $string_id[, $formatArgs ])
This function handles localization in CakePHP applications. The $string_id identifies the ID for
a translation. Strings used for translations are treated as format strings for sprintf(). You can
supply additional arguments to replace placeholders in your string:
__('You have {0} unread messages', $number);
Note: Check out the Internationalization & Localization section for more information.
__d(string $domain, string $msg, mixed $args = null)
Allows you to override the current domain for a single message lookup.
Useful when internationalizing a plugin:
plugin);
__dn(string $domain, string $singular, string $plural, integer $count, mixed $args = null)
Allows you to override the current domain for a single plural message lookup. Returns correct
737
plural form of message identified by $singular and $plural for count $count from domain
$domain.
__dx(string $domain, string $context, string $msg, mixed $args = null)
Allows you to override the current domain for a single message lookup. It also allows you to specify
a context.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__dxn(string $domain, string $context, string $singular, string $plural, integer $count, mixed $args
= null)
Allows you to override the current domain for a single plural message lookup. It also allows you to
specify a context. Returns correct plural form of message identified by $singular and $plural
for count $count from domain $domain. Some languages have more than one form for plural
messages dependent on the count.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__n(string $singular, string $plural, integer $count, mixed $args = null)
Returns correct plural form of message identified by $singular and $plural for count $count.
Some languages have more than one form for plural messages dependent on the count.
__x(string $context, string $msg, mixed $args = null)
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__xn(string $context, string $singular, string $plural, integer $count, mixed $args = null)
Returns correct plural form of message identified by $singular and $plural for count $count
from domain $domain. It also allows you to specify a context. Some languages have more than one
form for plural messages dependent on the count.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
collection(mixed $items)
Convenience wrapper for instantiating a new CakeCollectionCollection object, wrapping
the passed argument. The $items parameter takes either a Traversable object or an array.
debug(mixed $var, boolean $showHtml = null, $showFrom = true)
If the core $debug variable is true, $var is printed out. If $showHTML is true or left as null,
the data is rendered to be browser-friendly. If $showFrom is not set to false, the debug output will
start with the line from which it was called. Also see Debugging
env(string $key)
Gets an environment variable from available sources. Used as a backup if $_SERVER or $_ENV are
disabled.
This function also emulates PHP_SELF and DOCUMENT_ROOT on unsupporting servers. In fact, its
a good idea to always use env() instead of $_SERVER or getenv() (especially if you plan to
distribute the code), since its a full emulation wrapper.
738
list($namespace, $className) =
pr(mixed $var)
Convenience wrapper for print_r(), with the addition of wrapping <pre> tags around the output.
pj(mixed $var)
JSON pretty print convenience function, with the addition of wrapping <pre> tags around the output.
It is meant for debugging the JSON representation of objects and arrays.
739
constant TESTS
Path to the tests directory.
constant TMP
Path to the temporary files directory.
constant WWW_ROOT
Full path to the webroot.
740
CHAPTER 44
Debug Kit
DebugKit is a plugin supported by the core team that provides a toolbar to help make debugging CakePHP
applications easier.
Installation
By default DebugKit is installed with the default application skeleton. If youve removed it and want to
re-install it, you can do so by running the following from your applications ROOT directory (where composer.json file is located):
php composer.phar require --dev cakephp/debug_kit "~3.0"
DebugKit Storage
By default, DebugKit uses a small SQLite database in your applications /tmp directory to store the panel
data. If youd like DebugKit to store its data elsewhere, you should define a debug_kit connection.
Database Configuration
By default DebugKit will store panel data into a SQLite database in your applications tmp directory. If you
cannot install pdo_sqlite, you can configure DebugKit to use a different database by defining a debug_kit
connection in your config/app.php file.
Toolbar Usage
The DebugKit Toolbar is comprised of several panels, which are shown by clicking the CakePHP icon in
the bottom right-hand corner of your browser window. Once the toolbar is open, you should see a series of
buttons. Each of these buttons expands into a panel of related information.
741
742
* My Custom Panel
*/
class MyCustomPanel extends DebugPanel
{
...
}
Notice that custom panels are required to extend the DebugPanel class.
Callbacks
By default Panel objects have two callbacks, allowing them to hook into the current request. Panels subscribe to the Controller.initialize and Controller.shutdown events. If your panel needs
to subscribe to additional events, you can use the implementedEvents() method to define all of the
events your panel is interested in.
You should refer to the built-in panels for some examples on how you can build panels.
Panel Elements
Each Panel is expected to have a view element that renders the content from the panel. The element name
must be the underscored inflection of the class name. For example SessionPanel has an element named
session_panel.ctp, and SqllogPanel has an element named sqllog_panel.ctp. These elements
should be located in the root of your src/Template/Element directory.
743
To use a plugin or app panel, update your applications DebugKit configuration to include the panel:
// in config/bootstrap.php
Configure::write('DebugKit.panels', ['App', 'MyPlugin.MyCustom']);
Plugin::load('DebugKit', ['bootstrap' => true]);
The above would load all the default panels as well as the AppPanel, and MyCustomPanel panel from
MyPlugin.
744
CHAPTER 45
Migrations
Migrations is another plugin supported by the core team that helps you do schema changes in your database
by writing PHP files that can be tracked using your version control system.
It allows you to evolve your database tables over time. Instead of writing schema modifications in SQL, this
plugin allows you to use an intuitive set of methods to implement your database changes.
This plugin is a wrapper for the database migrations library Phinx1
Installation
By default Migrations is installed with the default application skeleton. If youve removed it and want
to re-install it, you can do so by running the following from your applications ROOT directory (where
composer.json file is located):
php composer.phar require cakephp/migrations "@stable"
You will need to add the following line to your applications bootstrap.php file:
Plugin::load('Migrations');
Additionally, you will need to configure the default database configuration in your config/app.php file as
explained in the Database Configuration section.
Overview
A migration is basically a single PHP file that describes a new version of the database. A migration file
can create tables, add or remove columns, create indexes and even insert data into the database.
Heres an example of a migration:
1
https://phinx.org/
745
This migration adds a table called products with a string column called name, a text description column
and a column called created with a datetime type. A primary key column called id will also be added
implicitly.
Note that this file describes how the database should look like after applying the change, at this point no
products table exist, but we have created a file that is both able to create the table with the right column
as well as to drop it if we rollback the migration.
Once the file has been created in the config/Migrations folder, you will be able to execute the following
command to create the table in your database:
bin/cake migrations migrate
Creating Migrations
Migration files are stored in the config/Migration directory of your application. The name of the migration files are prefixed with the date in which they were created, in the format YYYYMMDDHHMMSS_my_new_migration.php.
The easiest way of creating a migrations file is by using the command line. Lets imagine that youd like to
add a new products table:
bin/cake bake migration CreateProducts name:string description:text created modified
The above line will create a migration file looking like this:
class CreateProductsTable extends AbstractMigration
{
public function change()
{
$table = $this->table('products');
$table->addColumn('name', 'string')
746
->addColumn('description', 'text')
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime')
->create();
}
If the migration name in the command line is of the form AddXXXToYYY or RemoveXXXFromYYY
and is followed by a list of column names and types then a migration file containing the code for creating or
dropping the columns will be generated:
bin/cake bake migration AddPriceToProducts price:decimal
will generate:
class AddNameIndexToProducts extends AbstractMigration
{
public function change()
{
$table = $this->table('products');
$table->addColumn('name', 'string')
->addIndex(['name'])
->update();
}
When using fields in the command line it may be handy to remember that they follow the following pattern:
field:fieldType:indexType:indexName
For instance, the following are all valid ways of specifying an email field:
email:string:unique
email:string:unique:EMAIL_INDEX
Fields named created and modified will automatically be set to the type datetime.
In the same way, you can generate a migration to remove a column by using the command line:
bin/cake bake migration RemovePriceFromProducts price
747
Please make sure you read the official Phinx documentation2 in order to know the complete list of methods
you can use for writing migration files.
2
http://docs.phinx.org/en/latest/migrations.html
748
It will generate a migration file called Initial containing all the create statements for all tables in your
database.
The above will create a CHAR(36) id column that is also the primary key.
Collations
If you need to create a table with a different collation than the database default one, you can define it with
the table() method, as an option:
class CreateCategoriesTable extends AbstractMigration
{
public function change()
{
$table = $this
->table('categories', [
'collation' => 'latin1_german1_ci'
])
->addColumn('title', 'string', [
'default' => null,
'limit' => 255,
'null' => false,
])
->create();
}
Creating Migrations
749
Note however this can only be done on table creation : there is currently no way of adding a column to
an existing table with a different collation than the table or the database. Only MySQL and SqlServer
supports this configuration key for the time being.
Applying Migrations
Once you have generated or written your migration file, you need to execute the following command to
apply the changes to your database:
bin/cake migrations migrate
To migrate to a specific version then use the target parameter or -t for short:
bin/cake migrations migrate -t 20150103081132
That corresponds to the timestamp that is prefixed to the migrations file name.
Reverting Migrations
The Rollback command is used to undo previous migrations executed by this plugin. It is the reverse action
of the migrate command.
You can rollback to the previous migration by using the rollback command:
bin/cake migrations rollback
You can also pass a migration version number to rollback to a specific version:
bin/cake migrations rollback -t 20150103081132
Migrations Status
The Status command prints a list of all migrations, along with their current status. You can use this command
to determine which migrations have been run:
bin/cake migrations status
750
Note that when you bake a snapshot with the cake bake migration_snapshot command, the created migration will automatically be marked as migrated.
751
752
CHAPTER 46
Appendices
Appendices contain information regarding the new features introduced in each version and the migration
path between versions.
Upgrade Tool
While this document covers all the breaking changes and improvements made in CakePHP 3.0, weve also
created a console application to help you easily complete some of the time consuming mechanical changes.
You can get the upgrade tool from github1 .
1
https://github.com/cakephp/upgrade
753
http://www.php-fig.org/psr/psr-4/
https://github.com/cakephp/app
4
http://getcomposer.org
3
754
The config key www_root has been changed to wwwRoot for consistency. Please adjust your app.php
config file as well as any usage of Configure::read(App.wwwRoot).
New ORM
CakePHP 3.0 features a new ORM that has been re-built from the ground up. The new ORM is significantly different and incompatible with the previous one. Upgrading to the new ORM will require extensive
changes in any application that is being upgraded. See the new Database Access & ORM documentation for
information on how to use the new ORM.
Basics
LogError() was removed, it provided no benefit and is rarely/never used.
The following global functions have been removed: config(), cache(), clearCache(),
convertSlashes(), am(), fileExistsInPath(), sortByKey().
Debugging
Configure::write(debug, $bool) does not support 0/1/2 anymore. A simple boolean
is used instead to switch debug mode on or off.
Object settings/configuration
Objects used in CakePHP now have a consistent instance-configuration storage/retrieval system. Code
which previously accessed for example: $object->settings should instead be updated to use
$object->config().
Cache
Memcache engine has been removed, use Cake\Cache\Cache\Engine\Memcached instead.
Cache engines are now lazy loaded upon first use.
Cake\Cache\Cache::engine() has been added.
Cake\Cache\Cache::enabled() has been added. This replaced the Cache.disable configure option.
Cake\Cache\Cache::enable() has been added.
Cake\Cache\Cache::disable() has been added.
Cache configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Cache::set() has been removed. It is recommended that you create multiple cache configurations
to replace runtime configuration tweaks previously possible with Cache::set().
755
and
All Cake\Cache\Cache\CacheEngine methods now honor/are responsible for handling the configured key prefix. The Cake\Cache\CacheEngine::write() no longer permits setting the duration
on write - the duration is taken from the cache engines runtime config. Calling a cache method with an
empty key will now throw an InvalidArgumentException, instead of returning false.
Core
App
Cake\Core\Plugin::load() does not setup an autoloader unless you set the autoload option to true.
When loading plugins you can no longer provide a callable.
When loading plugins you can no longer provide an array of config files to load.
Configure
renamed
to
Cake\Core\Configure::load() now expects the file name without extension suffix as this
can be derived from the engine. E.g. using PhpConfig use app to load app.php.
Setting
a
$config
variable
in
PHP
config
file
is
deprecated.
Cake\Core\Configure\EnginePhpConfig now expects the config file to return an
array.
A new config engine Cake\Core\Configure\EngineJsonConfig has been added.
Object
The Object class has been removed. It formerly contained a grab bag of methods that were
used in various places across the framework. The most useful of these methods have been extracted into traits. You can use the Cake\Log\LogTrait to access the log() method. The
Cake\Routing\RequestActionTrait provides requestAction().
Console
The cake executable has been moved from the app/Console directory to the bin directory within the
application skeleton. You can now invoke CakePHPs console with bin/cake.
TaskCollection Replaced
This class has been renamed to Cake\Console\TaskRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code. Tasks no longer have access to callbacks, as
there were never any callbacks to use.
Shell
Shell::__construct() has
Cake\Console\ConsoleIo.
changed.
It
now
takes
an
instance
of
757
ConsoleInputArgument
The ApiShell was removed as it didnt provide any benefit over the file source itself and the online documentation/API5 .
SchemaShell Removed
The SchemaShell was removed as it was never a complete database migration implementation and better
tools such as Phinx6 have emerged. It has been replaced by the CakePHP Migrations Plugin7 which acts as
a wrapper between CakePHP and Phinx8 .
ExtractTask
bin/cake i18n extract no longer includes untranslated validation messages. If you want
translated validation messages you should wrap those messages in __() calls like any other content.
BakeShell / TemplateTask
Bake is no longer part of the core source and is superseded by CakePHP Bake Plugin9
Bake templates have been moved under src/Template/Bake.
The syntax of Bake templates now uses erb-style tags (<% %>) to denote templating logic, allowing
php code to be treated as plain text.
The bake view command has been renamed bake template.
5
http://api.cakephp.org/
https://phinx.org/
7
https://github.com/cakephp/migrations
8
https://phinx.org/
9
https://github.com/cakephp/bake
6
758
Event
The getEventManager() method, was removed on all objects that had it. An eventManager()
method is now provided by the EventManagerTrait. The EventManagerTrait contains the logic
of instantiating and keeping a reference to a local event manager.
The Event subsystem has had a number of optional features removed. When dispatching events you can no
longer use the following options:
passParams This option is now enabled always implicitly. You cannot turn it off.
break This option has been removed. You must now stop events.
breakOn This option has been removed. You must now stop events.
Log
Log configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Log engines are now lazily loaded upon the first write to the logs.
Cake\Log\Log::engine() has been added.
The following methods have been removed from Cake\Log\Log :: defaultLevels(),
enabled(), enable(), disable().
You can no longer create custom levels using Log::levels().
When configuring loggers you should use levels instead of types.
You can no longer specify custom log levels. You must use the default set of log levels. You should use
logging scopes to create custom log files or specific handling for different sections of your application.
Using a non-standard log level will now throw an exception.
Cake\Log\LogTrait was added. You can use this trait in your classes to add the log() method.
The logging scope passed to Cake\Log\Log::write() is now forwarded to the log engines
write() method in order to provide better context to the engines.
Log engines are now required to implement Psr\Log\LogInterface instead of Cakes own
LogInterface. In general, if you extended Cake\Log\Engine\BaseEngine you just need
to rename the write() method to log().
Cake\Log\Engine\FileLog now writes files in ROOT/logs instead of ROOT/tmp/logs.
Routing
Named Parameters
Named parameters were removed in 3.0. Named parameters were added in 1.2.0 as a pretty version of
query string parameters. While the visual benefit is arguable, the problems named parameters created are
not.
3.0 Migration Guide
759
Named parameters required special handling in CakePHP as well as any PHP or JavaScript library that
needed to interact with them, as named parameters are not implemented or understood by any library except
CakePHP. The additional complexity and code required to support named parameters did not justify their
existence, and they have been removed. In their place you should use standard query string parameters or
passed arguments. By default Router will treat any additional parameters to Router::url() as query
string arguments.
Since many applications will still need to parse incoming URLs containing named parameters.
Cake\Routing\Router::parseNamedParams() has been added to allow backwards compatibility with existing URLs.
RequestActionTrait
Named parameters have been removed, see above for more information.
The full_base option has been replaced with the _full option.
The ext option has been replaced with the _ext option.
_scheme, _port, _host, _base, _full, _ext options added.
String URLs are no longer modified by adding the plugin/controller/prefix names.
The default fallback route handling was removed. If no routes match a parameter set / will be returned.
Route classes are responsible for all URL generation including query string parameters. This makes
routes far more powerful and flexible.
Persistent
parameters
were
removed.
They
were
replaced
with
Cake\Routing\Router::urlFilter() which allows a more flexible way to mutate
URLs being reverse routed.
Router::parseExtensions()
has
been
removed.
Use
Cake\Routing\Router::extensions() instead. This method must be called before
routes are connected. It wont modify existing routes.
Router::setExtensions() has been removed. Use Cake\Routing\Router::extensions()
instead.
Router::resourceMap() has been removed.
760
Plugin & theme assets handled by the AssetFilter are no longer read via include instead they are
treated as plain text files. This fixes a number of issues with JavaScript libraries like TinyMCE and
environments with short_tags enabled.
Support for the Asset.filter configuration and hooks were removed. This feature can easily be
replaced with a plugin or dispatcher filter.
Network
Request
761
The mapping of mimetype text/plain to extension csv has been removed. As a consequence Cake\Controller\Component\RequestHandlerComponent doesnt set extension to csv if Accept header contains mimetype text/plain which was a common annoyance
when receiving a jQuery XHR request.
Sessions
The session class is no longer static, instead the session can be accessed through the request object. See the
Sessions documentation for using the session object.
Cake\Network\Session and related session classes have been moved under the
Cake\Network namespace.
SessionHandlerInterface has been removed in favor of the one provided by PHP itself.
The property Session::$requestCountdown has been removed.
The session checkAgent feature has been removed. It caused a number of bugs when chrome frame,
and flash player are involved.
The conventional sessions database table name is now sessions instead of cake_sessions.
The session cookie timeout is automatically updated in tandem with the timeout in the session data.
The path for session cookie now defaults to apps base path instead of /. Also new config variable
Session.cookiePath has been added to easily customize the cookie path.
A new convenience method Cake\Network\Session::consume() has been added to allow
reading and deleting session data in a single step.
The default value of Cake\Network\Session::clear()s argument $renew has been
changed from true to false.
762
Network\Http
HttpSocket is now Cake\Network\Http\Client.
HttpClient has been re-written from the ground up. It has a simpler/easier to use API, support for
new authentication systems like OAuth, and file uploads. It uses PHPs stream APIs so there is no
requirement for cURL. See the Http Client documentation for more information.
Network\Email
Cake\Network\Email\Email::config() is now used to define configuration profiles. This
replaces the EmailConfig classes in previous versions.
Cake\Network\Email\Email::profile() replaces config() as the way to modify per
instance configuration options.
Cake\Network\Email\Email::drop() has been added to allow the removal of email configuration.
Cake\Network\Email\Email::configTransport() has been added to allow the definition of transport configurations. This change removes transport options from delivery profiles and
allows you to easily re-use transports across email profiles.
Cake\Network\Email\Email::dropTransport() has been added to allow the removal of
transport configuration.
Controller
Controller
The $helpers, $components properties are now merged with all parent classes not just
AppController and the plugin AppController. The properties are merged differently now as well.
Instead of all settings in all classes being merged together, the configuration defined in the child class
will be used. This means that if you have some configuration defined in your AppController, and
some configuration defined in a subclass, only the configuration in the subclass will be used.
Controller::httpCodes() has been removed, use Cake\Network\Response::httpCodes()
instead.
Controller::disableCache()
has
been
Cake\Network\Response::disableCache() instead.
removed,
use
Controller::flash() has been removed. This method was rarely used in real applications and
served no purpose anymore.
Controller::validate() and Controller::validationErrors() have been removed. They were left over methods from the 1.x days where the concerns of models + controllers
were far more intertwined.
Controller::loadModel() now loads table objects.
763
The Controller::$scaffold property has been removed. Dynamic scaffolding has been removed from CakePHP core. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
The Controller::$ext property has been removed. You now have to extend and override the
View::$_ext property if you want to use a non-default view file extension.
The Controller::$methods property has been removed.
You should now use
Controller::isAction() to determine whether or not a method name is an action. This
change was made to allow easier customization of what is and is not counted as an action.
The Controller::$Components property has been removed and replaced with
_components.
If you need to load components at runtime you should use
$this->loadComponent() on your controller.
The signature of Cake\Controller\Controller::redirect() has been changed to
Controller::redirect(string|array $url, int $status = null). The 3rd argument $exit has been dropped. The method can no longer send response and exit script, instead it
returns a Response instance with appropriate headers set.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
Underscore prefixed controller methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead. Only public methods can be used as controller actions.
Scaffold Removed
The dynamic scaffolding in CakePHP has been removed from CakePHP core. It was infrequently used,
and never intended for production use. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
ComponentCollection Replaced
This class has been renamed to Cake\Controller\ComponentRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake
upgrade rename_collections to assist in upgrading your code.
Component
It
contains
an
instance
of
All components should now use the config() method to get/set configuration.
Default configuration for components should be defined in the $_defaultConfig property. This
property is automatically merged with any configuration provided to the constructor.
Configuration options are no longer set as public properties.
764
Uses Cake\Network\Request::cookie() to read cookie data, this eases testing, and allows
for ControllerTestCase to set cookies.
Cookies encrypted in previous versions of CakePHP using the cipher() method are now unreadable because Security::cipher() has been removed. You will need to re-encrypt cookies
with the rijndael() or aes() method before upgrading.
CookieComponent::type() has been removed and replaced with configuration data accessed
through config().
write() no longer takes encryption or expires parameters. Both of these are now managed
through config data. See Cookie for more information.
The path for cookies now defaults to apps base path instead of /.
AuthComponent
Default is now the default password hasher used by authentication classes. It uses exclusively
the bcrypt hashing algorithm. If you want to continue using SHA1 hashing used in 2.x use
passwordHasher => Weak in your authenticator configuration.
A new FallbackPasswordHasher was added to help users migrate old passwords from one
algorithm to another. Check AuthComponents documentation for more info.
BlowfishAuthenticate class has been removed. Just use FormAuthenticate
BlowfishPasswordHasher class has been removed. Use DefaultPasswordHasher instead.
The loggedIn() method has been removed. Use user() instead.
Configuration options are no longer set as public properties.
The methods allow() and deny() no longer accept var args. All method names need to be
passed as first argument, either as string or array of strings.
The method login() has been removed and replaced by setUser() instead. To login a user you
now have to call identify() which returns user info upon successful identification and then use
setUser() to save the info to session for persistence across requests.
BaseAuthenticate::_password() has been removed. Use a PasswordHasher class instead.
3.0 Migration Guide
765
The following methods have been removed from RequestHandler component:: isAjax(),
isFlash(), isSSL(), isPut(), isPost(), isGet(), isDelete().
Use the
Cake\Network\Request::is() method instead with relevant argument.
RequestHandler::setContent() was removed, use Cake\Network\Response::type()
instead.
RequestHandler::getReferer() was removed, use Cake\Network\Request::referer()
instead.
RequestHandler::getClientIP() was removed, use Cake\Network\Request::clientIp()
instead.
RequestHandler::getAjaxVersion() was removed.
RequestHandler::mapType() was removed, use Cake\Network\Response::mapType()
instead.
Configuration options are no longer set as public properties.
SecurityComponent
The following methods and their related properties have been removed from Security component: requirePost(), requireGet(), requirePut(), requireDelete(). Use the
Cake\Network\Request::allowMethod() instead.
SecurityComponent::$disabledFields()
SecurityComponent::$unlockedFields().
has
been
removed,
use
The CSRF related features in SecurityComponent have been extracted and moved into a separate CsrfComponent. This allows you more easily use CSRF protection without having to use form tampering
prevention.
Configuration options are no longer set as public properties.
The methods requireAuth() and requireSecure() no longer accept var args. All method
names need to be passed as first argument, either as string or array of strings.
766
SessionComponent
767
Behaviors
Underscore prefixed behavior methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead.
TreeBehavior
The TreeBehavior was completely re-written to use the new ORM. Although it works the same as in 2.x, a
few methods were renamed or removed:
TreeBehavior::children() is now a custom finder find(children).
TreeBehavior::generateTreeList() is now a custom finder find(treeList).
TreeBehavior::getParentNode() was removed.
TreeBehavior::getPath() is now a custom finder find(path).
TreeBehavior::reorder() was removed.
TreeBehavior::verify() was removed.
TestSuite
TestCase
_normalizePath() has been added to allow path comparison tests to run across all operation
systems regarding their DS settings (\ in Windows vs / in UNIX, for example).
The following assertion methods have been removed as they have long been deprecated and replaced by
their new PHPUnit counterpart:
assertEqual() in favor of assertEquals()
assertNotEqual() in favor of assertNotEquals()
assertIdentical() in favor of assertSame()
assertNotIdentical() in favor of assertNotSame()
assertPattern() in favor of assertRegExp()
assertNoPattern() in favor of assertNotRegExp()
assertReference() if favor of assertSame()
assertIsA() in favor of assertInstanceOf()
Note that some methods have switched the argument order, e.g. assertEqual($is, $expected)
should now be assertEquals($expected, $is).
The following assertion methods have been deprecated and will be removed in the future:
assertWithinMargin() in favor of assertWithinRange()
768
Having themes and plugins as ways to create modular application components has proven to be limited, and
confusing. In CakePHP 3.0, themes no longer reside inside the application. Instead they are standalone
plugins. This solves a few problems with themes:
You could not put themes in plugins.
Themes could not provide helpers, or custom view classes.
Both these issues are solved by converting themes into plugins.
View Folders Renamed
The folders containing view files now go under src/Template instead of src/View. This was done to separate
the view files from files containing php classes (eg. Helpers, View classes).
The following View folders have been renamed to avoid naming collisions with controller names:
Layouts is now Layout
Elements is now Element
Errors is now Error
Emails is now Email (same for Email inside Layout)
HelperCollection Replaced
This class has been renamed to Cake\View\HelperRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code.
View Class
The
plugin
key
has
been
Cake\View\View::element().
SomePlugin.element_name instead.
removed
from
$options
argument
Specify
the
element
name
of
as
769
ViewBlock::append() has been removed, use Cake\ViewViewBlock::concat() instead. However, View::append() still exists.
JsonView
By default JSON data will have HTML entities encoded now. This prevents possible XSS issues when
JSON view content is embedded in HTML files.
Cake\View\JsonView now supports the _jsonOptions view variable. This allows you to
configure the bit-mask options used when generating JSON.
XmlView
Cake\View\XmlView now supports the _xmlOptions view variable. This allows you to configure the options used when generating XML.
View\Helper
The $settings property is now called $_config and should be accessed through the config()
method.
Configuration options are no longer set as public properties.
770
Helper::clean() was removed. It was never robust enough to fully prevent XSS. instead you
should escape content with h or use a dedicated library like htmlPurifier.
Helper::output() was removed. This method was deprecated in 2.x.
Methods
Helper::webroot(),
Helper::url(),
Helper::assetUrl(),
Helper::assetTimestamp() have been moved to new Cake\View\Helper\UrlHelper
helper. Helper::url() is now available as Cake\View\Helper\UrlHelper::build().
Magic accessors to deprecated properties have been removed. The following properties now need to
be accessed from the request object:
base
here
webroot
data
action
params
Helper
771
FormHelper
FormHelper has been entirely rewritten for 3.0. It features a few large changes:
FormHelper works with the new ORM. But has an extensible system for integrating with other ORMs
or datasources.
FormHelper features an extensible widget system that allows you to create new custom input widgets
and easily augment the built-in ones.
String templates are the foundation of the helper. Instead of munging arrays together everywhere,
most of the HTML FormHelper generates can be customized in one central place using template sets.
In addition to these larger changes, some smaller breaking changes have been made as well. These changes
should help streamline the HTML FormHelper generates and reduce the problems people had in the past:
The data[ prefix was removed from all generated inputs. The prefix serves no real purpose anymore.
The various standalone input methods like text(), select() and others no longer generate id
attributes.
The inputDefaults option has been removed from create().
Options default and onsubmit of create() have been removed. Instead one should use
JavaScript event binding or set all required js code for onsubmit.
end() can no longer make buttons. You should create buttons with button() or submit().
FormHelper::tagIsInvalid() has been removed. Use isFieldError() instead.
FormHelper::inputDefaults() has been removed. You can use templates() to define/augment the templates FormHelper uses.
The wrap and class options have been removed from the error() method.
The showParents option has been removed from select().
The div, before, after, between and errorMessage options have been removed from
input(). You can use templates to update the wrapping HTML. The templates option allows
you to override the loaded templates for one input.
The separator, between, and legend options have been removed from radio(). You can
use templates to change the wrapping HTML now.
The format24Hours parameter has been removed from hour(). It has been replaced with the
format option.
The minYear, and maxYear parameters have been removed from year(). Both of these parameters can now be provided as options.
The dateFormat and timeFormat parameters have been removed from datetime(). You can
use the template to define the order the inputs should be displayed in.
The submit() has had the div, before and after options removed. You can customize the
submitContainer template to modify this content.
772
The inputs() method no longer accepts legend and fieldset in the $fields parameter,
you must use the $options parameter. It now also requires $fields parameter to be an array.
The $blacklist parameter has been removed, the functionality has been replaced by specifying
field => false in the $fields parameter.
The inline parameter has been removed from postLink() method. You should use the block
option instead. Setting block => true will emulate the previous behavior.
The timeFormat parameter for hour(), time() and dateTime() now defaults to 24, complying with ISO 8601.
The $confirmMessage argument of Cake\View\Helper\FormHelper::postLink()
has been removed. You should now use key confirm in $options to specify the message.
Checkbox and radio input types are now rendered inside of label elements by default. This helps
increase compatibility with popular CSS libraries like Bootstrap10 and Foundation11 .
Templates tags are now all camelBacked. Pre-3.0 tags formstart, formend, hiddenblock
and inputsubmit are now formStart, formEnd, hiddenBlock and inputSubmit. Make
sure you change them if they are customized in your app.
It is recommended that you review the Form documentation for more details on how to use the FormHelper
in 3.0.
HtmlHelper
http://getbootstrap.com/
http://foundation.zurb.com/
773
PaginatorHelper
link() has been removed. It was no longer used by the helper internally. It had low usage in user
land code, and no longer fit the goals of the helper.
next() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
prev() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
first() no longer has after, ellipsis, separator, class, or tag options.
last() no longer has after, ellipsis, separator, class, or tag options.
numbers() no longer has separator, tag, currentTag, currentClass, class, tag, ellipsis options. These options are now facilitated through templates. It also requires the $options parameter
to be an array now.
The
%page%
style
placeholders
have
Cake\View\Helper\PaginatorHelper::counter().
holders instead.
been
removed
from
Use {{page}} style place-
url() has been renamed to generateUrl() to avoid method declaration clashes with
Helper::url().
By default all links and inactive texts are wrapped in <li> elements. This helps make CSS easier to write,
and improves compatibility with popular CSS frameworks.
Instead of the various options in each method, you should use the templates feature. See the PaginatorHelper
Templates documentation for information on how to use templates.
TimeHelper
The SessionHelper has been deprecated. You can use $this->request->session() directly, and the flash message functionality has been moved into Flash instead.
774
JsHelper
JsHelper and all associated engines have been removed. It could only generate a very small subset
of JavaScript code for selected library and hence trying to generate all JavaScript code using just the
helper often became an impediment. Its now recommended to directly use JavaScript library of your
choice.
CacheHelper Removed
CacheHelper has been removed. The caching functionality it provided was non-standard, limited and incompatible with non-HTML layouts and data views. These limitations meant a full rebuild would be necessary.
Edge Side Includes have become a standardized way to implement the functionality CacheHelper used to
provide. However, implementing Edge Side Includes12 in PHP has a number of limitations and edge cases.
Instead of building a sub-par solution, we recommend that developers needing full response caching use
Varnish13 or Squid14 instead.
I18n
The I18n subsystem was completely rewritten. In general, you can expect the same behavior as in previous
versions, specifically if you are using the __() family of functions.
Internally, the I18n class uses Aura\Intl, and appropriate methods are exposed to access the specific
features of this library. For this reason most methods inside I18n were removed or renamed.
Due to the use of ext/intl, the L10n class was completely removed. It provided outdated and incomplete
data in comparison to the data available from the Locale class in PHP.
The default application language will no longer be changed automatically by the browser accepted language
nor by having the Config.language value set in the browser session. You can, however, use a dispatcher
filter to get automatic language switching from the Accept-Language header sent by the browser:
// In config/bootstrap.php
DispatcherFactory::addFilter('LocaleSelector');
There is no built-in replacement for automatically selecting the language by setting a value in the user
session.
The default formatting function for translated messages is no longer sprintf, but the more advanced and
feature rich MessageFormatter class. In general you can rewrite placeholders in messages as follows:
// Before:
__('Today is a %s day in %s', 'Sunny', 'Spain');
// After:
__('Today is a {0} day in {1}', 'Sunny', 'Spain');
12
http://en.wikipedia.org/wiki/Edge_Side_Includes
http://varnish-cache.org
14
http://squid-cache.org
13
775
You can avoid rewriting your messages by using the old sprintf formatter:
I18n::defaultFormatter('sprintf');
Additionally, the Config.language value was removed and it can no longer be used to control the
current language of the application. Instead, you can use the I18n class:
// Before
Configure::write('Config.language', 'fr_FR');
// Now
I18n::locale('en_US');
to
Since CakePHP now requires the mbstring extension, the Multibyte class has been removed.
Error messages throughout CakePHP are no longer passed through I18n functions. This was done to
simplify the internals of CakePHP and reduce overhead. The developer facing messages are rarely, if
ever, actually translated - so the additional overhead reaps very little benefit.
L10n
Cake\I18n\L10n s constructor now takes a Cake\Network\Request instance as argument.
Testing
The TestShell has been removed. CakePHP, the application skeleton and newly baked plugins all
use phpunit to run tests.
The webrunner (webroot/test.php) has been removed. CLI adoption has greatly increased since the
initial release of 2.x. Additionaly, CLI runners offer superior integration with IDEs and other automated tooling.
If you find yourself in need of a way to run tests from a browser you should checkout VisualPHPUnit15 . It offers many additional features over the old webrunner.
ControllerTestCase is deprecated and will be removed for CakePHP 3.0.0. You should use the
new Controller Integration Testing features instead.
Fixtures should now be referenced using their plural form:
15
https://github.com/NSinopoli/VisualPHPUnit
776
// Instead of
$fixtures = ['app.article'];
// You should use
$fixtures = ['app.articles'];
Utility
Set Class Removed
The Set class has been removed, you should use the Hash class instead now.
Folder & File
Separate set of uninflected and irregular rules for pluralization and singularization
have been removed.
Instead we now have a common list for each.
When using
Cake\Utility\Inflector::rules() with type singular and plural you can no longer
use keys like uninflected, irregular in $rules argument array.
777
You can add / overwrite the list of uninflected and irregular rules using
Cake\Utility\Inflector::rules() by using values uninflected and irregular for
$type argument.
Sanitize
Security::cipher() has been removed. It is insecure and promoted bad cryptographic practices. You should use Security::encrypt() instead.
The Configure value Security.cipherSeed is no longer required.
Security::cipher() it serves no use.
Backwards compatibility in Cake\Utility\Security::rijndael() for values encrypted prior to CakePHP 2.3.1 has been removed.
You should re-encrypt values using
Security::encrypt() and a recent version of CakePHP 2.x before migrating.
The ability to generate a blowfish hash has been removed. You can no longer use type blowfish
for Security::hash(). One should just use PHPs password_hash() and password_verify() to
generate and verify blowfish hashes. The compability library ircmaxell/password-compat16 which is
installed along with CakePHP provides these functions for PHP < 5.5.
OpenSSL is now used over mcrypt when encrypting/decrypting data. This change provides better
performance and future proofs CakePHP against distros dropping support for mcrypt.
Security::rijndael() is deprecated and only available when using mcrypt.
Warning: Data encrypted with Security::encrypt() in previous versions is not compatible with the
openssl implementation. You should set the implementation to mcrypt when upgrading.
Time
https://packagist.org/packages/ircmaxell/password-compat
778
Number
The Number library was rewritten to internally use the NumberFormatter class.
CakeNumber has been renamed to Cake\I18n\Number.
Number::format() now requires $options to be an array.
Number::addFormat() was removed.
Number::fromReadableSize() has been moved to Cake\Utility\Text::parseFileSize().
Validation
The range for Validation::range() now is inclusive if $lower and $upper are provided.
Validation::ssn() has been removed.
Xml
779
780
Cake\ORM\Query - A fluent object based query builder that replaces the deeply nested arrays used
in previous versions of CakePHP.
Cake\ORM\ResultSet - A collection of results that gives powerful tools for manipulating data in
aggregate.
Cake\ORM\Entity - Represents a single row result. Makes accessing data and serializing to various formats a snap.
Now that you are more familiar with some of the classes youll interact with most frequently in the new
ORM it is good to look at the three most important classes. The Table, Query and Entity classes do
much of the heavy lifting in the new ORM, and each serves a different purpose.
Table Objects
Table objects are the gateway into your data. They handle many of the tasks that Model did in previous
releases. Table classes handle tasks like:
Creating queries.
Providing finders.
Validating and saving entities.
Deleting entities.
Defining and accessing associations.
Triggering callback events.
Interacting with behaviors.
The documentation chapter on Table Objects provides far more detail on how to use table objects than this
guide can. Generally when moving existing model code over it will end up in a table object. Table objects
dont contain any platform dependent SQL. Instead they collaborate with entities and the query builder to do
their work. Table objects also interact with behaviors and other interested parties through published events.
Query Objects
While these are not classes you will build yourself, your application code will make extensive use of the
Query Builder which is central to the new ORM. The query builder makes it easy to build simple or complex
queries including those that were previously very difficult in CakePHP like HAVING, UNION and subqueries.
The various find() calls your application has currently will need to be updated to use the new query builder.
The Query object is responsible for containing the data to make a query without executing the query itself.
It collaborates with the connection/dialect to generate platform specific SQL which is executed creating a
ResultSet as the output.
781
Entity Objects
In previous versions of CakePHP the Model class returned dumb arrays that could not contain any logic
or behavior. While the community made this short-coming less painful with projects like CakeEntity, the
array results were often a short coming that caused many developers trouble. For CakePHP 3.0, the ORM
always returns object result sets unless you explicitly disable that feature. The chapter on Entities covers the
various tasks you can accomplish with entities.
Entities are created in one of two ways. Either by loading data from the database, or converting request data
into entities. Once created, entities allow you to manipulate the data they contain and persist their data by
collaborating with table objects.
Key Differences
The new ORM is a large departure from the existing Model layer. There are many important differences
that are important in understanding how the new ORM operates and how to update your code.
Inflection Rules Updated
You may have noticed that table classes have a pluralized name. In addition to tables having pluralized
names, associations are also referred in the plural form. This is in contrast to Model where class names and
association aliases were singular. There are a few reasons for this change:
Table classes represent collections of data, not single rows.
Associations link tables together, describing the relations between many things.
While the conventions for table objects are to always use plural forms, your entity association properties
will be populated based on the association type.
Note: BelongsTo and HasOne associations will use the singular form in entity properties, while HasMany
and BelongsToMany (HABTM) will use plural forms.
The convention change for table objects is most apparent when building queries. Instead of expressing
queries like:
// Wrong
$query->where(['User.active' => 1]);
One important difference in the new ORM is that calling find on a table will not return the results immediately, but will return a Query object; this serves several purposes.
782
It is possible to stack custom finders to append conditions, sorting, limit and any other clause to the same
query before it is executed:
$query = $articles->find('approved')->find('popular');
$query->find('latest');
You can compose queries one into the other to create subqueries easier than ever:
$query = $articles->find('approved');
$favoritesQuery = $article->find('favorites', ['for' => $user]);
$query->where(['id' => $favoritesQuery->select(['id'])]);
You can decorate queries with iterators and call methods without even touching the database. This is great
when you have parts of your view cached and having the results taken from the database is not actually
required:
// No queries made in this example!
$results = $articles->find()
->order(['title' => 'DESC'])
->formatResults(function ($results) {
return $results->extract('title');
});
Queries can be seen as the result object, trying to iterate the query, calling toArray() or any method
inherited from collection, will result in the query being executed and results returned to you.
The biggest difference you will find when coming from CakePHP 2.x is that find(first) does not
exist anymore. There is a trivial replacement for it, and it is the first() method:
// Before
$article = $this->Article->find('first');
// Now
$article = $this->Articles->find()->first();
// Before
$article = $this->Article->find('first', [
'conditions' => ['author_id' => 1]
]);
// Now
$article = $this->Articles->find('all', [
'conditions' => ['author_id' => 1]
])->first();
// Can also be written
$article = $this->Articles->find()
->where(['author_id' => 1])
783
->first();
If you are a loading a single record by its primary key, it will be better to just call get():
$article = $this->Articles->get(10);
Returning a query object from a find method has several advantages, but comes at a cost for people migrating
from 2.x. If you had some custom find methods in your models, they will need some modifications. This is
how you create custom finder methods in 3.0:
class ArticlesTable
{
public function findPopular(Query $query, array $options)
{
return $query->where(['times_viewed' > 1000]);
}
public function findFavorites(Query $query, array $options)
{
$for = $options['for'];
return $query->matching('Users.Favorites', function ($q) use ($for) {
return $q->where(['Favorites.user_id' => $for]);
});
}
}
As you can see, they are pretty straightforward, they get a Query object instead of an array and must return
a Query object back. For 2.x users that implemented afterFind logic in custom finders, you should check
out the Modifying Results with Map/Reduce section, or use the features found on the Collections. If in your
models you used to rely on having an afterFind for all find operations you can migrate this code in one of a
few ways:
1. Override your entity constructor method and do additional formatting there.
2. Create accessor methods in your entity to create the virtual properties.
3. Redefine findAll() and use formatResults.
In the 3rd case above your code would look like:
public function findAll(Query $query, array $options)
{
return $query->formatResults(function ($results) {
return $results->map(function ($row) {
// Your afterfind logic
});
})
}
784
You may have noticed that custom finders receive an options array. You can pass any extra information to
your finder using this parameter. This is great news for people migrating from 2.x. Any of the query keys
that were used in previous versions will be converted automatically for you in 3.x to the correct functions:
// This works in both CakePHP 2.x and 3.0
$articles = $this->Articles->find('all', [
'fields' => ['id', 'title'],
'conditions' => [
'OR' => ['title' => 'Cake', 'author_id' => 1],
'published' => true
],
'contain' => ['Authors'], // The only change! (notice plural)
'order' => ['title' => 'DESC'],
'limit' => 10,
]);
If your application uses magic or Dynamic Finders, you will have to adapt those calls. In 3.x the
findAllBy* methods have been removed, instead findBy* always returns a query object. To get the
first result, you need to use the first() method:
$article = $this->Articles->findByTitle('A great post!')->first();
Hopefully, migrating from older versions is not as daunting as it first seems. Many of the features we have
added will help you remove code as you can better express your requirements using the new ORM and at
the same time the compatibility wrappers will help you rewrite those tiny differences in a fast and painless
way.
One of the other nice improvements in 3.x around finder methods is that behaviors can implement finder
methods with no fuss. By simply defining a method with a matching name and signature on a Behavior the
finder will automatically be available on any tables the behavior is attached to.
Recursive and ContainableBehavior Removed
Will only load data from the articles table as no associations have been included. To load articles and
their related authors you would do:
$query = $this->Articles->find('all')->contain(['Authors']);
By only loading associated data that has been specifically requested you spend less time fighting the ORM
trying to get only the data you want.
785
In previous versions of CakePHP you needed to make extensive use of the afterFind callback and virtual
fields in order to create generated data properties. These features have been removed in 3.0. Because of how
ResultSets iteratively generate entities, the afterFind callback was not possible. Both afterFind and
virtual fields can largely be replaced with virtual properties on entities. For example if your User entity has
both first and last name columns you can add an accessor for full_name and generate the property on the fly:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected function _getFullName()
{
return $this->first_name . ' ' . $this->last_name;
}
}
Once defined you can access your new property using $user->full_name. Using the Modifying Results
with Map/Reduce features of the ORM allow you to build aggregated data from your results, which is another
use case that the afterFind callback was often used for.
While virtual fields are no longer an explicit feature of the ORM, adding calculated fields is easy to do in
your finder methods. By using the query builder and expression objects you can achieve the same results
that virtual fields gave:
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
class ReviewsTable extends Table
{
public function findAverage(Query $query, array $options = [])
{
$avg = $query->func()->avg('rating');
$query->select(['average' => $avg]);
return $query;
}
}
In previous versions of CakePHP the various associations your models had were defined in properties like
$belongsTo and $hasMany. In CakePHP 3.0, associations are created with methods. Using methods
allows us to sidestep the many limitations class definitions have, and provide only one way to define associations. Your initialize() method and all other parts of your application code, interact with the same
API when manipulating associations:
786
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
class ReviewsTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Movies');
$this->hasOne('Ratings');
$this->hasMany('Comments')
$this->belongsToMany('Tags')
}
}
As you can see from the example above each of the association types uses a method to create the association.
One other difference is that hasAndBelongsToMany has been renamed to belongsToMany. To find
out more about creating associations in 3.0 see the section on Associations - Linking Tables Together.
Another welcome improvement to CakePHP is the ability to create your own association classes. If you have
association types that are not covered by the built-in relation types you can create a custom Association
sub-class and define the association logic you need.
Validation No Longer Defined as a Property
Like associations, validation rules were defined as a class property in previous versions of CakePHP. This
array would then be lazily transformed into a ModelValidator object. This transformation step added a
layer of indirection, complicating rule changes at runtime. Furthermore, validation rules being defined as a
property made it difficult for a model to have multiple sets of validation rules. In CakePHP 3.0, both these
problems have been remedied. Validation rules are always built with a Validator object, and it is trivial
to have multiple sets of rules:
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
use Cake\Validation\Validator;
class ReviewsTable extends Table
{
public function validationDefault(Validator $validator)
{
$validator->requirePresence('body')
->add('body', 'length', [
'rule' => ['minLength', 20],
'message' => 'Reviews must be 20 characters or more',
])
787
->add('user_id', 'numeric', [
'rule' => 'numeric'
]);
return $validator;
}
}
In previous versions of CakePHP validation and the related callbacks covered a few related but different
uses. In CakePHP 3.0, what was formerly called validation is now split into two concepts:
1. Data type and format validation.
2. Enforcing application, or business rules.
Validation is now applied before ORM entities are created from request data. This step lets you ensure data
matches the data type, format, and basic shape your application expects. You can use your validators when
converting request data into entities by using the validate option. See the documentation on Converting
Request Data into Entities for more information.
Application rules allow you to define rules that ensure your applications rules, state and workflows are
enforced. Rules are defined in your Tables buildRules() method. Behaviors can add rules using the
buildRules() hook method. An example buildRules() method for our articles table could be:
// In src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\RulesChecker;
class Articles extends Table
{
public function buildRules(RulesChecker $rules)
{
$rules->add($rules->existsIn('user_id', 'Users'));
$rules->add(
function ($article, $options) {
return ($article->published && empty($article->reviewer));
},
'isReviewed',
[
'errorField' => 'published',
'message' => 'Articles must be reviewed before publishing.'
]
);
return $rules;
}
}
788
In the past CakePHP has always quoted identifiers. Parsing SQL snippets and attempting to quote identifiers
was both error prone and expensive. If you are following the conventions CakePHP sets out, the cost of
identifier quoting far outweighs any benefit it provides. Because of this identifier quoting has been disabled
by default in 3.0. You should only need to enable identifier quoting if you are using column names or table
names that contain special characters or are reserved words. If required, you can enable identifier quoting
when configuring a connection:
// In config/app.php
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Driver\Mysql',
'username' => 'root',
'password' => 'super_secret',
'host' => 'localhost',
'database' => 'cakephp',
'quoteIdentifiers' => true
]
],
Note: Identifiers in QueryExpression objects will not be quoted, and you will need to quote them
manually or use IdentifierExpression objects.
Updating Behaviors
Like most ORM related features, behaviors have changed in 3.0 as well. They now attach to Table instances which are the conceptual descendant of the Model class in previous versions of CakePHP. There
are a few key differences from behaviors in CakePHP 2.x:
Behaviors are no longer shared across multiple tables. This means you no longer have to namespace
settings stored in a behavior. Each table using a behavior will get its own instance.
The method signatures for mixin methods have changed.
The method signatures for callback methods have changed.
The base class for behaviors have changed.
Behaviors can easily add finder methods.
New Base Class
The base class for behaviors has changed. Behaviors should now extend Cake\ORM\Behavior; if a
behavior does not extend this class an exception will be raised. In addition to the base class changing, the
constructor for behaviors has been modified, and the startup() method has been removed. Behaviors
that need access to the table they are attached to should define a constructor:
789
namespace App\Model\Behavior;
use Cake\ORM\Behavior;
class SluggableBehavior extends Behavior
{
protected $_table;
public function __construct(Table $table, array $config)
{
parent::__construct($table, $config);
$this->_table = $table;
}
}
Behaviors continue to offer the ability to add mixin methods to Table objects, however the method signature for these methods has changed. In CakePHP 3.0, behavior mixin methods can expect the same
arguments provided to the table method. For example:
// Assume table has a slug() method provided by a behavior.
$table->slug($someValue);
The behavior providing the slug() method will receive only 1 argument, and its method signature should
look like:
public function slug($value)
{
// Code here.
}
Behavior callbacks have been unified with all other listener methods. Instead of their previous arguments,
they need to expect an event object as their first argument:
public function beforeFind(Event $event, Query $query, array $options)
{
// Code.
}
See Lifecycle Callbacks for the signatures of all the callbacks a behavior can subscribe to.
790
General Information
CakePHP Development Process
Here we attempt to explain the process we use when developing the CakePHP framework. We rely heavily
on community interaction through tickets and IRC chat. IRC is the best place to find members of the
development team17 and discuss ideas, the latest code, and make general comments. If something more
formal needs to be proposed or there is a problem with a release, the ticket system is the best place to share
your thoughts.
We currently maintain 4 versions of CakePHP.
stable : Tagged releases intended for production where stability is more important than features.
Issues filed against these releases will be fixed in the related branch, and be part of the next release.
maintenance branch : Development branches become maintenance branches once a stable release
point has been reached. Maintenance branches are where all bugfixes are committed before making
their way into a stable release. Maintenance branches have the same name as the major version they
are for example 1.2. If you are using a stable release and need fixes that havent made their way into
a stable release check here.
development branches : Development branches contain leading edge fixes and features. They are
named after the version number they are for example 1.3. Once development branches have reached
a stable release point they become maintenance branches, and no further new features are introduced
unless absolutely necessary.
feature branches : Feature branches contain unfinished or possibly unstable features and are recommended only for power users interested in the most advanced feature set and willing to contribute
back to the community. Feature branches are named with the following convention version-feature.
An example would be 1.3-router Which would contain new features for the Router for 1.3.
Hopefully this will help you understand what version is right for you. Once you pick your version you may
feel compelled to contribute a bug report or make general comments on the code.
If you are using a stable version or maintenance branch, please submit tickets or discuss with us on
IRC.
If you are using the development branch or feature branch, the first place to go is IRC. If you have a
comment and cannot reach us in IRC after a day or two, please submit a ticket.
If you find an issue, the best answer is to write a test. The best advice we can offer in writing tests is to look
at the ones included in the core.
As always, if you have any questions or comments, visit us at #cakephp on irc.freenode.net.
Glossary
routing array An array of attributes that are passed to Router::url(). They typically look like:
17
https://github.com/cakephp?tab=members
General Information
791
HTML attributes An array of key => values that are composed into HTML attributes. For example:
// Given
['class' => 'my-class', 'target' => '_blank']
// Would generate
class="my-class" target="_blank"
If an option can be minimized or accepts its name as the value, then true can be used:
// Given
['checked' => true]
// Would generate
checked="checked"
plugin syntax Plugin syntax refers to the dot separated class name indicating classes are part of a plugin:
// The plugin is "DebugKit", and the class name is "Toolbar".
'DebugKit.Toolbar'
// The plugin is "AcmeCorp/Tools", and the class name is "Toolbar".
'AcmeCorp/Tools.Toolbar'
dot notation Dot notation defines an array path, by separating nested levels with . For example:
Cache.default.engine
CSRF Cross Site Request Forgery. Prevents replay attacks, double submissions and forged requests from
other domains.
CDN Content Delivery Network. A 3rd party vendor you can pay to help distribute your content to data
centers around the world. This helps put your static assets closer to geographically distributed users.
routes.php A file in config directory that contains routing configuration. This file is included before
each request is processed. It should connect all the routes your application needs so requests can be
routed to the correct controller + action.
DRY Dont repeat yourself. Is a principle of software development aimed at reducing repetition of information of all kinds. In CakePHP DRY is used to allow you to code things once and re-use them across
your application.
792
PaaS Platform as a Service. Platform as a Service providers will provide cloud based hosting, database
and caching resources. Some popular providers include Heroku, EngineYard and PagodaBox
DSN Data Source Name. A connection string format that is formed like a URI. CakePHP supports DSNs
for Cache, Database, Log and Email connections.
General Information
793
794
CHAPTER 47
genindex
modindex
795
796
c
Cake\Cache, 485
Cake\Collection, 653
Cake\Console, 495
Cake\Console\Exception, 538
Cake\Controller, 183
Cake\Controller\Component, 579
Cake\Controller\Exception, 538
Cake\Core, 136
Cake\Core\Configure, 141
Cake\Core\Configure\Engine, 141
Cake\Core\Exception, 539
Cake\Database, 331
Cake\Database\Exception, 538
Cake\Database\Schema, 454
Cake\Datasource, 331
Cake\Error, 519
Cake\Filesystem, 675
Cake\Form, 575
Cake\I18n, 727
Cake\Log, 572
Cake\Network, 169
Cake\Network\Email, 527
Cake\Network\Exception, 537
Cake\Network\Http, 699
Cake\ORM, 363
Cake\ORM\Behavior, 446
Cake\ORM\Exception, 539
Cake\Routing, 145
Cake\Routing\Exception, 539
Cake\Utility, 733
Cake\Validation, 643
Cake\View, 231
Cake\View\Exception, 538
Cake\View\Helper, 316
Cake\View\UrlHelper, 317
797
798
Index
Symbols
() ( method), 229, 230
:action, 146
:controller, 146
:plugin, 146
$this->request, 169
$this->response, 175
__() (global function), 737
__d() (global function), 737
__dn() (global function), 737
__dx() (global function), 738
__dxn() (global function), 738
__n() (global function), 738
__x() (global function), 738
__xn() (global function), 738
A
acceptLanguage() (Cake\Network\Request method),
175
accepts() (Cake\Network\Request method), 175
accepts() (RequestHandlerComponent method), 220
addArgument() (Cake\Console\ConsoleOptionParser
method), 505
addArguments() (Cake\Console\ConsoleOptionParser
method), 506
addBehavior() (Cake\ORM\Table method), 368
addCrumb()
(Cake\View\Helper\HtmlHelper
method), 294
addDetector() (Cake\Network\Request method), 172
addInputType()
(RequestHandlerComponent
method), 222
addOption() (Cake\Console\ConsoleOptionParser
method), 506
addOptions() (Cake\Console\ConsoleOptionParser
method), 507
addPathElement()
(Cake\Filesystem\Folder
method), 676
addSubcommand() (Cake\Console\ConsoleOptionParser
method), 508
admin routing, 152
afterDelete() (Cake\ORM\Table method), 367
afterDeleteCommit() (Cake\ORM\Table method),
368
afterFilter() (Cake\Controller\Controller method),
191
afterLayout() (Helper method), 324
afterRender() (Helper method), 324
afterRenderFile() (Helper method), 323
afterRules() (Cake\ORM\Table method), 367
afterSave() (Cake\ORM\Table method), 367
afterSaveCommit() (Cake\ORM\Table method), 367
alert() (Cake\Log\Log method), 573
allInputs()
(Cake\View\Helper\FormHelper
method), 278
allow() (AuthComponent method), 204, 473
allowedActions (SecurityComponent property), 212,
603
allowedControllers (SecurityComponent property),
212, 603
allowMethod() (Cake\Network\Request method),
174
App (class in Cake\Core), 651
APP (global constant), 739
app.php, 133
app.php.default, 133
APP_DIR (global constant), 739
799
800
Index
801
E
decrypt() (Cake\Utility\Security method), 599
defaultCurrency() (Cake\I18n\Number method), 712 each() (Cake\Collection\Collection method), 657
defaultCurrency() (Cake\View\Helper\NumberHelper element() (Cake\View\View method), 238
method), 296
Email (class in Cake\Network\Email), 527
defaultRouteClass() (Cake\Routing\Router method), emailPattern()
(Cake\Network\Email\Email
161
method), 533
delete() (Cake\Cache\Cache method), 489
emergency() (Cake\Log\Log method), 573
delete() (Cake\Cache\CacheEngine method), 493
enable() (Cake\Cache\Cache method), 492
delete() (Cake\Controller\Component\CookieComponent
enabled() (Cake\Cache\Cache method), 492
method), 208
encoding() (Cake\Network\Http\Response method),
delete() (Cake\Core\Configure method), 138
706
delete() (Cake\Filesystem\File method), 680
encrypt() (Cake\Utility\Security method), 599
delete() (Cake\Filesystem\Folder method), 677
end() (Cake\View\Helper\FormHelper method), 274
delete() (Cake\ORM\Table method), 423
Entity (class in Cake\ORM), 370
delete() (Session method), 613
env() (Cake\Network\Request method), 171
deleteAll() (Cake\ORM\Table method), 424
env() (global function), 738
deleteMany() (Cake\Cache\Cache method), 490
epilog()
(Cake\Console\ConsoleOptionParser
deny() (AuthComponent method), 204, 474
method), 505
description() (Cake\Console\ConsoleOptionParser error() (Cake\Log\Log method), 573
method), 505
error() (Cake\View\Helper\FormHelper method),
destroy() (Session method), 613
272
diff() (Cake\Utility\Hash method), 693
errors() (Cake\Filesystem\Folder method), 677
dimensions() (Cake\Utility\Hash method), 692
errors() (Cake\ORM\Entity method), 374
dirsize() (Cake\Filesystem\Folder method), 677
etag() (Cake\Network\Response method), 180
dirty() (Cake\ORM\Entity method), 373
every() (Cake\Collection\Collection method), 660
disable() (Cake\Cache\Cache method), 492
Exception, 539
disableCache() (Cake\Network\Response method), ExceptionRenderer (class in Cake\Core\Exception),
178
540
dispatchShell() (Cake\Console\Shell method), 500
excerpt() (Cake\Error\Debugger method), 521
doc (role), 101
excerpt() (Cake\Utility\Text method), 724
docType() (Cake\View\Helper\HtmlHelper method), excerpt() (Cake\View\Helper\TextHelper method),
285
315
domain() (Cake\Network\Request method), 174
executable() (Cake\Filesystem\File method), 680
dot notation, 792
execute() (Cake\Database\Connection method), 334
drop() (Cake\Cache\Cache method), 487
exists() (Cake\Filesystem\File method), 680
drop() (Cake\Core\Configure method), 139
expand() (Cake\Utility\Hash method), 690
drop() (Cake\Log\Log method), 573
expires() (Cake\Network\Response method), 180
dropTransport()
(Cake\Network\Email\Email ext() (Cake\Filesystem\File method), 680
method), 529
extensions() (Cake\Routing\Router method), 154
DRY, 792
extract() (Cake\Collection\Collection method), 657
DS (global constant), 739
extract() (Cake\Utility\Hash method), 684
DSN, 793
F
dump() (Cake\Core\Configure method), 139
dump() (Cake\Core\Configure\ConfigEngineInterface fallbacks() (Cake\Routing\Router method), 161
method), 141
File (class in Cake\Filesystem), 679
dump() (Cake\Error\Debugger method), 519
file extensions, 154
file() (Cake\Network\Response method), 177
file() (Cake\View\Helper\FormHelper method), 267
802
Index
803
804
Index
N
name (Cake\Filesystem\File property), 680
name() (Cake\Filesystem\File method), 681
namespaceSplit() (global function), 739
nest() (Cake\Collection\Collection method), 666
nest() (Cake\Utility\Hash method), 695
nestedList()
(Cake\View\Helper\HtmlHelper
method), 290
newQuery() (Cake\Database\Connection method),
335
next() (Cake\View\Helper\PaginatorHelper method),
303
nice() (Cake\I18n\Time method), 730
normalize() (Cake\Utility\Hash method), 695
normalizePath() (Cake\Filesystem\Folder method),
679
NotFoundException, 537
notice() (Cake\Log\Log method), 573
Index
NotImplementedException, 537
Number (class in Cake\I18n), 711
NumberHelper (class in Cake\View\Helper), 295
numbers()
(Cake\View\Helper\PaginatorHelper
method), 302
numeric() (Cake\Utility\Hash method), 692
O
offset() (Cake\Filesystem\File method), 681
open() (Cake\Filesystem\File method), 681
options()
(Cake\View\Helper\PaginatorHelper
method), 305
owner() (Cake\Filesystem\File method), 681
P
PaaS, 793
paginate() (Cake\Controller\Controller method), 190
PaginatorComponent
(class
in
Cake\Controller\Component), 215, 579
PaginatorHelper (class in Cake\View\Helper), 299
parseFileSize() (Cake\Utility\Text method), 720
passed arguments, 158
password()
(Cake\View\Helper\FormHelper
method), 262
path (Cake\Filesystem\File property), 680
path (Cake\Filesystem\Folder property), 676
path() (Cake\Core\App method), 651
path() (Cake\Core\Plugin method), 652
perms() (Cake\Filesystem\File method), 681
php:attr (directive), 103
php:attr (role), 104
php:class (directive), 102
php:class (role), 103
php:const (directive), 102
php:const (role), 103
php:exc (role), 104
php:exception (directive), 102
php:func (role), 103
php:function (directive), 102
php:global (directive), 102
php:global (role), 103
php:meth (role), 103
php:method (directive), 103
php:staticmethod (directive), 103
PhpConfig (class in Cake\Core\Configure\Engine),
141
pj() (global function), 739
plugin routing, 153
805
806
Index
scriptBlock()
(Cake\View\Helper\HtmlHelper
method), 290
scriptStart()
(Cake\View\Helper\HtmlHelper
method), 290
SECOND (global constant), 740
secure() (Cake\View\Helper\FormHelper method),
282
Security (class in Cake\Utility), 599
SecurityComponent (class), 211, 602
select() (Cake\View\Helper\FormHelper method),
265
send() (Cake\Network\Response method), 181
Session (class), 612
SessionHelper (class in Cake\View\Helper), 310
set() (Cake\Controller\Controller method), 186
set() (Cake\ORM\Entity method), 372
set() (Cake\View\View method), 233
setAction() (Cake\Controller\Controller method),
189
setUser() (AuthComponent method), 201, 470
sharable() (Cake\Network\Response method), 179
Shell (class in Cake\Console), 496
shuffle() (Cake\Collection\Collection method), 668
singularize() (Cake\Utility\Inflector method), 707
size() (Cake\Filesystem\File method), 681
skip() (Cake\Collection\Collection method), 669
slashTerm() (Cake\Filesystem\Folder method), 679
slug() (Cake\Utility\Inflector method), 709
some() (Cake\Collection\Collection method), 661
sort (Cake\Filesystem\Folder property), 676
sort() (Cake\Utility\Hash method), 693
sort() (Cake\View\Helper\PaginatorHelper method),
301
sortBy() (Cake\Collection\Collection method), 665
sortDir()
(Cake\View\Helper\PaginatorHelper
method), 302
sortKey()
(Cake\View\Helper\PaginatorHelper
method), 302
startup() (Cake\Console\Shell method), 504
statusCode()
(Cake\Network\Http\Response
method), 706
stopWhen() (Cake\Collection\Collection method),
659
store() (Cake\Core\Configure method), 139
stripLinks() (Cake\Utility\Text method), 722
stripLinks()
(Cake\View\Helper\TextHelper
method), 313
Index
style()
(Cake\View\Helper\HtmlHelper method),
283
subdomains() (Cake\Network\Request method), 174
submit() (Cake\View\Helper\FormHelper method),
273
sumOf() (Cake\Collection\Collection method), 662
T
Table (class in Cake\Database\Schema), 455
Table (class in Cake\ORM), 363, 379, 406, 423
tableCells()
(Cake\View\Helper\HtmlHelper
method), 292
tableHeaders()
(Cake\View\Helper\HtmlHelper
method), 291
tableize() (Cake\Utility\Inflector method), 708
TableRegistry (class in Cake\ORM), 369
tail() (Cake\Utility\Text method), 723
tail() (Cake\View\Helper\TextHelper method), 314
take() (Cake\Collection\Collection method), 669
templates()
(Cake\View\Helper\HtmlHelper
method), 293
templates()
(Cake\View\Helper\PaginatorHelper
method), 300
TESTS (global constant), 739
Text (class in Cake\Utility), 719
text() (Cake\View\Helper\FormHelper method), 262
textarea() (Cake\View\Helper\FormHelper method),
263
TextHelper (class in Cake\View\Helper), 311
through() (Cake\Collection\Collection method), 672
Time (class in Cake\I18n), 727
time() (Cake\View\Helper\FormHelper method),
269
TIME_START (global constant), 740
timeAgoInWords() (Cake\I18n\Time method), 730
TimeHelper (class in Cake\View\Helper), 316
TimestampBehavior (class in Cake\ORM\Behavior),
438
TMP (global constant), 740
tokenize() (Cake\Utility\Text method), 720
toList() (Cake\Utility\Text method), 725
toList() (Cake\View\Helper\TextHelper method),
315
toPercentage() (Cake\I18n\Number method), 713
toPercentage() (Cake\View\Helper\NumberHelper
method), 296
toQuarter() (Cake\I18n\Time method), 731
toReadableSize() (Cake\I18n\Number method), 713
807
toReadableSize() (Cake\View\Helper\NumberHelper
method), 297
trace() (Cake\Error\Debugger method), 520
trailing star, 146
transactional() (Cake\Database\Connection method),
335
TranslateBehavior (class in Cake\ORM\Behavior),
439
tree() (Cake\Filesystem\Folder method), 679
TreeBehavior (class in Cake\ORM\Behavior), 446
truncate() (Cake\Utility\Text method), 722
truncate() (Cake\View\Helper\TextHelper method),
313
Type (class in Cake\Database), 331
type() (Cake\Network\Response method), 176
X
Xml (class in Cake\Utility), 733
XmlView (class), 249
UnauthorizedException, 537
underscore() (Cake\Utility\Inflector method), 708
Z
unfold() (Cake\Collection\Collection method), 659
unlockedFields (SecurityComponent property), 213, zip() (Cake\Collection\Collection method), 664
604
unlockField()
(Cake\View\Helper\FormHelper
method), 281
updateAll() (Cake\ORM\Table method), 423
url() (Cake\Routing\Router method), 159
UrlHelper (class in Cake\View\UrlHelper), 317
user() (AuthComponent method), 201, 471
uuid() (Cake\Utility\Text method), 720
V
validatePost (SecurityComponent property), 213,
604
Validator (class in Cake\Validation), 643
variable() (Cake\Utility\Inflector method), 708
vary() (Cake\Network\Response method), 181
vendor/cakephp-plugins.php, 585
View (class in Cake\View), 231
viewClassMap()
(RequestHandlerComponent
method), 224
W
warning() (Cake\Log\Log method), 573
wasWithinLast() (Cake\I18n\Time method), 732
WEEK (global constant), 740
wrap() (Cake\Utility\Text method), 721
wrapBlock() (Cake\Utility\Text method), 721
writable() (Cake\Filesystem\File method), 681
808
Index