Cake PHP

Download as pdf or txt
Download as pdf or txt
You are on page 1of 820

CakePHP Cookbook Documentation

Release 3.x

Cake Software Foundation

July 31, 2015

Contents

CakePHP at a Glance
Conventions Over Configuration
The Model Layer . . . . . . . .
The View Layer . . . . . . . . .
The Controller Layer . . . . . .
CakePHP Request Cycle . . . .
Just the Start . . . . . . . . . . .
Additional Reading . . . . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

1
1
1
2
2
3
4
4

Quick Start Guide


11
Bookmarker Tutorial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Bookmarker Tutorial Part 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.0 Migration Guide


Requirements . . . . . . . . . . . . . . . . .
Upgrade Tool . . . . . . . . . . . . . . . . .
Application Directory Layout . . . . . . . . .
CakePHP should be installed with Composer
Namespaces . . . . . . . . . . . . . . . . . .
Removed Constants . . . . . . . . . . . . . .
Configuration . . . . . . . . . . . . . . . . .
New ORM . . . . . . . . . . . . . . . . . . .
Basics . . . . . . . . . . . . . . . . . . . . .
Debugging . . . . . . . . . . . . . . . . . . .
Object settings/configuration . . . . . . . . .
Cache . . . . . . . . . . . . . . . . . . . . .
Core . . . . . . . . . . . . . . . . . . . . . .
Console . . . . . . . . . . . . . . . . . . . .
Shell / Task . . . . . . . . . . . . . . . . . .
Event . . . . . . . . . . . . . . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

27
27
27
27
28
28
28
28
29
29
29
29
29
30
31
32
33
i

Log . . . . . . . . . .
Routing . . . . . . . .
Network . . . . . . . .
Sessions . . . . . . . .
Network\Http . . . . .
Network\Email . . . .
Controller . . . . . . .
Controller\Components
Model . . . . . . . . .
TestSuite . . . . . . . .
View . . . . . . . . . .
View\Helper . . . . . .
I18n . . . . . . . . . .
L10n . . . . . . . . . .
Testing . . . . . . . . .
Utility . . . . . . . . .
4

ii

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

33
34
36
36
37
37
37
39
41
42
43
45
49
50
50
51

Tutorials & Examples


Bookmarker Tutorial . . . . . . . . . . . . . . .
Bookmarker Tutorial Part 2 . . . . . . . . . . . .
Blog Tutorial . . . . . . . . . . . . . . . . . . .
Blog Tutorial - Part 2 . . . . . . . . . . . . . . .
Blog Tutorial - Part 3 . . . . . . . . . . . . . . .
Blog Tutorial - Authentication and Authorization

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

55
55
62
69
73
83
89

Contributing
Documentation . . . . . . . . .
Tickets . . . . . . . . . . . . . .
Code . . . . . . . . . . . . . . .
Coding Standards . . . . . . . .
Backwards Compatibility Guide

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

97
97
105
106
108
118

Installation
Requirements . . .
Installing CakePHP
Permissions . . . .
Development Server
Production . . . . .
Fire It Up . . . . .
URL Rewriting . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

123
123
124
125
125
126
127
127

.
.
.
.
.
.

133
133
135
136
136
138
140

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

Configuration
Configuring your Application . . . . . . .
Additional Class Paths . . . . . . . . . .
Inflection Configuration . . . . . . . . . .
Configure Class . . . . . . . . . . . . . .
Reading and writing configuration files . .
Creating your Own Configuration Engines

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

Built-in Configuration Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141


Bootstrapping CakePHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
8

Routing
Quick Tour . . . . . . . . . . . . . .
Connecting Routes . . . . . . . . . .
Creating RESTful Routes . . . . . . .
Passed Arguments . . . . . . . . . . .
Generating URLs . . . . . . . . . . .
Redirect Routing . . . . . . . . . . .
Custom Route Classes . . . . . . . .
Creating Persistent URL Parameters .
Handling Named Parameters in URLs
RequestActionTrait . . . . . . . . . .

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

145
145
147
155
158
159
160
161
162
162
163

Request & Response Objects


169
Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

10 Controllers
The App Controller . . . . . . . .
Request Flow . . . . . . . . . . .
Controller Actions . . . . . . . . .
Interacting with Views . . . . . .
Redirecting to Other Pages . . . .
Loading Additional Models . . . .
Paginating a Model . . . . . . . .
Configuring Components to Load .
Configuring Helpers to Load . . .
Request Life-cycle Callbacks . . .
More on Controllers . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

183
183
184
184
186
188
189
190
190
190
191
191

11 Views
The App View . . . . . . . . . .
View Templates . . . . . . . . .
Using View Blocks . . . . . . .
Layouts . . . . . . . . . . . . .
Elements . . . . . . . . . . . . .
Creating Your Own View Classes
More About Views . . . . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

231
231
232
234
236
238
242
242

.
.
.
.
.
.
.

12 Database Access & ORM


325
Quick Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
13 Authentication
461
Suggested Reading Before Continuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
iii

Configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475


Testing Actions Protected By AuthComponent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
14 Bake Console
477
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
15 Caching
Configuring Cache Class . . . . . . . . . . .
Writing to a Cache . . . . . . . . . . . . . .
Reading From a Cache . . . . . . . . . . . .
Deleting From a Cache . . . . . . . . . . . .
Clearing Cached Data . . . . . . . . . . . . .
Using Cache to Store Counters . . . . . . . .
Using Cache to Store Common Query Results
Using Groups . . . . . . . . . . . . . . . . .
Globally Enable or Disable Cache . . . . . .
Creating a Storage Engine for Cache . . . . .

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

485
486
487
489
489
490
490
491
491
492
492

16 Console & Shells


The CakePHP Console . . . . . . . . . .
Creating a Shell . . . . . . . . . . . . . .
Shell Tasks . . . . . . . . . . . . . . . .
Invoking Other Shells from Your Shell . .
Getting User Input . . . . . . . . . . . . .
Creating Files . . . . . . . . . . . . . . .
Console Output . . . . . . . . . . . . . .
Hook Methods . . . . . . . . . . . . . . .
Configuring Options and Generating Help
Routing in Shells / CLI . . . . . . . . . .
More Topics . . . . . . . . . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

495
495
497
498
500
500
501
501
504
504
511
512

17 Debugging
Basic Debugging . . . . . . .
Using the Debugger Class . . .
Outputting Values . . . . . . .
Logging With Stack Traces . .
Generating Stack Traces . . .
Getting an Excerpt From a File
Using Logging to Debug . . .
Debug Kit . . . . . . . . . . .

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

519
519
519
519
520
520
521
521
522

18 Deployment
Update config/app.php . . . . . . . . . .
Check Your Security . . . . . . . . . . .
Set Document Root . . . . . . . . . . . .
Improve Your Applications Performance

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

523
523
524
524
524

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

19 Email
527
Basic Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
iv

Configuration . . . . . . .
Setting Headers . . . . . .
Sending Templated Emails
Sending Attachments . . .
Using Transports . . . . .
Sending Messages Quickly
Sending Emails from CLI .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

528
530
530
532
533
534
534

20 Error & Exception Handling


Error & Exception Configuration . . . . . . . . . . . . . .
Creating your Own Error Handler . . . . . . . . . . . . .
Changing Fatal Error Behavior . . . . . . . . . . . . . . .
Exception Classes . . . . . . . . . . . . . . . . . . . . . .
Built in Exceptions for CakePHP . . . . . . . . . . . . . .
Using HTTP Exceptions in your Controllers . . . . . . . .
Exception Renderer . . . . . . . . . . . . . . . . . . . . .
Creating your own Application Exceptions . . . . . . . . .
Extending and Implementing your own Exception Handlers

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

535
535
536
536
537
537
539
540
540
541

21 Events System
Example Event Usage . . .
Accessing Event Managers
Registering Listeners . . .
Dispatching Events . . . .
Conclusion . . . . . . . .
Additional Reading . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.

545
545
546
547
549
552
552

22 Internationalization & Localization


Setting Up Translations . . . . . . . . . . . . . . . . . . .
Using Translation Functions . . . . . . . . . . . . . . . .
Creating Your Own Translators . . . . . . . . . . . . . . .
Localizing Dates and Numbers . . . . . . . . . . . . . . .
Automatically Choosing the Locale Based on Request Data

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

555
555
557
561
564
565

23 Logging
Logging Configuration . . .
Error and Exception Logging
Interacting with Log Streams
Using the FileLog Adapter .
Logging to Syslog . . . . . .
Writing to Logs . . . . . . .
Log API . . . . . . . . . . .
Logging Trait . . . . . . . .
Using Monolog . . . . . . .

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

567
567
569
570
570
570
571
572
574
574

.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

24 Modelless Forms
575
Creating a Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Processing Request Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576

Setting Form Values . . . . . . . . . . . . . . . . .


Getting Form Errors . . . . . . . . . . . . . . . . .
Invalidating Individual Form Fields from Controller
Creating HTML with FormHelper . . . . . . . . .

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

577
577
578
578

25 Pagination
Using Controller::paginate() . . . . . . . . . . . . . . . .
Using the Paginator Directly . . . . . . . . . . . . . . . .
Control which Fields Used for Ordering . . . . . . . . . .
Limit the Maximum Number of Rows that can be Fetched .
Joining Additional Associations . . . . . . . . . . . . . .
Out of Range Page Requests . . . . . . . . . . . . . . . .
Pagination in the View . . . . . . . . . . . . . . . . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

579
579
582
582
582
583
583
583

.
.
.
.
.
.
.
.
.
.
.

585
585
586
587
588
588
589
591
592
592
593
594

26 Plugins
Installing a Plugin With Composer .
Loading a Plugin . . . . . . . . . .
Plugin Configuration . . . . . . . .
Using Plugins . . . . . . . . . . . .
Creating Your Own Plugins . . . . .
Plugin Controllers . . . . . . . . . .
Plugin Models . . . . . . . . . . . .
Plugin Views . . . . . . . . . . . .
Plugin Assets . . . . . . . . . . . .
Components, Helpers and Behaviors
Expand Your Plugin . . . . . . . . .

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.

27 REST
595
The Simple Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
Accepting Input in Other Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
RESTful Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
28 Security
599
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Cross Site Request Forgery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
29 Sessions
Session Configuration . . . . . . . . . . .
Built-in Session Handlers & Configuration
Setting ini directives . . . . . . . . . . . .
Creating a Custom Session Handler . . .
Accessing the Session Object . . . . . . .
Reading & Writing Session Data . . . . .
Destroying the Session . . . . . . . . . .
Rotating Session Identifiers . . . . . . . .
Flash Messages . . . . . . . . . . . . . .
30 Testing
vi

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.

607
607
608
610
611
612
613
613
614
614
615

Installing PHPUnit . . . . . .
Test Database Setup . . . . . .
Checking the Test Setup . . . .
Test Case Conventions . . . .
Creating Your First Test Case .
Running Tests . . . . . . . . .
Test Case Lifecycle Callbacks
Fixtures . . . . . . . . . . . .
Testing Table Classes . . . . .
Controller Integration Testing .
Testing Views . . . . . . . . .
Testing Components . . . . . .
Testing Helpers . . . . . . . .
Creating Test Suites . . . . . .
Creating Tests for Plugins . . .
Generating Tests with Bake . .
Integration with Jenkins . . . .

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

615
616
616
617
617
618
620
620
626
628
633
634
635
637
637
639
639

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

643
643
648
649
650

.
.
.
.
.

651
651
651
652
652
652

.
.
.
.
.
.
.
.

655
655
655
657
660
661
665
666
668

34 Folder & File


Basic Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Folder API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
File API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

675
675
675
679

31 Validation
Creating Validators .
Validating Data . . .
Validating Entities . .
Core Validation Rules

.
.
.
.

.
.
.
.

.
.
.
.

.
.
.
.

32 App Class
Finding Classes . . . . . . .
Finding Paths to Namespaces
Locating Plugins . . . . . .
Locating Themes . . . . . .
Loading Vendor Files . . . .
33 Collections
Quick Example . . . .
List of Methods . . . .
Iterating . . . . . . . .
Filtering . . . . . . . .
Aggregation . . . . . .
Sorting . . . . . . . . .
Working with Tree Data
Other Methods . . . .

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.

.
.
.
.
.
.
.
.

35 Hash
683
Hash Path Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683

vii

36 Http Client
Doing Requests . . . . . . . . . . . .
Creating Multipart Requests with Files
Sending Request Bodies . . . . . . .
Request Method Options . . . . . . .
Authentication . . . . . . . . . . . . .
Creating Scoped Clients . . . . . . . .
Setting and Managing Cookies . . . .
Response Objects . . . . . . . . . . .

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

37 Inflector
Creating Plural & Singular Forms . . . . . .
Creating CamelCase and under_scored Forms
Creating Human Readable Forms . . . . . . .
Creating Table and Class Name Forms . . . .
Creating Variable Names . . . . . . . . . . .
Creating URL Safe Strings . . . . . . . . . .
Inflection Configuration . . . . . . . . . . . .
38 Number
Formatting Currency Values . . . . . .
Setting the Default Currency . . . . . .
Formatting Floating Point Numbers . .
Formatting Percentages . . . . . . . . .
Interacting with Human Readable Values
Formatting Numbers . . . . . . . . . .
Format Differences . . . . . . . . . . .

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

699
699
700
701
701
702
704
705
705

.
.
.
.
.
.
.

707
707
708
708
708
708
709
709

.
.
.
.
.
.
.

711
711
712
712
713
713
714
715

39 Registry Objects
717
Loading Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
Triggering Callbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
Disabling Callbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
40 Text
Generating UUIDs . . . . . . . . . .
Simple String Parsing . . . . . . . . .
Formatting Strings . . . . . . . . . .
Wrapping Text . . . . . . . . . . . . .
Highlighting Substrings . . . . . . . .
Removing Links . . . . . . . . . . . .
Truncating Text . . . . . . . . . . . .
Truncating the Tail of a String . . . .
Extracting an Excerpt . . . . . . . . .
Converting an Array to Sentence Form

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.
.
.

719
720
720
720
721
722
722
722
723
724
725

41 Time
727
Creating Time Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728
Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728

viii

Formatting . . . . . . . . . . . . .
Conversion . . . . . . . . . . . .
Comparing With the Present . . .
Comparing With Intervals . . . . .
Accepting Localized Request Data

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

729
731
731
732
732

42 Xml
733
Importing Data to Xml Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Transforming a XML String in Array . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
Transforming an Array into a String of XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
43 Constants & Functions
737
Global Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Core Definition Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Timing Definition Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
44 Debug Kit
Installation . . . . . . . . .
DebugKit Storage . . . . . .
Toolbar Usage . . . . . . . .
Using the History Panel . . .
Developing Your Own Panels

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

.
.
.
.
.

741
741
741
741
742
742

45 Migrations
Installation . . . . . . . . . . .
Overview . . . . . . . . . . . .
Creating Migrations . . . . . . .
Applying Migrations . . . . . .
Reverting Migrations . . . . . .
Migrations Status . . . . . . . .
Marking a migration as migrated
Using Migrations In Plugins . .

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

.
.
.
.
.
.
.
.

745
745
745
746
750
750
750
750
751

.
.
.
.
.

46 Appendices
753
3.0 Migration Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
47 Indices and Tables

795

PHP Namespace Index

797

Index

799

ix

CHAPTER 1

CakePHP at a Glance

CakePHP is designed to make common web-development tasks simple, and easy. By providing an all-in-one
toolbox to get you started the various parts of CakePHP work well together or separately.
The goal of this overview is to introduce the general concepts in CakePHP, and give you a quick overview
of how those concepts are implemented in CakePHP. If you are itching to get started on a project, you can
start with the tutorial, or dive into the docs.

Conventions Over Configuration


CakePHP provides a basic organizational structure that covers class names, filenames, database table names,
and other conventions. While the conventions take some time to learn, by following the conventions
CakePHP provides you can avoid needless configuration and make a uniform application structure that
makes working with various projects a breeze. The conventions chapter covers the various conventions that
CakePHP uses.

The Model Layer


The Model layer represents the part of your application that implements the business logic. It is responsible
for retrieving data and converting it into the primary meaningful concepts in your application. This includes
processing, validating, associating or other tasks related to handling data.
In the case of a social network, the Model layer would take care of tasks such as saving the user data, saving
friends associations, storing and retrieving user photos, finding suggestions for new friends, etc. The model
objects can be thought of as Friend, User, Comment, or Photo. If we wanted to load some data
from our users table we could do:
use Cake\ORM\TableRegistry;
$users = TableRegistry::get('Users');
$query = $users->find();
foreach ($query as $row) {

CakePHP Cookbook Documentation, Release 3.x

echo $row->username;
}

You may notice that we didnt have to write any code before we could start working with our data. By using
conventions, CakePHP will use standard classes for table and entity classes that have not yet been defined.
If we wanted to make a new user and save it (with validation) we would do something like:
use Cake\ORM\TableRegistry;
$users = TableRegistry::get('Users');
$user = $users->newEntity(['email' => '[email protected]']);
$users->save($user);

The View Layer


The View layer renders a presentation of modeled data. Being separate from the Model objects, it is responsible for using the information it has available to produce any presentational interface your application
might need.
For example, the view could use model data to render a HTML page containing it, or a XML formatted
result for others to consume:
// In a view file, we'll render an 'element' for each user.
<?php foreach ($users as $user): ?>
<div class="user">
<?= $this->element('user', ['user' => $user]) ?>
</div>
<?php endforeach; ?>

The View layer provides a number of extension points like Elements and View Cells to let you easily re-use
your presentation logic.
The View layer is not only limited to HTML or text representation of the data. It can be used to deliver
common data formats like JSON, XML, and through a pluggable architecture any other format you may
need.

The Controller Layer


The Controller layer handles requests from users. It is responsible for rendering a response with the aid of
both the Model and the View layers.
A controller can be seen as a manager that ensures that all resources needed for completing a task are
delegated to the correct workers. It waits for petitions from clients, checks their validity according to authentication or authorization rules, delegates data fetching or processing to the model, selects the type of
presentational data that the clients are accepting, and finally delegates the rendering process to the View
layer. An example of a user registration controller would be:

Chapter 1. CakePHP at a Glance

CakePHP Cookbook Documentation, Release 3.x

public function add()


{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user, ['validate' => 'registration'])) {
$this->Flash->success(__('You are now registered.'));
} else {
$this->Flash->error(__('There were some problems.'));
}
}
$this->set('user', $user);
}

You may notice that we never explicitly rendered a view. CakePHPs conventions will take care of selecting
the right view and rendering it with the view data we prepared with set().

CakePHP Request Cycle


Now that you are familiar with the different layers in CakePHP, lets review how a request cycle works in
CakePHP:

The typical CakePHP request cycle starts with a user requesting a page or resource in your application. At
CakePHP Request Cycle

CakePHP Cookbook Documentation, Release 3.x

a high level each request goes through the following steps:


1. The webserver rewrite rules direct the request to webroot/index.php.
2. Your applications autoloader and bootstrap files are executed.
3. Any dispatch filters that are configured can handle the request, and optionally generate a response.
4. The dispatcher selects the appropriate controller & action based on routing rules.
5. The controllers action is called and the controller interacts with the required Models and Components.
6. The controller delegates response creation to the View to generate the output resulting from the model
data.
7. The view uses Helpers and Cells to generate the response body and headers.
8. The response is sent back to the client.

Just the Start


Hopefully this quick overview has piqued your interest. Some other great features in CakePHP are:
A caching framework that integrates with Memcache, Redis and other backends.
Powerful code generation tools so you can hit the ground running.
Integrated testing framework so you can ensure your code works perfectly.
The next obvious steps are to download CakePHP, read the tutorial and build something awesome.

Additional Reading
Where to Get Help
The Official CakePHP website
http://www.cakephp.org
The Official CakePHP website is always a great place to visit. It features links to oft-used developer tools,
screencasts, donation opportunities, and downloads.
The Cookbook
http://book.cakephp.org
This manual should probably be the first place you go to get answers. As with many other open source
projects, we get new folks regularly. Try your best to answer your questions on your own first. Answers
may come slower, but will remain longer and youll also be lightening our support load. Both the manual
and the API have an online component.

Chapter 1. CakePHP at a Glance

CakePHP Cookbook Documentation, Release 3.x

The Bakery
http://bakery.cakephp.org
The CakePHP Bakery is a clearing house for all things regarding CakePHP. Check it out for tutorials, case
studies, and code examples. Once youre acquainted with CakePHP, log on and share your knowledge with
the community and gain instant fame and fortune.
The API
http://api.cakephp.org/
Straight to the point and straight from the core developers, the CakePHP API (Application Programming
Interface) is the most comprehensive documentation around for all the nitty gritty details of the internal
workings of the framework. Its a straight forward code reference, so bring your propeller hat.
The Test Cases
If you ever feel the information provided in the API is not sufficient, check out the code of the test cases
provided with CakePHP. They can serve as practical examples for function and data member usage for a
class.
tests/TestCase/

The IRC Channel


IRC Channels on irc.freenode.net:
#cakephp General Discussion
#cakephp-docs Documentation
#cakephp-bakery Bakery
#cakephp-fr French Canal.
If youre stumped, give us a holler in the CakePHP IRC channel. Someone from the development team1 is
usually there, especially during the daylight hours for North and South America users. Wed love to hear
from you, whether you need some help, want to find users in your area, or would like to donate your brand
new sports car.
Official CakePHP discussion group
CakePHP Google Group2
CakePHP also has its official discusson group on Google Groups. There are thousands of people discussing
CakePHP projects, helping each other, solving problems, building projects and sharing ideas. It can be a
1
2

https://github.com/cakephp?tab=members
http://groups.google.com/group/cake-php

Additional Reading

CakePHP Cookbook Documentation, Release 3.x

great resource for finding archived answers, frequently asked questions, and getting answers to immediate
problems. Join other CakePHP users and start discussing.
Stackoverflow
http://stackoverflow.com/3
Tag your questions with cakephp and the specific version you are using to enable existing users of stackoverflow to find your questions.
Where to get Help in your Language
French

French CakePHP Community4


Brazilian Portuguese

Brazilian CakePHP Community5

CakePHP Conventions
We are big fans of convention over configuration. While it takes a bit of time to learn CakePHPs conventions, you save time in the long run. By following conventions, you get free functionality, and you liberate
yourself from the maintenance nightmare of tracking config files. Conventions also make for a very uniform
development experience, allowing other developers to jump in and help more easily.
Controller Conventions
Controller class names are plural, CamelCased, and end in Controller. PeopleController and
LatestArticlesController are both examples of conventional controller names.
Public methods on Controllers are often exposed as actions accessible through a web browser. For example
the /articles/view maps to the view() method of the ArticlesController out of the box.
Protected or private methods cannot be accessed with routing.
URL Considerations for Controller Names

As youve just seen, single word controllers map easily to a simple lower case URL path. For example,
ApplesController (which would be defined in the file name ApplesController.php) is accessed from
http://example.com/apples.
3

http://stackoverflow.com/questions/tagged/cakephp/
http://cakephp-fr.org
5
http://cakephp-br.org
4

Chapter 1. CakePHP at a Glance

CakePHP Cookbook Documentation, Release 3.x

Multiple word controllers can be any inflected form which equals the controller name so:
/redApples
/RedApples
/Red_apples
/red_apples
Will all resolve to the index of the RedApples controller. However, the convention is that your URLs are
lowercase and dashed using the DashedRoute class, therefore /red-apples/go-pick is the correct
form to access the RedApplesController::goPick() action.
For more information on CakePHP URLs and parameter handling, see Connecting Routes.
File and Class Name Conventions
In general, filenames match the class names, and follow the PSR-0 or PSR-4 standards for autoloading. The
following are some examples of class names and their filenames:
The Controller class KissesAndHugsController would be found in a file named KissesAndHugsController.php
The Component class MyHandyComponent would be found in a file named MyHandyComponent.php
The Table class OptionValuesTable would be found in a file named OptionValuesTable.php.
The Entity class OptionValue would be found in a file named OptionValue.php.
The Behavior class EspeciallyFunkableBehavior would be found in a file named EspeciallyFunkableBehavior.php
The View class SuperSimpleView would be found in a file named SuperSimpleView.php
The Helper class BestEverHelper would be found in a file named BestEverHelper.php
Each file would be located in the appropriate folder/namespace in your app folder.
Model and Database Conventions
Table class names are plural and CamelCased. People, BigPeople, and ReallyBigPeople are all examples of
conventional model names.
Table names corresponding to CakePHP models are plural and underscored. The underlying tables for the
above mentioned models would be people, big_people, and really_big_people, respectively.
You can use the utility library Cake\Utility\Inflector to check the singular/plural of words. See
the Inflector for more information.
Field names with two or more words are underscored: first_name.
Foreign keys in hasMany, belongsTo or hasOne relationships are recognized by default as the (singular)
name of the related table followed by _id. So if Bakers hasMany Cakes, the cakes table will refer to the

Additional Reading

CakePHP Cookbook Documentation, Release 3.x

bakers table via a baker_id foreign key. For a table like category_types whose name contains multiple words,
the foreign key would be category_type_id.
Join tables, used in BelongsToMany relationships between models, should be named after the model tables
they will join, arranged in alphabetical order (apples_zebras rather than zebras_apples).
Rather than using an auto-increment key as the primary key, you may also use char(36). CakePHP will then
use a unique 36 character UUID (Text::uuid) whenever you save a new record using the Table::save()
method.
View Conventions
View template files are named after the controller functions they display, in an underscored
form. The getReady() function of the PeopleController class will look for a view template in
src/Template/People/get_ready.ctp.
The basic pattern is src/Template/Controller/underscored_function_name.ctp.
By naming the pieces of your application using CakePHP conventions, you gain functionality without the
hassle and maintenance tethers of configuration. Heres a final example that ties the conventions together:
Database table: people
Table class: PeopleTable, found at src/Model/Table/PeopleTable.php
Entity class: Person, found at src/Model/Entity/Person.php
Controller class: PeopleController, found at src/Controller/PeopleController.php
View template, found at src/Template/People/index.ctp
Using these conventions, CakePHP knows that a request to http://example.com/people/ maps to a call on
the index() function of the PeopleController, where the Person model is automatically available (and
automatically tied to the people table in the database), and renders to a file. None of these relationships
have been configured by any means other than by creating classes and files that youd need to create anyway.
Now that youve been introduced to CakePHPs fundamentals, you might try a run through the Bookmarker
Tutorial to see how things fit together.

CakePHP Folder Structure


After youve downloaded and extracted the CakePHP application, these are the files and folders you should
see:
bin
config
logs
plugins
src
tests
8

Chapter 1. CakePHP at a Glance

CakePHP Cookbook Documentation, Release 3.x

tmp
vendor
webroot
.htaccess
composer.json
index.php
README.md
Youll notice a few top level folders:
The bin folder holds the Cake console executables.
The config folder holds the (few) Configuration files CakePHP uses. Database connection details,
bootstrapping, core configuration files and more should be stored here.
The plugins folder is where the Plugins your application uses are stored.
The logs folder normally contains your log files, depending on your log configuration.
The src folder will be where you work your magic: its where your applications files will be placed.
The tests folder will be where you put the test cases for your application.
The tmp folder is where CakePHP stores temporary data. The actual data it stores depends on how you
have CakePHP configured, but this folder is usually used to store model descriptions and sometimes
session information.
The vendor folder is where CakePHP and other application dependencies will be installed. Make a
personal commitment not to edit files in this folder. We cant help you if youve modified the core.
The webroot directory is the public document root of your application. It contains all the files you
want to be publically reachable.
Make sure that the tmp and logs folders exist and are writable, otherwise the performance of your
application will be severely impacted. In debug mode, CakePHP will warn you, if it is not the case.
The src Folder
CakePHPs src folder is where you will do most of your application development. Lets look a little closer
at the folders inside src.
Console Contains the console commands and console tasks for your application. For more information see
Console & Shells.
Controller Contains your applications controllers and their components.
Locale Stores string files for internationalization.
Model Contains your applications tables, entities and behaviors.
View Presentational classes are placed here: cells, helpers, and template files.

Additional Reading

CakePHP Cookbook Documentation, Release 3.x

Template Presentational files are placed here: elements, error pages, layouts, and view template files.

10

Chapter 1. CakePHP at a Glance

CHAPTER 2

Quick Start Guide

The best way to experience and learn CakePHP is to sit down and build something. To start off well build
a simple bookmarking application.

Bookmarker Tutorial
This tutorial will walk you through the creation of a simple bookmarking application (bookmarker). To start
with, well be installing CakePHP, creating our database, and using the tools CakePHP provides to get our
application up fast.
Heres what youll need:
1. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
2. Basic PHP knowledge.
Lets get started!

Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php

Or, you can download composer.phar from the Composer website1 .


Then simply type the following line in your terminal from your installation directory to install the CakePHP
application skeleton in the bookmarker directory:
1

https://getcomposer.org/download/

11

CakePHP Cookbook Documentation, Release 3.x

php composer.phar create-project --prefer-dist cakephp/app bookmarker

If you downloaded and ran the Composer Windows Installer2 , then type the following line in your terminal
from your installation directory (ie. C:\wamp\www\dev\cakephp3):
composer create-project --prefer-dist cakephp/app bookmarker

The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/bookmarker
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md

Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.

Checking our Installation


We can quickly check that our installation is correct, by checking the default home page. Before you can do
that, youll need to start the development server:
bin/cake server

Note: For Windows, the command needs to be bin\cake (note the backslash).
This will start PHPs built-in webserver on port 8765. Open up http://localhost:8765 in your web browser to
see the welcome page. All the bullet points should be checkmarks other than CakePHP being able to connect
to your database. If not, you may need to install additional PHP extensions, or set directory permissions.
2

12

https://getcomposer.org/Composer-Setup.exe

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

Creating the Database


Next, lets set up the database for our bookmarking application. If you havent already done so, create an
empty database for use in this tutorial, with a name of your choice, e.g. cake_bookmarks. You can
execute the following SQL to create the necessary tables:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
created DATETIME,
modified DATETIME
);
CREATE TABLE bookmarks (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
title VARCHAR(50),
description TEXT,
url TEXT,
created DATETIME,
modified DATETIME,
FOREIGN KEY user_key (user_id) REFERENCES users(id)
);
CREATE TABLE tags (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255),
created DATETIME,
modified DATETIME,
UNIQUE KEY (title)
);
CREATE TABLE bookmarks_tags (
bookmark_id INT NOT NULL,
tag_id INT NOT NULL,
PRIMARY KEY (bookmark_id, tag_id),
FOREIGN KEY tag_key(tag_id) REFERENCES tags(id),
FOREIGN KEY bookmark_key(bookmark_id) REFERENCES bookmarks(id)
);

You may have noticed that the bookmarks_tags table used a composite primary key. CakePHP supports
composite primary keys almost everywhere, making it easier to build multi-tenanted applications.
The table and column names we used were not arbitrary. By using CakePHPs naming conventions, we
can leverage CakePHP better and avoid having to configure the framework. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.

Bookmarker Tutorial

13

CakePHP Cookbook Documentation, Release 3.x

Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:
return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cakephp',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_bookmarks',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
],
],
// More configuration below.
];

Once youve saved your config/app.php file, you should see that CakePHP is able to connect to the
database section have a checkmark.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.

Generating Scaffold Code


Because our database is following the CakePHP conventions, we can use the bake console application to
quickly generate a basic application. In your command line run the following commands:
// On Windows
bin/cake bake
bin/cake bake
bin/cake bake

you'll need to use bin\cake instead.


all users
all bookmarks
all tags

This will generate the controllers, models, views, their corresponding test cases, and fixtures for
our users, bookmarks and tags resources. If youve stopped your server, restart it and go to
http://localhost:8765/bookmarks.
You should see a basic but functional application providing data access to your applications database tables.
Once youre at the list of bookmarks, add a few users, bookmarks, and tags.
Note: If you see a Not Found (404) page, confirm that the Apache mod_rewrite module is loaded.
14

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

Adding Password Hashing


When you created your users, you probably noticed that the passwords were stored in plain text. This is
pretty bad from a security point of view, so lets get that fixed.
This is also a good time to talk about the model layer in CakePHP. In CakePHP, we separate the methods
that operate on a collection of objects, and a single object into different classes. Methods that operate on the
collection of entities are put in the Table class, while features belonging to a single record are put on the
Entity class.
For example, password hashing is done on the individual record, so well implement this behavior on the
entity object. Because, we want to hash the password each time it is set, well use a mutator/setter method.
CakePHP will call convention based setter methods any time a property is set in one of your entities. Lets
add a setter for the password. In src/Model/Entity/User.php add the following:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// Code from bake.
protected function _setPassword($value)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
}
}

Now update one of the users you created earlier, if you change their password, you should see a hashed
password instead of the original value on the list or view pages. CakePHP hashes passwords with bcrypt3
by default. You can also use sha1 or md5 if youre working with an existing database.

Getting Bookmarks with a Specific Tag


Now that were storing passwords safely, we can build out some more interesting features in our application.
Once youve amassed a collection of bookmarks, it is helpful to be able to search through them by tag. Next
well implement a route, controller action, and finder method to search through bookmarks by tag.
Ideally, wed have a URL that looks like http://localhost:8765/bookmarks/tagged/funny/cat/gifs. This
would let us find all the bookmarks that have the funny, cat or gifs tags. Before we can implement this,
well add a new route. Your config/routes.php should look like:
3

http://codahale.com/how-to-safely-store-a-password/

Bookmarker Tutorial

15

CakePHP Cookbook Documentation, Release 3.x

<?php
use Cake\Routing\Router;
Router::defaultRouteClass('Route');
// New route we're adding for our tagged action.
// The trailing `*` tells CakePHP that this action has
// passed parameters.
Router::scope(
'/bookmarks',
['controller' => 'Bookmarks'],
function ($routes) {
$routes->connect('/tagged/*', ['action' => 'tags']);
}
);
Router::scope('/', function ($routes) {
// Connect the default routes.
$routes->fallbacks('InflectedRoute');
});

The above defines a new route which connects the /bookmarks/tagged/* path, to
BookmarksController::tags(). By defining routes, you can isolate how your URLs look,
from how they are implemented. If we were to visit http://localhost:8765/bookmarks/tagged, we would
see a helpful error page from CakePHP informing you that the controller action does not exist. Lets
implement that missing method now. In src/Controller/BookmarksController.php add the following:
public function tags()
{
// The 'pass' key is provided by CakePHP and contains all
// the passed URL path segments in the request.
$tags = $this->request->params['pass'];
// Use the BookmarksTable to find tagged bookmarks.
$bookmarks = $this->Bookmarks->find('tagged', [
'tags' => $tags
]);
// Pass variables into the view template context.
$this->set([
'bookmarks' => $bookmarks,
'tags' => $tags
]);
}

To access other parts of the request data, consult the Request section.
Creating the Finder Method
In CakePHP we like to keep our controller actions slim, and put most of our applications logic in the models.
If you were to visit the /bookmarks/tagged URL now you would see an error that the findTagged()

16

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

method has not been implemented yet, so lets do that. In src/Model/Table/BookmarksTable.php add the
following:
// The $query argument is a query builder instance.
// The $options array will contain the 'tags' option we passed
// to find('tagged') in our controller action.
public function findTagged(Query $query, array $options)
{
return $this->find()
->distinct(['Bookmarks.id'])
->matching('Tags', function ($q) use ($options) {
return $q->where(['Tags.title IN' => $options['tags']]);
});
}

We just implemented a custom finder method. This is a very powerful concept in CakePHP that allows you to
package up re-usable queries. Finder methods always get a Query Builder object and an array of options as
parameters. Finders can manipulate the query and add any required conditions or criteria. When complete,
finder methods must return a modified query object. In our finder weve leveraged the distinct()
and matching() methods which allow us to find distinct bookmarks that have a matching tag. The
matching() method accepts an anonymous function4 that receives a query builder as its argument. Inside
the callback we use the query builder to define conditions that will filter bookmarks that have specific tags.
Creating the View
Now if you visit the /bookmarks/tagged URL, CakePHP will show an error letting you know that
you have not made a view file. Next, lets build the view file for our tags() action. In
src/Template/Bookmarks/tags.ctp put the following content:
<h1>
Bookmarks tagged with
<?= $this->Text->toList($tags) ?>
</h1>
<section>
<?php foreach ($bookmarks as $bookmark): ?>
<article>
<!-- Use the HtmlHelper to create a link -->
<h4><?= $this->Html->link($bookmark->title, $bookmark->url) ?></h4>
<small><?= h($bookmark->url) ?></small>
<!-- Use the TextHelper to format text -->
<?= $this->Text->autoParagraph($bookmark->description) ?>
</article>
<?php endforeach; ?>
</section>

In the above code we use the Html and Text helpers to assist in generating our view output. We also use
the h shortcut function to HTML encode output. You should remember to always use h() when outputting
user data to prevent HTML injection issues.
4

http://php.net/manual/en/functions.anonymous.php

Bookmarker Tutorial

17

CakePHP Cookbook Documentation, Release 3.x

The tags.ctp file we just created follows the CakePHP conventions for view template files. The convention is to have the template use the lower case and underscored version of the controller action name.
You may notice that we were able to use the $tags and $bookmarks variables in our view. When we use
the set() method in our controllers we set specific variables to be sent to the view. The view will make
all passed variables available in the templates as local variables.
You should now be able to visit the /bookmarks/tagged/funny URL and see all the bookmarks tagged with
funny.
So far, weve created a basic application to manage bookmarks, tags and users. However, everyone can see
everyone elses tags. In the next chapter, well implement authentication and restrict the visible bookmarks
to only those that belong to the current user.
Now continue to Bookmarker Tutorial Part 2 to continue building your application or dive into the
documentation to learn more about what CakePHP can do for you.

Bookmarker Tutorial Part 2


After finishing the first part of this tutorial you should have a very basic bookmarking application. In this
chapter well be adding authentication and restricting the bookmarks each user can see/modify to only the
ones they own.

Adding Login
In CakePHP, authentication is handled by Components. Components can be thought of as ways to create
reusable chunks of controller code related to a specific feature or concept. Components can also hook into
the controllers event life-cycle and interact with your application that way. To get started, well add the
AuthComponent to our application. Well pretty much want every method to require authentication, so well
add AuthComponent in our AppController:
// In src/Controller/AppController.php
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],

18

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

'loginAction' => [
'controller' => 'Users',
'action' => 'login'
]
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
}

Weve just told CakePHP that we want to load the Flash and Auth components. In addition, weve
customized the configuration of AuthComponent, as our users table uses email as the username. Now, if
you go to any URL youll be kicked to /users/login, which will show an error page as we have not written
that code yet. So lets create the login action:
// In src/Controller/UsersController.php
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}

And in src/Template/Users/login.ctp add the following:


<h1>Login</h1>
<?= $this->Form->create() ?>
<?= $this->Form->input('email') ?>
<?= $this->Form->input('password') ?>
<?= $this->Form->button('Login') ?>
<?= $this->Form->end() ?>

Now that we have a simple login form, we should be able to log in with one of the users that has a hashed
password.
Note: If none of your users have hashed passwords, comment the loadComponent(Auth) line.
Then go and edit the user, saving a new password for them.
You should now be able to log in. If not, make sure you are using a user that has a hashed password.

Bookmarker Tutorial Part 2

19

CakePHP Cookbook Documentation, Release 3.x

Adding Logout
Now that people can log in, youll probably want to provide a way to log out as well. Again, in the
UsersController, add the following code:
public function logout()
{
$this->Flash->success('You are now logged out.');
return $this->redirect($this->Auth->logout());
}

Now you can visit /users/logout to log out and be sent to the login page.

Enabling Registrations
If you arent logged in and you try to visit /users/add you will be kicked to the login page. We should fix that
as well if we want people to sign up for our application. In the UsersController add the following:
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow(['add']);
}

The above tells AuthComponent that the add() action does not require authentication or authorization.
You may want to take the time to clean up the Users/add.ctp and remove the misleading links, or continue
on to the next section. We wont be building out user editing, viewing or listing in this tutorial so they will
not work as AuthComponent will deny you access to those controller actions.

Restricting Bookmark Access


Now that users can log in, well want to limit the bookmarks they can see to the ones they made. Well do
this using an authorization adapter. Since our requirements are pretty simple, we can write some simple
code in our BookmarksController. But before we do that, well want to tell the AuthComponent how
our application is going to authorize actions. In your AppController add the following:
public function isAuthorized($user)
{
return false;
}

Also, add the following to the configuration for Auth in your AppController:
'authorize' => 'Controller',

Your initialize() method should now look like:


public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize'=> 'Controller',//added this line

20

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => $this->referer()
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}

Well default to denying access, and incrementally grant access where it makes sense. First, well add the
authorization logic for bookmarks. In your BookmarksController add the following:
public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['index', 'add', 'tags'])) {
return true;
}
// All other actions require an id.
if (empty($this->request->params['pass'][0])) {
return false;
}
// Check that the bookmark belongs to the current user.
$id = $this->request->params['pass'][0];
$bookmark = $this->Bookmarks->get($id);
if ($bookmark->user_id == $user['id']) {
return true;
}
return parent::isAuthorized($user);
}

Now if you try to view, edit or delete a bookmark that does not belong to you, you should be redirected back
to the page you came from. However, there is no error message being displayed, so lets rectify that next:
// In src/Template/Layout/default.ctp
// Under the existing flash message.
<?= $this->Flash->render('auth') ?>

You should now see the authorization error messages.

Bookmarker Tutorial Part 2

21

CakePHP Cookbook Documentation, Release 3.x

Fixing List view and Forms


While view and delete are working, edit, add and index have a few problems:
1. When adding a bookmark you can choose the user.
2. When editing a bookmark you can choose the user.
3. The list page shows bookmarks from other users.
Lets tackle the add form first.
To begin with remove the input(user_id) from
src/Template/Bookmarks/add.ctp. With that removed, well also update the add() action from
src/Controller/BookmarksController.php to look like:
public function add()
{
$bookmark = $this->Bookmarks->newEntity();
if ($this->request->is('post')) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}

By setting the entity property with the session data, we remove any possibility of the user modifying which
user a bookmark is for. Well do the same for the edit form and action. Your edit() action from
src/Controller/BookmarksController.php should look like:
public function edit($id = null)
{
$bookmark = $this->Bookmarks->get($id, [
'contain' => ['Tags']
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}

22

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

List View
Now, we only need to show bookmarks for the currently logged in user. We can do that by updating the call
to paginate(). Make your index() action from src/Controller/BookmarksController.php look like:
public function index()
{
$this->paginate = [
'conditions' => [
'Bookmarks.user_id' => $this->Auth->user('id'),
]
];
$this->set('bookmarks', $this->paginate($this->Bookmarks));
$this->set('_serialize', ['bookmarks']);
}

We should also update the tags() action and the related finder method, but well leave that as an exercise
you can complete on your own.

Improving the Tagging Experience


Right now, adding new tags is a difficult process, as the TagsController disallows all access. Instead
of allowing access, we can improve the tag selection UI by using a comma separated text field. This will let
us give a better experience to our users, and use some more great features in the ORM.
Adding a Computed Field
Because well want a simple way to access the formatted tags for an entity, we can add a virtual/computed
field to the entity. In src/Model/Entity/Bookmark.php add the following:
use Cake\Collection\Collection;
protected function _getTagString()
{
if (isset($this->_properties['tag_string'])) {
return $this->_properties['tag_string'];
}
if (empty($this->tags)) {
return '';
}
$tags = new Collection($this->tags);
$str = $tags->reduce(function ($string, $tag) {
return $string . $tag->title . ', ';
}, '');
return trim($str, ', ');
}

This will let us access the $bookmark->tag_string computed property. Well use this property in
inputs later on. Remember to add the tag_string property to the _accessible list in your entity, as
well want to save it later on.

Bookmarker Tutorial Part 2

23

CakePHP Cookbook Documentation, Release 3.x

In src/Model/Entity/Bookmark.php add the tag_string to $_accessible this way:


protected $_accessible = [
'user_id' => true,
'title' => true,
'description' => true,
'url' => true,
'user' => true,
'tags' => true,
'tag_string' => true,
];

Updating the Views


With the entity updated we can add a new input for our tags. In src/Template/Bookmarks/add.ctp and
src/Template/Bookmarks/edit.ctp, replace the existing tags._ids input with the following:
echo $this->Form->input('tag_string', ['type' => 'text']);

Persisting the Tag String


Now that we can view existing tags as a string, well want to save that data as well. Because we marked the
tag_string as accessible, the ORM will copy that data from the request into our entity. We can use a
beforeSave() hook method to parse the tag string and find/build the related entities. Add the following
to src/Model/Table/BookmarksTable.php:
public function beforeSave($event, $entity, $options)
{
if ($entity->tag_string) {
$entity->tags = $this->_buildTags($entity->tag_string);
}
}
protected function _buildTags($tagString)
{
$new = array_unique(array_map('trim', explode(',', $tagString)));
$out = [];
$query = $this->Tags->find()
->where(['Tags.title IN' => $new]);
// Remove existing tags from the list of new tags.
foreach ($query->extract('title') as $existing) {
$index = array_search($existing, $new);
if ($index !== false) {
unset($new[$index]);
}
}
// Add existing tags.
foreach ($query as $tag) {
$out[] = $tag;
}

24

Chapter 2. Quick Start Guide

CakePHP Cookbook Documentation, Release 3.x

// Add new tags.


foreach ($new as $tag) {
$out[] = $this->Tags->newEntity(['title' => $tag]);
}
return $out;
}

While this code is a bit more complicated than what weve done so far, it helps to showcase how powerful
the ORM in CakePHP is. You can easily manipulate query results using the Collections methods, and handle
scenarios where you are creating entities on the fly with ease.

Wrapping Up
Weve expanded our bookmarking application to handle authentication and basic authorization/access control scenarios. Weve also added some nice UX improvements by leveraging the FormHelper and ORM
capabilities.
Thanks for taking the time to explore CakePHP. Next, you can complete the Blog Tutorial, learn more about
the Database Access & ORM, or you can peruse the /topics.

Bookmarker Tutorial Part 2

25

CakePHP Cookbook Documentation, Release 3.x

26

Chapter 2. Quick Start Guide

CHAPTER 3

3.0 Migration Guide

This page summarizes the changes from CakePHP 2.x that will assist in migrating a project to 3.0, as well
as a reference to get up to date with the changes made to the core since the CakePHP 2.x branch. Be sure to
read the other pages in this guide for all the new features and API changes.

Requirements
CakePHP 3.x supports PHP Version 5.4.16 and above.
CakePHP 3.x requires the mbstring extension.
CakePHP 3.x requires the intl extension.
Warning: CakePHP 3.0 will not work if you do not meet the above requirements.

Upgrade Tool
While this document covers all the breaking changes and improvements made in CakePHP 3.0, weve also
created a console application to help you easily complete some of the time consuming mechanical changes.
You can get the upgrade tool from github1 .

Application Directory Layout


The application directory layout has changed and now follows PSR-42 . You should use the app skeleton3
project as a reference point when updating your application.
1

https://github.com/cakephp/upgrade
http://www.php-fig.org/psr/psr-4/
3
https://github.com/cakephp/app
2

27

CakePHP Cookbook Documentation, Release 3.x

CakePHP should be installed with Composer


Since CakePHP can no longer easily be installed via PEAR, or in a shared directory, those options are no
longer supported. Instead you should use Composer4 to install CakePHP into your application.

Namespaces
All of CakePHPs core classes are now namespaced and follow PSR-4 autoloading specifications. For
example src/Cache/Cache.php is namespaced as Cake\Cache\Cache. Global constants and helper
methods like __() and debug() are not namespaced for convenience sake.

Removed Constants
The following deprecated constants have been removed:
IMAGES
CSS
JS
IMAGES_URL
JS_URL
CSS_URL
DEFAULT_LANGUAGE

Configuration
Configuration in CakePHP 3.0 is significantly different than in previous versions. You should read the
Configuration documentation for how configuration is done in 3.0.
You can no longer use App::build() to configure additional class paths. Instead you should map additional paths using your applications autoloader. See the section on Additional Class Paths for more
information.
Three new configure variables provide the path configuration for plugins, views and locale files. You can
add multiple paths to App.paths.templates, App.paths.plugins, App.paths.locales to
configure multiple paths for templates, plugins and locale files respectively.
The config key www_root has been changed to wwwRoot for consistency. Please adjust your app.php
config file as well as any usage of Configure::read(App.wwwRoot).
4

28

http://getcomposer.org

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

New ORM
CakePHP 3.0 features a new ORM that has been re-built from the ground up. The new ORM is significantly different and incompatible with the previous one. Upgrading to the new ORM will require extensive
changes in any application that is being upgraded. See the new Database Access & ORM documentation for
information on how to use the new ORM.

Basics
LogError() was removed, it provided no benefit and is rarely/never used.
The following global functions have been removed: config(), cache(), clearCache(),
convertSlashes(), am(), fileExistsInPath(), sortByKey().

Debugging
Configure::write(debug, $bool) does not support 0/1/2 anymore. A simple boolean
is used instead to switch debug mode on or off.

Object settings/configuration
Objects used in CakePHP now have a consistent instance-configuration storage/retrieval system. Code
which previously accessed for example: $object->settings should instead be updated to use
$object->config().

Cache
Memcache engine has been removed, use Cake\Cache\Cache\Engine\Memcached instead.
Cache engines are now lazy loaded upon first use.
Cake\Cache\Cache::engine() has been added.
Cake\Cache\Cache::enabled() has been added. This replaced the Cache.disable configure option.
Cake\Cache\Cache::enable() has been added.
Cake\Cache\Cache::disable() has been added.
Cache configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Cache::set() has been removed. It is recommended that you create multiple cache configurations
to replace runtime configuration tweaks previously possible with Cache::set().

New ORM

29

CakePHP Cookbook Documentation, Release 3.x

All CacheEngine subclasses now implement a config() method.


Cake\Cache\Cache::readMany(),
Cake\Cache\Cache::deleteMany(),
Cake\Cache\Cache::writeMany() were added.

and

All Cake\Cache\Cache\CacheEngine methods now honor/are responsible for handling the configured key prefix. The Cake\Cache\CacheEngine::write() no longer permits setting the duration
on write - the duration is taken from the cache engines runtime config. Calling a cache method with an
empty key will now throw an InvalidArgumentException, instead of returning false.

Core
App
App::pluginPath() has been removed. Use CakePlugin::path() instead.
App::build() has been removed.
App::location() has been removed.
App::paths() has been removed.
App::load() has been removed.
App::objects() has been removed.
App::RESET has been removed.
App::APPEND has been removed.
App::PREPEND has been removed.
App::REGISTER has been removed.

Plugin
Cake\Core\Plugin::load() does not setup an autoloader unless you set the autoload option to true.
When loading plugins you can no longer provide a callable.
When loading plugins you can no longer provide an array of config files to load.

Configure
Cake\Configure\PhpReader renamed to Cake\Core\Configure\EnginePhpConfig
Cake\Configure\IniReader renamed to Cake\Core\Configure\EngineIniConfig
Cake\Configure\ConfigReaderInterface
Cake\Core\Configure\ConfigEngineInterface

renamed

to

Cake\Core\Configure::consume() was added.


30

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

Cake\Core\Configure::load() now expects the file name without extension suffix as this
can be derived from the engine. E.g. using PhpConfig use app to load app.php.
Setting
a
$config
variable
in
PHP
config
file
is
deprecated.
Cake\Core\Configure\EnginePhpConfig now expects the config file to return an
array.
A new config engine Cake\Core\Configure\EngineJsonConfig has been added.

Object
The Object class has been removed. It formerly contained a grab bag of methods that were
used in various places across the framework. The most useful of these methods have been extracted into traits. You can use the Cake\Log\LogTrait to access the log() method. The
Cake\Routing\RequestActionTrait provides requestAction().

Console
The cake executable has been moved from the app/Console directory to the bin directory within the
application skeleton. You can now invoke CakePHPs console with bin/cake.

TaskCollection Replaced
This class has been renamed to Cake\Console\TaskRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code. Tasks no longer have access to callbacks, as
there were never any callbacks to use.

Shell
Shell::__construct() has
Cake\Console\ConsoleIo.

changed.

It

now

takes

an

instance

of

Shell::param() has been added as convenience access to the params.


Additionally all shell methods will be transformed to camel case when invoked. For example, if you had a
hello_world() method inside a shell and invoked it with bin/cake my_shell hello_world,
you will need to rename the method to helloWorld. There are no changes required in the way you invoke
commands.

ConsoleOptionParser
ConsoleOptionParser::merge() has been added to merge parsers.

Console

31

CakePHP Cookbook Documentation, Release 3.x

ConsoleInputArgument
ConsoleInputArgument::isEqualTo() has been added to compare two arguments.

Shell / Task
Shells and Tasks have been moved from Console/Command and Console/Command/Task to Shell
and Shell/Task.

ApiShell Removed
The ApiShell was removed as it didnt provide any benefit over the file source itself and the online documentation/API5 .

SchemaShell Removed
The SchemaShell was removed as it was never a complete database migration implementation and better
tools such as Phinx6 have emerged. It has been replaced by the CakePHP Migrations Plugin7 which acts as
a wrapper between CakePHP and Phinx8 .

ExtractTask
bin/cake i18n extract no longer includes untranslated validation messages. If you want
translated validation messages you should wrap those messages in __() calls like any other content.

BakeShell / TemplateTask
Bake is no longer part of the core source and is superseded by CakePHP Bake Plugin9
Bake templates have been moved under src/Template/Bake.
The syntax of Bake templates now uses erb-style tags (<% %>) to denote templating logic, allowing
php code to be treated as plain text.
The bake view command has been renamed bake template.
5

http://api.cakephp.org/
https://phinx.org/
7
https://github.com/cakephp/migrations
8
https://phinx.org/
9
https://github.com/cakephp/bake
6

32

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

Event
The getEventManager() method, was removed on all objects that had it. An eventManager()
method is now provided by the EventManagerTrait. The EventManagerTrait contains the logic
of instantiating and keeping a reference to a local event manager.
The Event subsystem has had a number of optional features removed. When dispatching events you can no
longer use the following options:
passParams This option is now enabled always implicitly. You cannot turn it off.
break This option has been removed. You must now stop events.
breakOn This option has been removed. You must now stop events.

Log
Log configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Log engines are now lazily loaded upon the first write to the logs.
Cake\Log\Log::engine() has been added.
The following methods have been removed from Cake\Log\Log :: defaultLevels(),
enabled(), enable(), disable().
You can no longer create custom levels using Log::levels().
When configuring loggers you should use levels instead of types.
You can no longer specify custom log levels. You must use the default set of log levels. You should use
logging scopes to create custom log files or specific handling for different sections of your application.
Using a non-standard log level will now throw an exception.
Cake\Log\LogTrait was added. You can use this trait in your classes to add the log() method.
The logging scope passed to Cake\Log\Log::write() is now forwarded to the log engines
write() method in order to provide better context to the engines.
Log engines are now required to implement Psr\Log\LogInterface instead of Cakes own
LogInterface. In general, if you extended Cake\Log\Engine\BaseEngine you just need
to rename the write() method to log().
Cake\Log\Engine\FileLog now writes files in ROOT/logs instead of ROOT/tmp/logs.

Event

33

CakePHP Cookbook Documentation, Release 3.x

Routing
Named Parameters
Named parameters were removed in 3.0. Named parameters were added in 1.2.0 as a pretty version of
query string parameters. While the visual benefit is arguable, the problems named parameters created are
not.
Named parameters required special handling in CakePHP as well as any PHP or JavaScript library that
needed to interact with them, as named parameters are not implemented or understood by any library except
CakePHP. The additional complexity and code required to support named parameters did not justify their
existence, and they have been removed. In their place you should use standard query string parameters or
passed arguments. By default Router will treat any additional parameters to Router::url() as query
string arguments.
Since many applications will still need to parse incoming URLs containing named parameters.
Cake\Routing\Router::parseNamedParams() has been added to allow backwards compatibility with existing URLs.

RequestActionTrait
Cake\Routing\RequestActionTrait::requestAction() has had some of the extra options changed:
options[url] is now options[query].
options[data] is now options[post].
Named parameters are no longer supported.

Router
Named parameters have been removed, see above for more information.
The full_base option has been replaced with the _full option.
The ext option has been replaced with the _ext option.
_scheme, _port, _host, _base, _full, _ext options added.
String URLs are no longer modified by adding the plugin/controller/prefix names.
The default fallback route handling was removed. If no routes match a parameter set / will be returned.
Route classes are responsible for all URL generation including query string parameters. This makes
routes far more powerful and flexible.
Persistent
parameters
were
removed.
They
were
replaced
with
Cake\Routing\Router::urlFilter() which allows a more flexible way to mutate
URLs being reverse routed.

34

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

Router::parseExtensions()
has
been
removed.
Use
Cake\Routing\Router::extensions() instead. This method must be called before
routes are connected. It wont modify existing routes.
Router::setExtensions() has been removed. Use Cake\Routing\Router::extensions()
instead.
Router::resourceMap() has been removed.
The [method] option has been renamed to _method.
The ability to match arbitrary headers with [] style parameters has been removed. If you need to
parse/match on arbitrary conditions consider using custom route classes.
Router::promote() has been removed.
Router::parse() will now raise an exception when a URL cannot be handled by any route.
Router::url() will now raise an exception when no route matches a set of parameters.
Routing scopes have been introduced. Routing scopes allow you to keep your routes file DRY and
give Router hints on how to optimize parsing & reverse routing URLs.

Route
CakeRoute was re-named to Route.
The signature of match() has changed to match($url, $context = []) See
Cake\Routing\Route::match() for information on the new signature.

Dispatcher Filters Configuration Changed


Dispatcher filters are no longer added to your application using Configure.
You now append them with Cake\Routing\DispatcherFactory. This means if your application used
Dispatcher.filters, you should now use Cake\Routing\DispatcherFactory::add().
In addition to configuration changes, dispatcher filters have had some conventions updated, and features
added. See the Dispatcher Filters documentation for more information.

FilterAssetFilter
Plugin & theme assets handled by the AssetFilter are no longer read via include instead they are
treated as plain text files. This fixes a number of issues with JavaScript libraries like TinyMCE and
environments with short_tags enabled.
Support for the Asset.filter configuration and hooks were removed. This feature can easily be
replaced with a plugin or dispatcher filter.

Routing

35

CakePHP Cookbook Documentation, Release 3.x

Network
Request
CakeRequest has been renamed to Cake\Network\Request.
Cake\Network\Request::port() was added.
Cake\Network\Request::scheme() was added.
Cake\Network\Request::cookie() was added.
Cake\Network\Request::$trustProxy was added. This makes it easier to put CakePHP
applications behind load balancers.
Cake\Network\Request::$data is no longer merged with the prefixed data key, as that prefix
has been removed.
Cake\Network\Request::env() was added.
Cake\Network\Request::acceptLanguage() was changed from static method to nonstatic.
Request detector for mobile has been removed from the core. Instead the app template adds detectors for mobile and tablet using MobileDetect lib.
The method onlyAllow() has been renamed to allowMethod() and no longer accepts var
args. All method names need to be passed as first argument, either as string or array of strings.

Response
The mapping of mimetype text/plain to extension csv has been removed. As a consequence Cake\Controller\Component\RequestHandlerComponent doesnt set extension to csv if Accept header contains mimetype text/plain which was a common annoyance
when receiving a jQuery XHR request.

Sessions
The session class is no longer static, instead the session can be accessed through the request object. See the
Sessions documentation for using the session object.
Cake\Network\Session and related session classes have been moved under the
Cake\Network namespace.
SessionHandlerInterface has been removed in favor of the one provided by PHP itself.
The property Session::$requestCountdown has been removed.
The session checkAgent feature has been removed. It caused a number of bugs when chrome frame,
and flash player are involved.
The conventional sessions database table name is now sessions instead of cake_sessions.
36

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

The session cookie timeout is automatically updated in tandem with the timeout in the session data.
The path for session cookie now defaults to apps base path instead of /. Also new config variable
Session.cookiePath has been added to easily customize the cookie path.
A new convenience method Cake\Network\Session::consume() has been added to allow
reading and deleting session data in a single step.
The default value of Cake\Network\Session::clear()s argument $renew has been
changed from true to false.

Network\Http
HttpSocket is now Cake\Network\Http\Client.
HttpClient has been re-written from the ground up. It has a simpler/easier to use API, support for
new authentication systems like OAuth, and file uploads. It uses PHPs stream APIs so there is no
requirement for cURL. See the Http Client documentation for more information.

Network\Email
Cake\Network\Email\Email::config() is now used to define configuration profiles. This
replaces the EmailConfig classes in previous versions.
Cake\Network\Email\Email::profile() replaces config() as the way to modify per
instance configuration options.
Cake\Network\Email\Email::drop() has been added to allow the removal of email configuration.
Cake\Network\Email\Email::configTransport() has been added to allow the definition of transport configurations. This change removes transport options from delivery profiles and
allows you to easily re-use transports across email profiles.
Cake\Network\Email\Email::dropTransport() has been added to allow the removal of
transport configuration.

Controller
Controller
The $helpers, $components properties are now merged with all parent classes not just
AppController and the plugin AppController. The properties are merged differently now as well.
Instead of all settings in all classes being merged together, the configuration defined in the child class
will be used. This means that if you have some configuration defined in your AppController, and
some configuration defined in a subclass, only the configuration in the subclass will be used.

Network\Http

37

CakePHP Cookbook Documentation, Release 3.x

Controller::httpCodes() has been removed, use Cake\Network\Response::httpCodes()


instead.
Controller::disableCache()
has
been
Cake\Network\Response::disableCache() instead.

removed,

use

Controller::flash() has been removed. This method was rarely used in real applications and
served no purpose anymore.
Controller::validate() and Controller::validationErrors() have been removed. They were left over methods from the 1.x days where the concerns of models + controllers
were far more intertwined.
Controller::loadModel() now loads table objects.
The Controller::$scaffold property has been removed. Dynamic scaffolding has been removed from CakePHP core. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
The Controller::$ext property has been removed. You now have to extend and override the
View::$_ext property if you want to use a non-default view file extension.
The Controller::$methods property has been removed.
You should now use
Controller::isAction() to determine whether or not a method name is an action. This
change was made to allow easier customization of what is and is not counted as an action.
The Controller::$Components property has been removed and replaced with
_components.
If you need to load components at runtime you should use
$this->loadComponent() on your controller.
The signature of Cake\Controller\Controller::redirect() has been changed to
Controller::redirect(string|array $url, int $status = null). The 3rd argument $exit has been dropped. The method can no longer send response and exit script, instead it
returns a Response instance with appropriate headers set.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
Underscore prefixed controller methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead. Only public methods can be used as controller actions.

Scaffold Removed
The dynamic scaffolding in CakePHP has been removed from CakePHP core. It was infrequently used,
and never intended for production use. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud

ComponentCollection Replaced
This class has been renamed to Cake\Controller\ComponentRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake
upgrade rename_collections to assist in upgrading your code.
38

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

Component
The _Collection property is now _registry.
Cake\Controller\ComponentRegistry now.

It

contains

an

instance

of

All components should now use the config() method to get/set configuration.
Default configuration for components should be defined in the $_defaultConfig property. This
property is automatically merged with any configuration provided to the constructor.
Configuration options are no longer set as public properties.
The Component::initialize() method is no longer an event listener. Instead, it is
a post-constructor hook like Table::initialize() and Controller::initialize().
The new Component::beforeFilter() method is bound to the same event that
Component::initialize() used to be. The initialize method should have the following signature initialize(array $config).

Controller\Components
CookieComponent
Uses Cake\Network\Request::cookie() to read cookie data, this eases testing, and allows
for ControllerTestCase to set cookies.
Cookies encrypted in previous versions of CakePHP using the cipher() method are now unreadable because Security::cipher() has been removed. You will need to re-encrypt cookies
with the rijndael() or aes() method before upgrading.
CookieComponent::type() has been removed and replaced with configuration data accessed
through config().
write() no longer takes encryption or expires parameters. Both of these are now managed
through config data. See Cookie for more information.
The path for cookies now defaults to apps base path instead of /.

AuthComponent
Default is now the default password hasher used by authentication classes. It uses exclusively
the bcrypt hashing algorithm. If you want to continue using SHA1 hashing used in 2.x use
passwordHasher => Weak in your authenticator configuration.
A new FallbackPasswordHasher was added to help users migrate old passwords from one
algorithm to another. Check AuthComponents documentation for more info.
BlowfishAuthenticate class has been removed. Just use FormAuthenticate
BlowfishPasswordHasher class has been removed. Use DefaultPasswordHasher instead.

Controller\Components

39

CakePHP Cookbook Documentation, Release 3.x

The loggedIn() method has been removed. Use user() instead.


Configuration options are no longer set as public properties.
The methods allow() and deny() no longer accept var args. All method names need to be
passed as first argument, either as string or array of strings.
The method login() has been removed and replaced by setUser() instead. To login a user you
now have to call identify() which returns user info upon successful identification and then use
setUser() to save the info to session for persistence across requests.
BaseAuthenticate::_password() has been removed. Use a PasswordHasher class instead.
BaseAuthenticate::logout() has been removed.
AuthComponent now triggers two events Auth.afterIdentify and Auth.logout after a
user has been identified and before a user is logged out respectively. You can set callback functions
for these events by returning a mapping array from implementedEvents() method of your authenticate class.
ACL related classes were moved to a separate plugin. Password hashers, Authentication and Authorization
providers where moved to the \Cake\Auth namespace. You are required to move your providers and
hashers to the App\Auth namespace as well.

RequestHandlerComponent
The following methods have been removed from RequestHandler component:: isAjax(),
isFlash(), isSSL(), isPut(), isPost(), isGet(), isDelete().
Use the
Cake\Network\Request::is() method instead with relevant argument.
RequestHandler::setContent() was removed, use Cake\Network\Response::type()
instead.
RequestHandler::getReferer() was removed, use Cake\Network\Request::referer()
instead.
RequestHandler::getClientIP() was removed, use Cake\Network\Request::clientIp()
instead.
RequestHandler::getAjaxVersion() was removed.
RequestHandler::mapType() was removed, use Cake\Network\Response::mapType()
instead.
Configuration options are no longer set as public properties.

SecurityComponent
The following methods and their related properties have been removed from Security component: requirePost(), requireGet(), requirePut(), requireDelete(). Use the
Cake\Network\Request::allowMethod() instead.

40

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

SecurityComponent::$disabledFields()
SecurityComponent::$unlockedFields().

has

been

removed,

use

The CSRF related features in SecurityComponent have been extracted and moved into a separate CsrfComponent. This allows you more easily use CSRF protection without having to use form tampering
prevention.
Configuration options are no longer set as public properties.
The methods requireAuth() and requireSecure() no longer accept var args. All method
names need to be passed as first argument, either as string or array of strings.

SessionComponent
SessionComponent::setFlash() is deprecated. You should use Flash instead.

Error
Custom ExceptionRenderers are now expected to either return a Cake\Network\Response object or
string when rendering errors. This means that any methods handling specific exceptions must return a
response or string value.

Model
The Model layer in 2.x has been entirely re-written and replaced. You should review the New ORM Upgrade
Guide for information on how to use the new ORM.
The Model class has been removed.
The BehaviorCollection class has been removed.
The DboSource class has been removed.
The Datasource class has been removed.
The various datasource classes have been removed.

ConnectionManager
ConnectionManager has been moved to the Cake\Datasource namespace.
ConnectionManager has had the following methods removed:
sourceList
getSourceName
loadDataSource
enumConnectionObjects

Model

41

CakePHP Cookbook Documentation, Release 3.x

Database\ConnectionManager::config() has been added and is now the only way to


configure connections.
Database\ConnectionManager::get() has been added. It replaces getDataSource().
Database\ConnectionManager::configured() has been added. It and config() replace sourceList() & enumConnectionObjects() with a more standard and consistent
API.
ConnectionManager::create() has been removed. It can be replaced by config($name,
$config) and get($name).

Behaviors
Underscore prefixed behavior methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead.

TreeBehavior
The TreeBehavior was completely re-written to use the new ORM. Although it works the same as in 2.x, a
few methods were renamed or removed:
TreeBehavior::children() is now a custom finder find(children).
TreeBehavior::generateTreeList() is now a custom finder find(treeList).
TreeBehavior::getParentNode() was removed.
TreeBehavior::getPath() is now a custom finder find(path).
TreeBehavior::reorder() was removed.
TreeBehavior::verify() was removed.

TestSuite
TestCase
_normalizePath() has been added to allow path comparison tests to run across all operation
systems regarding their DS settings (\ in Windows vs / in UNIX, for example).
The following assertion methods have been removed as they have long been deprecated and replaced by
their new PHPUnit counterpart:
assertEqual() in favor of assertEquals()
assertNotEqual() in favor of assertNotEquals()
assertIdentical() in favor of assertSame()
assertNotIdentical() in favor of assertNotSame()

42

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

assertPattern() in favor of assertRegExp()


assertNoPattern() in favor of assertNotRegExp()
assertReference() if favor of assertSame()
assertIsA() in favor of assertInstanceOf()
Note that some methods have switched the argument order, e.g. assertEqual($is, $expected)
should now be assertEquals($expected, $is).
The following assertion methods have been deprecated and will be removed in the future:
assertWithinMargin() in favor of assertWithinRange()
assertTags() in favor of assertHtml()
Both method replacements also switched the argument order for a consistent assert method API with
$expected as first argument.
The following assertion methods have been added:
assertNotWithinRange() as counter part to assertWithinRange()

View
Themes are now Basic Plugins
Having themes and plugins as ways to create modular application components has proven to be limited, and
confusing. In CakePHP 3.0, themes no longer reside inside the application. Instead they are standalone
plugins. This solves a few problems with themes:
You could not put themes in plugins.
Themes could not provide helpers, or custom view classes.
Both these issues are solved by converting themes into plugins.

View Folders Renamed


The folders containing view files now go under src/Template instead of src/View. This was done to separate
the view files from files containing php classes (eg. Helpers, View classes).
The following View folders have been renamed to avoid naming collisions with controller names:
Layouts is now Layout
Elements is now Element
Errors is now Error
Emails is now Email (same for Email inside Layout)

View

43

CakePHP Cookbook Documentation, Release 3.x

HelperCollection Replaced
This class has been renamed to Cake\View\HelperRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code.

View Class
The
plugin
key
has
been
Cake\View\View::element().
SomePlugin.element_name instead.

removed
from
$options
argument
Specify
the
element
name

of
as

View::getVar() has been removed, use Cake\View\View::get() instead.


View::$ext has been removed and instead a protected property View::$_ext has been added.
View::addScript() has been removed. Use Using View Blocks instead.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
View::start() no longer appends to an existing block. Instead it will overwrite the block content
when end is called. If you need to combine block contents you should fetch the block content when
calling start a second time, or use the capturing mode of append().
View::prepend() no longer has a capturing mode.
View::startIfEmpty() has been removed. Now that start() always overwrites startIfEmpty
serves no purpose.
The View::$Helpers property has been removed and replaced with _helpers. If you need to
load helpers at runtime you should use $this->addHelper() in your view files.
View will now raise Cake\View\Exception\MissingTemplateException when templates are missing instead of MissingViewException.

ViewBlock
ViewBlock::append() has been removed, use Cake\ViewViewBlock::concat() instead. However, View::append() still exists.

JsonView
By default JSON data will have HTML entities encoded now. This prevents possible XSS issues when
JSON view content is embedded in HTML files.
Cake\View\JsonView now supports the _jsonOptions view variable. This allows you to
configure the bit-mask options used when generating JSON.

44

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

XmlView
Cake\View\XmlView now supports the _xmlOptions view variable. This allows you to configure the options used when generating XML.

View\Helper
The $settings property is now called $_config and should be accessed through the config()
method.
Configuration options are no longer set as public properties.
Helper::clean() was removed. It was never robust enough to fully prevent XSS. instead you
should escape content with h or use a dedicated library like htmlPurifier.
Helper::output() was removed. This method was deprecated in 2.x.
Methods
Helper::webroot(),
Helper::url(),
Helper::assetUrl(),
Helper::assetTimestamp() have been moved to new Cake\View\Helper\UrlHelper
helper. Helper::url() is now available as Cake\View\Helper\UrlHelper::build().
Magic accessors to deprecated properties have been removed. The following properties now need to
be accessed from the request object:
base
here
webroot
data
action
params

Helper
Helper has had the following methods removed:
Helper::setEntity()
Helper::entity()
Helper::model()
Helper::field()
Helper::value()
Helper::_name()
Helper::_initInputField()
Helper::_selectedArray()
View\Helper

45

CakePHP Cookbook Documentation, Release 3.x

These methods were part used only by FormHelper, and part of the persistent field features that have proven
to be problematic over time. FormHelper no longer relies on these methods and the complexity they provide
is not necessary anymore.
The following methods have been removed:
Helper::_parseAttributes()
Helper::_formatAttribute()
These methods can now be found on the StringTemplate class that helpers frequently use. See the
StringTemplateTrait for an easy way to integrate string templates into your own helpers.

FormHelper
FormHelper has been entirely rewritten for 3.0. It features a few large changes:
FormHelper works with the new ORM. But has an extensible system for integrating with other ORMs
or datasources.
FormHelper features an extensible widget system that allows you to create new custom input widgets
and easily augment the built-in ones.
String templates are the foundation of the helper. Instead of munging arrays together everywhere,
most of the HTML FormHelper generates can be customized in one central place using template sets.
In addition to these larger changes, some smaller breaking changes have been made as well. These changes
should help streamline the HTML FormHelper generates and reduce the problems people had in the past:
The data[ prefix was removed from all generated inputs. The prefix serves no real purpose anymore.
The various standalone input methods like text(), select() and others no longer generate id
attributes.
The inputDefaults option has been removed from create().
Options default and onsubmit of create() have been removed. Instead one should use
JavaScript event binding or set all required js code for onsubmit.
end() can no longer make buttons. You should create buttons with button() or submit().
FormHelper::tagIsInvalid() has been removed. Use isFieldError() instead.
FormHelper::inputDefaults() has been removed. You can use templates() to define/augment the templates FormHelper uses.
The wrap and class options have been removed from the error() method.
The showParents option has been removed from select().
The div, before, after, between and errorMessage options have been removed from
input(). You can use templates to update the wrapping HTML. The templates option allows
you to override the loaded templates for one input.
The separator, between, and legend options have been removed from radio(). You can
use templates to change the wrapping HTML now.

46

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

The format24Hours parameter has been removed from hour(). It has been replaced with the
format option.
The minYear, and maxYear parameters have been removed from year(). Both of these parameters can now be provided as options.
The dateFormat and timeFormat parameters have been removed from datetime(). You can
use the template to define the order the inputs should be displayed in.
The submit() has had the div, before and after options removed. You can customize the
submitContainer template to modify this content.
The inputs() method no longer accepts legend and fieldset in the $fields parameter,
you must use the $options parameter. It now also requires $fields parameter to be an array.
The $blacklist parameter has been removed, the functionality has been replaced by specifying
field => false in the $fields parameter.
The inline parameter has been removed from postLink() method. You should use the block
option instead. Setting block => true will emulate the previous behavior.
The timeFormat parameter for hour(), time() and dateTime() now defaults to 24, complying with ISO 8601.
The $confirmMessage argument of Cake\View\Helper\FormHelper::postLink()
has been removed. You should now use key confirm in $options to specify the message.
Checkbox and radio input types are now rendered inside of label elements by default. This helps
increase compatibility with popular CSS libraries like Bootstrap10 and Foundation11 .
Templates tags are now all camelBacked. Pre-3.0 tags formstart, formend, hiddenblock
and inputsubmit are now formStart, formEnd, hiddenBlock and inputSubmit. Make
sure you change them if they are customized in your app.
It is recommended that you review the Form documentation for more details on how to use the FormHelper
in 3.0.

HtmlHelper
HtmlHelper::useTag() has been removed, use tag() instead.
HtmlHelper::loadConfig() has been removed. Customizing the tags can now be done using
templates() or the templates setting.
The second parameter $options for HtmlHelper::css() now always requires an array as
documented.
The first parameter $data for HtmlHelper::style() now always requires an array as documented.
The inline parameter has been removed from meta(), css(), script(), scriptBlock() methods. You
should use the block option instead. Setting block => true will emulate the previous behavior.
10
11

http://getbootstrap.com/
http://foundation.zurb.com/

View\Helper

47

CakePHP Cookbook Documentation, Release 3.x

HtmlHelper::meta() now requires $type to be a string. Additional options can further on be


passed as $options.
HtmlHelper::nestedList() now requires $options to be an array. The forth argument for
the tag type has been removed and included in the $options array.
The $confirmMessage argument of Cake\View\Helper\HtmlHelper::link() has
been removed. You should now use key confirm in $options to specify the message.

PaginatorHelper
link() has been removed. It was no longer used by the helper internally. It had low usage in user
land code, and no longer fit the goals of the helper.
next() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
prev() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
first() no longer has after, ellipsis, separator, class, or tag options.
last() no longer has after, ellipsis, separator, class, or tag options.
numbers() no longer has separator, tag, currentTag, currentClass, class, tag, ellipsis options. These options are now facilitated through templates. It also requires the $options parameter
to be an array now.
The
%page%
style
placeholders
have
Cake\View\Helper\PaginatorHelper::counter().
holders instead.

been
removed
from
Use {{page}} style place-

url() has been renamed to generateUrl() to avoid method declaration clashes with
Helper::url().
By default all links and inactive texts are wrapped in <li> elements. This helps make CSS easier to write,
and improves compatibility with popular CSS frameworks.
Instead of the various options in each method, you should use the templates feature. See the PaginatorHelper
Templates documentation for information on how to use templates.

TimeHelper
TimeHelper::__set(), TimeHelper::__get(), and TimeHelper::__isset() were
removed. These were magic methods for deprecated attributes.
TimeHelper::serverOffset() has been removed. It promoted incorrect time math practices.
TimeHelper::niceShort() has been removed.

48

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

NumberHelper
NumberHelper::format() now requires $options to be an array.

SessionHelper
The SessionHelper has been deprecated. You can use $this->request->session() directly, and the flash message functionality has been moved into Flash instead.

JsHelper
JsHelper and all associated engines have been removed. It could only generate a very small subset
of JavaScript code for selected library and hence trying to generate all JavaScript code using just the
helper often became an impediment. Its now recommended to directly use JavaScript library of your
choice.

CacheHelper Removed
CacheHelper has been removed. The caching functionality it provided was non-standard, limited and incompatible with non-HTML layouts and data views. These limitations meant a full rebuild would be necessary.
Edge Side Includes have become a standardized way to implement the functionality CacheHelper used to
provide. However, implementing Edge Side Includes12 in PHP has a number of limitations and edge cases.
Instead of building a sub-par solution, we recommend that developers needing full response caching use
Varnish13 or Squid14 instead.

I18n
The I18n subsystem was completely rewritten. In general, you can expect the same behavior as in previous
versions, specifically if you are using the __() family of functions.
Internally, the I18n class uses Aura\Intl, and appropriate methods are exposed to access the specific
features of this library. For this reason most methods inside I18n were removed or renamed.
Due to the use of ext/intl, the L10n class was completely removed. It provided outdated and incomplete
data in comparison to the data available from the Locale class in PHP.
The default application language will no longer be changed automatically by the browser accepted language
nor by having the Config.language value set in the browser session. You can, however, use a dispatcher
filter to get automatic language switching from the Accept-Language header sent by the browser:
// In config/bootstrap.php
DispatcherFactory::addFilter('LocaleSelector');
12

http://en.wikipedia.org/wiki/Edge_Side_Includes
http://varnish-cache.org
14
http://squid-cache.org
13

I18n

49

CakePHP Cookbook Documentation, Release 3.x

There is no built-in replacement for automatically selecting the language by setting a value in the user
session.
The default formatting function for translated messages is no longer sprintf, but the more advanced and
feature rich MessageFormatter class. In general you can rewrite placeholders in messages as follows:
// Before:
__('Today is a %s day in %s', 'Sunny', 'Spain');
// After:
__('Today is a {0} day in {1}', 'Sunny', 'Spain');

You can avoid rewriting your messages by using the old sprintf formatter:
I18n::defaultFormatter('sprintf');

Additionally, the Config.language value was removed and it can no longer be used to control the
current language of the application. Instead, you can use the I18n class:
// Before
Configure::write('Config.language', 'fr_FR');
// Now
I18n::locale('en_US');

The methods below have been moved:


From Cake\I18n\Multibyte::utf8() to Cake\Utility\Text::utf8()
From Cake\I18n\Multibyte::ascii() to Cake\Utility\Text::ascii()
From
Cake\I18n\Multibyte::checkMultibyte()
Cake\Utility\Text::isMultibyte()

to

Since CakePHP now requires the mbstring extension, the Multibyte class has been removed.
Error messages throughout CakePHP are no longer passed through I18n functions. This was done to
simplify the internals of CakePHP and reduce overhead. The developer facing messages are rarely, if
ever, actually translated - so the additional overhead reaps very little benefit.

L10n
Cake\I18n\L10n s constructor now takes a Cake\Network\Request instance as argument.

Testing
The TestShell has been removed. CakePHP, the application skeleton and newly baked plugins all
use phpunit to run tests.
The webrunner (webroot/test.php) has been removed. CLI adoption has greatly increased since the
initial release of 2.x. Additionaly, CLI runners offer superior integration with IDEs and other automated tooling.
50

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

If you find yourself in need of a way to run tests from a browser you should checkout VisualPHPUnit15 . It offers many additional features over the old webrunner.
ControllerTestCase is deprecated and will be removed for CakePHP 3.0.0. You should use the
new Controller Integration Testing features instead.
Fixtures should now be referenced using their plural form:
// Instead of
$fixtures = ['app.article'];
// You should use
$fixtures = ['app.articles'];

Utility
Set Class Removed
The Set class has been removed, you should use the Hash class instead now.

Folder & File


The folder and file classes have been renamed:
Cake\Utility\File renamed to Cake\Filesystem\File
Cake\Utility\Folder renamed to Cake\Filesystem\Folder

Inflector
The default value for $replacement argument of Cake\Utility\Inflector::slug() has
been changed from underscore (_) to dash (-). Using dashes to separate words in URLs is the popular
choice and also recommended by Google.
Transliterations for Cake\Utility\Inflector::slug() have changed. If you use custom
transliterations you will need to update your code. Instead of regular expressions, transliterations use
simple string replacement. This yielded significant performance improvements:
// Instead of
Inflector::rules('transliteration', [
'/|/' => 'ae',
'//' => 'aa'
]);
// You should use
Inflector::rules('transliteration', [
'' => 'ae',
'' => 'ae',
15

https://github.com/NSinopoli/VisualPHPUnit

Utility

51

CakePHP Cookbook Documentation, Release 3.x

'' => 'aa'


]);

Separate set of uninflected and irregular rules for pluralization and singularization
have been removed.
Instead we now have a common list for each.
When using
Cake\Utility\Inflector::rules() with type singular and plural you can no longer
use keys like uninflected, irregular in $rules argument array.
You can add / overwrite the list of uninflected and irregular rules using
Cake\Utility\Inflector::rules() by using values uninflected and irregular for
$type argument.

Sanitize
Sanitize class has been removed.

Security
Security::cipher() has been removed. It is insecure and promoted bad cryptographic practices. You should use Security::encrypt() instead.
The Configure value Security.cipherSeed is no longer required.
Security::cipher() it serves no use.

With the removal of

Backwards compatibility in Cake\Utility\Security::rijndael() for values encrypted prior to CakePHP 2.3.1 has been removed.
You should re-encrypt values using
Security::encrypt() and a recent version of CakePHP 2.x before migrating.
The ability to generate a blowfish hash has been removed. You can no longer use type blowfish
for Security::hash(). One should just use PHPs password_hash() and password_verify() to
generate and verify blowfish hashes. The compability library ircmaxell/password-compat16 which is
installed along with CakePHP provides these functions for PHP < 5.5.
OpenSSL is now used over mcrypt when encrypting/decrypting data. This change provides better
performance and future proofs CakePHP against distros dropping support for mcrypt.
Security::rijndael() is deprecated and only available when using mcrypt.
Warning: Data encrypted with Security::encrypt() in previous versions is not compatible with the
openssl implementation. You should set the implementation to mcrypt when upgrading.

Time
CakeTime has been renamed to Cake\I18n\Time.
CakeTime::serverOffset() has been removed. It promoted incorrect time math practises.
16

52

https://packagist.org/packages/ircmaxell/password-compat

Chapter 3. 3.0 Migration Guide

CakePHP Cookbook Documentation, Release 3.x

CakeTime::niceShort() has been removed.


CakeTime::convert() has been removed.
CakeTime::convertSpecifiers() has been removed.
CakeTime::dayAsSql() has been removed.
CakeTime::daysAsSql() has been removed.
CakeTime::fromString() has been removed.
CakeTime::gmt() has been removed.
CakeTime::toATOM() has been renamed to toAtomString.
CakeTime::toRSS() has been renamed to toRssString.
CakeTime::toUnix() has been renamed to toUnixString.
CakeTime::wasYesterday() has been renamed to isYesterday to match the rest of the
method naming.
CakeTime::format() Does not use sprintf format strings anymore, you can use
i18nFormat instead.
Time::timeAgoInWords() now requires $options to be an array.
Time is not a collection of static methods anymore, it extends DateTime to inherit all its methods and adds
location aware formatting functions with the help of the intl extension.
In general, expressions looking like this:
CakeTime::aMethod($date);

Can be migrated by rewriting it to:


(new Time($date))->aMethod();

Number
The Number library was rewritten to internally use the NumberFormatter class.
CakeNumber has been renamed to Cake\I18n\Number.
Number::format() now requires $options to be an array.
Number::addFormat() was removed.
Number::fromReadableSize() has been moved to Cake\Utility\Text::parseFileSize().

Validation
The range for Validation::range() now is inclusive if $lower and $upper are provided.
Validation::ssn() has been removed.

Utility

53

CakePHP Cookbook Documentation, Release 3.x

Xml
Xml::build() now requires $options to be an array.
Xml::build() no longer accepts a URL. If you need to create an XML document from a URL,
use Http\Client.

54

Chapter 3. 3.0 Migration Guide

CHAPTER 4

Tutorials & Examples

In this section, you can walk through typical CakePHP applications to see how all of the pieces come
together.
Alternatively, you can refer to the non-official CakePHP plugin repository CakePackages1 and the Bakery2
for existing applications and components.

Bookmarker Tutorial
This tutorial will walk you through the creation of a simple bookmarking application (bookmarker). To start
with, well be installing CakePHP, creating our database, and using the tools CakePHP provides to get our
application up fast.
Heres what youll need:
1. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
2. Basic PHP knowledge.
Lets get started!

Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php
1
2

http://plugins.cakephp.org/
http://bakery.cakephp.org/

55

CakePHP Cookbook Documentation, Release 3.x

Or, you can download composer.phar from the Composer website3 .


Then simply type the following line in your terminal from your installation directory to install the CakePHP
application skeleton in the bookmarker directory:
php composer.phar create-project --prefer-dist cakephp/app bookmarker

If you downloaded and ran the Composer Windows Installer4 , then type the following line in your terminal
from your installation directory (ie. C:\wamp\www\dev\cakephp3):
composer create-project --prefer-dist cakephp/app bookmarker

The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/bookmarker
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md

Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.

Checking our Installation


We can quickly check that our installation is correct, by checking the default home page. Before you can do
that, youll need to start the development server:
bin/cake server
3
4

56

https://getcomposer.org/download/
https://getcomposer.org/Composer-Setup.exe

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

Note: For Windows, the command needs to be bin\cake (note the backslash).
This will start PHPs built-in webserver on port 8765. Open up http://localhost:8765 in your web browser to
see the welcome page. All the bullet points should be checkmarks other than CakePHP being able to connect
to your database. If not, you may need to install additional PHP extensions, or set directory permissions.

Creating the Database


Next, lets set up the database for our bookmarking application. If you havent already done so, create an
empty database for use in this tutorial, with a name of your choice, e.g. cake_bookmarks. You can
execute the following SQL to create the necessary tables:
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
email VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
created DATETIME,
modified DATETIME
);
CREATE TABLE bookmarks (
id INT AUTO_INCREMENT PRIMARY KEY,
user_id INT NOT NULL,
title VARCHAR(50),
description TEXT,
url TEXT,
created DATETIME,
modified DATETIME,
FOREIGN KEY user_key (user_id) REFERENCES users(id)
);
CREATE TABLE tags (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255),
created DATETIME,
modified DATETIME,
UNIQUE KEY (title)
);
CREATE TABLE bookmarks_tags (
bookmark_id INT NOT NULL,
tag_id INT NOT NULL,
PRIMARY KEY (bookmark_id, tag_id),
FOREIGN KEY tag_key(tag_id) REFERENCES tags(id),
FOREIGN KEY bookmark_key(bookmark_id) REFERENCES bookmarks(id)
);

You may have noticed that the bookmarks_tags table used a composite primary key. CakePHP supports
composite primary keys almost everywhere, making it easier to build multi-tenanted applications.
The table and column names we used were not arbitrary. By using CakePHPs naming conventions, we
Bookmarker Tutorial

57

CakePHP Cookbook Documentation, Release 3.x

can leverage CakePHP better and avoid having to configure the framework. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.

Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:
return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cakephp',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_bookmarks',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
],
],
// More configuration below.
];

Once youve saved your config/app.php file, you should see that CakePHP is able to connect to the
database section have a checkmark.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.

Generating Scaffold Code


Because our database is following the CakePHP conventions, we can use the bake console application to
quickly generate a basic application. In your command line run the following commands:
// On Windows
bin/cake bake
bin/cake bake
bin/cake bake

you'll need to use bin\cake instead.


all users
all bookmarks
all tags

This will generate the controllers, models, views, their corresponding test cases, and fixtures for
our users, bookmarks and tags resources. If youve stopped your server, restart it and go to
http://localhost:8765/bookmarks.
58

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

You should see a basic but functional application providing data access to your applications database tables.
Once youre at the list of bookmarks, add a few users, bookmarks, and tags.
Note: If you see a Not Found (404) page, confirm that the Apache mod_rewrite module is loaded.

Adding Password Hashing


When you created your users, you probably noticed that the passwords were stored in plain text. This is
pretty bad from a security point of view, so lets get that fixed.
This is also a good time to talk about the model layer in CakePHP. In CakePHP, we separate the methods
that operate on a collection of objects, and a single object into different classes. Methods that operate on the
collection of entities are put in the Table class, while features belonging to a single record are put on the
Entity class.
For example, password hashing is done on the individual record, so well implement this behavior on the
entity object. Because, we want to hash the password each time it is set, well use a mutator/setter method.
CakePHP will call convention based setter methods any time a property is set in one of your entities. Lets
add a setter for the password. In src/Model/Entity/User.php add the following:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// Code from bake.
protected function _setPassword($value)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($value);
}
}

Now update one of the users you created earlier, if you change their password, you should see a hashed
password instead of the original value on the list or view pages. CakePHP hashes passwords with bcrypt5
by default. You can also use sha1 or md5 if youre working with an existing database.

Getting Bookmarks with a Specific Tag


Now that were storing passwords safely, we can build out some more interesting features in our application.
Once youve amassed a collection of bookmarks, it is helpful to be able to search through them by tag. Next
well implement a route, controller action, and finder method to search through bookmarks by tag.
5

http://codahale.com/how-to-safely-store-a-password/

Bookmarker Tutorial

59

CakePHP Cookbook Documentation, Release 3.x

Ideally, wed have a URL that looks like http://localhost:8765/bookmarks/tagged/funny/cat/gifs. This


would let us find all the bookmarks that have the funny, cat or gifs tags. Before we can implement this,
well add a new route. Your config/routes.php should look like:
<?php
use Cake\Routing\Router;
Router::defaultRouteClass('Route');
// New route we're adding for our tagged action.
// The trailing `*` tells CakePHP that this action has
// passed parameters.
Router::scope(
'/bookmarks',
['controller' => 'Bookmarks'],
function ($routes) {
$routes->connect('/tagged/*', ['action' => 'tags']);
}
);
Router::scope('/', function ($routes) {
// Connect the default routes.
$routes->fallbacks('InflectedRoute');
});

The above defines a new route which connects the /bookmarks/tagged/* path, to
BookmarksController::tags(). By defining routes, you can isolate how your URLs look,
from how they are implemented. If we were to visit http://localhost:8765/bookmarks/tagged, we would
see a helpful error page from CakePHP informing you that the controller action does not exist. Lets
implement that missing method now. In src/Controller/BookmarksController.php add the following:
public function tags()
{
// The 'pass' key is provided by CakePHP and contains all
// the passed URL path segments in the request.
$tags = $this->request->params['pass'];
// Use the BookmarksTable to find tagged bookmarks.
$bookmarks = $this->Bookmarks->find('tagged', [
'tags' => $tags
]);
// Pass variables into the view template context.
$this->set([
'bookmarks' => $bookmarks,
'tags' => $tags
]);
}

To access other parts of the request data, consult the Request section.

60

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

Creating the Finder Method


In CakePHP we like to keep our controller actions slim, and put most of our applications logic in the models.
If you were to visit the /bookmarks/tagged URL now you would see an error that the findTagged()
method has not been implemented yet, so lets do that. In src/Model/Table/BookmarksTable.php add the
following:
// The $query argument is a query builder instance.
// The $options array will contain the 'tags' option we passed
// to find('tagged') in our controller action.
public function findTagged(Query $query, array $options)
{
return $this->find()
->distinct(['Bookmarks.id'])
->matching('Tags', function ($q) use ($options) {
return $q->where(['Tags.title IN' => $options['tags']]);
});
}

We just implemented a custom finder method. This is a very powerful concept in CakePHP that allows you to
package up re-usable queries. Finder methods always get a Query Builder object and an array of options as
parameters. Finders can manipulate the query and add any required conditions or criteria. When complete,
finder methods must return a modified query object. In our finder weve leveraged the distinct()
and matching() methods which allow us to find distinct bookmarks that have a matching tag. The
matching() method accepts an anonymous function6 that receives a query builder as its argument. Inside
the callback we use the query builder to define conditions that will filter bookmarks that have specific tags.
Creating the View
Now if you visit the /bookmarks/tagged URL, CakePHP will show an error letting you know that
you have not made a view file. Next, lets build the view file for our tags() action. In
src/Template/Bookmarks/tags.ctp put the following content:
<h1>
Bookmarks tagged with
<?= $this->Text->toList($tags) ?>
</h1>
<section>
<?php foreach ($bookmarks as $bookmark): ?>
<article>
<!-- Use the HtmlHelper to create a link -->
<h4><?= $this->Html->link($bookmark->title, $bookmark->url) ?></h4>
<small><?= h($bookmark->url) ?></small>
<!-- Use the TextHelper to format text -->
<?= $this->Text->autoParagraph($bookmark->description) ?>
</article>
<?php endforeach; ?>
</section>
6

http://php.net/manual/en/functions.anonymous.php

Bookmarker Tutorial

61

CakePHP Cookbook Documentation, Release 3.x

In the above code we use the Html and Text helpers to assist in generating our view output. We also use
the h shortcut function to HTML encode output. You should remember to always use h() when outputting
user data to prevent HTML injection issues.
The tags.ctp file we just created follows the CakePHP conventions for view template files. The convention is to have the template use the lower case and underscored version of the controller action name.
You may notice that we were able to use the $tags and $bookmarks variables in our view. When we use
the set() method in our controllers we set specific variables to be sent to the view. The view will make
all passed variables available in the templates as local variables.
You should now be able to visit the /bookmarks/tagged/funny URL and see all the bookmarks tagged with
funny.
So far, weve created a basic application to manage bookmarks, tags and users. However, everyone can see
everyone elses tags. In the next chapter, well implement authentication and restrict the visible bookmarks
to only those that belong to the current user.
Now continue to Bookmarker Tutorial Part 2 to continue building your application or dive into the
documentation to learn more about what CakePHP can do for you.

Bookmarker Tutorial Part 2


After finishing the first part of this tutorial you should have a very basic bookmarking application. In this
chapter well be adding authentication and restricting the bookmarks each user can see/modify to only the
ones they own.

Adding Login
In CakePHP, authentication is handled by Components. Components can be thought of as ways to create
reusable chunks of controller code related to a specific feature or concept. Components can also hook into
the controllers event life-cycle and interact with your application that way. To get started, well add the
AuthComponent to our application. Well pretty much want every method to require authentication, so well
add AuthComponent in our AppController:
// In src/Controller/AppController.php
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [

62

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
]
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}
}

Weve just told CakePHP that we want to load the Flash and Auth components. In addition, weve
customized the configuration of AuthComponent, as our users table uses email as the username. Now, if
you go to any URL youll be kicked to /users/login, which will show an error page as we have not written
that code yet. So lets create the login action:
// In src/Controller/UsersController.php
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error('Your username or password is incorrect.');
}
}

And in src/Template/Users/login.ctp add the following:


<h1>Login</h1>
<?= $this->Form->create() ?>
<?= $this->Form->input('email') ?>
<?= $this->Form->input('password') ?>
<?= $this->Form->button('Login') ?>
<?= $this->Form->end() ?>

Now that we have a simple login form, we should be able to log in with one of the users that has a hashed
password.
Note: If none of your users have hashed passwords, comment the loadComponent(Auth) line.
Then go and edit the user, saving a new password for them.
You should now be able to log in. If not, make sure you are using a user that has a hashed password.
Bookmarker Tutorial Part 2

63

CakePHP Cookbook Documentation, Release 3.x

Adding Logout
Now that people can log in, youll probably want to provide a way to log out as well. Again, in the
UsersController, add the following code:
public function logout()
{
$this->Flash->success('You are now logged out.');
return $this->redirect($this->Auth->logout());
}

Now you can visit /users/logout to log out and be sent to the login page.

Enabling Registrations
If you arent logged in and you try to visit /users/add you will be kicked to the login page. We should fix that
as well if we want people to sign up for our application. In the UsersController add the following:
public function beforeFilter(\Cake\Event\Event $event)
{
$this->Auth->allow(['add']);
}

The above tells AuthComponent that the add() action does not require authentication or authorization.
You may want to take the time to clean up the Users/add.ctp and remove the misleading links, or continue
on to the next section. We wont be building out user editing, viewing or listing in this tutorial so they will
not work as AuthComponent will deny you access to those controller actions.

Restricting Bookmark Access


Now that users can log in, well want to limit the bookmarks they can see to the ones they made. Well do
this using an authorization adapter. Since our requirements are pretty simple, we can write some simple
code in our BookmarksController. But before we do that, well want to tell the AuthComponent how
our application is going to authorize actions. In your AppController add the following:
public function isAuthorized($user)
{
return false;
}

Also, add the following to the configuration for Auth in your AppController:
'authorize' => 'Controller',

Your initialize() method should now look like:


public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize'=> 'Controller',//added this line

64

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

'authenticate' => [
'Form' => [
'fields' => [
'username' => 'email',
'password' => 'password'
]
]
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'unauthorizedRedirect' => $this->referer()
]);
// Allow the display action so our pages controller
// continues to work.
$this->Auth->allow(['display']);
}

Well default to denying access, and incrementally grant access where it makes sense. First, well add the
authorization logic for bookmarks. In your BookmarksController add the following:
public function isAuthorized($user)
{
$action = $this->request->params['action'];
// The add and index actions are always allowed.
if (in_array($action, ['index', 'add', 'tags'])) {
return true;
}
// All other actions require an id.
if (empty($this->request->params['pass'][0])) {
return false;
}
// Check that the bookmark belongs to the current user.
$id = $this->request->params['pass'][0];
$bookmark = $this->Bookmarks->get($id);
if ($bookmark->user_id == $user['id']) {
return true;
}
return parent::isAuthorized($user);
}

Now if you try to view, edit or delete a bookmark that does not belong to you, you should be redirected back
to the page you came from. However, there is no error message being displayed, so lets rectify that next:
// In src/Template/Layout/default.ctp
// Under the existing flash message.
<?= $this->Flash->render('auth') ?>

You should now see the authorization error messages.

Bookmarker Tutorial Part 2

65

CakePHP Cookbook Documentation, Release 3.x

Fixing List view and Forms


While view and delete are working, edit, add and index have a few problems:
1. When adding a bookmark you can choose the user.
2. When editing a bookmark you can choose the user.
3. The list page shows bookmarks from other users.
Lets tackle the add form first.
To begin with remove the input(user_id) from
src/Template/Bookmarks/add.ctp. With that removed, well also update the add() action from
src/Controller/BookmarksController.php to look like:
public function add()
{
$bookmark = $this->Bookmarks->newEntity();
if ($this->request->is('post')) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}

By setting the entity property with the session data, we remove any possibility of the user modifying which
user a bookmark is for. Well do the same for the edit form and action. Your edit() action from
src/Controller/BookmarksController.php should look like:
public function edit($id = null)
{
$bookmark = $this->Bookmarks->get($id, [
'contain' => ['Tags']
]);
if ($this->request->is(['patch', 'post', 'put'])) {
$bookmark = $this->Bookmarks->patchEntity($bookmark, $this->request->data);
$bookmark->user_id = $this->Auth->user('id');
if ($this->Bookmarks->save($bookmark)) {
$this->Flash->success('The bookmark has been saved.');
return $this->redirect(['action' => 'index']);
}
$this->Flash->error('The bookmark could not be saved. Please, try again.');
}
$tags = $this->Bookmarks->Tags->find('list');
$this->set(compact('bookmark', 'tags'));
$this->set('_serialize', ['bookmark']);
}

66

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

List View
Now, we only need to show bookmarks for the currently logged in user. We can do that by updating the call
to paginate(). Make your index() action from src/Controller/BookmarksController.php look like:
public function index()
{
$this->paginate = [
'conditions' => [
'Bookmarks.user_id' => $this->Auth->user('id'),
]
];
$this->set('bookmarks', $this->paginate($this->Bookmarks));
$this->set('_serialize', ['bookmarks']);
}

We should also update the tags() action and the related finder method, but well leave that as an exercise
you can complete on your own.

Improving the Tagging Experience


Right now, adding new tags is a difficult process, as the TagsController disallows all access. Instead
of allowing access, we can improve the tag selection UI by using a comma separated text field. This will let
us give a better experience to our users, and use some more great features in the ORM.
Adding a Computed Field
Because well want a simple way to access the formatted tags for an entity, we can add a virtual/computed
field to the entity. In src/Model/Entity/Bookmark.php add the following:
use Cake\Collection\Collection;
protected function _getTagString()
{
if (isset($this->_properties['tag_string'])) {
return $this->_properties['tag_string'];
}
if (empty($this->tags)) {
return '';
}
$tags = new Collection($this->tags);
$str = $tags->reduce(function ($string, $tag) {
return $string . $tag->title . ', ';
}, '');
return trim($str, ', ');
}

This will let us access the $bookmark->tag_string computed property. Well use this property in
inputs later on. Remember to add the tag_string property to the _accessible list in your entity, as
well want to save it later on.

Bookmarker Tutorial Part 2

67

CakePHP Cookbook Documentation, Release 3.x

In src/Model/Entity/Bookmark.php add the tag_string to $_accessible this way:


protected $_accessible = [
'user_id' => true,
'title' => true,
'description' => true,
'url' => true,
'user' => true,
'tags' => true,
'tag_string' => true,
];

Updating the Views


With the entity updated we can add a new input for our tags. In src/Template/Bookmarks/add.ctp and
src/Template/Bookmarks/edit.ctp, replace the existing tags._ids input with the following:
echo $this->Form->input('tag_string', ['type' => 'text']);

Persisting the Tag String


Now that we can view existing tags as a string, well want to save that data as well. Because we marked the
tag_string as accessible, the ORM will copy that data from the request into our entity. We can use a
beforeSave() hook method to parse the tag string and find/build the related entities. Add the following
to src/Model/Table/BookmarksTable.php:
public function beforeSave($event, $entity, $options)
{
if ($entity->tag_string) {
$entity->tags = $this->_buildTags($entity->tag_string);
}
}
protected function _buildTags($tagString)
{
$new = array_unique(array_map('trim', explode(',', $tagString)));
$out = [];
$query = $this->Tags->find()
->where(['Tags.title IN' => $new]);
// Remove existing tags from the list of new tags.
foreach ($query->extract('title') as $existing) {
$index = array_search($existing, $new);
if ($index !== false) {
unset($new[$index]);
}
}
// Add existing tags.
foreach ($query as $tag) {
$out[] = $tag;
}

68

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

// Add new tags.


foreach ($new as $tag) {
$out[] = $this->Tags->newEntity(['title' => $tag]);
}
return $out;
}

While this code is a bit more complicated than what weve done so far, it helps to showcase how powerful
the ORM in CakePHP is. You can easily manipulate query results using the Collections methods, and handle
scenarios where you are creating entities on the fly with ease.

Wrapping Up
Weve expanded our bookmarking application to handle authentication and basic authorization/access control scenarios. Weve also added some nice UX improvements by leveraging the FormHelper and ORM
capabilities.
Thanks for taking the time to explore CakePHP. Next, you can complete the Blog Tutorial, learn more about
the Database Access & ORM, or you can peruse the /topics.

Blog Tutorial
This tutorial will walk you through the creation of a simple blog application. Well be installing CakePHP,
creating a database, and creating enough application logic to list, add, edit, and delete blog posts.
Heres what youll need:
1. A running web server. Were going to assume youre using Apache, though the instructions for using
other servers should be very similar. We might have to play a little with the server configuration, but
most folks can get CakePHP up and running without any configuration at all. Make sure you have
PHP 5.4.16 or greater, and that the mbstring and intl extensions are enabled in PHP.
2. A database server. Were going to be using MySQL server in this tutorial. Youll need to know enough
about SQL in order to create a database: CakePHP will be taking the reins from there. Since were
using MySQL, also make sure that you have pdo_mysql enabled in PHP.
3. Basic PHP knowledge.
Lets get started!

Getting CakePHP
The easiest way to install CakePHP is to use Composer. Composer is a simple way of installing CakePHP
from your terminal or command line prompt. First, youll need to download and install Composer if you
havent done so already. If you have cURL installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php

Blog Tutorial

69

CakePHP Cookbook Documentation, Release 3.x

Or, you can download composer.phar from the Composer website7 .


Then simply type the following line in your terminal from your installation directory to install the CakePHP
application skeleton in the [app_name] directory.
php composer.phar create-project --prefer-dist cakephp/app [app_name]

The advantage to using Composer is that it will automatically complete some important set up tasks, such
as setting the correct file permissions and creating your config/app.php file for you.
There are other ways to install CakePHP. If you cannot or dont want to use Composer, check out the
Installation section.
Regardless of how you downloaded and installed CakePHP, once your set up is completed, your directory
setup should look something like the following:
/cake_install
/bin
/config
/logs
/plugins
/src
/tests
/tmp
/vendor
/webroot
.editorconfig
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md

Now might be a good time to learn a bit about how CakePHPs directory structure works: check out the
CakePHP Folder Structure section.

Directory Permissions on tmp and logs


The tmp and logs directories need to have proper permissions to be writable by your webserver. If you
used Composer for the install, this should have been done for you and confirmed with a Permissions set on
<folder> message. If you instead got an error message or want to do it manually, the best way would be to
find out what user your webserver runs as (<?= whoami; ?>) and change the ownership of these two
directories to that user. The final command you run (in *nix) might look something like this:
chown -R www-data tmp
chown -R www-data logs

If for some reason CakePHP cant write to these directories, youll be informed by a warning while not in
production mode.
7

70

https://getcomposer.org/download/

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

While not recommended, if you are unable to set the permissions to the same as your webserver, you can
simply set write permissions on the folder by running a command such as:
chmod 777 -R tmp
chmod 777 -R logs

Creating the Blog Database


Next, lets set up the underlying MySQL database for our blog. If you havent already done so, create an
empty database for use in this tutorial, with a name of your choice, e.g. cake_blog. Right now, well
just create a single table to store our articles. Well also throw in a few articles to use for testing purposes.
Execute the following SQL statements into your database:
/* First, create our articles table: */
CREATE TABLE articles (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(50),
body TEXT,
created DATETIME DEFAULT NULL,
modified DATETIME DEFAULT NULL
);
/* Then insert some articles for testing: */
INSERT INTO articles (title,body,created)
VALUES ('The title', 'This is the article body.', NOW());
INSERT INTO articles (title,body,created)
VALUES ('A title once again', 'And the article body follows.', NOW());
INSERT INTO articles (title,body,created)
VALUES ('Title strikes back', 'This is really exciting! Not.', NOW());

The choices on table and column names are not arbitrary. If you follow CakePHPs database naming conventions, and CakePHPs class naming conventions (both outlined in CakePHP Conventions), youll be
able to take advantage of a lot of free functionality and avoid configuration. CakePHP is flexible enough
to accommodate even inconsistent legacy database schemas, but adhering to the conventions will save you
time.
Check out CakePHP Conventions for more information, but its suffice to say that naming our table articles automatically hooks it to our Articles model, and having fields called modified and created will be
automatically managed by CakePHP.

Database Configuration
Next, lets tell CakePHP where our database is and how to connect to it. For many, this will be the first and
last time you will need to configure anything.
The configuration should be pretty straightforward:
just replace the values in the
Datasources.default array in the config/app.php file with those that apply to your setup. A
sample completed configuration array might look something like the following:

Blog Tutorial

71

CakePHP Cookbook Documentation, Release 3.x

return [
// More configuration above.
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'cake_blog',
'password' => 'AngelF00dC4k3~',
'database' => 'cake_blog',
'encoding' => 'utf8',
'timezone' => 'UTC'
],
],
// More configuration below.
];

Once youve saved your config/app.php file, you should be able to open your browser and see the CakePHP
welcome page. It should also tell you that your database connection file was found, and that CakePHP can
successfully connect to the database.
Note: A copy of CakePHPs default configuration file is found in config/app.default.php.

Optional Configuration
There are a few other items that can be configured. Most developers complete these laundry-list items, but
theyre not required for this tutorial. One is defining a custom string (or salt) for use in security hashes.
The security salt is used for generating hashes. If you used Composer this too is taken care of for you during
the install. Else youd need to change the default salt value by editing config/app.php. It doesnt matter
much what the new value is, as long as its not easily guessed:
'Security' => [
'salt' => 'something long and containing lots of different values.',
],

A Note on mod_rewrite
Occasionally new users will run into mod_rewrite issues. For example if the CakePHP welcome page looks
a little funny (no images or CSS styles). This probably means mod_rewrite is not functioning on your
system. Please refer to the URL Rewriting section to help resolve any issues you are having.
Now continue to Blog Tutorial - Part 2 to start building your first CakePHP application.

72

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

Blog Tutorial - Part 2


Create an Article Model
Models are the bread and butter of CakePHP applications. By creating a CakePHP model that will interact
with our database, well have the foundation in place needed to do our view, add, edit, and delete operations
later.
CakePHPs model class files are split between Table and Entity objects. Table objects provide access
to the collection of entities stored in a specific table and go in src/Model/Table. The file well be creating
will be saved to src/Model/Table/ArticlesTable.php. The completed file should look like this:
// src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}

Naming conventions are very important in CakePHP. By naming our Table object ArticlesTable,
CakePHP can automatically infer that this Table object will be used in the ArticlesController, and will
be tied to a database table called articles.
Note: CakePHP will dynamically create a model object for you if it cannot find a corresponding file in
src/Model/Table. This also means that if you accidentally name your file wrong (i.e. articlestable.php or
ArticleTable.php), CakePHP will not recognize any of your settings and will use the a generated model
instead.
For more on models, such as callbacks, and validation, check out the Database Access & ORM chapter of
the Manual.

Create the Articles Controller


Next, well create a controller for our articles. The controller is where all interaction with articles will
happen. In a nutshell, its the place where you play with the business logic contained in the models and get
work related to articles done. Well place this new controller in a file called ArticlesController.php
inside the src/Controller directory. Heres what the basic controller should look like:
// src/Controller/ArticlesController.php
namespace App\Controller;

Blog Tutorial - Part 2

73

CakePHP Cookbook Documentation, Release 3.x

class ArticlesController extends AppController


{
}

Now, lets add an action to our controller. Actions often represent a single function or interface in an
application. For example, when users request www.example.com/articles/index (which is also the same as
www.example.com/articles/), they might expect to see a listing of articles. The code for that action would
look like this:
// src/Controller/ArticlesController.php
namespace App\Controller;
class ArticlesController extends AppController
{
public function index()
{
$articles = $this->Articles->find('all');
$this->set(compact('articles'));
}
}

By defining function index() in our ArticlesController, users can now access the logic there by requesting
www.example.com/articles/index. Similarly, if we were to define a function called foobar(), users would
be able to access that at www.example.com/articles/foobar.
Warning: You may be tempted to name your controllers and actions a certain way to obtain a certain
URL. Resist that temptation. Follow CakePHP conventions (capitalization, plural names, etc.) and create
readable, understandable action names. You can map URLs to your code using routes covered later
on.
The single instruction in the action uses set() to pass data from the controller to the view (which well
create next). The line sets the view variable called articles equal to the return value of the find(all)
method of the Articles table object.
To learn more about CakePHPs controllers, check out the Controllers chapter.

Creating Article Views


Now that we have our data flowing from our model, and our application logic is defined by our controller,
lets create a view for the index action we created above.
CakePHP views are just presentation-flavored fragments that fit inside an applications layout. For most
applications, theyre HTML mixed with PHP, but they may end up as XML, CSV, or even binary data.
A layout is presentation code that is wrapped around a view. Multiple layouts can be defined, and you can
switch between them, but for now, lets just use the default.
Remember in the last section how we assigned the articles variable to the view using the set() method?
That would hand down the query object to the view to be invoked with a foreach iteration.

74

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

CakePHPs template files are stored in src/Template inside a folder named after the controller they correspond to (well have to create a folder named Articles in this case). To format this article data in a nice
table, our view code might look something like this:
<!-- File: src/Template/Articles/index.ctp -->
<h1>Blog articles</h1>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
</tr>
<!-- Here is where we iterate through our $articles query object, printing out article
<?php foreach ($articles as $article): ?>
<tr>
<td><?= $article->id ?></td>
<td>
<?= $this->Html->link($article->title, ['action' => 'view', $article->id]) ?>
</td>
<td>
<?= $article->created->format(DATE_RFC850) ?>
</td>
</tr>
<?php endforeach; ?>
</table>

Hopefully this should look somewhat simple.


You might have noticed the use of an object called $this->Html. This is an instance of the CakePHP
Cake\View\Helper\HtmlHelper class. CakePHP comes with a set of view helpers that make things
like linking, form output a snap. You can learn more about how to use them in Helpers, but whats important
to note here is that the link() method will generate an HTML link with the given title (the first parameter)
and URL (the second parameter).
When specifying URLs in CakePHP, it is recommended that you use the array format. This is explained
in more detail in the section on Routes. Using the array format for URLs allows you to take advantage of
CakePHPs reverse routing capabilities. You can also specify URLs relative to the base of the application in
the form of /controller/action/param1/param2 or use named routes.
At this point, you should be able to point your browser to http://www.example.com/articles/index. You
should see your view, correctly formatted with the title and table listing of the articles.
If you happened to have clicked on one of the links we created in this view (that link a articles title to a
URL /articles/view/some\_id), you were probably informed by CakePHP that the action hasnt
yet been defined. If you were not so informed, either something has gone wrong, or you actually did define
it already, in which case you are very sneaky. Otherwise, well create it in the ArticlesController now:
// src/Controller/ArticlesController.php
namespace App\Controller;

Blog Tutorial - Part 2

75

CakePHP Cookbook Documentation, Release 3.x

class ArticlesController extends AppController


{
public function index()
{
$this->set('articles', $this->Articles->find('all'));
}
public function view($id = null)
{
$article = $this->Articles->get($id);
$this->set(compact('article'));
}
}

The set() call should look familiar. Notice were using get() rather than find(all) because we
only really want a single articles information.
Notice that our view action takes a parameter: the ID of the article wed like to see. This parameter is handed
to the action through the requested URL. If a user requests /articles/view/3, then the value 3 is
passed as $id.
We also do a bit of error checking to ensure a user is actually accessing a record. By using the get() function in the Articles table, we make sure the user has accessed a record that exists. In case the requested article
is not present in the database, or the id is falsey the get() function will throw a NotFoundException.
Now lets create the view for our new view action and place it in src/Template/Articles/view.ctp
<!-- File: src/Template/Articles/view.ctp -->
<h1><?= h($article->title) ?></h1>
<p><?= h($article->body) ?></p>
<p><small>Created: <?= $article->created->format(DATE_RFC850) ?></small></p>

Verify that this is working by trying the links at /articles/index or manually requesting an article by
accessing /articles/view/1.

Adding Articles
Reading from the database and showing us the articles is a great start, but lets allow for the adding of new
articles.
First, start by creating an add() action in the ArticlesController:
// src/Controller/ArticlesController.php
namespace App\Controller;
use App\Controller\AppController;
class ArticlesController extends AppController
{

76

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

public function initialize()


{
parent::initialize();
$this->loadComponent('Flash'); // Include the FlashComponent
}
public function index()
{
$this->set('articles', $this->Articles->find('all'));
}
public function view($id)
{
$article = $this->Articles->get($id);
$this->set(compact('article'));
}
public function add()
{
$article = $this->Articles->newEntity();
if ($this->request->is('post')) {
$article = $this->Articles->patchEntity($article, $this->request->data);
if ($this->Articles->save($article)) {
$this->Flash->success(__('Your article has been saved.'));
return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to add your article.'));
}
$this->set('article', $article);
}
}

Note: You need to include the FlashComponent in any controller where you will use it. If necessary,
include it in your AppController.
Heres what the add() action does: if the HTTP method of the request was POST, try to save the data using
the Articles model. If for some reason it doesnt save, just render the view. This gives us a chance to show
the user validation errors or other warnings.
Every CakePHP request includes a Request object which is accessible using $this->request. The
request object contains useful information regarding the request that was just received, and can be used to
control the flow of your application. In this case, we use the Cake\Network\Request::is() method
to check that the request is a HTTP POST request.
When a user uses a form to POST data to your application, that information is available in
$this->request->data. You can use the pr() or debug() functions to print it out if you want
to see what it looks like.
We use FlashComponents success() and error() methods to set a message to a session vari-

Blog Tutorial - Part 2

77

CakePHP Cookbook Documentation, Release 3.x

able. These methods are provided using PHPs magic method features8 . Flash messages will be
displayed on the page after redirection. In the layout we have <?= $this->Flash->render()
?> which displays the message and clears the corresponding session variable. The controllers
Cake\Controller\Controller::redirect function redirects to another URL. The param
[action => index] translates to URL /articles i.e the index action of the articles controller.
You can refer to Cake\Routing\Router::url() function on the API9 to see the formats in which
you can specify a URL for various CakePHP functions.
Calling the save() method will check for validation errors and abort the save if any occur. Well discuss
how those errors are handled in the following sections.

Data Validation
CakePHP goes a long way toward taking the monotony out of form input validation. Everyone hates coding
up endless forms and their validation routines. CakePHP makes it easier and faster.
To take advantage of the validation features, youll need to use CakePHPs FormHelper in your views. The
Cake\View\Helper\FormHelper is available by default to all views at $this->Form.
Heres our add view:
<!-- File: src/Template/Articles/add.ctp -->
<h1>Add Article</h1>
<?php
echo $this->Form->create($article);
echo $this->Form->input('title');
echo $this->Form->input('body', ['rows' => '3']);
echo $this->Form->button(__('Save Article'));
echo $this->Form->end();
?>

We use the FormHelper to generate the opening tag for an HTML form.
$this->Form->create() generates:

Heres the HTML that

<form method="post" action="/articles/add">

If create() is called with no parameters supplied, it assumes you are building a form that submits via
POST to the current controllers add() action (or edit() action when id is included in the form data).
The $this->Form->input() method is used to create form elements of the same name. The first
parameter tells CakePHP which field they correspond to, and the second parameter allows you to specify a
wide array of options - in this case, the number of rows for the textarea. Theres a bit of introspection and
automagic here: input() will output different form elements based on the model field specified.
The $this->Form->end() call ends the form. Outputting hidden inputs if CSRF/Form Tampering
prevention is enabled.
Now lets go back and update our src/Template/Articles/index.ctp view to include a new Add Article
link. Before the <table>, add the following line:
8
9

78

http://php.net/manual/en/language.oop5.overloading.php#object.call
http://api.cakephp.org

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

<?= $this->Html->link('Add Article', ['action' => 'add']) ?>

You may be wondering: how do I tell CakePHP about my validation requirements? Validation rules are
defined in the model. Lets look back at our Articles model and make a few adjustments:
// src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
public function validationDefault(Validator $validator)
{
$validator
->notEmpty('title')
->notEmpty('body');
return $validator;
}
}

The validationDefault() method tells CakePHP how to validate your data when the save()
method is called. Here, weve specified that both the body and title fields must not be empty. CakePHPs
validation engine is strong, with a number of pre-built rules (credit card numbers, email addresses, etc.) and
flexibility for adding your own validation rules. For more information on that setup, check the Validation
documentation.
Now that your validation rules are in place, use the app to try to add an article with an empty title or body
to see how it works. Since weve used the Cake\View\Helper\FormHelper::input() method of
the FormHelper to create our form elements, our validation error messages will be shown automatically.

Editing Articles
Post editing: here we go. Youre a CakePHP pro by now, so you should have picked up a pattern. Make the
action, then the view. Heres what the edit() action of the ArticlesController would look like:
// src/Controller/ArticlesController.php
public function edit($id = null)
{
$article = $this->Articles->get($id);
if ($this->request->is(['post', 'put'])) {
$this->Articles->patchEntity($article, $this->request->data);
if ($this->Articles->save($article)) {

Blog Tutorial - Part 2

79

CakePHP Cookbook Documentation, Release 3.x

$this->Flash->success(__('Your article has been updated.'));


return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to update your article.'));
}
$this->set('article', $article);
}

This action first ensures that the user has tried to access an existing record. If they havent passed in an $id
parameter, or the article does not exist, we throw a NotFoundException for the CakePHP ErrorHandler
to take care of.
Next the action checks whether the request is either a POST or a PUT request. If it is, then we use the POST
data to update our article entity by using the patchEntity method. Finally we use the table object to save
the entity back or kick back and show the user validation errors.
The edit view might look something like this:
<!-- File: src/Template/Articles/edit.ctp -->
<h1>Edit
<?php
echo
echo
echo
echo
echo
?>

Article</h1>
$this->Form->create($article);
$this->Form->input('title');
$this->Form->input('body', ['rows' => '3']);
$this->Form->button(__('Save Article'));
$this->Form->end();

This view outputs the edit form (with the values populated), along with any necessary validation error
messages.
CakePHP will determine to whether a save() generates an insert, or update statement based on state in
the entity.
You can now update your index view with links to edit specific articles:
<!-- File: src/Template/Articles/index.ctp

(edit links added) -->

<h1>Blog articles</h1>
<p><?= $this->Html->link("Add Article", ['action' => 'add']) ?></p>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
<th>Action</th>
</tr>
<!-- Here's where we iterate through our $articles query object, printing out article info
<?php foreach ($articles as $article): ?>
<tr>

80

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

<td><?= $article->id ?></td>


<td>
<?= $this->Html->link($article->title, ['action' => 'view', $article->id]) ?>
</td>
<td>
<?= $article->created->format(DATE_RFC850) ?>
</td>
<td>
<?= $this->Html->link('Edit', ['action' => 'edit', $article->id]) ?>
</td>
</tr>
<?php endforeach; ?>
</table>

Deleting Articles
Next, lets make a way for users to delete articles. Start with a delete() action in the ArticlesController:
// src/Controller/ArticlesController.php
public function delete($id)
{
$this->request->allowMethod(['post', 'delete']);
$article = $this->Articles->get($id);
if ($this->Articles->delete($article)) {
$this->Flash->success(__('The article with id: {0} has been deleted.', h($id)));
return $this->redirect(['action' => 'index']);
}
}

This logic deletes the article specified by $id, and uses $this->Flash->success() to show the user
a confirmation message after redirecting them on to /articles. If the user attempts to do a delete using a
GET request, the allowMethod will throw an Exception. Uncaught exceptions are captured by CakePHPs
exception handler, and a nice error page is displayed. There are many built-in Exceptions that can be used
to indicate the various HTTP errors your application might need to generate.
Because were just executing some logic and redirecting, this action has no view. You might want to update
your index view with links that allow users to delete articles, however:
<!-- File: src/Template/Articles/index.ctp (delete links added) -->
<h1>Blog articles</h1>
<p><?= $this->Html->link('Add Article', ['action' => 'add']) ?></p>
<table>
<tr>
<th>Id</th>
<th>Title</th>
<th>Created</th>
<th>Actions</th>
</tr>

Blog Tutorial - Part 2

81

CakePHP Cookbook Documentation, Release 3.x

<!-- Here's where we loop through our $articles query object, printing out article info -->
<?php foreach ($articles as $article): ?>
<tr>
<td><?= $article->id ?></td>
<td>
<?= $this->Html->link($article->title, ['action' => 'view', $article->id]) ?>
</td>
<td>
<?= $article->created->format(DATE_RFC850) ?>
</td>
<td>
<?= $this->Form->postLink(
'Delete',
['action' => 'delete', $article->id],
['confirm' => 'Are you sure?'])
?>
<?= $this->Html->link('Edit', ['action' => 'edit', $article->id]) ?>
</td>
</tr>
<?php endforeach; ?>
</table>

Using View\Helper\FormHelper::postLink() will create a link that uses JavaScript to do a


POST request deleting our article. Allowing content to be deleted using GET requests is dangerous, as
web crawlers could accidentally delete all your content.
Note: This view code also uses the FormHelper to prompt the user with a JavaScript confirmation dialog
before they attempt to delete an article.

Routes
For some, CakePHPs default routing works well enough. Developers who are sensitive to user-friendliness
and general search engine compatibility will appreciate the way that CakePHPs URLs map to specific
actions. So well just make a quick change to routes in this tutorial.
For more information on advanced routing techniques, see Connecting Routes.
By default, CakePHP responds to a request for the root of your site (e.g., http://www.example.com) using
its PagesController, rendering a view called home. Instead, well replace this with our ArticlesController
by creating a routing rule.
CakePHPs routing is found in config/routes.php. Youll want to comment out or remove the line that
defines the default root route. It looks like this:
$routes->connect('/', ['controller' => 'Pages', 'action' => 'display', 'home']);

This line connects the URL / with the default CakePHP home page. We want it to connect with our own
controller, so replace that line with this one:

82

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

$routes->connect('/', ['controller' => 'Articles', 'action' => 'index']);

This should connect users requesting / to the index() action of our ArticlesController.
Note:
CakePHP also makes use of reverse routing. If, with the above route defined, you pass
[controller => Articles, action => index] to a function expecting an array,
the resulting URL used will be /. Its therefore a good idea to always use arrays for URLs as this means
your routes define where a URL goes, and also ensures that links point to the same place.

Conclusion
Creating applications this way will win you peace, honor, love, and money beyond even your wildest fantasies. Simple, isnt it? Keep in mind that this tutorial was very basic. CakePHP has many more features to
offer, and is flexible in ways we didnt wish to cover here for simplicitys sake. Use the rest of this manual
as a guide for building more feature-rich applications.
Now that youve created a basic CakePHP application, you can either continue to Blog Tutorial - Part 3,
or start your own project. You can also peruse the /topics or API <http://api.cakephp.org/3.0> to learn
more about CakePHP.
If you need help, there are many ways to get the help you need - please see the Where to Get Help page.
Welcome to CakePHP!
Suggested Follow-up Reading
These are common tasks people learning CakePHP usually want to study next:
1. Layouts: Customizing your website layout
2. Elements: Including and reusing view snippets
3. Code Generation with Bake: Generating basic CRUD code
4. Blog Tutorial - Authentication and Authorization: User authentication and authorization tutorial

Blog Tutorial - Part 3


Create a Tree Category
Lets continue our blog application and imagine we want to categorize our articles. We want the categories
to be ordered, and for this, we will use the Tree behavior to help us organize the categories.
But first, we need to modify our tables.

Blog Tutorial - Part 3

83

CakePHP Cookbook Documentation, Release 3.x

Migrations Plugin
We will use the migrations plugin10 to create a table in our database. If you already have an articles table in
your database, erase it.
Now open your applications composer.json file. Normally you would see that the migrations plugin is
already under require. If not add it as follows:
"require": {
"cakephp/migrations": "~1.0"
}

Then run composer update. The migrations plugin will now be in your applications plugins folder.
Also add Plugin::load(Migrations); in your applications bootstrap.php file.
Once the plugin is loaded, run the following command to create a migration file:
bin/cake migrations create Initial

A migration file will be generated in the /config/Migrations folder. You can open your new migration file and add the following:
<?php
use Phinx\Migration\AbstractMigration;
class Initial extends AbstractMigration
{
public function change()
{
$articles = $this->table('articles');
$articles->addColumn('title', 'string', ['limit' => 50])
->addColumn('body', 'text', ['null' => true, 'default' => null])
->addColumn('category_id', 'integer', ['null' => true, 'default' => null])
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime', ['null' => true, 'default' => null])
->save();

$categories = $this->table('categories');
$categories->addColumn('parent_id', 'integer', ['null' => true, 'default' => null])
->addColumn('lft', 'integer', ['null' => true, 'default' => null])
->addColumn('rght', 'integer', ['null' => true, 'default' => null])
->addColumn('name', 'string', ['limit' => 255])
->addColumn('description', 'string', ['limit' => 255, 'null' => true, 'default'
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime', ['null' => true, 'default' => null])
->save();
}
}

Now run the following command to create your tables:


10

84

https://github.com/cakephp/migrations

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

bin/cake migrations migrate

Modifying the Tables


With our tables set up, we can now focus on categorizing our articles.
We suppose you already have the files (Tables, Controllers and Templates of Articles) from part 2. So well
just add the references to categories.
We need to associated the Articles and Categories
src/Model/Table/ArticlesTable.php file and add the following:

tables

together.

Open

the

// src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
// Just add the belongsTo relation with CategoriesTable
$this->belongsTo('Categories', [
'foreignKey' => 'category_id',
]);
}
}

Generate Skeleton Code for Categories


Create all files by launching bake commands:
bin/cake bake model Categories
bin/cake bake controller Categories
bin/cake bake template Categories

The bake tool has created all your files in a snap. You can give them a quick read if you want re-familiarize
yourself with how CakePHP works.
Note: If you are on Windows remember to use instead of /.

Attach TreeBehavior to CategoriesTable


The TreeBehavior helps you manage hierarchical Tree structures in database table. It uses the MPTT logic11
to manage the data. MPTT tree structures are optimized for reads, which often makes them a good fit for
11

http://www.sitepoint.com/hierarchical-data-database-2/

Blog Tutorial - Part 3

85

CakePHP Cookbook Documentation, Release 3.x

read heavy applications like blogs.


If you open the src/Model/Table/CategoriesTable.php file, youll see that the TreeBehavior has been attached to your CategoriesTable in the initialize() method. Bake adds this behavior to any Tables that
contain lft and rght columns:
$this->addBehavior('Tree');

With the TreeBehavior attached youll be able to access some features like reordering the categories. Well
see that in a moment.
But for now, you have to remove the following inputs in your Categories add and edit template files:
echo $this->Form->input('lft');
echo $this->Form->input('rght');

These fields are automatically managed by the TreeBehavior when a category is saved.
Using your web browser, add some new categories using the /yoursite/categories/add controller
action.

Reordering Categories with TreeBehavior


In your categories index template file, you can list the categories and re-order them.
Lets modify the index method in your CategoriesController.php and add move_up() and
move_down() methods to be able to reorder the categories in the tree:
class CategoriesController extends AppController
{
public function index()
{
$categories = $this->Categories->find('threaded')
->order(['lft' => 'ASC']);
$this->set(compact('categories'));
}
public function move_up($id = null)
{
$this->request->allowMethod(['post', 'put']);
$category = $this->Categories->get($id);
if ($this->Categories->moveUp($category)) {
$this->Flash->success('The category has been moved Up.');
} else {
$this->Flash->error('The category could not be moved up. Please, try again.');
}
return $this->redirect($this->referer(['action' => 'index']));
}
public function move_down($id = null)
{
$this->request->allowMethod(['post', 'put']);
$category = $this->Categories->get($id);

86

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

if ($this->Categories->moveDown($category)) {
$this->Flash->success('The category has been moved down.');
} else {
$this->Flash->error('The category could not be moved down. Please, try again.')
}
return $this->redirect($this->referer(['action' => 'index']));
}
}

In src/Template/Categories/index.ctp replace the existing content with:

<div class="actions columns large-2 medium-3">


<h3><?= __('Actions') ?></h3>
<ul class="side-nav">
<li><?= $this->Html->link(__('New Category'), ['action' => 'add']) ?></li>
</ul>
</div>
<div class="categories index large-10 medium-9 columns">
<table cellpadding="0" cellspacing="0">
<thead>
<tr>
<th>id</th>
<th>Parent Id</th>
<th>Title</th>
<th>Lft</th>
<th>Rght</th>
<th>Name</th>
<th>Description</th>
<th>Created</th>
<th class="actions"><?= __('Actions') ?></th>
</tr>
</thead>
<tbody>
<?php foreach ($categories as $category): ?>
<tr>
<td><?= $this->Number->format($category->id) ?></td>
<td><?= $this->Number->format($category->parent_id) ?></td>
<td><?= $this->Number->format($category->lft) ?></td>
<td><?= $this->Number->format($category->rght) ?></td>
<td><?= h($category->name) ?></td>
<td><?= h($category->description) ?></td>
<td><?= h($category->created) ?></td>
<td class="actions">
<?= $this->Html->link(__('View'), ['action' => 'view', $category->id]) ?>
<?= $this->Html->link(__('Edit'), ['action' => 'edit', $category->id]) ?>
<?= $this->Form->postLink(__('Delete'), ['action' => 'delete', $category->i
<?= $this->Form->postLink(__('Move down'), ['action' => 'move_down', $categ
<?= $this->Form->postLink(__('Move up'), ['action' => 'move_up', $category</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>

Blog Tutorial - Part 3

87

CakePHP Cookbook Documentation, Release 3.x

</div>

Modifying the ArticlesController


In our ArticlesController, well get the list of all the categories. This will allow us to choose a
category for an Article when creating or editing it:
// src/Controller/ArticlesController.php
namespace App\Controller;
use Cake\Network\Exception\NotFoundException;
class ArticlesController extends AppController
{
// ...
public function add()
{
$article = $this->Articles->newEntity();
if ($this->request->is('post')) {
$article = $this->Articles->patchEntity($article, $this->request->data);
if ($this->Articles->save($article)) {
$this->Flash->success(__('Your article has been saved.'));
return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to add your article.'));
}
$this->set('article', $article);
// Just added the categories list to be able to choose
// one category for an article
$categories = $this->Articles->Categories->find('treeList');
$this->set(compact('categories'));
}
}

Modifying the Articles Templates


The article add file should look something like this:
<!-- File: src/Template/Articles/add.ctp -->
<h1>Add Article</h1>
<?php
echo $this->Form->create($article);
// just added the categories input
echo $this->Form->input('categories');
echo $this->Form->input('title');

88

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->input('body', ['rows' => '3']);


echo $this->Form->button(__('Save Article'));
echo $this->Form->end();

When you go to the address /yoursite/articles/add you should see a list of categories to choose.

Blog Tutorial - Authentication and Authorization


Following our Blog Tutorial example, imagine we wanted to secure access to certain URLs, based on the
logged-in user. We also have another requirement: to allow our blog to have multiple authors who can
create, edit, and delete their own articles while disallowing other authors to make any changes to articles
they do not own.

Creating All User-Related Code


First, lets create a new table in our blog database to hold our users data:
CREATE TABLE users (
id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
password VARCHAR(255),
role VARCHAR(20),
created DATETIME DEFAULT NULL,
modified DATETIME DEFAULT NULL
);

We have adhered to the CakePHP conventions in naming tables, but were also taking advantage of another
convention: By using the username and password columns in a users table, CakePHP will be able to autoconfigure most things for us when implementing the user login.
Next step is to create our Users table, responsible for finding, saving and validating any user data:
// src/Model/Table/UsersTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class UsersTable extends Table
{
public function validationDefault(Validator $validator)
{
return $validator
->notEmpty('username', 'A username is required')
->notEmpty('password', 'A password is required')
->notEmpty('role', 'A role is required')
->add('role', 'inList', [
'rule' => ['inList', ['admin', 'author']],
'message' => 'Please enter a valid role'

Blog Tutorial - Authentication and Authorization

89

CakePHP Cookbook Documentation, Release 3.x

]);
}
}

Lets also create our UsersController. The following content corresponds to parts of a basic baked UsersController class using the code generation utilities bundled with CakePHP:
// src/Controller/UsersController.php
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class UsersController extends AppController
{
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
$this->Auth->allow('add');
}
public function index()
{
$this->set('users', $this->Users->find('all'));
}
public function view($id)
{
$user = $this->Users->get($id);
$this->set(compact('user'));
}
public function add()
{
$user = $this->Users->newEntity();
if ($this->request->is('post')) {
$user = $this->Users->patchEntity($user, $this->request->data);
if ($this->Users->save($user)) {
$this->Flash->success(__('The user has been saved.'));
return $this->redirect(['action' => 'add']);
}
$this->Flash->error(__('Unable to add the user.'));
}
$this->set('user', $user);
}
}

In the same way we created the views for our articles or by using the code generation tool, we can implement
the user views. For the purpose of this tutorial, we will show just the add.ctp:

90

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

<!-- src/Template/Users/add.ctp -->


<div class="users form">
<?= $this->Form->create($user) ?>
<fieldset>
<legend><?= __('Add User') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
<?= $this->Form->input('role', [
'options' => ['admin' => 'Admin', 'author' => 'Author']
]) ?>
</fieldset>
<?= $this->Form->button(__('Submit')); ?>
<?= $this->Form->end() ?>
</div>

Authentication (Login and Logout)


Were now ready to add our authentication layer.
In CakePHP this is handled by the
Cake\Controller\Component\AuthComponent, a class responsible for requiring login for certain actions, handling user login and logout, and also authorizing logged-in users to the actions they are
allowed to reach.
To add this component to your application open your src/Controller/AppController.php file and add the
following lines:
// src/Controller/AppController.php
namespace App\Controller;
use Cake\Controller\Controller;
use Cake\Event\Event;
class AppController extends Controller
{
//...
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'
],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}

Blog Tutorial - Authentication and Authorization

91

CakePHP Cookbook Documentation, Release 3.x

public function beforeFilter(Event $event)


{
$this->Auth->allow(['index', 'view', 'display']);
}
//...
}

There is not much to configure, as we used the conventions for the users table. We just set up the URLs
that will be loaded after the login and logout actions is performed, in our case to /articles/ and /
respectively.
What we did in the beforeFilter() function was to tell the AuthComponent to not require a login for
all index() and view() actions, in every controller. We want our visitors to be able to read and list the
entries without registering in the site.
Now, we need to be able to register new users, save their username and password, and more importantly,
hash their password so it is not stored as plain text in our database. Lets tell the AuthComponent to let
un-authenticated users access the users add function and implement the login and logout action:
// src/Controller/UsersController.php
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
// Allow users to register and logout.
// You should not add the "login" action to allow list. Doing so would
// cause problems with normal functioning of AuthComponent.
$this->Auth->allow(['add', 'logout']);
}
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
}
$this->Flash->error(__('Invalid username or password, try again'));
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}

Password hashing is not done yet, we need an Entity class for our User in order to handle its own specific
logic. Create the src/Model/Entity/User.php entity file and add the following:
// src/Model/Entity/User.php
namespace App\Model\Entity;

92

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// Make all fields mass assignable for now.
protected $_accessible = ['*' => true];
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}

Now every time the password property is assigned to the user it will be hashed using the
DefaultPasswordHasher class. Were just missing a template view file for the login function. Open
up your src/Template/Users/login.ctp file and add the following lines:
<!-- File: src/Template/Users/login.ctp -->
<div class="users form">
<?= $this->Flash->render('auth') ?>
<?= $this->Form->create() ?>
<fieldset>
<legend><?= __('Please enter your username and password') ?></legend>
<?= $this->Form->input('username') ?>
<?= $this->Form->input('password') ?>
</fieldset>
<?= $this->Form->button(__('Login')); ?>
<?= $this->Form->end() ?>
</div>

You can now register a new user by accessing the /users/add URL and log in with the newly created
credentials by going to /users/login URL. Also, try to access any other URL that was not explicitly
allowed such as /articles/add, you will see that the application automatically redirects you to the login
page.
And thats it! It looks too simple to be true. Lets go back a bit to explain what happened. The
beforeFilter() function is telling the AuthComponent to not require a login for the add() action in addition to the index() and view() actions that were already allowed in the AppControllers
beforeFilter() function.
The login() action calls the $this->Auth->identify() function in the AuthComponent, and it
works without any further config because we are following conventions as mentioned earlier. That is, having
a Users table with a username and a password column, and use a form posted to a controller with the user
data. This function returns whether the login was successful or not, and in the case it succeeds, then we
redirect the user to the configured redirection URL that we used when adding the AuthComponent to our
application.
Blog Tutorial - Authentication and Authorization

93

CakePHP Cookbook Documentation, Release 3.x

The logout works by just accessing the /users/logout URL and will redirect the user to the configured
logoutUrl formerly described. This URL is the result of the AuthComponent::logout() function on
success.

Authorization (whos allowed to access what)


As stated before, we are converting this blog into a multi-user authoring tool, and in order to do this, we
need to modify the articles table a bit to add the reference to the Users table:
ALTER TABLE articles ADD COLUMN user_id INT(11);

Also, a small change in the ArticlesController is required to store the currently logged in user as a reference
for the created article:
// src/Controller/ArticlesController.php
public function add()
{
$article = $this->Articles->newEntity();
if ($this->request->is('post')) {
$article = $this->Articles->patchEntity($article, $this->request->data);
// Added this line
$article->user_id = $this->Auth->user('id');
// You could also do the following
//$newData = ['user_id' => $this->Auth->user('id')];
//$article = $this->Articles->patchEntity($article, $newData);
if ($this->Articles->save($article)) {
$this->Flash->success(__('Your article has been saved.'));
return $this->redirect(['action' => 'index']);
}
$this->Flash->error(__('Unable to add your article.'));
}
$this->set('article', $article);
}

The user() function provided by the component returns any column from the currently logged in user.
We used this method to add the data into the request info that is saved.
Lets secure our app to prevent some authors from editing or deleting the others articles. Basic rules for
our app are that admin users can access every URL, while normal users (the author role) can only access the
permitted actions. Again, open the AppController class and add a few more options to the Auth config:
// src/Controller/AppController.php
public function initialize()
{
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'authorize' => ['Controller'], // Added this line
'loginRedirect' => [
'controller' => 'Articles',
'action' => 'index'

94

Chapter 4. Tutorials & Examples

CakePHP Cookbook Documentation, Release 3.x

],
'logoutRedirect' => [
'controller' => 'Pages',
'action' => 'display',
'home'
]
]);
}
public function isAuthorized($user)
{
// Admin can access every action
if (isset($user['role']) && $user['role'] === 'admin') {
return true;
}
// Default deny
return false;
}

We just created a very simple authorization mechanism. In this case the users with role admin will be able
to access any URL in the site when logged in, but the rest of them (i.e the role author) cant do anything
different from not logged in users.
This is not exactly what we wanted, so we need to supply more rules to our isAuthorized() method.
But instead of doing it in AppController, lets delegate each controller to supply those extra rules. The rules
were going to add to ArticlesController should allow authors to create articles but prevent the edition of
articles if the author does not match. Open the file ArticlesController.php and add the following
content:
// src/Controller/ArticlesController.php
public function isAuthorized($user)
{
// All registered users can add articles
if ($this->request->action === 'add') {
return true;
}
// The owner of an article can edit and delete it
if (in_array($this->request->action, ['edit', 'delete'])) {
$articleId = (int)$this->request->params['pass'][0];
if ($this->Articles->isOwnedBy($articleId, $user['id'])) {
return true;
}
}
return parent::isAuthorized($user);
}

Were now overriding the AppControllers isAuthorized() call and internally checking if the parent
class is already authorizing the user. If he isnt, then just allow him to access the add action, and conditionally
access edit and delete. One final thing has not been implemented. To tell whether or not the user is authorized
Blog Tutorial - Authentication and Authorization

95

CakePHP Cookbook Documentation, Release 3.x

to edit the article, were calling a isOwnedBy() function in the Articles table. Lets then implement that
function:
// src/Model/Table/ArticlesTable.php
public function isOwnedBy($articleId, $userId)
{
return $this->exists(['id' => $articleId, 'user_id' => $userId]);
}

This concludes our simple authentication and authorization tutorial. For securing the UsersController you
can follow the same technique we did for ArticlesController. You could also be more creative and code
something more general in AppController based on your own rules.
Should you need more control, we suggest you read the complete Auth guide in the Authentication section
where you will find more about configuring the component, creating custom Authorization classes, and
much more.
Suggested Follow-up Reading
1. Code Generation with Bake Generating basic CRUD code
2. Authentication: User registration and login

96

Chapter 4. Tutorials & Examples

CHAPTER 5

Contributing

There are a number of ways you can contribute to CakePHP. The following sections cover the various ways
you can contribute to CakePHP:

Documentation
Contributing to the documentation is simple. The files are hosted on https://github.com/cakephp/docs. Feel
free to fork the repo, add your changes/improvements/translations and give back by issuing a pull request.
You can even edit the docs online with GitHub, without ever downloading the files the Improve this Doc
button on any given page will direct you to GitHubs online editor for that page.
CakePHP documentation is continuously integrated1 , so you can check the status of the various builds2 on
the Jenkins server at any time.

Translations
Email the docs team (docs at cakephp dot org) or hop on IRC (#cakephp on freenode) to discuss any translation efforts you would like to participate in.
New Translation Language
We want to provide translations that are as complete as possible. However, there may be times where
a translation file is not up-to-date. You should always consider the English version as the authoritative
version.
If your language is not in the current languages, please contact us through Github and we will consider
creating a skeleton folder for it. The following sections are the first one you should consider translating as
these files dont change often:
1
2

http://en.wikipedia.org/wiki/Continuous_integration
http://ci.cakephp.org

97

CakePHP Cookbook Documentation, Release 3.x

index.rst
intro.rst
quickstart.rst
installation.rst
/intro folder
/tutorials-and-examples folder
Reminder for Docs Administrators
The structure of all language folders should mirror the English folder structure. If the structure changes for
the English version, we should apply those changes in the other languages.
For example, if a new English file is created in en/file.rst, we should:
Add the file in all other languages : fr/file.rst, zh/file.rst, ...
Delete the content, but keeping the title, meta information and eventual toc-tree elements.
The following note will be added while nobody has translated the file:
File Title
##########
.. note::
The documentation is not currently supported in XX language for this
page.
Please feel free to send us a pull request on
`Github <https://github.com/cakephp/docs>`_ or use the **Improve This Doc**
button to directly propose your changes.
You can refer to the English version in the select top menu to have
information about this page's topic.
// If toc-tree elements are in the English version
.. toctree::
:maxdepth: 1
one-toc-file
other-toc-file
.. meta::
:title lang=xx: File Title
:keywords lang=xx: title, description,...

Translator tips
Browse and edit in the language you want the content to be translated to - otherwise you wont see
what has already been translated.

98

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

Feel free to dive right in if your chosen language already exists on the book.
Use Informal Form3 .
Translate both the content and the title at the same time.
Do compare to the English content before submitting a correction (if you correct something, but dont
integrate an upstream change your submission wont be accepted).
If you need to write an English term, wrap it in <em> tags. E.g. asdf asdf Controller asdf or asdf
asdf Kontroller (Controller) asfd as appropriate.
Do not submit partial translations.
Do not edit a section with a pending change.
Do not use HTML entities4 for accented characters, the book uses UTF-8.
Do not significantly change the markup (HTML) or add new content
If the original content is missing some info, submit an edit for that first.

Documentation Formatting Guide


The new CakePHP documentation is written with ReST formatted text5 . ReST (Re Structured Text) is a
plain text markup syntax similar to markdown, or textile. To maintain consistency it is recommended that
when adding to the CakePHP documentation you follow the guidelines here on how to format and structure
your text.
Line Length
Lines of text should be wrapped at 80 columns. The only exception should be long URLs, and code snippets.
Headings and Sections
Section headers are created by underlining the title with punctuation characters at least the length of the text.
# Is used to denote page titles.
= Is used for sections in a page.
- Is used for subsections.
~ Is used for sub-subsections
^ Is used for sub-sub-sections.
Headings should not be nested more than 5 levels deep. Headings should be preceded and followed by a
blank line.
3

http://en.wikipedia.org/wiki/Register_(linguistics)
http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references
5
http://en.wikipedia.org/wiki/ReStructuredText
4

Documentation

99

CakePHP Cookbook Documentation, Release 3.x

Paragraphs
Paragraphs are simply blocks of text, with all the lines at the same level of indentation. Paragraphs should
be separated by more than one empty line.
Inline Markup
One asterisk: text for emphasis (italics) Well use it for general highlighting/emphasis.
*text*.
Two asterisks: text for strong emphasis (boldface) Well use it for working directories, bullet list
subject, table names and excluding the following word table.
**/config/Migrations**, **articles**, etc.
Two backquotes: text for code samples Well use it for names of method options, names of table
columns, object names, excluding the following word object and for method/function names
include ().
cascadeCallbacks,
config(), etc.

true,

id,

PagesController,

If asterisks or backquotes appear in running text and could be confused with inline markup delimiters, they
have to be escaped with a backslash.
Inline markup has a few restrictions:
It may not be nested.
Content may not start or end with whitespace: * text* is wrong.
Content must be separated from surrounding text by non-word characters. Use a backslash escaped
space to work around that: onelong\ *bolded*\ word.
Lists
List markup is very similar to markdown. Unordered lists are indicated by starting a line with a single
asterisk and a space. Numbered lists can be created with either numerals, or # for auto numbering:
* This is a bullet
* So is this. But this line
has two lines.
1. First line
2. Second line
#. Automatic numbering
#. Will save you some time.

Indented lists can also be created, by indenting sections and separating them with an empty line:

100

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

* First line
* Second line
* Going deeper
* Whoah
* Back to the first level.

Definition lists can be created by doing the following:


term
definition
CakePHP
An MVC framework for PHP

Terms cannot be more than one line, but definitions can be multi-line and all lines should be indented
consistently.
Links
There are several kinds of links, each with their own uses.
External Links

Links to external documents can be with the following:


`External Link <http://example.com>`_

The above would generate a link pointing to http://example.com


Links to Other Pages

:doc:
Other pages in the documentation can be linked to using the :doc: role. You can link to the specified
document using either an absolute or relative path reference. You should omit the .rst extension.
For example, if the reference :doc:form appears in the document core-helpers/html,
then the link references core-helpers/form. If the reference was :doc:/core-helpers,
it would always reference /core-helpers regardless of where it was used.
Cross Referencing Links

:ref:
You can cross reference any arbitrary title in any document using the :ref: role. Link label targets
must be unique across the entire documentation. When creating labels for class methods, its best to
use class-method as the format for your link label.
The most common use of labels is above a title. Example:

Documentation

101

CakePHP Cookbook Documentation, Release 3.x

.. _label-name:
Section heading
--------------More content here.

Elsewhere you could reference the above section using :ref:label-name. The links text
would be the title that the link preceded. You can also provide custom link text using :ref:Link
text <label-name>.
Describing Classes and their Contents
The CakePHP documentation uses the phpdomain6 to provide custom directives for describing PHP objects
and constructs. Using these directives and roles is required to give proper indexing and cross referencing
features.
Describing Classes and Constructs
Each directive populates the index, and or the namespace index.
.. php:global:: name
This directive declares a new PHP global variable.
.. php:function:: name(signature)
Defines a new global function outside of a class.
.. php:const:: name
This directive declares a new PHP constant, you can also use it nested inside a class directive to create
class constants.
.. php:exception:: name
This directive declares a new Exception in the current namespace. The signature can include constructor arguments.
.. php:class:: name
Describes a class. Methods, attributes, and constants belonging to the class should be inside this
directives body:
.. php:class:: MyClass
Class description
.. php:method:: method($argument)
Method description

Attributes, methods and constants dont need to be nested. They can also just follow the class declaration:
6

http://pypi.python.org/pypi/sphinxcontrib-phpdomain

102

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

.. php:class:: MyClass
Text about the class
.. php:method:: methodName()
Text about the method

See also:
php:method, php:attr, php:const
.. php:method:: name(signature)
Describe a class method, its arguments, return value, and exceptions:
.. php:method:: instanceMethod($one, $two)
:param string $one: The first parameter.
:param string $two: The second parameter.
:returns: An array of stuff.
:throws: InvalidArgumentException
This is an instance method.

.. php:staticmethod:: ClassName::methodName(signature)
Describe a static method, its arguments, return value and exceptions, see php:method for options.
.. php:attr:: name
Describe an property/attribute on a class.
Cross Referencing

The following roles refer to PHP objects and links are generated if a matching directive is found:
:php:func:
Reference a PHP function.
:php:global:
Reference a global variable whose name has $ prefix.
:php:const:
Reference either a global constant, or a class constant. Class constants should be preceded by the
owning class:
DateTime has an :php:const:`DateTime::ATOM` constant.

:php:class:
Reference a class by name:
:php:class:`ClassName`

:php:meth:
Reference a method of a class. This role supports both kinds of methods:

Documentation

103

CakePHP Cookbook Documentation, Release 3.x

:php:meth:`DateTime::setDate`
:php:meth:`Classname::staticMethod`

:php:attr:
Reference a property on an object:
:php:attr:`ClassName::$propertyName`

:php:exc:
Reference an exception.
Source Code
Literal code blocks are created by ending a paragraph with ::. The literal block must be indented, and like
all paragraphs be separated by single lines:
This is a paragraph::
while ($i--) {
doStuff()
}
This is regular text again.

Literal text is not modified or formatted, save that one level of indentation is removed.
Notes and Warnings
There are often times when you want to inform the reader of an important tip, special note or a potential
hazard. Admonitions in sphinx are used for just that. There are fives kinds of admonitions.
.. tip:: Tips are used to document or re-iterate interesting or important information. The content of the directive should be written in complete sentences and include all appropriate punctuation.
.. note:: Notes are used to document an especially important piece of information. The content
of the directive should be written in complete sentences and include all appropriate punctuation.
.. warning:: Warnings are used to document potential stumbling blocks, or information pertaining to security. The content of the directive should be written in complete sentences and include
all appropriate punctuation.
.. versionadded:: X.Y.Z Version added admonitions are used to display notes specific
to new features added at a specific version, X.Y.Z being the version on which the said feature was
added.
.. deprecated:: X.Y.Z As opposed to version added admonitions, deprecated admonition are used to notify of a deprecated feature, X.Y.Z being the version on which the said feature
was deprecated.
All admonitions are made the same:

104

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

.. note::
Indented and preceded and followed by a blank line. Just like a
paragraph.
This text is not part of the note.

Samples

Tip: This is a helpful tid-bit you probably forgot.


Note: You should pay attention here.
Warning: It could be dangerous.
New in version 2.6.3: This awesome feature was added on version 2.6.3
Deprecated since version 2.6.3: This old feature was deprecated on version 2.6.3

Tickets
Getting feedback and help from the community in the form of tickets is an extremely important part of the
CakePHP development process. All of CakePHPs tickets are hosted on GitHub7 .

Reporting Bugs
Well written bug reports are very helpful. There are a few steps to help create the best bug report possible:
Do search8 for a similar existing ticket, and ensure someone hasnt already reported your issue, or
that it hasnt already been fixed in the repository.
Do include detailed instructions on how to reproduce the bug. This could be in the form of test cases
or a code snippet that demonstrates the issue. Not having a way to reproduce an issue, means its less
likely to get fixed.
Do give as many details as possible about your environment: (OS, PHP version, CakePHP version).
Dont use the ticket system to ask support questions. Use the Google Group9 , the #cakephp IRC
channel or Stack Overflow <https://stackoverflow.com/questions/tagged/cakephp> for that.
7

https://github.com/cakephp/cakephp/issues
https://github.com/cakephp/cakephp/search?q=it+is+broken&ref=cmdform&type=Issues
9
http://groups.google.com/group/cake-php
8

Tickets

105

CakePHP Cookbook Documentation, Release 3.x

Reporting Security Issues


If youve found a security issue in CakePHP, please use the following procedure instead of the normal bug
reporting system. Instead of using the bug tracker, mailing list or IRC please send an email to security [at]
cakephp.org. Emails sent to this address go to the CakePHP core team on a private mailing list.
For each report, we try to first confirm the vulnerability. Once confirmed, the CakePHP team will take the
following actions:
Acknowledge to the reporter that weve received the issue, and are working on a fix. We ask that the
reporter keep the issue confidential until we announce it.
Get a fix/patch prepared.
Prepare a post describing the vulnerability, and the possible exploits.
Release new versions of all affected versions.
Prominently feature the problem in the release announcement.

Code
Patches and pull requests are a great way to contribute code back to CakePHP. Pull requests can be created
in GitHub, and are preferred over patch files in ticket comments.

Initial Setup
Before working on patches for CakePHP, its a good idea to get your environment setup. Youll need the
following software:
Git
PHP 5.4.16 or greater
PHPUnit 3.7.0 or greater
Set up your user information with your name/handle and working email address:
git config --global user.name 'Bob Barker'
git config --global user.email '[email protected]'

Note: If you are new to Git, we highly recommend you to read the excellent and free ProGit10 book.
Get a clone of the CakePHP source code from GitHub:
If you dont have a GitHub11 account, create one.
Fork the CakePHP repository12 by clicking the Fork button.
10

http://git-scm.com/book/
http://github.com
12
http://github.com/cakephp/cakephp
11

106

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

After your fork is made, clone your fork to your local machine:
git clone [email protected]:YOURNAME/cakephp.git

Add the original CakePHP repository as a remote repository. Youll use this later to fetch changes from the
CakePHP repository. This will let you stay up to date with CakePHP:
cd cakephp
git remote add upstream git://github.com/cakephp/cakephp.git

Now that you have CakePHP setup you should be able to define a $test database connection, and run all
the tests.

Working on a Patch
Each time you want to work on a bug, feature or enhancement create a topic branch.
The branch you create should be based on the version that your fix/enhancement is for. For example if you
are fixing a bug in 2.3 you would want to use the 2.3 branch as the base for your branch. If your change
is a bug fix for the current stable release, you should use the master branch. This makes merging your
changes in later much simpler:
# fixing a bug on 2.3
git fetch upstream
git checkout -b ticket-1234 upstream/2.3

Tip: Use a descriptive name for your branch, referencing the ticket or feature name is a good convention.
e.g. ticket-1234, feature-awesome
The above will create a local branch based on the upstream (CakePHP) 2.3 branch. Work on your fix, and
make as many commits as you need; but keep in mind the following:
Follow the Coding Standards.
Add a test case to show the bug is fixed, or that the new feature works.
Keep your commits logical, and write good clear and concise commit messages.

Submitting a Pull Request


Once your changes are done and youre ready for them to be merged into CakePHP, youll want to update
your branch:
git
git
git
git
git

checkout 2.3
fetch upstream
merge upstream/2.3
checkout <branch_name>
rebase 2.3

This will fetch + merge in any changes that have happened in CakePHP since you started. It will then rebase
- or replay your changes on top of the current code. You might encounter a conflict during the rebase. If
Code

107

CakePHP Cookbook Documentation, Release 3.x

the rebase quits early you can see which files are conflicted/un-merged with git status. Resolve each
conflict, and then continue the rebase:
git add <filename> # do this for each conflicted file.
git rebase --continue

Check that all your tests continue to pass. Then push your branch to your fork:
git push origin <branch-name>

Once your branch is on GitHub, you can discuss it on the cakephp-core13 mailing list or submit a pull request
on GitHub.
Choosing Where Your Changes will be Merged Into
When making pull requests you should make sure you select the correct base branch, as you cannot edit it
once the pull request is created.
If your change is a bugfix and doesnt introduce new functionality and only corrects existing behavior
that is present in the current release. Then choose master as your merge target.
If your change is a new feature or an addition to the framework, then you should choose the branch
with the next version number. For example if the current stable release is 2.2.2, the branch accepting
new features will be 2.3
If your change is a breaks existing functionality, or APIs then youll have to choose then next major
release. For example, if the current release is 2.2.2 then the next time existing behavior can be
broken will be in 3.0 so you should target that branch.
Note: Remember that all code you contribute to CakePHP will be licensed under the MIT License, and the
Cake Software Foundation14 will become the owner of any contributed code. Contributors should follow
the CakePHP Community Guidelines15 .
All bug fixes merged into a maintenance branch will also be merged into upcoming releases periodically by
the core team.

Coding Standards
CakePHP developers will use the PSR-2 coding style guide16 in addition to the following rules as coding
standards.
It is recommended that others developing CakeIngredients follow the same standards.
You can use the CakePHP Code Sniffer17 to check that your code follows required standards.
13

http://groups.google.com/group/cakephp-core
http://cakefoundation.org/pages/about
15
http://community.cakephp.org/guidelines
16
http://www.php-fig.org/psr/psr-2/
17
https://github.com/cakephp/cakephp-codesniffer
14

108

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

Adding New Features


No new features should be added, without having their own tests which should be passed before committing them to the repository.

Indentation
Four spaces will be used for indentation.
So, indentation should look like this:
// base level
// level 1
// level 2
// level 1
// base level

Or:
$booleanVariable = true;
$stringVariable = 'moose';
if ($booleanVariable) {
echo 'Boolean value is true';
if ($stringVariable === 'moose') {
echo 'We have encountered a moose';
}
}

Line Length
It is recommended to keep lines at approximately 100 characters long for better code readability. Lines must
not be longer than 120 characters.
In short:
100 characters is the soft limit.
120 characters is the hard limit.

Control Structures
Control structures are for example if, for, foreach, while, switch etc. Below, an example with if:
if ((expr_1) || (expr_2)) {
// action_1;
} elseif (!(expr_3) && (expr_4)) {
// action_2;
} else {
// default_action;
}

Coding Standards

109

CakePHP Cookbook Documentation, Release 3.x

In the control structures there should be 1 (one) space before the first parenthesis and 1 (one) space
between the last parenthesis and the opening bracket.
Always use curly brackets in control structures, even if they are not needed. They increase the readability of the code, and they give you fewer logical errors.
Opening curly brackets should be placed on the same line as the control structure. Closing curly
brackets should be placed on new lines, and they should have same indentation level as the control
structure. The statement included in curly brackets should begin on a new line, and code contained
within it should gain a new level of indentation.
Inline assignments should not be used inside of the control structures.
// wrong = no brackets, badly placed statement
if (expr) statement;
// wrong = no brackets
if (expr)
statement;
// good
if (expr) {
statement;
}
// wrong = inline assignment
if ($variable = Class::function()) {
statement;
}
// good
$variable = Class::function();
if ($variable) {
statement;
}

Ternary Operator
Ternary operators are permissible when the entire ternary operation fits on one line. Longer ternaries should
be split into if else statements. Ternary operators should not ever be nested. Optionally parentheses can
be used around the condition check of the ternary for clarity:
// Good, simple and readable
$variable = isset($options['variable']) ? $options['variable'] : true;

// Nested ternaries are bad


$variable = isset($options['variable']) ? isset($options['othervar']) ? true : false : fals

110

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

Template Files
In template files (.ctp files) developers should use keyword control structures. Keyword control structures
are easier to read in complex template files. Control structures can either be contained in a larger PHP block,
or in separate PHP tags:
<?php
if ($isAdmin):
echo '<p>You are the admin user.</p>';
endif;
?>
<p>The following is also acceptable:</p>
<?php if ($isAdmin): ?>
<p>You are the admin user.</p>
<?php endif; ?>

Comparison
Always try to be as strict as possible. If a none strict test is deliberate it might be wise to comment it as such
to avoid confusing it for a mistake.
For testing if a variable is null, it is recommended to use a strict check:
if ($value === null) {
// ...
}

The value to check against should be placed on the right side:


// not recommended
if (null === $this->foo()) {
// ...
}
// recommended
if ($this->foo() === null) {
// ...
}

Function Calls
Functions should be called without space between functions name and starting parenthesis. There should
be one space between every parameter of a function call:
$var = foo($bar, $bar2, $bar3);

As you can see above there should be one space on both sides of equals sign (=).

Coding Standards

111

CakePHP Cookbook Documentation, Release 3.x

Method Definition
Example of a method definition:
public function someFunction($arg1, $arg2 = '')
{
if (expr) {
statement;
}
return $var;
}

Parameters with a default value, should be placed last in function definition. Try to make your functions
return something, at least true or false, so it can be determined whether the function call was successful:
public function connection($dns, $persistent = false)
{
if (is_array($dns)) {
$dnsInfo = $dns;
} else {
$dnsInfo = BD::parseDNS($dns);
}
if (!($dnsInfo) || !($dnsInfo['phpType'])) {
return $this->addError();
}
return true;
}

There are spaces on both side of the equals sign.


Typehinting
Arguments that expect objects, arrays or callbacks (callable) can be typehinted. We only typehint public
methods, though, as typehinting is not cost-free:
/**
* Some method description.
*
* @param Model $Model The model to use.
* @param array $array Some array value.
* @param callable $callback Some callback.
* @param boolean $boolean Some boolean value.
*/
public function foo(Model $Model, array $array, callable $callback, $boolean)
{
}

Here $Model must be an instance of Model, $array must be an array and $callback must be of
type callable (a valid callback).
Note that if you want to allow $array to be also an instance of ArrayObject you should not typehint
as array accepts only the primitive type:
112

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

/**
* Some method description.
*
* @param array|ArrayObject $array Some array value.
*/
public function foo($array)
{
}

Anonymous Functions (Closures)


Defining anonymous functions follows the PSR-218 coding style guide, where they are declared with a space
after the function keyword, and a space before and after the use keyword:
$closure = function ($arg1, $arg2) use ($var1, $var2) {
// code
};

Method Chaining
Method chaining should have multiple methods spread across separate lines, and indented with one tab:
$email->from('[email protected]')
->to('[email protected]')
->subject('A great message')
->send();

Commenting Code
All comments should be written in English, and should in a clear way describe the commented block of
code.
Comments can include the following phpDocumentor19 tags:
@author20
@copyright21
@deprecated22 Using the @version <vector> <description> format, where version
and description are mandatory.
@example23
@ignore24
18

http://www.php-fig.org/psr/psr-2/
http://phpdoc.org
20
http://phpdoc.org/docs/latest/references/phpdoc/tags/author.html
21
http://phpdoc.org/docs/latest/references/phpdoc/tags/copyright.html
22
http://phpdoc.org/docs/latest/references/phpdoc/tags/deprecated.html
23
http://phpdoc.org/docs/latest/references/phpdoc/tags/example.html
24
http://phpdoc.org/docs/latest/references/phpdoc/tags/ignore.html
19

Coding Standards

113

CakePHP Cookbook Documentation, Release 3.x

@internal25
@link26
@see27
@since28
@version29
PhpDoc tags are very much like JavaDoc tags in Java. Tags are only processed if they are the first thing in a
DocBlock line, for example:
/**
* Tag example.
*
* @author this tag is parsed, but this @version is ignored
* @version 1.0 this tag is also parsed
*/
/**
* Example of inline phpDoc tags.
*
* This function works hard with foo() to rule the world.
*
* @return void
*/
function bar()
{
}
/**
* Foo function.
*
* @return void
*/
function foo()
{
}

Comment blocks, with the exception of the first block in a file, should always be preceded by a newline.
Variable Types
Variable types for use in DocBlocks:
Type Description
mixed A variable with undefined (or multiple) type.
25

http://phpdoc.org/docs/latest/references/phpdoc/tags/internal.html
http://phpdoc.org/docs/latest/references/phpdoc/tags/link.html
27
http://phpdoc.org/docs/latest/references/phpdoc/tags/see.html
28
http://phpdoc.org/docs/latest/references/phpdoc/tags/since.html
29
http://phpdoc.org/docs/latest/references/phpdoc/tags/version.html
26

114

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

int Integer type variable (whole number).


float Float type (point number).
bool Logical type (true or false).
string String type (any value in or ).
null Null type. Usually used in conjunction with another type.
array Array type.
object Object type. A specific class name should be used if possible.
resource Resource type (returned by for example mysql_connect()). Remember that when you specify the
type as mixed, you should indicate whether it is unknown, or what the possible types are.
callable Callable function.
You can also combine types using the pipe char:
int|bool

For more than two types it is usually best to just use mixed.
When returning the object itself, e.g. for chaining, one should use $this instead:
/**
* Foo function.
*
* @return $this
*/
public function foo()
{
return $this;
}

Including Files
include, require, include_once and require_once do not have parentheses:
// wrong = parentheses
require_once('ClassFileName.php');
require_once ($class);
// good = no parentheses
require_once 'ClassFileName.php';
require_once $class;

When including files with classes or libraries, use only and always the require_once30 function.
30

http://php.net/require_once

Coding Standards

115

CakePHP Cookbook Documentation, Release 3.x

PHP Tags
Always use long tags (<?php ?>) Instead of short tags (<?
template files (.ctp) where appropriate.

?>). The short echo should be used in

Short Echo
The short echo should be used in template files in place of <?php echo. It should be immediately followed
by a single space, the variable or function value to echo, a single space, and the php closing tag:
// wrong = semicolon, no spaces
<td><?=$name;?></td>
// good = spaces, no semicolon
<td><?= $name ?></td>

As of PHP 5.4 the short echo tag (<?=) is no longer to be consider a short tag is always available regardless
of the short_open_tag ini directive.

Naming Convention
Functions
Write all functions in camelBack:
function longFunctionName()
{
}

Classes
Class names should be written in CamelCase, for example:
class ExampleClass
{
}

Variables
Variable names should be as descriptive as possible, but also as short as possible. All variables should start
with a lowercase letter, and should be written in camelBack in case of multiple words. Variables referencing
objects should in some way associate to the class the variable is an object of. Example:
$user = 'John';
$users = ['John', 'Hans', 'Arne'];
$dispatcher = new Dispatcher();

116

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

Member Visibility
Use PHP5s private and protected keywords for methods and variables. Additionally, protected method or
variable names start with a single underscore (_). Example:
class A
{
protected $_iAmAProtectedVariable;
protected function _iAmAProtectedMethod()
{
/* ... */
}
}

Private methods or variable names start with double underscore (__). Example:
class A
{
private $__iAmAPrivateVariable;
private function __iAmAPrivateMethod()
{
/* ... */
}
}

Try to avoid private methods or variables, though, in favor of protected ones. The latter can be accessed
or modified by subclasses, whereas private ones prevent extension or re-use. Private visibility also makes
testing much more difficult.
Example Addresses
For all example URL and mail addresses use example.com, example.org and example.net, for example:
Email: [email protected]
WWW: http://www.example.com
FTP: ftp://ftp.example.com
The example.com domain name has been reserved for this (see RFC 260632 ) and is recommended for use
in documentation or as examples.
Files
File names which do not contain classes should be lowercased and underscored, for example:
31
32

[email protected]
http://tools.ietf.org/html/rfc2606.html

Coding Standards

117

CakePHP Cookbook Documentation, Release 3.x

long_file_name.php

Casting
For casting we use:
Type Description
(bool) Cast to boolean.
(int) Cast to integer.
(float) Cast to float.
(string) Cast to string.
(array) Cast to array.
(object) Cast to object.
Please use (int)$var instead of intval($var) and (float)$var instead of floatval($var)
when applicable.
Constants
Constants should be defined in capital letters:
define('CONSTANT', 1);

If a constant name consists of multiple words, they should be separated by an underscore character, for
example:
define('LONG_NAMED_CONSTANT', 2);

Backwards Compatibility Guide


Ensuring that you can upgrade your applications easily and smoothly is important to us. Thats why we only
break compatibility at major release milestones. You might be familiar with semantic versioning33 , which is
the general guideline we use on all CakePHP projects. In short, semantic versioning means that only major
releases (such as 2.0, 3.0, 4.0) can break backwards compatibility. Minor releases (such as 2.1, 3.1, 3.2) may
introduce new features, but are not allowed to break compatibility. Bug fix releases (such as 2.1.2, 3.0.1) do
not add new features, but fix bugs or enhance performance only.
Note: CakePHP started following semantic versioning in 2.0.0. These rules do not apply to 1.x.
To clarify what changes you can expect in each release tier we have more detailed information for developers
using CakePHP, and for developers working on CakePHP that helps set expectations of what can be done in
minor releases. Major releases can have as many breaking changes as required.
33

http://semver.org/

118

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

Migration Guides
For each major and minor release, the CakePHP team will provide a migration guide. These guides explain
the new features and any breaking changes that are in each release. They can be found in the Appendices
section of the cookbook.

Using CakePHP
If you are building your application with CakePHP, the following guidelines explain the stability you can
expect.
Interfaces
Outside of major releases, interfaces provided by CakePHP will not have any existing methods changed.
New methods may be added, but no existing methods will be changed.
Classes
Classes provided by CakePHP can be constructed and have their public methods and properties used by
application code and outside of major releases backwards compatibility is ensured.
Note: Some classes in CakePHP are marked with the @internal API doc tag. These classes are not
stable and do not have any backwards compatibility promises.
In minor releases, new methods may be added to classes, and existing methods may have new arguments
added. Any new arguments will have default values, but if youve overridden methods with a differing
signature you may see fatal errors. Methods that have new arguments added will be documented in the
migration guide for that release.
The following table outlines several use cases and what compatibility you can expect from CakePHP:

Backwards Compatibility Guide

119

CakePHP Cookbook Documentation, Release 3.x

If you...
Typehint against the class
Create a new instance
Extend the class
Access a public property
Call a public method
Extend a class and...
Override a public property
Access a protected property
Override a protected property
Override a protected method
Call a protected method
Add a public property
Add a public method
Add an argument to an overridden
method
Add a default argument to an
existing method

Backwards compatibility?
Yes
Yes
Yes
Yes
Yes
Yes
No 34
No 1
No 1
No 1
No
No
No 1
Yes

Working on CakePHP
If you are helping make CakePHP even better please keep the following guidelines in mind when
adding/changing functionality:
In a minor release you can:
34

Your code may be broken by minor releases. Check the migration guide for details.

120

Chapter 5. Contributing

CakePHP Cookbook Documentation, Release 3.x

In a minor release can you...


Classes
Remove a class
No
Remove an
No
interface
Remove a trait
No
Make final
No
Make abstract
No
Change name
Yes 35
Properties
Add a public
Yes
property
Remove a public
No
property
Add a protected
Yes
property
Remove a
Yes 36
protected
property
Methods
Add a public
Yes
method
Remove a public
No
method
Add a protected
Yes
method
Move to parent
Yes
class
Remove a
Yes 3
protected method
Reduce visibility
No
Change method
Yes 2
name
Add argument
Yes
with default value
Add required
No
argument

35

You can change a class/method name as long as the old name remains available. This is generally avoided unless renaming has
significant benefit.
36
Avoid whenever possible. Any removals need to be documented in the migration guide.

Backwards Compatibility Guide

121

CakePHP Cookbook Documentation, Release 3.x

122

Chapter 5. Contributing

CHAPTER 6

Installation

CakePHP is simple and easy to install. The minimum requirements are a web server and a copy of CakePHP,
thats it! While this chapter focuses primarily on setting up on Apache (because its simple to install and
setup), CakePHP will run on a variety of web servers such as nginx, LightHTTPD, or Microsoft IIS.

Requirements
HTTP Server. For example: Apache. Having mod_rewrite is preferred, but by no means required.
PHP 5.4.16 or greater.
mbstring extension
intl extension
Note: In both XAMPP and WAMP, mcrypt and mbstring extensions are working by default.
In XAMPP, intl extension is included but you have to uncomment extension=php_intl.dll in
php.ini and restart the server through the XAMPP Control Panel.
In WAMP, the intl extension is activated by default but not working. To make it work you have to go to
php folder (by default) C:\wamp\bin\php\php{version}, copy all the files that looks like icu*.dll and paste
them into the apache bin directory C:\wamp\bin\apache\apache{version}\bin. Then restart all services
and it should be OK.
While a database engine isnt required, we imagine that most applications will utilize one. CakePHP supports a variety of database storage engines:
MySQL (5.1.10 or greater)
PostgreSQL
Microsoft SQL Server (2008 or higher)
SQLite 3

123

CakePHP Cookbook Documentation, Release 3.x

Note: All built-in drivers require PDO. You should make sure you have the correct PDO extensions installed.

Installing CakePHP
CakePHP uses Composer1 , a dependency management tool for PHP 5.3+, as the officially supported method
for installation.
First, youll need to download and install Composer if you havent done so already. If you have cURL
installed, its as easy as running the following:
curl -s https://getcomposer.org/installer | php

Or, you can download composer.phar from the Composer website2 .


For Windows systems, you can download Composers Windows installer here3 . Further instructions for
Composers Windows installer can be found within the README here4 .
Now that youve downloaded and installed Composer, you can get a new CakePHP application by running:
php composer.phar create-project --prefer-dist cakephp/app [app_name]

Or if Composer is installed globally:


composer create-project --prefer-dist cakephp/app [app_name]

Once Composer finishes downloading the application skeleton and the core CakePHP library, you should
have a functioning CakePHP application installed via Composer. Be sure to keep the composer.json and
composer.lock files with the rest of your source code.
You can now visit the path to where you installed your CakePHP application and see the setup traffic lights.
Although composer is the recommended installation method, there are pre-installed downloads available on
Github5 . Those downloads contain the app skeleton with all vendor packages installed. Also it includes the
composer.phar so you have everything you need for further use.

Keeping Up To Date with the Latest CakePHP Changes


By default this is what your application composer.json looks like:
"require": {
"cakephp/cakephp": "~3.0"
}
1

http://getcomposer.org
https://getcomposer.org/download/
3
https://github.com/composer/windows-setup/releases/
4
https://github.com/composer/windows-setup
5
https://github.com/cakephp/cakephp/tags
2

124

Chapter 6. Installation

CakePHP Cookbook Documentation, Release 3.x

Each time you run php composer.phar update you will receive the latest stable releases when using
the default version constraint ~3.0. Only bugfix and minor version releases of 3.x will be used when
updating.
If you want to keep current with the latest unreleased changes in CakePHP you can add the change your
applications composer.json:
"require": {
"cakephp/cakephp": "dev-master"
}

Be aware that is not recommended, as your application can break when next major version is being released.
Additionally composer does not cache development branches, so it slows down consecutive composer installs/updates.

Permissions
CakePHP uses the tmp directory for a number of different operations. Model descriptions, cached views,
and session information are just a few examples. The logs directory is used to write log files by the default
FileLog engine.
As such, make sure the directories logs, tmp and all its subdirectories in your CakePHP installation are
writable by the web server user. Composers installation process makes tmp and its subfolders globally
writeable to get things up and running quickly but you can update the permissions for better security and
keep them writable only for the webserver user.
One common issue is that logs and tmp directories and subdirectories must be writable both by the web
server and the command line user. On a UNIX system, if your web server user is different from your
command line user, you can run the following commands from your application directory just once in your
project to ensure that permissions will be setup properly:
HTTPDUSER=`ps
setfacl -R -m
setfacl -R -d
setfacl -R -m
setfacl -R -d

aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | h


u:${HTTPDUSER}:rwx tmp
-m u:${HTTPDUSER}:rwx tmp
u:${HTTPDUSER}:rwx logs
-m u:${HTTPDUSER}:rwx logs

Development Server
A development installation is the fastest method to setup CakePHP. In this example, we will be using CakePHPs console to run PHPs built-in web server which will make your application available at
http://host:port. From the app directory, execute:
bin/cake server

By default, without any arguments provided, this will serve your application at http://localhost:8765/.
If you have something conflicting with localhost or port 8765, you can tell the CakePHP console to run the
web server on a specific host and/or port utilizing the following arguments:
Permissions

125

CakePHP Cookbook Documentation, Release 3.x

bin/cake server -H 192.168.13.37 -p 5673

This will serve your application at http://192.168.13.37:5673/.


Thats it! Your CakePHP application is up and running without having to configure a web server.
Warning: The development server should never be used in a production environment. It is only intended
as a basic development server.
If youd prefer to use a real webserver, you should be able to move your CakePHP install (including the
hidden files) inside your webservers document root. You should then be able to point your web-browser at
the directory you moved the files into and see your application in action.

Production
A production installation is a more flexible way to setup CakePHP. Using this method allows an entire
domain to act as a single CakePHP application. This example will help you install CakePHP anywhere on
your filesystem and make it available at http://www.example.com. Note that this installation may require
the rights to change the DocumentRoot on Apache webservers.
After installing your application using one of the methods above into the directory of your choosing - well
assume you chose /cake_install - your production setup will look like this on the file system:
/cake_install/
bin/
config/
logs/
plugins/
src/
tests/
tmp/
vendor/
webroot/ (this directory is set as DocumentRoot)
.gitignore
.htaccess
.travis.yml
composer.json
index.php
phpunit.xml.dist
README.md

Developers using Apache should set the DocumentRoot directive for the domain to:
DocumentRoot /cake_install/webroot

If your web server is configured correctly, you should now find your CakePHP application accessible at
http://www.example.com.

126

Chapter 6. Installation

CakePHP Cookbook Documentation, Release 3.x

Fire It Up
Alright, lets see CakePHP in action. Depending on which setup you used, you should point your browser
to http://example.com/ or http://localhost:8765/. At this point, youll be presented with CakePHPs default
home, and a message that tells you the status of your current database connection.
Congratulations! You are ready to create your first CakePHP application.

URL Rewriting
Apache
While CakePHP is built to work with mod_rewrite out of the boxand usually doesweve noticed that a
few users struggle with getting everything to play nicely on their systems.
Here are a few things you might try to get it running correctly. First look at your httpd.conf. (Make sure you
are editing the system httpd.conf rather than a user- or site-specific httpd.conf.)
These files can vary between different distributions and Apache versions. You may also take a look at
http://wiki.apache.org/httpd/DistrosDefaultLayout for further information.
1. Make sure that an .htaccess override is allowed and that AllowOverride is set to All for the correct
DocumentRoot. You should see something similar to:
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
<Directory />
Options FollowSymLinks
AllowOverride All
#
Order deny,allow
#
Deny from all
</Directory>

2. Make sure you are loading mod_rewrite correctly. You should see something like:
LoadModule rewrite_module libexec/apache2/mod_rewrite.so

In many systems these will be commented out by default, so you may just need to remove the leading
# symbols.
After you make changes, restart Apache to make sure the settings are active.
Verify that your .htaccess files are actually in the right directories. Some operating systems treat files
that start with . as hidden and therefore wont copy them.
3. Make sure your copy of CakePHP comes from the downloads section of the site or our Git repository,
and has been unpacked correctly, by checking for .htaccess files.

Fire It Up

127

CakePHP Cookbook Documentation, Release 3.x

CakePHP app directory (will be copied to the top directory of your application by bake):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule
^$
webroot/
RewriteRule
(.*) webroot/$1
</IfModule>

[L]
[L]

CakePHP webroot directory (will be copied to your applications web root by bake):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>

If your CakePHP site still has problems with mod_rewrite, you might want to try modifying
settings for Virtual Hosts. On Ubuntu, edit the file /etc/apache2/sites-available/default (location is distribution-dependent). In this file, ensure that AllowOverride None is changed to
AllowOverride All, so you have:
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>

On Mac OSX, another solution is to use the tool virtualhostx6 to make a Virtual Host to point to your
folder.
For many hosting services (GoDaddy, 1and1), your web server is actually being served from a
user directory that already uses mod_rewrite. If you are installing CakePHP into a user directory (http://example.com/~username/cakephp/), or any other URL structure that already utilizes
mod_rewrite, youll need to add RewriteBase statements to the .htaccess files CakePHP uses (.htaccess, webroot/.htaccess).
This can be added to the same section with the RewriteEngine directive, so for example, your webroot
.htaccess file would look like:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /path/to/app
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>

The details of those changes will depend on your setup, and can include additional things that are not
related to CakePHP. Please refer to Apaches online documentation for more information.
6

http://clickontyler.com/virtualhostx/

128

Chapter 6. Installation

CakePHP Cookbook Documentation, Release 3.x

4. (Optional) To improve production setup, you should prevent invalid assets from being parsed by
CakePHP. Modify your webroot .htaccess to something like:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /path/to/app/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(webroot/)?(img|css|js)/(.*)$
RewriteRule ^ index.php [L]
</IfModule>

The above will simply prevent incorrect assets from being sent to index.php and instead display your
webservers 404 page.
Additionally you can create a matching HTML 404 page, or use the default built-in CakePHP 404 by
adding an ErrorDocument directive:
ErrorDocument 404 /404-not-found

nginx
nginx does not make use of .htaccess files like Apache, so it is necessary to create those rewritten URLs in the site-available configuration.
This is usually found in
/etc/nginx/sites-available/your_virtual_host_conf_file.
Depending upon
your setup, you will have to modify this, but at the very least, you will need PHP running as a FastCGI
instance:
server {
listen
80;
server_name www.example.com;
rewrite ^(.*) http://example.com$1 permanent;
}
server {
listen
80;
server_name example.com;
# root directive should be global
root
/var/www/example.com/public/webroot/;
index index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass
127.0.0.1:9000;

URL Rewriting

129

CakePHP Cookbook Documentation, Release 3.x

fastcgi_index
index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

On some servers (Like Ubuntu 14.04) the above configuration wont work out of the box, and the nginx docs
recommend a different approach anyway (http://nginx.org/en/docs/http/converting_rewrite_rules.html). You
might try the following (youll notice this is also just one server {} block, rather than two, although if you
want example.com to resolve to your CakePHP application in addition to www.example.com consult the
nginx link above):
server {
listen
80;
server_name www.example.com;
rewrite 301 http://www.example.com$request_uri permanent;
# root directive should be global
root
/var/www/example.com/public/webroot/;
index index.php;
access_log /var/www/example.com/log/access.log;
error_log /var/www/example.com/log/error.log;
location / {
try_files $uri /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass
127.0.0.1:9000;
fastcgi_index
index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

IIS7 (Windows hosts)


IIS7 does not natively support .htaccess files. While there are add-ons that can add this support, you can
also import htaccess rules into IIS to use CakePHPs native rewrites. To do this, follow these steps:
1. Use Microsofts Web Platform Installer7 to install the URL Rewrite Module 2.08 or download it
directly (32-bit9 / 64-bit10 ).
2. Create a new file called web.config in your CakePHP root folder.
3. Using Notepad or any XML-safe editor, copy the following code into your new web.config file:
7

http://www.microsoft.com/web/downloads/platform.aspx
http://www.iis.net/downloads/microsoft/url-rewrite
9
http://www.microsoft.com/en-us/download/details.aspx?id=5747
10
http://www.microsoft.com/en-us/download/details.aspx?id=7435
8

130

Chapter 6. Installation

CakePHP Cookbook Documentation, Release 3.x

<?xml version="1.0" encoding="UTF-8"?>


<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Exclude direct access to webroot/*"
stopProcessing="true">
<match url="^webroot/(.*)$" ignoreCase="false" />
<action type="None" />
</rule>
<rule name="Rewrite routed access to assets(img, css, files, js, favic
stopProcessing="true">
<match url="^(img|css|files|js|favicon.ico)(.*)$" />
<action type="Rewrite" url="webroot/{R:1}{R:2}"
appendQueryString="false" />
</rule>
<rule name="Rewrite requested file/folder to index.php"
stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<action type="Rewrite" url="index.php"
appendQueryString="true" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Once the web.config file is created with the correct IIS-friendly rewrite rules, CakePHPs links, CSS, JavaScipt, and rerouting should work correctly.

I Cant Use URL Rewriting


If you dont want or cant get mod_rewrite (or some other compatible module) up and running on your
server, youll need to use CakePHPs built in pretty URLs. In config/app.php, uncomment the line that
looks like:
'App' => [
// ...
// 'baseUrl' => env('SCRIPT_NAME'),
]

Also remove these .htaccess files:


/.htaccess
webroot/.htaccess

This will make your URLs look like www.example.com/index.php/controllername/actionname/param rather


than www.example.com/controllername/actionname/param.

URL Rewriting

131

CakePHP Cookbook Documentation, Release 3.x

132

Chapter 6. Installation

CHAPTER 7

Configuration

While conventions remove the need to configure all of CakePHP, youll still need to configure a few things
like your database credentials.
Additionally, there are optional configuration options that allow you to swap out default values & implementations with ones tailored to your application.

Configuring your Application


Configuration is generally stored in either PHP or INI files, and loaded during the application bootstrap.
CakePHP comes with one configuration file by default, but if required you can add additional configuration
files and load them in config/bootstrap.php. Cake\Core\Configure is used for general configuration,
and the adapter based classes provide config() methods to make configuration simple and transparent.

Loading Additional Configuration Files


If your application has many configuration options it can be helpful to split configuration into multiple files.
After creating each of the files in your config/ directory you can load them in bootstrap.php:
use Cake\Core\Configure;
use Cake\Core\Configure\Engine\PhpConfig;
Configure::config('default', new PhpConfig());
Configure::load('app', 'default', false);
Configure::load('other_config', 'default');

You can also use additional configuration files to provide environment specific overrides. Each file loaded
after app.php can redefine previously declared values allowing you to customize configuration for development or staging environments.

133

CakePHP Cookbook Documentation, Release 3.x

General Configuration
Below is a description of the variables and how they affect your CakePHP application.
debug Changes CakePHP debugging output. false = Production mode. No error messages, errors, or
warnings shown. true = Errors and warnings shown.
App.namespace The namespace to find app classes under.
Note: When changing the namespace in your configuration, you will also need to update your
composer.json file to use this namespace as well. Additionally, create a new autoloader by running
php composer.phar dumpautoload.
App.baseUrl Un-comment this definition if you dont plan to use Apaches mod_rewrite with CakePHP.
Dont forget to remove your .htaccess files too.
App.base The base directory the app resides in. If false this will be auto detected. If not false, ensure
your string starts with a / and does NOT end with a /. E.g., /basedir is a valid App.base. Otherwise,
the AuthComponent will not work properly.
App.encoding Define what encoding your application uses. This encoding is used to generate the charset
in the layout, and encode entities. It should match the encoding values specified for your database.
App.webroot The webroot directory.
App.wwwRoot The file path to webroot.
App.fullBaseUrl The fully qualified domain name (including protocol) to your applications root. This
is used when generating absolute URLs. By default this value is generated using the $_SERVER
environment. However, you should define it manually to optimize performance or if you are concerned
about people manipulating the Host header.
App.imageBaseUrl Web path to the public images directory under webroot. If you are using a CDN you
should set this value to the CDNs location.
App.cssBaseUrl Web path to the public css directory under webroot. If you are using a CDN you should
set this value to the CDNs location.
App.jsBaseUrl Web path to the public js directory under webroot. If you are using a CDN you should set
this value to the CDNs location.
App.paths Configure paths for non class based resources. Supports the plugins, templates,
locales subkeys, which allow the definition of paths for plugins, view templates and locale files
respectively.
Security.salt A random string used in hashing. This value is also used as the HMAC salt when doing
symetric encryption.
Asset.timestamp Appends a timestamp which is last modified time of the particular file at the end of asset
files URLs (CSS, JavaScript, Image) when using proper helpers. Valid values:
(bool) false - Doesnt do anything (default)
(bool) true - Appends the timestamp when debug is false

134

Chapter 7. Configuration

CakePHP Cookbook Documentation, Release 3.x

(string) force - Always appends the timestamp.

Database Configuration
See the Database Configuration for information on configuring your database connections.

Caching Configuration
See the Caching Configuration for information on configuring caching in CakePHP.

Error and Exception Handling Configuration


See the Error and Exception Configuration for information on configuring error and exception handlers.

Logging Configuration
See the Logging Configuration for information on configuring logging in CakePHP.

Email Configuration
See the Email Configuration for information on configuring email presets in CakePHP.

Session Configuration
See the Session Configuration for information on configuring session handling in CakePHP.

Routing configuration
See the Routes Configuration for more information on configuring routing and creating routes for your
application.

Additional Class Paths


Additional class paths are setup through the autoloaders your application uses. When using Composer
to generate your autoloader, you could do the following, to provide fallback paths for controllers in your
application:
"autoload": {
"psr-4": {
"App\\Controller\\": "/path/to/directory/with/controller/folders",
"App\": "src"
}
}

Additional Class Paths

135

CakePHP Cookbook Documentation, Release 3.x

The above would setup paths for both the App and App\Controller namespace. The first key will be
searched, and if that path does not contain the class/file the second key will be searched. You can also map
a single namespace to multiple directories with the following:
"autoload": {
"psr-4": {
"App\": ["src", "/path/to/directory"]
}
}

Plugin, View Template and Locale Paths


Since plugins, view templates and locales are not classes, they cannot have an autoloader configured.
CakePHP provides three Configure variables to setup additional paths for these resources. In your config/app.php you can set these variables:
return [
// More configuration
'App' => [
'paths' => [
'plugins' => [
ROOT . DS . 'plugins' . DS,
'/path/to/other/plugins/'
],
'templates' => [
APP . 'Template' . DS,
APP . 'Template2' . DS
],
'locales' => [
APP . 'Locale' . DS
]
]
]
];

Paths should end with a directory separator, or they will not work properly.

Inflection Configuration
See the Inflection Configuration docs for more information.

Configure Class
class Cake\Core\Configure
CakePHPs Configure class can be used to store and retrieve application or runtime specific values. Be
careful, this class allows you to store anything in it, then use it in any other part of your code: a sure
temptation to break the MVC pattern CakePHP was designed for. The main goal of Configure class is to
136

Chapter 7. Configuration

CakePHP Cookbook Documentation, Release 3.x

keep centralized variables that can be shared between many objects. Remember to try to live by convention
over configuration and you wont end up breaking the MVC structure weve set in place.
You can access Configure from anywhere in your application:
Configure::read('debug');

Writing Configuration data


static Cake\Core\Configure::write($key, $value)
Use write() to store data in the applications configuration:
Configure::write('Company.name','Pizza, Inc.');
Configure::write('Company.slogan','Pizza for your body and soul');

Note: The dot notation used in the $key parameter can be used to organize your configuration settings
into logical groups.
The above example could also be written in a single call:
Configure::write('Company', [
'name' => 'Pizza, Inc.',
'slogan' => 'Pizza for your body and soul'
]);

You can use Configure::write(debug, $bool) to switch between debug and production
modes on the fly. This is especially handy for JSON interactions where debugging information can cause
parsing problems.

Reading Configuration Data


static Cake\Core\Configure::read($key = null)
Used to read configuration data from the application. Defaults to CakePHPs important debug value. If a
key is supplied, the data is returned. Using our examples from write() above, we can read that data back:
Configure::read('Company.name');
Configure::read('Company.slogan');

// Yields: 'Pizza, Inc.'


// Yields: 'Pizza for your body
// and soul'

Configure::read('Company');
// Yields:
['name' => 'Pizza, Inc.', 'slogan' => 'Pizza for your body and soul'];

If $key is left null, all values in Configure will be returned.

Configure Class

137

CakePHP Cookbook Documentation, Release 3.x

Checking to see if Configuration Data is Defined


static Cake\Core\Configure::check($key)
Used to check if a key/path exists and has not-null value:
$exists = Configure::check('Company.name');

Deleting Configuration Data


static Cake\Core\Configure::delete($key)
Used to delete information from the applications configuration:
Configure::delete('Company.name');

Reading & Deleting Configuration Data


static Cake\Core\Configure::consume($key)
Read and delete a key from Configure. This is useful when you want to combine reading and deleting values
in a single operation.

Reading and writing configuration files


static Cake\Core\Configure::config($name, $engine)
CakePHP comes with two built-in configuration file engines. Cake\Core\Configure\Engine\PhpConfig
is able to read PHP config files, in the same format that Configure has historically read.
Cake\Core\Configure\Engine\IniConfig is able to read ini config files. See the PHP
documentation1 for more information on the specifics of ini files. To use a core config engine, youll need
to attach it to Configure using Configure::config():
use Cake\Core\Configure\Engine\PhpConfig;
// Read config files from config
Configure::config('default', new PhpConfig());
// Read config files from another path.
Configure::config('default', new PhpConfig('/path/to/your/config/files/'));

You can have multiple engines attached to Configure, each reading different kinds or sources of configuration
files. You can interact with attached engines using a few other methods on Configure. To see check which
engine aliases are attached you can use Configure::configured():
1

http://php.net/parse_ini_file

138

Chapter 7. Configuration

CakePHP Cookbook Documentation, Release 3.x

// Get the array of aliases for attached engines.


Configure::configured();
// Check if a specific engine is attached
Configure::configured('default');

static Cake\Core\Configure::drop($name)
You can also remove attached engines. Configure::drop(default) would remove the default
engine alias. Any future attempts to load configuration files with that engine would fail:
Configure::drop('default');

Loading Configuration Files


static Cake\Core\Configure::load($key, $config = default, $merge = true)
Once youve attached a config engine to Configure you can load configuration files:
// Load my_file.php using the 'default' engine object.
Configure::load('my_file', 'default');

Loaded configuration files merge their data with the existing runtime configuration in Configure. This allows
you to overwrite and add new values into the existing runtime configuration. By setting $merge to true,
values will not ever overwrite the existing configuration.

Creating or Modifying Configuration Files


static Cake\Core\Configure::dump($key, $config = default, $keys =[])
Dumps all or some of the data in Configure into a file or storage system supported by a config engine. The
serialization format is decided by the config engine attached as $config. For example, if the default engine
is a Cake\Core\Configure\Engine\PhpConfig, the generated file will be a PHP configuration
file loadable by the Cake\Core\Configure\Engine\PhpConfig
Given that the default engine is an instance of PhpConfig.
my_config.php:

Save all data in Configure to the file

Configure::dump('my_config.php', 'default');

Save only the error handling configuration:


Configure::dump('error.php', 'default', ['Error', 'Exception']);

Configure::dump() can be used to either modify or overwrite configuration files that are readable with
Configure::load()

Storing Runtime Configuration


static Cake\Core\Configure::store($name, $cacheConfig = default, $data = null)
Reading and writing configuration files

139

CakePHP Cookbook Documentation, Release 3.x

You can also store runtime configuration values for use in a future request. Since configure only remembers
values for the current request, you will need to store any modified configuration information if you want to
use it in subsequent requests:
// Store the current configuration in the 'user_1234' key in the 'default' cache.
Configure::store('user_1234', 'default');

Stored configuration data is persisted in the named cache configuration. See the Caching documentation for
more information on caching.

Restoring Runtime Configuration


static Cake\Core\Configure::restore($name, $cacheConfig = default)
Once youve stored runtime configuration, youll probably need to restore it so you can access it again.
Configure::restore() does exactly that:
// Restore runtime configuration from the cache.
Configure::restore('user_1234', 'default');

When restoring configuration information its important to restore it with the same key, and cache configuration as was used to store it. Restored information is merged on top of the existing runtime configuration.

Creating your Own Configuration Engines


Since configuration engines are an extensible part of CakePHP, you can create configuration engines in your application and plugins.
Configuration engines need to implement the
Cake\Core\Configure\ConfigEngineInterface. This interface defines a read method, as the
only required method. If you like XML files, you could create a simple Xml config engine for you application:
// In src/Configure/Engine/XmlConfig.php
namespace App\Configure\Engine;
use Cake\Core\Configure\ConfigEngineInterface;
use Cake\Utility\Xml;
class XmlConfig implements ConfigEngineInterface
{
public function __construct($path = null)
{
if (!$path) {
$path = CONFIG;
}
$this->_path = $path;
}
public function read($key)
{

140

Chapter 7. Configuration

CakePHP Cookbook Documentation, Release 3.x

$xml = Xml::build($this->_path . $key . '.xml');


return Xml::toArray($xml);
}
public function dump($key, array $data)
{
// Code to dump data to file
}
}

In your config/bootstrap.php you could attach this engine and use it:
use App\Configure\Engine\XmlConfig;
Configure::config('xml', new XmlConfig());
...
Configure::load('my_xml', 'xml');

The read() method of a config engine, must return an array of the configuration information that the
resource named $key contains.
interface Cake\Core\Configure\ConfigEngineInterface
Defines the interface used by classes that read configuration data and store it in Configure
Cake\Core\Configure\ConfigEngineInterface::read($key)
Parameters
$key (string) The key name or identifier to load.
This method should load/parse the configuration data identified by $key and return an array of data
in the file.
Cake\Core\Configure\ConfigEngineInterface::dump($key)
Parameters
$key (string) The identifier to write to.
$data (array) The data to dump.
This method should dump/store the provided configuration data to a key identified by $key.

Built-in Configuration Engines


PHP Configuration Files
class Cake\Core\Configure\Engine\PhpConfig
Allows you to read configuration files that are stored as plain PHP files. You can read either files from
your apps config or from plugin configs directories by using plugin syntax. Files must return an array. An
example configuration file would look like:

Built-in Configuration Engines

141

CakePHP Cookbook Documentation, Release 3.x

return [
'debug' => 0,
'Security' => [
'salt' => 'its-secret'
],
'App' => [
'namespace' => 'App'
]
];

Load your custom configuration file by inserting the following in config/bootstrap.php:


Configure::load('customConfig');

Ini Configuration Files


class Cake\Core\Configure\Engine\IniConfig
Allows you to read configuration files that are stored as plain .ini files. The ini files must be compatible with
phps parse_ini_file() function, and benefit from the following improvements
dot separated values are expanded into arrays.
boolean-ish values like on and off are converted to booleans.
An example ini file would look like:
debug = 0
[Security]
salt = its-secret
[App]
namespace = App

The above ini file, would result in the same end configuration data as the PHP example above. Array
structures can be created either through dot separated values, or sections. Sections can contain dot separated
keys for deeper nesting.

Json Configuration Files


class Cake\Core\Configure\Engine\JsonConfig
Allows you to read / dump configuration files that are stored as JSON encoded strings in .json files.
An example JSON file would look like:
{
"debug": false,
"App": {
"namespace": "MyApp"
},

142

Chapter 7. Configuration

CakePHP Cookbook Documentation, Release 3.x

"Security": {
"salt": "its-secret"
}
}

Bootstrapping CakePHP
If you have any additional configuration needs, you should add them to your applications config/bootstrap.php file. This file is included before each request, and CLI command.
This file is ideal for a number of common bootstrapping tasks:
Defining convenience functions.
Declaring constants.
Creating cache configurations.
Configuring inflections.
Loading configuration files.
Be careful to maintain the MVC software design pattern when you add things to the bootstrap file: it might
be tempting to place formatting functions there in order to use them in your controllers. As youll see in the
Controllers and Views sections there are better ways you add custom logic to your application.

Bootstrapping CakePHP

143

CakePHP Cookbook Documentation, Release 3.x

144

Chapter 7. Configuration

CHAPTER 8

Routing

class Cake\Routing\Router
Routing provides you tools that map URLs to controller actions. By defining routes, you can separate how
your application is implemented from how its URLs are structured.
Routing in CakePHP also encompasses the idea of reverse routing, where an array of parameters can be
transformed into a URL string. By using reverse routing, you can more easily re-factor your applications
URL structure without having to update all your code.

Quick Tour
This section will teach you by example the most common uses of the CakePHP Router. Typically you want
to display something as a landing page, so you add this to your routes.php file:
use Cake\Routing\Router;
// Using the scoped route builder.
Router::scope('/', function ($routes) {
$routes->connect('/', ['controller' => 'Articles', 'action' => 'index']);
});
// Using the static method.
Router::connect('/', ['controller' => 'Articles', 'action' => 'index']);

Router provides two interfaces for connecting routes. The static method is a backwards compatible interface, while the scoped builders offer more terse syntax when building multiple routes, and better performance.
This will execute the index method in the ArticlesController when the homepage of your site is
visited. Sometimes you need dynamic routes that will accept multiple parameters, this would be the case,
for example of a route for viewing an articles content:
Router::connect('/articles/*', ['controller' => 'Articles', 'action' => 'view']);

145

CakePHP Cookbook Documentation, Release 3.x

The above route will accept any URL looking like /articles/15 and invoke the method view(15)
in the ArticlesController. This will not, though, prevent people from trying to access URLs looking like /articles/foobar. If you wish, you can restring some parameters to conform to a regular
expression:
Router::connect(
'/articles/:id',
['controller' => 'Articles', 'action' => 'view'],
['id' => '\d+', 'pass' => ['id']]
);

The previous example changed the star matcher by a new placeholder :id. Using placeholders allows us to
validate parts of the URL, in this case we used the \d+ regular expression so that only digits are matched.
Finally, we told the Router to treat the id placeholder as a function argument to the view() function by
specifying the pass option. More on using this options later.
The CakePHP Router can also reverse match routes. That means that from an array containing matching
parameters, it is capable of generation a URL string:
use Cake\Routing\Router;
echo Router::url(['controller' => 'Articles', 'action' => 'view', 'id' => 15]);
// Will output
/articles/15

Routes can also be labelled with a unique name, this allows you to quickly reference them when building
links instead of specifying each of the routing parameters:
use Cake\Routing\Router;
Router::connect(
'/login',
['controller' => 'Users', 'action' => 'login'],
['_name' => 'login']
);
echo Router::url(['_name' => 'login']);
// Will output
/login

To help keep your routing code DRY, the Router has the concept of scopes. A scope defines a common path
segment, and optionally route defaults. Any routes connected inside a scope will inherit the path/defaults
from their wrapping scopes:
Router::scope('/blog', ['plugin' => 'Blog'], function ($routes) {
$routes->connect('/', ['controller' => 'Articles']);
});

The above route would match /blog/ and send it to Blog\Controller\ArticlesController::index().


The application skeleton comes with a few routes to get you started. Once youve added your own routes,
you can remove the default routes if you dont need them.

146

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

Connecting Routes
static Cake\Routing\Router::connect($route, $defaults =[], $options =[])
To keep your code DRY you should use routing scopes. Routing scopes not only let you keep your code
DRY, they also help Router optimize its operation. As seen above you can also use Router::connect()
to connect routes. This method defaults to the / scope. To create a scope and connect some routes well use
the scope() method:
// In config/routes.php
Router::scope('/', function ($routes) {
$routes->fallbacks('InflectedRoute');
});

The connect() method takes up to three parameters: the URL template you wish to match, the default
values for your route elements, and the options for the route. Options frequently include regular expression
rules to help the router match elements in the URL.
The basic format for a route definition is:
$routes->connect(
'URL template',
['default' => 'defaultValue'],
['option' => 'matchingRegex']
);

The first parameter is used to tell the router what sort of URL youre trying to control. The URL is a normal
slash delimited string, but can also contain a wildcard (*) or Route Elements. Using a wildcard tells the
router that you are willing to accept any additional arguments supplied. Routes without a * only match the
exact template pattern supplied.
Once youve specified a URL, you use the last two parameters of connect() to tell CakePHP what to
do with a request once it has been matched. The second parameter is an associative array. The keys of the
array should be named after the route elements the URL template represents. The values in the array are the
default values for those keys. Lets look at some basic examples before we start using the third parameter of
connect():
$routes->connect(
'/pages/*',
['controller' => 'Pages', 'action' => 'display']
);

This route is found in the routes.php file distributed with CakePHP. It matches any URL starting
with /pages/ and hands it to the display() action of the PagesController. A request to
/pages/products would be mapped to PagesController->display(products).
In addition to the greedy star /* there is also the /** trailing star syntax. Using a trailing double star,
will capture the remainder of a URL as a single passed argument. This is useful when you want to use an
argument that included a / in it:
$routes->connect(
'/pages/**',

Connecting Routes

147

CakePHP Cookbook Documentation, Release 3.x

['controller' => 'Pages', 'action' => 'show']


);

The incoming URL of /pages/the-example-/-and-proof would result in a single passed argument of the-example-/-and-proof.
You can use the second parameter of connect() to provide any routing parameters that are composed of
the default values of the route:
$routes->connect(
'/government',
['controller' => 'Pages', 'action' => 'display', 5]
);

This example shows how you can use the second parameter of connect() to define default parameters.
If you built a site that features products for different categories of customers, you might consider creating a
route. This allows you link to /government rather than /pages/display/5.
Another common use for the Router is to define an alias for a controller. Lets say that instead
of accessing our regular URL at /users/some_action/5, wed like to be able to access it by
/cooks/some_action/5. The following route easily takes care of that:
$routes->connect(
'/cooks/:action/*', ['controller' => 'Users']
);

This is telling the Router that any URL beginning with /cooks/ should be sent to the users controller. The
action called will depend on the value of the :action parameter. By using Route Elements, you can create
variable routes, that accept user input or variables. The above route also uses the greedy star. The greedy
star indicates to Router that this route should accept any additional positional arguments given. These
arguments will be made available in the Passed Arguments array.
When generating URLs, routes are used too. Using [controller => Users, action =>
some_action, 5] as a URL will output /cooks/some_action/5 if the above route is the first
match found.

Route Elements
You can specify your own route elements and doing so gives you the power to define places in the URL
where parameters for controller actions should lie. When a request is made, the values for these route
elements are found in $this->request->params in the controller. When you define a custom route
element, you can optionally specify a regular expression - this tells CakePHP how to know if the URL is
correctly formed or not. If you choose to not provide a regular expression, any non / character will be
treated as part of the parameter:
$routes->connect(
'/:controller/:id',
['action' => 'view'],
['id' => '[0-9]+']
);

148

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

The above example illustrates how to create a quick way to view models from any controller by crafting a
URL that looks like /controllername/:id. The URL provided to connect() specifies two route
elements: :controller and :id. The :controller element is a CakePHP default route element, so
the router knows how to match and identify controller names in URLs. The :id element is a custom route
element, and must be further clarified by specifying a matching regular expression in the third parameter of
connect().
CakePHP does not automatically produce lowercased URLs when using the :controller parameter. If
you need this, the above example could be rewritten like so:
$routes->connect(
'/:controller/:id',
['action' => 'view'],
['id' => '[0-9]+', 'routeClass' => 'InflectedRoute']
);

The special InflectedRoute class will make sure that the :controller and :plugin parameters
are correctly lowercased.
Note: Patterns used for route elements must not contain any capturing groups. If they do, Router will not
function correctly.
Once this route has been defined, requesting /apples/5 would call the view() method of
the ApplesController.
Inside the view() method, you would need to access the passed ID at
$this->request->params[id].
If you have a single controller in your application and you do not want the controller name to appear in the
URL, you can map all URLs to actions in your controller. For example, to map all URLs to actions of the
home controller, e.g have URLs like /demo instead of /home/demo, you can do the following:
$routes->connect('/:action', ['controller' => 'Home']);

If you would like to provide a case insensitive URL, you can use regular expression inline modifiers:
$routes->connect(
'/:userShortcut',
['controller' => 'Teachers', 'action' => 'profile', 1],
['userShortcut' => '(?i:principal)']
);

One more example, and youll be a routing pro:


$routes->connect(
'/:controller/:year/:month/:day',
['action' => 'index'],
[
'year' => '[12][0-9]{3}',
'month' => '0[1-9]|1[012]',
'day' => '0[1-9]|[12][0-9]|3[01]'
]
);

This is rather involved, but shows how powerful routes can be The URL supplied has four route elements.
Connecting Routes

149

CakePHP Cookbook Documentation, Release 3.x

The first is familiar to us: its a default route element that tells CakePHP to expect a controller name.
Next, we specify some default values. Regardless of the controller, we want the index() action to be called.
Finally, we specify some regular expressions that will match years, months and days in numerical form. Note
that parenthesis (grouping) are not supported in the regular expressions. You can still specify alternates, as
above, but not grouped with parenthesis.
Once defined, this route will match /articles/2007/02/01, /articles/2004/11/16, handing the requests to the index() actions of their respective controllers, with the date parameters in
$this->request->params.
There are several route elements that have special meaning in CakePHP, and should not be used unless you
want the special meaning
controller Used to name the controller for a route.
action Used to name the controller action for a route.
plugin Used to name the plugin a controller is located in.
prefix Used for Prefix Routing
_ext Used for File extentions routing.
_base Set to false to remove the base path from the generated URL. If your application is not in
the root directory, this can be used to generate URLs that are cake relative. cake relative URLs are
required when using requestAction.
_scheme Set to create links on different schemes like webcal or ftp. Defaults to the current scheme.
_host Set the host to use for the link. Defaults to the current host.
_port Set the port if you need to create links on non-standard ports.
_full If true the FULL_BASE_URL constant will be prepended to generated URLs.
# Allows you to set URL hash fragments.
_ssl Set to true to convert the generated URL to https or false to force http.
_method Define the HTTP verb/method to use. Useful when working with Creating RESTful Routes.
_name Name of route. If you have setup named routes, you can use this key to specify it.

Passing Parameters to Action


When connecting routes using Route Elements you may want to have routed elements be passed arguments
instead. The pass option whitelists which route elements should also be made available as arguments
passed into the controller functions:
// src/Controller/BlogsController.php
public function view($articleId = null, $slug = null)
{
// Some code here...
}

150

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

// routes.php
Router::scope('/', function ($routes) {
$routes->connect(
'/blog/:id-:slug', // E.g. /blog/3-CakePHP_Rocks
['controller' => 'Blogs', 'action' => 'view'],
[
// Define the route elements in the route template
// to pass as function arguments. Order matters since this
// will simply map ":id" to $articleId in your action
'pass' => ['id', 'slug'],
// Define a pattern that `id` must match.
'id' => '[0-9]+'
]
);
});

Now thanks to the reverse routing capabilities, you can pass in the URL array like below and CakePHP will
know how to form the URL as defined in the routes:
// view.ctp
// This will return a link to /blog/3-CakePHP_Rocks
echo $this->Html->link('CakePHP Rocks', [
'controller' => 'Blog',
'action' => 'view',
'id' => 3,
'slug' => 'CakePHP_Rocks'
]);
// You can also used numerically indexed parameters.
echo $this->Html->link('CakePHP Rocks', [
'controller' => 'Blog',
'action' => 'view',
3,
'CakePHP_Rocks'
]);

Using Named Routes


Sometimes youll find typing out all the URL parameters for a route too verbose, or youd like to take
advantage of the performance improvements that named routes have. When connecting routes you can
specifiy a _name option, this option can be used in reverse routing to identify the route you want to use:
// Connect a route with a name.
$routes->connect(
'/login',
['controller' => 'Users', 'action' => 'login'],
['_name' => 'login']
);
// Generate a URL using a named route.
$url = Router::url(['_name' => 'login']);

Connecting Routes

151

CakePHP Cookbook Documentation, Release 3.x

// Generate a URL using a named route,


// with some query string args.
$url = Router::url(['_name' => 'login', 'username' => 'jimmy']);

If your route template contains any route elements like :controller youll need to supply those as part
of the options to Router::url().
Note: Route names must be unique across your entire application. The same _name cannot be used twice,
even if the names occur inside a different routing scope.

Prefix Routing
static Cake\Routing\Router::prefix($name, $callback)
Many applications require an administration section where privileged users can make changes. This is
often done through a special URL such as /admin/users/edit/5. In CakePHP, prefix routing can be
enabled by using the prefix scope method:
Router::prefix('admin', function ($routes) {
// All routes here will be prefixed with `/admin`
// And have the prefix => admin route element added.
$routes->fallbacks('InflectedRoute');
});

Prefixes are mapped to sub-namespaces in your applications Controller namespace. By having prefixes
as separate controllers you can create smaller and simpler controllers. Behavior that is common to the
prefixed and non-prefixed controllers can be encapsulated using inheritance, Components, or traits. Using
our users example, accessing the URL /admin/users/edit/5 would call the edit() method of our
src/Controller/Admin/UsersController.php passing 5 as the first parameter. The view file used would be
src/Template/Admin/Users/edit.ctp
You can map the URL /admin to your index() action of pages controller using following route:
Router::prefix('admin', function ($routes) {
// Because you are in the admin scope,
// you do not need to include the /admin prefix
// or the admin route element.
$routes->connect('/', ['controller' => 'Pages', 'action' => 'index']);
});

When creating prefix routes, you can set additional route parameters using the $options argument:
Router::prefix('admin', ['param' => 'value'], function ($routes) {
// Routes connected here are prefixed with '/admin' and
// have the 'param' routing key set.
$routes->connect('/:controller');
});

You can define prefixes inside plugin scopes as well:

152

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

Router::plugin('DebugKit', function ($routes) {


$routes->prefix('admin', function ($routes) {
$routes->connect('/:controller');
});
});

The above would create a route template like /debug_kit/admin/:controller. The connected
route would have the plugin and prefix route elements set.
When defining prefixes, you can nest multiple prefixes if necessary:
Router::prefix('manager', function ($routes) {
$routes->prefix('admin', function ($routes) {
$routes->connect('/:controller');
});
});

The above would create a route template like /manager/admin/:controller. The connected route
would have the prefix route element set to manager/admin.
The
current
prefix
will
be
available
$this->request->params[prefix]

from

the

controller

methods

through

When using prefix routes its important to set the prefix option. Heres how to build this link using the
HTML helper:
// Go into a prefixed route.
echo $this->Html->link(
'Manage articles',
['prefix' => 'manager', 'controller' => 'Articles', 'action' => 'add']
);
// Leave a prefix
echo $this->Html->link(
'View Post',
['prefix' => false, 'controller' => 'Articles', 'action' => 'view', 5]
);

Note: You should connect prefix routes before you connect fallback routes.

Plugin Routing
static Cake\Routing\Router::plugin($name, $options =[], $callback)
Routes for Plugins are most easily created using the plugin() method. This method creates a new routing
scope for the plugins routes:
Router::plugin('DebugKit', function ($routes) {
// Routes connected here are prefixed with '/debug_kit' and
// have the plugin route element set to 'DebugKit'.
$routes->connect('/:controller');
});

Connecting Routes

153

CakePHP Cookbook Documentation, Release 3.x

When creating plugin scopes, you can customize the path element used with the path option:
Router::plugin('DebugKit', ['path' => '/debugger'], function ($routes) {
// Routes connected here are prefixed with '/debugger' and
// have the plugin route element set to 'DebugKit'.
$routes->connect('/:controller');
});

When using scopes you can nest plugin scopes within prefix scopes:
Router::prefix('admin', function ($routes) {
$routes->plugin('DebugKit', function ($routes) {
$routes->connect('/:controller');
});
});

The above would create a route that looks like /admin/debug_kit/:controller. It would have the
prefix, and plugin route elements set.
You can create links that point to a plugin, by adding the plugin key to your URL array:
echo $this->Html->link(
'New todo',
['plugin' => 'Todo', 'controller' => 'TodoItems', 'action' => 'create']
);

Conversely if the active request is a plugin request and you want to create a link that has no plugin you can
do the following:
echo $this->Html->link(
'New todo',
['plugin' => null, 'controller' => 'Users', 'action' => 'profile']
);

By setting plugin => null you tell the Router that you want to create a link that is not part of a plugin.

SEO-Friendly Routing
Some developers prefer to use dashes in URLs, as its perceived to give better search engine rankings.
The DashedRoute class can be used in your application with the ability to route plugin, controller, and
camelized action names to a dashed URL.
For example, if we had a ToDo plugin, with a TodoItems controller, and a showItems() action, it
could be accessed at /to-do/todo-items/show-items with the following router connection:
Router::plugin('ToDo', ['path' => 'to-do'], function ($routes) {
$routes->fallbacks('DashedRoute');
});

Routing File Extensions


static Cake\Routing\Router::extensions(string|array|null $extensions, $merge = true)
154

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

To handle different file extensions with your routes, you need one extra line in your routes config file:
Router::extensions(['html', 'rss']);

This will enable the named extensions for all routes connected after this method call. Any routes connected
prior to it will not inherit the extensions. By default the extensions you passed will be merged with existing
list of extensions. You can pass false for the second argument to override existing list. Calling the method
without arguments will return existing list of extensions. You can set extensions per scope as well:
Router::scope('/api', function ($routes) {
$routes->extensions(['json', 'xml']);
});

Note: Setting the extensions should be the first thing you do in a scope, as the extensions will only be
applied to routes connected after the extensions are set.
By using extensions, you tell the router to remove any matching file extensions, and then parse what remains.
If you want to create a URL such as /page/title-of-page.html you would create your route using:
Router::scope('/page', function ($routes) {
$routes->extensions(['json', 'xml', 'html']);
$routes->connect(
'/:title',
['controller' => 'Pages', 'action' => 'view'],
[
'pass' => ['title']
]
);
});

Then to create links which map back to the routes simply use:

$this->Html->link(
'Link title',
['controller' => 'Pages', 'action' => 'view', 'title' => 'super-article', '_ext' => 'ht
);

File extensions are used by Request Handling to do automatic view switching based on content types.

Creating RESTful Routes


static Cake\Routing\Router::mapResources($controller, $options)
Router makes it easy to generate RESTful routes for your controllers. RESTful routes are helpful when you
are creating API endpoints for your application. If we wanted to allow REST access to a recipe controller,
wed do something like this:
// In config/routes.php...
Router::scope('/', function ($routes) {
$routes->extensions(['json']);

Creating RESTful Routes

155

CakePHP Cookbook Documentation, Release 3.x

$routes->resources('Recipes');
});

The first line sets up a number of default routes for easy REST access where method specifies the desired
result format (e.g. xml, json, rss). These routes are HTTP Request Method sensitive.
HTTP format
GET
GET
POST
PUT
PATCH
DELETE

URL.format
/recipes.format
/recipes/123.format
/recipes.format
/recipes/123.format
/recipes/123.format
/recipes/123.format

Controller action invoked


RecipesController::index()
RecipesController::view(123)
RecipesController::add()
RecipesController::edit(123)
RecipesController::edit(123)
RecipesController::delete(123)

CakePHPs Router class uses a number of different indicators to detect the HTTP method being used. Here
they are in order of preference:
1. The _method POST variable
2. The X_HTTP_METHOD_OVERRIDE
3. The REQUEST_METHOD header
The _method POST variable is helpful in using a browser as a REST client (or anything else that can do
POST easily). Just set the value of _method to the name of the HTTP request method you wish to emulate.

Creating Nested Resource Routes


Once you have connected resources in a scope, you can connect routes for sub-resources as well. Subresource routes will be prepended by the original resource name and a id parameter. For example:
Router::scope('/api', function ($routes) {
$routes->resources('Articles', function ($routes) {
$routes->resources('Comments');
});
});

Will generate resource routes for both articles and comments. The comments routes will look like:
/api/articles/:article_id/comments
/api/articles/:article_id/comments/:id

You can get the article_id in CommentsController by:


$this->request->params['article_id']

Note: While you can nest resources as deeply as you require, it is not recommended to nest more than 2
resources together.

156

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

Limiting the Routes Created


By default CakePHP will connect 6 routes for each resource. If youd like to only connect specific resource
routes you can use the only option:
$routes->resources('Articles', [
'only' => ['index', 'view']
]);

Would create read only resource routes. The route names are create, update, view, index, and
delete.

Changing the Controller Actions Used


You may need to change the controller action names that are used when connecting routes. For example, if
your edit() action is called update() you can use the actions key to rename the actions used:
$routes->resources('Articles', [
'actions' => ['edit' => 'update', 'add' => 'create']
]);

The above would use update() for the edit() action, and create() instead of add().

Mapping Additional Resource Routes


You can map additional resource methods using the map option:
$routes->resources('Articles', [
'map' => [
'deleteAll' => [
'action' => 'deleteAll',
'method' => 'DELETE'
]
]
]);
// This would connect /articles/deleteAll

In addition to the default routes, this would also connect a route for /articles/delete_all. By default the path
segment will match the key name. You can use the path key inside the resource definition to customize the
path name:
$routes->resources('Articles', [
'map' => [
'updateAll' => [
'action' => 'updateAll',
'method' => 'DELETE',
'path' => '/update_many'
],
]
]);
// This would connect /articles/update_many

Creating RESTful Routes

157

CakePHP Cookbook Documentation, Release 3.x

If you define only and map, make sure that your mapped methods are also in the only list.

Custom Route Classes for Resource Routes


You can provide connectOptions key in the $options array for resources() to provide custom
setting used by connect():
Router::scope('/', function ($routes) {
$routes->resources('books', [
'connectOptions' => [
'routeClass' => 'ApiRoute',
]
];
});

Passed Arguments
Passed arguments are additional arguments or path segments that are used when making a request. They are
often used to pass parameters to your controller methods.
http://localhost/calendars/view/recent/mark

In
the
above
example,
both
recent
and
mark
are
passed
arguments
to
CalendarsController::view(). Passed arguments are given to your controllers in three
ways.
First as arguments to the action method called, and secondly they are available in
$this->request->params[pass] as a numerically indexed array.
When using custom
routes you can force particular parameters to go into the passed arguments as well.
If you were to visit the previously mentioned URL, and you had a controller action that looked like:
class CalendarsController extends AppController
{
public function view($arg1, $arg2)
{
debug(func_get_args());
}
}

You would get the following output:


Array
(
[0] => recent
[1] => mark
)

This same data is also available at $this->request->params[pass] and


$this->passedArgs in your controllers, views, and helpers. The values in the pass array are
numerically indexed based on the order they appear in the called URL:

158

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

debug($this->request->params['pass']);

Either of the above would output:


Array
(
[0] => recent
[1] => mark
)

When generating URLs, using a routing array you add passed arguments as values without string keys in
the array:
['controller' => 'Articles', 'action' => 'view', 5]

Since 5 has a numeric key, it is treated as a passed argument.

Generating URLs
static Cake\Routing\Router::url($url = null, $full = false)
Generating URLs or Reverse routing is a feature in CakePHP that is used to allow you to easily change your
URL structure without having to modify all your code. By using routing arrays to define your URLs, you
can later configure routes and the generated URLs will automatically update.
If you create URLs using strings like:
$this->Html->link('View', '/articles/view/' . $id);

And then later decide that /articles should really be called articles instead, you would have to go
through your entire application renaming URLs. However, if you defined your link like:
$this->Html->link(
'View',
['controller' => 'Articles', 'action' => 'view', $id]
);

Then when you decided to change your URLs, you could do so by defining a route. This would change both
the incoming URL mapping, as well as the generated URLs.
When using array URLs, you can define both query string parameters and document fragments using special
keys:
Router::url([
'controller' => 'Articles',
'action' => 'index',
'?' => ['page' => 1],
'#' => 'top'
]);
// Will generate a URL like.
/articles/index?page=1#top

Generating URLs

159

CakePHP Cookbook Documentation, Release 3.x

Router will also convert any unknown parameters in a routing array to querystring parameters. The ? is
offered for backwards compatibility with older versions of CakePHP.
You can also use any of the special route elements when generating URLs:
_ext Used for Routing File Extensions routing.
_base Set to false to remove the base path from the generated URL. If your application is not in
the root directory, this can be used to generate URLs that are cake relative. cake relative URLs are
required when using requestAction.
_scheme Set to create links on different schemes like webcal or ftp. Defaults to the current
scheme.
_host Set the host to use for the link. Defaults to the current host.
_port Set the port if you need to create links on non-standard ports.
_full If true the FULL_BASE_URL constant will be prepended to generated URLs.
_ssl Set to true to convert the generated URL to https or false to force http.
_name Name of route. If you have setup named routes, you can use this key to specify it.

Redirect Routing
static Cake\Routing\Router::redirect($route, $url, $options =[])
Redirect routing allows you to issue HTTP status 30x redirects for incoming routes, and point them at
different URLs. This is useful when you want to inform client applications that a resource has moved and
you dont want to expose two URLs for the same content.
Redirection routes are different from normal routes as they perform an actual header redirection if a match
is found. The redirection can occur to a destination within your application or an outside location:
$routes->redirect(
'/home/*',
['controller' => 'Articles', 'action' => 'view'],
['persist' => true]
// Or ['persist'=>['id']] for default routing where the
// view action expects $id as an argument.
);

Redirects /home/* to /articles/view and passes the parameters to /articles/view. Using an


array as the redirect destination allows you to use other routes to define where a URL string should be
redirected to. You can redirect to external locations using string URLs as the destination:
$routes->redirect('/articles/*', 'http://google.com', ['status' => 302]);

This would redirect /articles/* to http://google.com with a HTTP status of 302.

160

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

Custom Route Classes


Custom route classes allow you to extend and change how individual routes parse requests and handle
reverse routing. Route classes have a few conventions:
Route classes are expected to be found in the Routing\\Route namespace of your application or
plugin.
Route classes should extend Cake\Routing\Route.
Route classes should implement one or both of match() and/or parse().
The parse() method is used to parse an incoming URL. It should generate an array of request parameters
that can be resolved into a controller & action. Return false from this method to indicate a match failure.
The match() method is used to match an array of URL parameters and create a string URL. If the URL
parameters do not match the route false should be returned.
You can use a custom route class when making a route by using the routeClass option:
$routes->connect(
'/:slug',
['controller' => 'Articles', 'action' => 'view'],
['routeClass' => 'SlugRoute']
);

This route would create an instance of SlugRoute and allow you to implement custom parameter handling.
You can use plugin route classes using standard plugin syntax.

Default Route Class


static Cake\Routing\Router::defaultRouteClass($routeClass = null)
If you want to use an alterate route class for all your routes besides the default Route, you can do so by
calling Router::defaultRouteClass() before setting up any routes and avoid having to specify the
routeClass option for each route. For example using:
Router::defaultRouteClass('DashedRoute');

will cause all routes connected after this to use the DashedRoute route class. Calling the method without
an argument will return current default route class.

Fallbacks method
Cake\Routing\Router::fallbacks($routeClass = null)
The fallbacks method is a simple shortcut for defining default routes.
The method uses the
passed routing class for the defined rules or if no class is provided the class returned by
Router::defaultRouteClass() is used.
Calling fallbacks like so:

Custom Route Classes

161

CakePHP Cookbook Documentation, Release 3.x

$routes->fallbacks('InflectedRoute');

Is equivalent to the following explicit calls:

$routes->connect('/:controller', ['action' => 'index'], ['routeClass' => 'InflectedRoute'])


$routes->connect('/:controller/:action/*', [], ['routeClass' => 'InflectedRoute']);

Note:
Using the default route class (Route) with fallbacks, or any route with :plugin and/or
:controller route elements will result in inconsistent URL case.

Creating Persistent URL Parameters


You can hook into the URL generation process using URL filter functions. Filter functions are called before
the URLs are matched against the routes, this allows you to prepare URLs before routing.
Callback filter functions should expect the following parameters:
$params The URL params being processed.
$request The current request.
The URL filter function should always return the params even if unmodified.
URL filters allow you to easily implement features like persistent parameters:
Router::addUrlFilter(function ($params, $request) {
if (isset($request->params['lang']) && !isset($params['lang'])) {
$params['lang'] = $request->params['lang'];
}
return $params;
});

Filter functions are applied in the order they are connected.

Handling Named Parameters in URLs


Although named parameters were removed in CakePHP 3.0, applications may have published URLs containing them. You can continue to accept URLs containing named parameters.
In your controllers beforeFilter() method you can call parseNamedParams() to extract any
named parameters from the passed arguments:
public function beforeFilter()
{
parent::beforeFilter();
Router::parseNamedParams($this->request);
}

162

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

This will populate $this->request->params[named] with any named parameters found in the
passed arguments. Any passed argument that was interpreted as a named parameter, will be removed from
the list of passed arguments.

RequestActionTrait
trait Cake\Routing\RequestActionTrait
This trait allows classes which include it to create sub-requests or request actions.
Cake\Routing\RequestActionTrait::requestAction(string $url, array $options)
This function calls a controllers action from any location and returns the response body from the
action. The $url passed is a CakePHP-relative URL (/controllername/actionname/params). To pass
extra data to the receiving controller action add to the $options array.
Note: You can use requestAction() to retrieve a rendered view by passing return in the options: requestAction($url, [return]);. It is important to note that making a requestAction using return from a controller method may cause script and css tags to not work correctly.
Generally you can avoid dispatching sub-requests by using View Cells. Cells give you a lightweight
way to create re-usable view components when compared to requestAction().
You should always include checks to make sure your requestAction methods are actually originating from requestAction(). Failing to do so will allow requestAction methods to be directly
accessible from a URL, which is generally undesirable.
If we now create a simple element to call that function:
// src/View/Element/latest_comments.ctp
echo $this->requestAction('/comments/latest');

We can then place that element anywhere to get the output using:
echo $this->element('latest_comments');

Written in this way, whenever the element is rendered, a request will be made to the controller to get
the data, the data will be processed, rendered and returned. However in accordance with the warning
above its best to make use of element caching to prevent needless processing. By modifying the call
to element to look like this:
echo $this->element('latest_comments', [], ['cache' => '+1 hour']);

The requestAction call will not be made while the cached element view file exists and is valid.
In addition, requestAction takes routing array URLs:
echo $this->requestAction(
['controller' => 'Articles', 'action' => 'featured']
);

Note: Unlike other places where array URLs are analogous to string URLs, requestAction treats
them differently.
RequestActionTrait

163

CakePHP Cookbook Documentation, Release 3.x

The URL based array are the same as the ones that Cake\Routing\Router::url() uses with
one difference - if you are using passed parameters, you must put them in a second array and wrap
them with the correct key. This is because requestAction merges the extra parameters (requestActions
2nd parameter) with the request->params member array and does not explicitly place them under
the pass key. Any additional keys in the $option array will be made available in the requested
actions request->params property:
echo $this->requestAction('/articles/view/5');

As an array in the requestAction would then be:


echo $this->requestAction(
['controller' => 'Articles', 'action' => 'view'],
['pass' => [5]]
);

You can also pass querystring arguments, post data or cookies using the appropriate keys. Cookies
can be passed using the cookies key. Get parameters can be set with query and post data can be
sent using the post key:
$vars = $this->requestAction('/articles/popular', [
'query' => ['page' = > 1],
'cookies' => ['remember_me' => 1],
]);

When using an array URL in conjunction with requestAction() you must specify all parameters that
you will need in the requested action. This includes parameters like $this->request->data.
In addition to passing all required parameters, passed arguments must be done in the second array as
seen above.

Dispatcher Filters
There are several reasons to want a piece of code to be run before any controller code is executed or right
before the response is sent to the client, such as response caching, header tuning, special authentication or
just to provide access to a mission-critical API response in lesser time than a complete request dispatching
cycle would take.
CakePHP provides a clean interface for attaching filters to the dispatch cycle. It is similar to a middleware
layer, but re-uses the existing event subsystem used in other parts of CakePHP. Since they do not work
exactly like traditional middleware, we refer to them as Dispatcher Filters.
Built-in Filters
CakePHP comes with several dispatcher filters built-in. They handle common features that all applications
are likely to need. The built-in filters are:
AssetFilter checks whether the request is referring to a theme or plugin asset file, such as a
CSS, JavaScript or image file stored in either a plugins webroot folder or the corresponding one for a
Theme. It will serve the file accordingly if found, stopping the rest of the dispatching cycle:
164

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

// Use options to set cacheTime for your static assets


// If not set, this defaults to +1 hour
DispatcherFactory::add('Asset', ['cacheTime' => '+24 hours']);

RoutingFilter applies application routing


$request->params with the results of routing.

rules

to

the

request

URL.

Populates

ControllerFactory uses $request->params to locate the controller that will handle the
current request.
LocaleSelector enables automatic language switching from the Accept-Language header
sent by the browser.
Using Filters
Filters are usually enabled in your applications bootstrap.php file, but you could easily load
them any time before the request is dispatched. Adding and removing filters is done through
Cake\Routing\DispatcherFactory. By default, the CakePHP application template comes with
a couple filter classes already enabled for all requests; lets take a look at how they are added:
DispatcherFactory::add('Routing');
DispatcherFactory::add('ControllerFactory');
// Plugin syntax is also possible
DispatcherFactory::add('PluginName.DispatcherName');
// Use options to set priority
DispatcherFactory::add('Asset', ['priority' => 1]);

Dispatcher filters with higher priority will be executed first. Priority defaults to 10.
While using the string name is convenient, you can also pass instances into add():
use Cake\Routing\Filter\RoutingFilter;
DispatcherFactory::add(new RoutingFilter());

Configuring Filter Order

When adding filters, you can control the order they are invoked in using event handler priorities. While
filters can define a default priority using the $_priority property, you can set a specific priority when
attaching the filter:
DispatcherFactory::add('Asset', ['priority' => 1]);
DispatcherFactory::add(new AssetFilter(['priority' => 1]));

The higher the priority the later this filter will be invoked.

RequestActionTrait

165

CakePHP Cookbook Documentation, Release 3.x

Conditionally Applying Filters

If you dont want to run a filter on every request, you can use conditions to only apply it some of the
time. You can apply conditions using the for and when options. The for option lets you match on URL
substrings, while the when option allows you to run a callable:
// Only runs on requests starting with `/blog`
DispatcherFactory::add('BlogHeader', ['for' => '/blog']);
// Only run on GET requests.
DispatcherFactory::add('Cache', [
'when' => function ($request, $response) {
return $request->is('get');
}
]);

The callable provided to when should return true when the filter should run. The callable can expect to
get the current request and response as arguments.
Building a Filter
To create a filter, define a class in src/Routing/Filter. In this example, well be making a filter that adds a
tracking cookie for the first landing page. First, create the file. Its contents should look like:
namespace App\Routing\Filter;
use Cake\Event\Event;
use Cake\Routing\DispatcherFilter;
class TrackingCookieFilter extends DispatcherFilter
{
public function beforeDispatch(Event $event)
{
$request = $event->data['request'];
$response = $event->data['response'];
if (!$request->cookie('landing_page')) {
$response->cookie([
'name' => 'landing_page',
'value' => $request->here(),
'expire' => '+ 1 year',
]);
}
}
}

Save this file into src/Routing/Filter/TrackingCookieFilter.php. As you can see, like other classes in
CakePHP, dispatcher filters have a few conventions:
Class names end in Filter.
Classes are in the Routing\Filter namespace. For example, App\Routing\Filter.

166

Chapter 8. Routing

CakePHP Cookbook Documentation, Release 3.x

Generally filters extend Cake\Routing\DispatcherFilter.


DispatcherFilter exposes two methods that can be overridden in subclasses, they are
beforeDispatch() and afterDispatch(). These methods are executed before or after any controller is executed respectively. Both methods receive a Cake\Event\Event object containing the
Request and Response objects (Cake\Network\Request and Cake\Network\Response instances) inside the $data property.
While our filter was pretty simple, there are a few other interesting things we can do in filter methods. By returning an Response object, you can short-circuit the dispatch process and prevent
the controller from being called. When returning a response, you should also remember to call
$event->stopPropagation() so other filters are not called.
Note: When a beforeDispatch method returns a response, the controller, and afterDispatch event will not
be invoked.
Lets now create another filter for altering response headers in any public page, in our case it would be
anything served from the PagesController:
namespace App\Routing\Filter;
use Cake\Event\Event;
use Cake\Routing\DispatcherFilter;
class HttpCacheFilter extends DispatcherFilter
{
public function afterDispatch(Event $event)
{
$request = $event->data['request'];
$response = $event->data['response'];
if ($response->statusCode() === 200) {
$response->sharable(true);
$response->expires(strtotime('+1 day'));
}
}
}

// In our bootstrap.php
DispatcherFactory::add('HttpCache', ['for' => '/pages'])

This filter will send a expiration header to 1 day in the future for all responses produced by the pages
controller. You could of course do the same in the controller, this is just an example of what could be done
with filters. For instance, instead of altering the response, you could cache it using Cake\Cache\Cache
and serve the response from the beforeDispatch() callback.
While powerful, dispatcher filters have the potential to make your application more difficult to maintain.
Filters are an extremely powerful tool when used wisely and adding response handlers for each URL in
your app is not a good use for them. Keep in mind that not everything needs to be a filter; Controllers and
Components are usually a more accurate choice for adding any request handling code to your app.

RequestActionTrait

167

CakePHP Cookbook Documentation, Release 3.x

168

Chapter 8. Routing

CHAPTER 9

Request & Response Objects

The request and response objects provide an abstraction around HTTP requests and responses. The request
object in CakePHP allows you to easily introspect an incoming request, while the response object allows
you to effortlessly create HTTP responses from your controllers.

Request
class Cake\Network\Request
Request is the default request object used in CakePHP. It centralizes a number of features for interrogating and interacting with request data. On each request one Request is created and then passed by reference to the various layers of an application that use request data. By default the request is assigned to
$this->request, and is available in Controllers, Cells, Views and Helpers. You can also access it in
Components using the controller reference. Some of the duties Request performs include:
Processing the GET, POST, and FILES arrays into the data structures you are familiar with.
Providing environment introspection pertaining to the request. Information like the headers sent, the
clients IP address, and the subdomain/domain names the server your application is running on.
Providing access to request parameters both as array indexes and object properties.

Request Parameters
Request exposes several interfaces for accessing request parameters:
$this->request->params['controller'];
$this->request->param('controller');

All of the above will access the same value. All Route Elements are accessed through this interface.
In addition to Route Elements, you also often need access to Passed Arguments. These are both available on
the request object as well:

169

CakePHP Cookbook Documentation, Release 3.x

// Passed arguments
$this->request->pass;
$this->request['pass'];
$this->request->params['pass'];

Will all provide you access to the passed arguments. There are several important/useful parameters that
CakePHP uses internally, these are also all found in the request parameters:
plugin The plugin handling the request. Will be null when there is no plugin.
controller The controller handling the current request.
action The action handling the current request.
prefix The prefix for the current action. See Prefix Routing for more information.
bare Present when the request came from Controller\Controller::requestAction()
and included the bare option. Bare requests do not have layouts rendered.
requested
Present
and
set
to
true
when
Controller\Controller::requestAction().

the

action

came

from

Query String Parameters


Cake\Network\Request::query($name)
Query string parameters can be read using Network\Request::$query:
// URL is /posts/index?page=1&sort=title
$this->request->query['page'];

You can either directly access the query property, or you can use query() method to read the URL query
array in an error-free manner. Any keys that do not exist will return null:
$foo = $this->request->query('value_that_does_not_exist');
// $foo === null

Request Body Data


Cake\Network\Request::data($name)
All POST data can be accessed using Cake\Network\Request::data(). Any form data that contains a data prefix will have that data prefix removed. For example:
// An input with a name attribute equal to 'MyModel[title]' is accessible at
$this->request->data('MyModel.title');

Any keys that do not exist will return null:


$foo = $this->request->data('Value.that.does.not.exist');
// $foo == null

You can also access the array of data, as an array:


170

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

$this->request->data['title'];
$this->request->data['comments'][1]['author'];

PUT, PATCH or DELETE Data


Cake\Network\Request::input($callback[, $options ])
When building REST services, you often accept request data on PUT and DELETE requests. Any
application/x-www-form-urlencoded request body data will automatically be parsed and set
to $this->data for PUT and DELETE requests. If you are accepting JSON or XML data, see below for
how you can access those request bodies.
When accessing the input data, you can decode it with an optional function. This is useful when interacting
with XML or JSON request body content. Additional parameters for the decoding function can be passed
as arguments to input():
$this->request->input('json_decode');

Environment Variables (from $_SERVER and $_ENV)


Cake\Network\Request::env($key, $value = null)
Request::env() is a wrapper for env() global function and acts as a getter/setter for enviromnent
variables without having to modify globals $_SERVER and $_ENV:
// Get a value
$value = $this->request->env('HTTP_HOST');
// Set a value. Generally helpful in testing.
$this->request->env('REQUEST_METHOD', 'POST');

XML or JSON Data


Applications employing REST often exchange data in non-URL-encoded post bodies. You can read input
data in any format using Network\Request::input(). By providing a decoding function, you can
receive the content in a deserialized format:
// Get JSON encoded data submitted to a PUT/POST action
$data = $this->request->input('json_decode');

Some deserializing methods require additional parameters when called, such as the as array
parameter on json_decode.
If you want XML converted into a DOMDocument object,
Network\Request::input() supports passing in additional parameters as well:
// Get Xml encoded data submitted to a PUT/POST action
$data = $this->request->input('Xml::build', ['return' => 'domdocument']);

Request

171

CakePHP Cookbook Documentation, Release 3.x

Path Information
The request object also provides useful information about the paths in your application.
$request->base and $request->webroot are useful for generating URLs, and determining
whether or not your application is in a subdirectory. The various properties you can use are:
// Assume the current request URL is /subdir/articles/edit/1?page=1
// Holds /subdir/articles/edit/1?page=1
$request->here;
// Holds /subdir
$request->base;
// Holds /subdir/
$request->webroot;

Checking Request Conditions


Cake\Network\Request::is($type)
The request object provides an easy way to inspect certain conditions in a given request. By using the is()
method you can check a number of common conditions, as well as inspect other application specific request
criteria:
$this->request->is('post');

You can also easily extend the request detectors that are available,
by using
Cake\Network\Request::addDetector() to create new kinds of detectors. There are four
different types of detectors that you can create:
Environment value comparison - Compares a value fetched from env() for equality with the provided value.
Pattern value comparison - Pattern value comparison allows you to compare a value fetched from
env() to a regular expression.
Option based comparison - Option based comparisons use a list of options to create a regular expression. Subsequent calls to add an already defined options detector will merge the options.
Callback detectors - Callback detectors allow you to provide a callback type to handle the check.
The callback will receive the request object as its only parameter.
Cake\Network\Request::addDetector($name, $options)
Some examples would be:
// Add an environment detector.
$this->request->addDetector(
'post',
['env' => 'REQUEST_METHOD', 'value' => 'POST']
);

172

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

// Add a pattern value detector.


$this->request->addDetector(
'iphone',
['env' => 'HTTP_USER_AGENT', 'pattern' => '/iPhone/i']
);
// Add an option detector
$this->request->addDetector('internalIp', [
'env' => 'CLIENT_IP',
'options' => ['192.168.0.101', '192.168.0.100']
]);
// Add a callback detector. Must be a valid callable.
$this->request->addDetector(
'awesome',
function ($request) {
return isset($request->awesome);
}
);

Request
also
includes
methods
like
Cake\Network\Request::domain(),
Cake\Network\Request::subdomains() and Cake\Network\Request::host() to
help applications with subdomains, have a slightly easier life.
There are several built-in detectors that you can use:
is(get) Check to see whether the current request is a GET.
is(put) Check to see whether the current request is a PUT.
is(patch) Check to see whether the current request is a PATCH.
is(post) Check to see whether the current request is a POST.
is(delete) Check to see whether the current request is a DELETE.
is(head) Check to see whether the current request is HEAD.
is(options) Check to see whether the current request is OPTIONS.
is(ajax) Check to see whether the current request came with X-Requested-With = XMLHttpRequest.
is(ssl) Check to see whether the request is via SSL.
is(flash) Check to see whether the request has a User-Agent of Flash.
is(requested) Check to see whether the request has a query param requested with value 1.
is(json) Check to see whether the request has json extension and accept application/json
mimetype.
is(xml) Check to see whether the request has xml extension and accept application/xml or
text/xml mimetype.

Request

173

CakePHP Cookbook Documentation, Release 3.x

Session Data
To access the session for a given request use the session() method:
$this->request->session()->read('Auth.User.name');

For more information, see the Sessions documentation for how to use the session object.

Host and Domain Name


Cake\Network\Request::domain($tldLength = 1)
Returns the domain name your application is running on:
// Prints 'example.org'
echo $request->domain();

Cake\Network\Request::subdomains($tldLength = 1)
Returns the subdomains your application is running on as an array:
// Returns ['my', 'dev'] for 'my.dev.example.org'
$request->subdomains();

Cake\Network\Request::host()
Returns the host your application is on:
// Prints 'my.dev.example.org'
echo $request->host();

Working With HTTP Methods & Headers


Cake\Network\Request::method()
Returns the HTTP method the request was made with:
// Output POST
echo $request->method();

Cake\Network\Request::allowMethod($methods)
Set allowed HTTP methods. If not matched, will throw MethodNotAllowedException. The 405 response
will include the required Allow header with the passed methods
Cake\Network\Request::header($name)
Allows you to access any of the HTTP_* headers that were used for the request. For example:
$this->request->header('User-Agent');

would return the user agent used for the request.


Cake\Network\Request::referer($local = false)
174

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

Returns the referring address for the request.


Cake\Network\Request::clientIp()
Returns the current visitors IP address.

Trusting Proxy Headers


If your application is behind a load balancer or running on a cloud service, you will often get the load balancer host, port and scheme in your requests. Often load balancers will also send HTTP-X-Forwarded-*
headers with the original values. The forwarded headers will not be used by CakePHP out of the box. To
have the request object use these headers set the trustProxy property to true:
$this->request->trustProxy = true;
// These methods will not use the proxied headers.
$this->request->port();
$this->request->host();
$this->request->scheme();
$this->request->clientIp();

Checking Accept Headers


Cake\Network\Request::accepts($type = null)
Find out which content types the client accepts, or check whether it accepts a particular type of content.
Get all types:
$this->request->accepts();

Check for a single type:


$this->request->accepts('application/json');

Cake\Network\Request::acceptLanguage($language = null)
Get all the languages accepted by the client, or check whether a specific language is accepted.
Get the list of accepted languages:
$this->request->acceptLanguage();

Check whether a specific language is accepted:


$this->request->acceptLanguage('es-es');

Response
class Cake\Network\Response

Response

175

CakePHP Cookbook Documentation, Release 3.x

Cake\Network\Response is the default response class in CakePHP. It encapsulates a number of features and functionality for generating HTTP responses in your application. It also assists in testing, as it can
be mocked/stubbed allowing you to inspect headers that will be sent. Like Cake\Network\Request,
Cake\Network\Response consolidates a number of methods previously found on Controller,
RequestHandlerComponent and Dispatcher. The old methods are deprecated in favour of using Cake\Network\Response.
Response provides an interface to wrap the common response-related tasks such as:
Sending headers for redirects.
Sending content type headers.
Sending any header.
Sending the response body.

Changing the Response Class


CakePHP uses Response by default. Response is a flexible and transparent class. If you need to override
it with your own application-specific class, you can replace Response in webroot/index.php.
This will make all the controllers in your application use CustomResponse instead
of Cake\Network\Response.
You can also replace the response instance by setting
$this->response in your controllers. Overriding the response object is handy during testing, as
it allows you to stub out the methods that interact with header(). See the section on cakeresponse-testing
for more information.

Dealing with Content Types


Cake\Network\Response::type($contentType = null)
You
can
control
the
Content-Type
of
your
applications
responses
with
Cake\Network\Response::type(). If your application needs to deal with content types that
are not built into Response, you can map them with type() as well:
// Add a vCard type
$this->response->type(['vcf' => 'text/v-card']);
// Set the response Content-Type to vcard.
$this->response->type('vcf');

Usually, youll want to map additional content types in your controllers beforeFilter() callback,
so you can leverage the automatic view switching features of RequestHandlerComponent if you are
using it.

Setting the Character Set


Cake\Network\Response::charset($charset = null)

176

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

Sets the charset that will be used in the response:


$this->response->charset('UTF-8');

Sending Files
Cake\Network\Response::file($path, $options =[])
There are times when you want to send files as responses for your requests. You can accomplish that by
using Cake\Network\Response::file():
public function sendFile($id)
{
$file = $this->Attachments->getFile($id);
$this->response->file($file['path']);
// Return response object to prevent controller from trying to render
// a view.
return $this->response;
}

As shown in the above example, you must pass the file path to the method. CakePHP will send
a proper content type header if its a known file type listed in Cake\Network\Reponse::$_mimeTypes.
You can add new types prior to calling Cake\Network\Response::file() by using the
Cake\Network\Response::type() method.
If you want, you can also force a file to be downloaded instead of displayed in the browser by specifying the
options:
$this->response->file(
$file['path'],
['download' => true, 'name' => 'foo']
);

The supported options are:


name The name allows you to specify an alternate file name to be sent to the user.
download A boolean value indicating whether headers should be set to force download.

Sending a String as File


You can respond with a file that does not exist on the disk, such as a pdf or an ics generated on the fly from
a string:
public function sendIcs()
{
$icsString = $this->Calendars->generateIcs();
$this->response->body($icsString);
$this->response->type('ics');
// Optionally force file download
$this->response->download('filename_for_download.ics');

Response

177

CakePHP Cookbook Documentation, Release 3.x

// Return response object to prevent controller from trying to render


// a view.
return $this->response;
}

Setting Headers
Cake\Network\Response::header($header = null, $value = null)
Setting headers is done with the Cake\Network\Response::header() method. It can be called
with a few different parameter configurations:
// Set a single header
$this->response->header('Location', 'http://example.com');
// Set multiple headers
$this->response->header([
'Location' => 'http://example.com',
'X-Extra' => 'My header'
]);
$this->response->header([
'WWW-Authenticate: Negotiate',
'Content-type: application/pdf'
]);

Setting the same header() multiple times will result in overwriting the previous values, just as regular
header calls. Headers are not sent when Cake\Network\Response::header() is called; instead
they are buffered until the response is actually sent.
You can now use the convenience method Cake\Network\Response::location() to directly set
or get the redirect location header.

Interacting with Browser Caching


Cake\Network\Response::disableCache()
You sometimes need to force browsers not to cache the results of a controller action.
Cake\Network\Response::disableCache() is intended for just that:
public function index()
{
// Do something.
$this->response->disableCache();
}

Warning: Using disableCache() with downloads from SSL domains while trying to send files to Internet
Explorer can result in errors.
Cake\Network\Response::cache($since, $time = +1 day)
178

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

You can also tell clients that you


Cake\Network\Response::cache():

want

them

to

cache

responses.

By

using

public function index()


{
// Do something.
$this->response->cache('-1 minute', '+5 days');
}

The above would tell clients to cache the resulting response for 5 days, hopefully speeding up your visitors experience. CakeResponse::cache() sets the Last-Modified value to the first argument.
Expires header and the max-age directive are set based on the second parameter. Cache-Controls
public directive is set as well.

Fine Tuning HTTP Cache


One of the best and easiest ways of speeding up your application is to use HTTP cache. Under this caching
model, you are only required to help clients decide if they should use a cached copy of the response by
setting a few headers such as modified time and response entity tag.
Rather than forcing you to code the logic for caching and for invalidating (refreshing) it once the data has
changed, HTTP uses two models, expiration and validation, which usually are much simpler to use.
Apart from using Cake\Network\Response::cache(), you can also use many other methods to
fine-tune HTTP cache headers to take advantage of browser or reverse proxy caching.
The Cache Control Header
Cake\Network\Response::sharable($public = null, $time = null)
Used under the expiration model, this header contains multiple indicators that can change the way browsers
or proxies use the cached content. A Cache-Control header can look like this:
Cache-Control: private, max-age=3600, must-revalidate

Response class helps you set this header with some utility methods that will produce a final valid
Cache-Control header. The first is the Cake\Network\Response::sharable() method, which
indicates whether a response is to be considered sharable across different users or clients. This method actually controls the public or private part of this header. Setting a response as private indicates that all
or part of it is intended for a single user. To take advantage of shared caches, the control directive must be
set as public.
The second parameter of this method is used to specify a max-age for the cache, which is the number of
seconds after which the response is no longer considered fresh:
public function view()
{
// ...
// Set the Cache-Control as public for 3600 seconds
$this->response->sharable(true, 3600);
}

Response

179

CakePHP Cookbook Documentation, Release 3.x

public function my_data()


{
// ...
// Set the Cache-Control as private for 3600 seconds
$this->response->sharable(false, 3600);
}

Response exposes separate methods for setting each of the directives in the Cache-Control header.
The Expiration Header
Cake\Network\Response::expires($time = null)
You can set the Expires header to a date and time after which the response is no longer considered fresh.
This header can be set using the Cake\Network\Response::expires() method:
public function view()
{
$this->response->expires('+5 days');
}

This method also accepts a DateTime instance or any string that can be parsed by the DateTime class.
The Etag Header
Cake\Network\Response::etag($tag = null, $weak = false)
Cache validation in HTTP is often used when content is constantly changing, and asks the application to
only generate the response contents if the cache is no longer fresh. Under this model, the client continues to
store pages in the cache, but it asks the application every time whether the resource has changed, instead of
using it directly. This is commonly used with static resources such as images and other assets.
The etag() method (called entity tag) is a string that uniquely identifies the requested resource, as a
checksum does for a file, in order to determine whether it matches a cached resource.
To take advantage of this header, you must either call the Cake\Network\Response::checkNotModified()
method manually or include the RequestHandlerComponent in your controller:
public function index()
{
$articles = $this->Articles->find('all');
$this->response->etag($this->Articles->generateHash($articles));
if ($this->response->checkNotModified($this->request)) {
return $this->response;
}
// ...
}

180

Chapter 9. Request & Response Objects

CakePHP Cookbook Documentation, Release 3.x

The Last Modified Header


Cake\Network\Response::modified($time = null)
Also, under the HTTP cache validation model, you can set the Last-Modified header to indicate the
date and time at which the resource was modified for the last time. Setting this header helps CakePHP tell
caching clients whether the response was modified or not based on their cache.
To take advantage of this header, you must either call the Cake\Network\Response::checkNotModified()
method or include the RequestHandlerComponent in your controller:
public function view()
{
$article = $this->Articles->find()->first();
$this->response->modified($article->modified);
if ($this->response->checkNotModified($this->request)) {
return $this->response;
}
// ...
}

The Vary Header


Cake\Network\Response::vary($header)
In some cases, you might want to serve different content using the same URL. This is often the case if
you have a multilingual page or respond with different HTML depending on the browser. Under such
circumstances you can use the Vary header:
$this->response->vary('User-Agent');
$this->response->vary('Accept-Encoding', 'User-Agent');
$this->response->vary('Accept-Language');

Sending Not-Modified Responses


Cake\Network\Response::checkNotModified(Request $request)
Compares the cache headers for the request object with the cache header from the response and determines
whether it can still be considered fresh. If so, deletes the response content, and sends the 304 Not Modified
header:
// In a controller action.
if ($this->response->checkNotModfied($this->request)) {
return $this->response;
}

Sending the Response


Cake\Network\Response::send()

Response

181

CakePHP Cookbook Documentation, Release 3.x

Once you are done creating a response, calling send() will send all the set headers as well as the body.
This is done automatically at the end of each request by Dispatcher.

182

Chapter 9. Request & Response Objects

CHAPTER 10

Controllers

class Cake\Controller\Controller
Controllers are the C in MVC. After routing has been applied and the correct controller has been found,
your controllers action is called. Your controller should handle interpreting the request data, making sure
the correct models are called, and the right response or view is rendered. Controllers can be thought of as
middle man between the Model and View. You want to keep your controllers thin, and your models fat. This
will help you more easily reuse your code and makes your code easier to test.
Commonly, a controller is used to manage the logic around a single model. For example, if you were
building a site for an online bakery, you might have a RecipesController managing your recipes and an
IngredientsController managing your ingredients. However, its also possible to have controllers work with
more than one model. In CakePHP, a controller is named after the primary model it handles.
Your applications controllers extend the AppController class, which in turn extends the core
Controller class. The AppController class can be defined in src/Controller/AppController.php
and it should contain methods that are shared between all of your applications controllers.
Controllers provide a number of methods that handle requests. These are called actions. By default, each
public method in a controller is an action, and is accessible from a URL. An action is responsible for
interpreting the request and creating the response. Usually responses are in the form of a rendered view, but
there are other ways to create responses as well.

The App Controller


As stated in the introduction, the AppController class is the parent class to all of your applications
controllers. AppController itself extends the Cake\Controller\Controller class included in
CakePHP. AppController is defined in src/Controller/AppController.php as follows:
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller

183

CakePHP Cookbook Documentation, Release 3.x

{
}

Controller attributes and methods created in your AppController will be available in all controllers that
extend it. Components (which youll learn about later) are best used for code that is used in many (but not
necessarily all) controllers.
You can use your AppController to load components that will be used in every controller in your
application. CakePHP provides a initialize() method that is invoked at the end of a Controllers
constructor for this kind of use:
namespace App\Controller;
use Cake\Controller\Controller;
class AppController extends Controller
{
public function initialize()
{
// Always enable the CSRF component.
$this->loadComponent('Csrf');
}
}

In addition to the initialize() method, the older $components property will also allow you to
declare which components should be loaded. While normal object-oriented inheritance rules apply, the
components and helpers used by a controller are treated specially. In these cases, AppController property values are merged with child controller class arrays. The values in the child class will always override
those in AppController.

Request Flow
When a request is made to a CakePHP application, CakePHPs Cake\Routing\Router and
Cake\Routing\Dispatcher classes use Connecting Routes to find and create the correct controller
instance. The request data is encapsulated in a request object. CakePHP puts all of the important request
information into the $this->request property. See the section on Request for more information on the
CakePHP request object.

Controller Actions
Controller actions are responsible for converting the request parameters into a response for the browser/user
making the request. CakePHP uses conventions to automate this process and remove some boilerplate code
you would otherwise need to write.
By convention, CakePHP renders a view with an inflected version of the action name. Returning to our
online bakery example, our RecipesController might contain the view(), share(), and search()
184

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

actions. The controller would be found in src/Controller/RecipesController.php and contain:


// src/Controller/RecipesController.php
class RecipesController extends AppController
{
public function view($id)
{
// Action logic goes here.
}
public function share($customerId, $recipeId)
{
// Action logic goes here.
}
public function search($query)
{
// Action logic goes here.
}
}

The
template
files
for
these
actions
would
be
src/Template/Recipes/view.ctp,
src/Template/Recipes/share.ctp, and src/Template/Recipes/search.ctp. The conventional view file
name is the lowercased and underscored version of the action name.
Controller actions generally use Controller::set() to create a context that View uses to render the
view layer. Because of the conventions that CakePHP uses, you dont need to create and render the view
manually. Instead, once a controller action has completed, CakePHP will handle rendering and delivering
the View.
If for some reason youd like to skip the default behavior, you can return a Cake\Network\Response
object from the action with the fully created response.
When you use controller methods with Routing\RequestActionTrait::requestAction()
you will typcially return a Response instance. If you have controller methods that are used for normal
web requests + requestAction, you should check the request type before returning:
// src/Controller/RecipesController.php
class RecipesController extends AppController
{
public function popular()
{
$popular = $this->Recipes->find('popular');
if (!$this->request->is('requested')) {
$this->response->body(json_encode($popular));
return $this->response;
}
$this->set('popular', $popular);
}
}

The

above

controller

Controller Actions

action

is

an

example

of

how

method

can

be

used

with
185

CakePHP Cookbook Documentation, Release 3.x

Routing\RequestActionTrait::requestAction() and normal requests.


In order for you to use a controller effectively in your own application, well cover some of the core attributes
and methods provided by CakePHPs controllers.

Interacting with Views


Controllers interact with views in a number of ways. First, they are able to pass data to the views, using
Controller::set(). You can also decide which view class to use, and which view file should be
rendered from the controller.

Setting View Variables


Cake\Controller\Controller::set(string $var, mixed $value)
The Controller::set() method is the main way to send data from your controller to your view. Once
youve used Controller::set(), the variable can be accessed in your view:
// First you pass data from the controller:
$this->set('color', 'pink');
// Then, in the view, you can utilize the data:
?>
You have selected <?= h($color) ?> icing for the cake.

The Controller::set() method also takes an associative array as its first parameter. This can often
be a quick way to assign a set of information to the view:
$data = [
'color' => 'pink',
'type' => 'sugar',
'base_price' => 23.95
];
// Make $color, $type, and $base_price
// available to the view:
$this->set($data);

Rendering a View
Cake\Controller\Controller::render(string $view, string $layout)
The Controller::render() method is automatically called at the end of each requested controller action. This method performs all the view logic (using the data youve submitted using the
Controller::set() method), places the view inside its View::$layout, and serves it back to the
end user.
186

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

The default view file used by render is determined by convention. If the search() action of the
RecipesController is requested, the view file in src/Template/Recipes/search.ctp will be rendered:
namespace App\Controller;
class RecipesController extends AppController
{
// ...
public function search()
{
// Render the view in src/Template/Recipes/search.ctp
$this->render();
}
// ...
}

Although CakePHP will automatically call it after every actions logic (unless youve set
$this->autoRender to false), you can use it to specify an alternate view file by specifying a view
file name as first argument of Controller::render() method.
If $view starts with /, it is assumed to be a view or element file relative to the src/Template folder. This
allows direct rendering of elements, very useful in AJAX calls:
// Render the element in src/Template/Element/ajaxreturn.ctp
$this->render('/Element/ajaxreturn');

The second parameter $layout of Controller::render() allows you to specify the layout with
which the view is rendered.
Rendering a Specific Template
In your controller, you may want to render a different view than the conventional one. You can do this
by calling Controller::render() directly. Once you have called Controller::render(),
CakePHP will not try to re-render the view:
namespace App\Controller;
class PostsController extends AppController
{
public function my_action()
{
$this->render('custom_file');
}
}

This would render src/Template/Posts/custom_file.ctp instead of src/Template/Posts/my_action.ctp.


You
can
also
render
views
inside
plugins
using
the
following
syntax:
$this->render(PluginName.PluginController/custom_file). For example:
namespace App\Controller;
class PostsController extends AppController

Interacting with Views

187

CakePHP Cookbook Documentation, Release 3.x

{
public function my_action()
{
$this->render('Users.UserDetails/custom_file');
}
}

This would render plugins/Users/src/Template/UserDetails/custom_file.ctp

Redirecting to Other Pages


Cake\Controller\Controller::redirect(string|array $url, integer $status)
The flow control method youll use most often is Controller::redirect(). This method takes its
first parameter in the form of a CakePHP-relative URL. When a user has successfully placed an order, you
might wish to redirect him to a receipt screen.
public function place_order()
{
// Logic for finalizing order goes here
if ($success) {
return $this->redirect(
['controller' => 'Orders', 'action' => 'thanks']
);
}
return $this->redirect(
['controller' => 'Orders', 'action' => 'confirm']
);
}

The method will return the response instance with appropriate headers set. You should return the response
instance from your action to prevent view rendering and let the dispatcher handle actual redirection.
You can also use a relative or absolute URL as the $url argument:
return $this->redirect('/orders/thanks');
return $this->redirect('http://www.example.com');

You can also pass data to the action:


return $this->redirect(['action' => 'edit', $id]);

The second parameter of Controller::redirect() allows you to define an HTTP status code to
accompany the redirect. You may want to use 301 (moved permanently) or 303 (see other), depending on
the nature of the redirect.
If you need to redirect to the referer page you can use:
return $this->redirect($this->referer());

An example using query strings and hash would look like:

188

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

return $this->redirect([
'controller' => 'Orders',
'action' => 'confirm',
'?' => [
'product' => 'pizza',
'quantity' => 5
],
'#' => 'top'
]);

The generated URL would be:


http://www.example.com/orders/confirm?product=pizza&quantity=5#top

Redirecting to Another Action on the Same Controller


Cake\Controller\Controller::setAction($action, $args...)
If you need to forward the current action to a different action on the same controller, you can use
Controller::setAction() to update the request object, modify the view template that will be rendered and forward execution to the named action:
// From a delete action, you can render the updated
// list page.
$this->setAction('index');

Loading Additional Models


Cake\Controller\Controller::loadModel(string $modelClass, string $type)
The loadModel() function comes handy when you need to use a model table/collection that is not the
controllers default one:
// In a controller method.
$this->loadModel('Articles');
$recentArticles = $this->Articles->find('all', [
'limit' => 5,
'order' => 'Articles.created DESC'
]);

If you are using a table provider other than the built-in ORM you can link that table system into CakePHPs
controllers by connecting its factory method:
// In a controller method.
$this->modelFactory(
'ElasticIndex',
['ElasticIndexes', 'factory']
);

After registering a table factory, you can use loadModel to load instances:

Loading Additional Models

189

CakePHP Cookbook Documentation, Release 3.x

// In a controller method.
$this->loadModel('Locations', 'ElasticIndex');

Note: The built-in ORMs TableRegistry is connected by default as the Table provider.

Paginating a Model
Cake\Controller\Controller::paginate()
This method is used for paginating results fetched by your models. You can specify page sizes, model find
conditions and more. See the pagination section for more details on how to use paginate()
The paginate attribute gives you an easy way to customize how paginate() behaves:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [
'conditions' => ['published' => 1]
]
];
}

Configuring Components to Load


Cake\Controller\Controller::loadComponent($name, $config =[])
In your Controllers initialize() method you can define any components you want loaded, and any
configuration data for them:
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
$this->loadComponent('Comments', Configure::read('Comments'));
}

property Cake\Controller\Controller::$components
The $components property on your controllers allows you to configure components. Configured components and their dependencies will be created by CakePHP for you. Read the Configuring Components
section for more information. As mentioned earlier the $components property will be merged with the
property defined in each of you controllers parent classes.

Configuring Helpers to Load


property Cake\Controller\Controller::$helpers
190

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Lets look at how to tell a CakePHP Controller that you plan to use additional MVC classes:
class RecipesController extends AppController
{
public $helpers = ['Form'];
}

Each of these variables are merged with their inherited values, therefore it is not necessary (for example) to
redeclare the FormHelper, or anything that is declared in your AppController.
Deprecated since version 3.0: Loading Helpers from the controller is provided for backwards compatibility
reasons. You should see Configuring Helpers for how to load helpers.

Request Life-cycle Callbacks


CakePHP controllers come fitted with callbacks you can use to insert logic around the request life-cycle:
Cake\Controller\Controller::beforeFilter(Event $event)
This function is executed before every action in the controller. Its a handy place to check for an active
session or inspect user permissions.
Note: The beforeFilter() method will be called for missing actions.
Cake\Controller\Controller::beforeRender(Event $event)
Called after controller action logic, but before the view is rendered. This callback is not used often,
but may be needed if you are calling Controller\Controller::render() manually before
the end of a given action.
Cake\Controller\Controller::afterFilter(Event $event)
Called after every controller action, and after rendering is complete. This is the last controller method
to run.
In addition to controller life-cycle callbacks, Components also provide a similar set of callbacks.
Remember to call AppControllers callbacks within child controller callbacks for best results:
public function beforeFilter(Event $event)
{
parent::beforeFilter($event);
}

More on Controllers
The Pages Controller
CakePHP ships with a default controller PagesController.php. This is a simple and optional controller for
serving up static content. The home page you see after installation is generated using this controller and
the view file src/Template/Pages/home.ctp. If you make the view file src/Template/Pages/about_us.ctp

Request Life-cycle Callbacks

191

CakePHP Cookbook Documentation, Release 3.x

you can access it using the URL http://example.com/pages/about_us. You are free to modify the Pages
Controller to meet your needs.
When you bake an app using Composer the Pages Controller is created in your src/Controller/ folder.

Components
Components are packages of logic that are shared between controllers. CakePHP comes with a fantastic set
of core components you can use to aid in various common tasks. You can also create your own components.
If you find yourself wanting to copy and paste things between controllers, you should consider creating your
own component to contain the functionality. Creating components keeps controller code clean and allows
you to reuse code between projects.
For more information on the components included in CakePHP, check out the chapter for each component:
Authentication
class AuthComponent(ComponentCollection $collection, array $config =[])
Identifying, authenticating, and authorizing users is a common part of almost every web application. In
CakePHP AuthComponent provides a pluggable way to do these tasks. AuthComponent allows you to
combine authentication objects and authorization objects to create flexible ways of identifying and checking
user authorization.
Suggested Reading Before Continuing

Configuring authentication requires several steps including defining a users table, creating a model, controller & views, etc.
This is all covered step by step in the Blog Tutorial.
Authentication

Authentication is the process of identifying users by provided credentials and ensuring that users are who
they say they are. Generally this is done through a username and password, that are checked against a known
list of users. In CakePHP, there are several built-in ways of authenticating users stored in your application.
FormAuthenticate allows you to authenticate users based on form POST data. Usually this is a
login form that users enter information into.
BasicAuthenticate allows you to authenticate users using Basic HTTP authentication.
DigestAuthenticate allows you to authenticate users using Digest HTTP authentication.
By default AuthComponent uses FormAuthenticate.

192

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Choosing an Authentication Type Generally youll want to offer form based authentication. It is the
easiest for users using a web-browser to use. If you are building an API or webservice, you may want
to consider basic authentication or digest authentication. The key differences between digest and basic
authentication are mostly related to how passwords are handled. In basic authentication, the username
and password are transmitted as plain-text to the server. This makes basic authentication un-suitable for
applications without SSL, as you would end up exposing sensitive passwords. Digest authentication uses
a digest hash of the username, password, and a few other details. This makes digest authentication more
appropriate for applications without SSL encryption.
You can also use authentication systems like openid as well; however, openid is not part of CakePHP core.
Configuring Authentication Handlers You configure authentication handlers using the
authenticate config. You can configure one or many handlers for authentication. Using multiple handlers allows you to support different ways of logging users in. When logging users in, authentication
handlers are checked in the order they are declared. Once one handler is able to identify the user, no other
handlers will be checked. Conversely you can halt all authentication by throwing an exception. You will
need to catch any thrown exceptions and handle them as needed.
You can configure authentication handlers in your controllers beforeFilter() or initialize()
methods. You can pass configuration information into each authentication object using an array:
// Basic setup
$this->Auth->config('authenticate', ['Form']);
// Pass settings in
$this->Auth->config('authenticate', [
'Basic' => ['userModel' => 'Members'],
'Form' => ['userModel' => 'Members']
]);

In the second example youll notice that we had to declare the userModel key twice. To help you keep
your code DRY, you can use the all key. This special key allows you to set settings that are passed to every
attached object. The all key is also exposed as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authenticate', [
AuthComponent::ALL => ['userModel' => 'Members'],
'Basic',
'Form'
]);

In the above example, both Form and Basic will get the settings defined for the all key. Any settings
passed to a specific authentication object will override the matching key in the all key. The core authentication objects support the following configuration keys.
fields The fields to use to identify a user by. You can use keys username and password to
specify your username and password fields respectively.
userModel The model name of the users table; defaults to Users.
scope Additional conditions to use when looking up and authenticating users,
[Users.is_active => true].

More on Controllers

i.e.

193

CakePHP Cookbook Documentation, Release 3.x

contain Extra models to contain and return with identified users info.
passwordHasher Password hasher class; defaults to Default.
To configure different fields for user in your initialize() method:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email', 'password' => 'passwd']
]
]
]);
}

Do not put other Auth configuration keys, such as authError, loginAction, etc., within the
authenticate or Form element. They should be at the same level as the authenticate key. The setup
above with other Auth configuration should look like:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'plugin' => 'Users'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email']
]
]
]);
}

In addition to the common configuration, Basic authentication supports the following keys:
realm The realm being authenticated. Defaults to env(SERVER_NAME).
In addition to the common configuration Digest authentication supports the following keys:
realm The realm authentication is for. Defaults to the servername.
nonce A nonce used for authentication. Defaults to uniqid().
qop Defaults to auth; no other values are supported at this time.
opaque A string that must
md5($config[realm])

194

be

returned

unchanged

by

clients.

Defaults

to

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Identifying Users and Logging Them In


AuthComponent::identify()
You need to manually call $this->Auth->identify() to identify the user using credentials provided
in request. Then use $this->Auth->setUser() to log the user in, i.e., save user info to session.
When authenticating users, attached authentication objects are checked in the order they are attached. Once
one of the objects can identify the user, no other objects are checked. A sample login function for working
with a login form could look like:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
} else {
$this->Flash->error(
__('Username or password is incorrect'),
'default',
[],
'auth'
);
}
}
}

The above code will attempt to first identify a user by using the POST data. If successful we set the user info
to the session so that it persists across requests and then redirect to either the last page they were visiting or
a URL specified in the loginRedirect config. If the login is unsuccessful, a flash message is set.
Warning: $this->Auth->setUser($data) will log the user in with whatever data is passed to
the method. It wont actually check the credentials against an authentication class.

Redirecting Users After Login


AuthComponent::redirectUrl()
After logging a user in, youll generally want to redirect them back to where they came from. Pass a URL
in to set the destination a user should be redirected to upon logging in.
If no parameter is passed, it gets the authentication redirect URL. The URL returned is as per following
rules:
Returns the normalized URL from session Auth.redirect value if it is present and for the same domain
the current app is running on.
If there is no session value and there is a config loginRedirect, the loginRedirect value is
returned.
If there is no session and no loginRedirect, / is returned.

More on Controllers

195

CakePHP Cookbook Documentation, Release 3.x

Using Digest and Basic Authentication for Logging In Basic and digest are stateless authentication schemes and dont require an initial POST or a form. If using only basic / digest authenticators
you dont require a login action in your controller. Also you can set $this->Auth->sessionKey
to false to ensure AuthComponent doesnt try to read user info from session. You may also want
to set config unauthorizedRedirect to false which will cause AuthComponent to throw a
ForbiddenException instead of default behavior of redirecting to referrer. Stateless authentication
will re-verify the users credentials on each request; this creates a small amount of additional overhead, but
allows clients to login in without using cookies and makes is suitable for APIs.
Creating Custom Authentication Objects Because authentication objects are pluggable, you can create
custom authentication objects in your application or plugins. If for example you wanted to create an OpenID
authentication object. In src/Auth/OpenidAuthenticate.php you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthenticate;
class OpenidAuthenticate extends BaseAuthenticate
{
public function authenticate(Request $request, Response $response)
{
// Do things for OpenID here.
// Return an array of user if they could authenticate the user,
// return false if not.
}
}

Authentication objects should return false if they cannot identify the user and an array of user information
if they can. Its not required that you extend BaseAuthenticate, only that your authentication object
implements Cake\Event\EventListenerInterface. The BaseAuthenticate class provides
a number of helpful methods that are commonly used. You can also implement a getUser() method if
your authentication object needs to support stateless or cookie-less authentication. See the sections on basic
and digest authentication below for more information.
AuthComponent triggers two events, Auth.afterIdentify and Auth.logout, after a user has
been identified and before a user is logged out respectively. You can set callback functions for these events
by returning a mapping array from implementedEvents() method of your authenticate class:
public function implementedEvents()
{
return [
'Auth.afterIdentify' => 'afterIdentify',
'Auth.logout' => 'logout'
];
}

Using Custom Authentication Objects Once youve created your custom authentication object, you can
use them by including them in AuthComponents authenticate array:

196

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

$this->Auth->config('authenticate', [
'Openid', // app authentication object.
'AuthBag.Openid', // plugin authentication object.
]);

Note: Note that when using simple notation theres no Authenticate word when initiating the authentication object. Instead, if using namespaces, youll need to set the full namespace of the class, including the
Authenticate word.

Creating Stateless Authentication Systems Authentication objects can implement a getUser()


method that can be used to support user login systems that dont rely on cookies. A typical getUser method looks at the request/environment and uses the information there to confirm the identity of the user. HTTP Basic authentication for example uses $_SERVER[PHP_AUTH_USER] and
$_SERVER[PHP_AUTH_PW] for the username and password fields. On each request, these values are used to re-identify the user and ensure they are valid user. As with authentication objects
authenticate() method, the getUser() method should return an array of user information on success or false on failure.
public function getUser($request)
{
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (empty($username) || empty($pass)) {
return false;
}
return $this->_findUser($username, $pass);
}

The above is how you could implement getUser method for HTTP basic authentication.
The
_findUser() method is part of BaseAuthenticate and identifies a user based on a username and
password.
Handling Unauthenticated Requests When an unauthenticated user tries to access a protected page first
the unauthenticated() method of the last authenticator in the chain is called. The authenticate object
can handle sending response or redirection by returning a response object to indicate no further action is
necessary. Due to this, the order in which you specify the authentication provider in authenticate
config matters.
If authenticator returns null, AuthComponent redirects user to login action. If its an AJAX request and
config ajaxLogin is specified that element is rendered else a 403 HTTP status code is returned.
Displaying Auth Related Flash Messages In order to display the session error messages that Auth
generates, you need to add the following code to your layout. Add the following two lines to the
src/Template/Layout/default.ctp file in the body section:

More on Controllers

197

CakePHP Cookbook Documentation, Release 3.x

echo $this->Flash->render();
echo $this->Flash->render('auth');

You can customize the error messages and flash settings AuthComponent uses. Using flash config you
can configure the parameters AuthComponent uses for setting flash messages. The available keys are
key - The key to use, defaults to auth.
params - The array of additional params to use, defaults to [].
In addition to the flash message settings you can customize other error messages AuthComponent uses. In
your controllers beforeFilter, or component settings you can use authError to customize the error used
for when authorization fails:
$this->Auth->config('authError', "Woopsie, you are not authorized to access this area.");

Sometimes, you want to display the authorization error only after the user has already logged-in. You can
suppress this message by setting its value to boolean false.
In your controllers beforeFilter() or component settings:
if (!$this->Auth->user()) {
$this->Auth->config('authError', false);
}

Hashing Passwords You are responsible for hashing the passwords before they are persisted to the
database, the easiest way is to use a setter function in your User entity:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}

AuthComponent is configured by default to use the DefaultPasswordHasher when validating user


credentials so no additional configuration is required in order to authenticate users.
DefaultPasswordHasher uses the bcrypt hashing algorithm internally, which is one of the stronger
password hashing solution used in the industry. While it is recommended that you use this password hasher
class, the case may be that you are managing a database of users whose password was hashed differently.

198

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Creating Custom Password Hasher Classes In order to use a different password hasher, you need to create the class in src/Auth/LegacyPasswordHasher.php and implement the hash() and check() methods. This class needs to extend the AbstractPasswordHasher class:
namespace App\Auth;
use Cake\Auth\AbstractPasswordHasher;
class LegacyPasswordHasher extends AbstractPasswordHasher
{
public function hash($password)
{
return sha1($password);
}
public function check($password, $hashedPassword)
{
return sha1($password) === $hashedPassword;
}
}

Then you are required to configure the AuthComponent to use your own password hasher:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Legacy',
]
]
]
]);
}

Supporting legacy systems is a good idea, but it is even better to keep your database with the latest security
advancements. The following section will explain how to migrate from one hashing algorithm to CakePHPs
default
Changing Hashing Algorithms CakePHP provides a clean way to migrate your users passwords from
one algorithm to another, this is achieved through the FallbackPasswordHasher class. Assuming
you are migrating your app from CakePHP 2.x which uses sha1 password hashes, you can configure the
AuthComponent as follows:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [

More on Controllers

199

CakePHP Cookbook Documentation, Release 3.x

'Form' => [
'passwordHasher' => [
'className' => 'Fallback',
'hashers' => [
'Default',
'Weak' => ['hashType' => 'sha1']
]
]
]
]
]);
}

The first name appearing in the hashers key indicates which of the classes is the preferred one, but it will
fallback to the others in the list if the check was unsuccessful.
When using the WeakPasswordHasher you will need to set the Security.salt configure value to
ensure passwords are salted.
In order to update old users passwords on the fly, you can change the login function accordingly:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->authenticationProvider()->needsPasswordRehash()) {
$user = $this->Users->get($this->Auth->user('id'));
$user->password = $this->request->data('password');
$this->Users->save($user);
}
return $this->redirect($this->Auth->redirectUrl());
}
...
}
}

As you can see we are just setting the plain password again so the setter function in the entity will hash the
password as shown in the previous example and then save the entity.
Hashing Passwords For Digest Authentication Because Digest authentication requires a password
hashed in the format defined by the RFC, in order to correctly hash a password for use with Digest authentication you should use the special password hashing function on DigestAuthenticate. If you are
going to be combining digest authentication with any other authentication strategies, its also recommended
that you store the digest password in a separate column, from the normal password hash:
namespace App\Model\Table;
use Cake\Auth\DigestAuthenticate;
use Cake\Event\Event;
use Cake\ORM\Table;

200

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

class UsersTable extends Table


{
public function beforeSave(Event $event)
{
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->digest_hash = DigestAuthenticate::password(
$entity->username,
$entity->plain_password,
env('SERVER_NAME')
);
return true;
}
}

Passwords for digest authentication need a bit more information than other password hashes, based on the
RFC for digest authentication.
Note:
The third parameter of DigestAuthenticate::password() must match the realm config value
defined when DigestAuthentication was configured in AuthComponent::$authenticate. This defaults to
env(SCRIPT_NAME). You may wish to use a static string if you want consistent hashes in multiple
environments.

Manually Logging Users In


AuthComponent::setUser(array $user)
Sometimes the need arises where you need to manually log a user in, such as just after they registered for
your application. You can do this by calling $this->Auth->setUser() with the user data you want
to login:
public function register()
{
$user = $this->Users->newEntity($this->request->data);
if ($this->Users->save($user)) {
$this->Auth->setUser($user->toArray());
return $this->redirect([
'controller' => 'Users',
'action' => 'home'
]);
}
}

Warning: Be sure to manually add the new User id to the array passed to the setUser() method.
Otherwise you wont have the user id available.

Accessing the Logged In User


AuthComponent::user($key = null)
More on Controllers

201

CakePHP Cookbook Documentation, Release 3.x

Once a user is logged in, you will often need some particular information about the current user. You can
access the currently logged in user using AuthComponent::user():
// From inside a controller or other component.
$this->Auth->user('id');

If the current user is not logged in or the key doesnt exist, null will be returned.
Logging Users Out
AuthComponent::logout()
Eventually youll want a quick way to de-authenticate someone and redirect them to where they need to
go. This method is also useful if you want to provide a Log me out link inside a members area of your
application:
public function logout()
{
return $this->redirect($this->Auth->logout());
}

Logging out users that logged in with Digest or Basic auth is difficult to accomplish for all clients. Most
browsers will retain credentials for the duration they are still open. Some clients can be forced to logout
by sending a 401 status code. Changing the authentication realm is another solution that works for some
clients.
Authorization

Authorization is the process of ensuring that an identified/authenticated user is allowed to access the resources they are requesting. If enabled AuthComponent can automatically check authorization handlers
and ensure that logged in users are allowed to access the resources they are requesting. There are several
built-in authorization handlers and you can create custom ones for your application or as part of a plugin.
ControllerAuthorize Calls isAuthorized() on the active controller, and uses the return
of that to authorize a user. This is often the most simple way to authorize users.
Note: The ActionsAuthorize & CrudAuthorize adapter available in CakePHP 2.x have now been
moved to a separate plugin cakephp/acl1 .

Configuring Authorization Handlers You configure authorization handlers using the authorize config key. You can configure one or many handlers for authorization. Using multiple handlers allows you
to support different ways of checking authorization. When authorization handlers are checked, they will
be called in the order they are declared. Handlers should return false, if they are unable to check authorization, or the check has failed. Handlers should return true if they were able to check authorization
successfully. Handlers will be called in sequence until one passes. If all checks fail, the user will be redirected to the page they came from. Additionally you can halt all authorization by throwing an exception.
You will need to catch any thrown exceptions and handle them.
1

https://github.com/cakephp/acl

202

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

You can configure authorization handlers in your controllers beforeFilter() or initialize()


methods. You can pass configuration information into each authorization object, using an array:
// Basic setup
$this->Auth->config('authorize', ['Controller']);
// Pass settings in
$this->Auth->config('authorize', [
'Actions' => ['actionPath' => 'controllers/'],
'Controller'
]);

Much like authenticate, authorize, helps you keep your code DRY, by using the all key. This
special key allows you to set settings that are passed to every attached object. The all key is also exposed
as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authorize', [
AuthComponent::ALL => ['actionPath' => 'controllers/'],
'Actions',
'Controller'
]);

In the above example, both the Actions and Controller will get the settings defined for the all key.
Any settings passed to a specific authorization object will override the matching key in the all key.
If an authenticated user tries to go to a URL hes not authorized to access, hes redirected back to the
referrer. If you do not want such redirection (mostly needed when using stateless authentication adapter)
you can set config option unauthorizedRedirect to false. This causes AuthComponent to throw a
ForbiddenException instead of redirecting.
Creating Custom Authorize Objects Because authorize objects are pluggable, you can create custom
authorize objects in your application or plugins. If for example you wanted to create an LDAP authorize
object. In src/Auth/LdapAuthorize.php you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthorize;
use Cake\Network\Request;
class LdapAuthorize extends BaseAuthorize
{
public function authorize($user, Request $request)
{
// Do things for ldap here.
}
}

Authorize objects should return false if the user is denied access, or if the object is unable to perform a
check. If the object is able to verify the users access, true should be returned. Its not required that you
extend BaseAuthorize, only that your authorize object implements an authorize() method. The
BaseAuthorize class provides a number of helpful methods that are commonly used.

More on Controllers

203

CakePHP Cookbook Documentation, Release 3.x

Using Custom Authorize Objects Once youve created your custom authorize object, you can use them
by including them in your AuthComponents authorize array:
$this->Auth->config('authorize', [
'Ldap', // app authorize object.
'AuthBag.Combo', // plugin authorize object.
]);

Using No Authorization If youd like to not use any of the built-in authorization objects and want to handle things entirely outside of AuthComponent, you can set $this->Auth->config(authorize,
false);. By default AuthComponent starts off with authorize set to false. If you dont use an
authorization scheme, make sure to check authorization yourself in your controllers beforeFilter or with
another component.
Making Actions Public
AuthComponent::allow($actions = null)
There are often times controller actions that you wish to remain entirely public or that dont require users to
be logged in. AuthComponent is pessimistic and defaults to denying access. You can mark actions as public
actions by using AuthComponent::allow(). By marking actions as public, AuthComponent will not
check for a logged in user nor will authorize objects be checked:
// Allow all actions
$this->Auth->allow();
// Allow only the index action.
$this->Auth->allow('index');
// Allow only the view and index actions.
$this->Auth->allow(['view', 'index']);

By calling it empty you allow all actions to be public. For a single action you can provide the action name
as string. Otherwise use an array.
Note: You should not add the login action of your UsersController to allow list. Doing so would
cause problems with normal functioning of AuthComponent.

Making Actions Require Authorization


AuthComponent::deny($actions = null)
By default all actions require authorization. However, after making actions public you want to revoke the
public access. You can do so using AuthComponent::deny():
// Deny all actions.
$this->Auth->deny();
// Deny one action
$this->Auth->deny('add');

204

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

// Deny a group of actions.


$this->Auth->deny(['add', 'edit']);

By calling it empty you deny all actions. For a single action you can provide the action name as string.
Otherwise use an array.
Using ControllerAuthorize ControllerAuthorize allows you to handle authorization checks in a controller
callback. This is ideal when you have very simple authorization or you need to use a combination of models
and components to do your authorization and dont want to create a custom authorize object.
The callback is always called isAuthorized() and it should return a boolean as to whether or not the
user is allowed to access resources in the request. The callback is passed the active user so it can be checked:
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => 'Controller',
]);
}
public function isAuthorized($user = null)
{
// Any registered user can access public functions
if (empty($this->request->params['prefix'])) {
return true;
}
// Only admins can access admin functions
if ($this->request->params['prefix'] === 'admin') {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
}

The above callback would provide a very simple authorization system where only users with role = admin
could access actions that were in the admin prefix.
Configuration options

The following settings can all be defined either in your controllers initialize() method or using
$this->Auth->config() in your beforeFilter():
ajaxLogin The name of an optional view element to render when an AJAX request is made with an invalid
or expired session.

More on Controllers

205

CakePHP Cookbook Documentation, Release 3.x

allowedActions Controller actions for which user validation is not required.


authenticate Set to an array of Authentication objects you want to use when logging users in. There are
several core authentication objects; see the section on Suggested Reading Before Continuing.
authError Error to display when user attempts to access an object or action to which they do not have
access.
You can suppress authError message from being displayed by setting this value to boolean false.
authorize Set to an array of Authorization objects you want to use when authorizing users on each request;
see the section on Authorization.
flash Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available
keys are:
element - The element to use; defaults to default.
key - The key to use; defaults to auth.
params - The array of additional params to use; defaults to [].
loginAction A URL (defined as a string or array) to the controller action that handles logins. Defaults to
/users/login.
loginRedirect The URL (defined as a string or array) to the controller action users should be redirected
to after logging in. This value will be ignored if the user has an Auth.redirect value in their
session.
logoutRedirect The default action to redirect to after the user is logged out.
While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from
AuthComponent::logout(). Defaults to loginAction.
unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or /. If set to false, a ForbiddenException exception
is thrown instead of redirecting.
Testing Actions Protected By AuthComponent

See the Testing Actions That Require Authentication section for tips on how to test controller actions that
are protected by AuthComponent.
Cookie
class Cake\Controller\Component\CookieComponent(ComponentRegistry $collection,
array $config =[])
The CookieComponent is a wrapper around the native PHP setcookie() method. It makes it easier to
manipulate cookies, and automatically encrypt cookie data.

206

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Configuring Cookies

Cookies can be configured either globally or per top-level name. The global configuration data will be
merged with the top-level configuration. So only need to override the parts that are different. To configure
the global settings use the config() method:
$this->Cookie->config('path', '/');
$this->Cookie->config([
'expires' => '+10 days',
'httpOnly' => true
]);

To configure a specific key use the configKey() method:


$this->Cookie->configKey('User', 'path', '/');
$this->Cookie->configKey('User', [
'expires' => '+10 days',
'httpOnly' => true
]);

There are a number of configurable values for cookies:


expires How long the cookies should last for. Defaults to 1 month.
path The path on the server in which the cookie will be available on. If path is set to /foo/, the cookie will
only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The
default value is apps base path.
domain The domain that the cookie is available. To make the cookie available on all subdomains of example.com set domain to .example.com.
secure Indicates that the cookie should only be transmitted over a secure HTTPS connection. When set to
true, the cookie will only be set if a secure connection exists.
key Encryption key used when encrypted cookies are enabled. Defaults to Security.salt.
httpOnly Set to true to make HTTP only cookies. Cookies that are HTTP only are not accessible in
JavaScript. Defaults to false.
encryption Type of encryption to use. Defaults to aes. Can also be rijndael for backwards compatibility.
Using the Component

The CookieComponent offers a number of methods for working with Cookies.


Cake\Controller\Component\CookieComponent::write(mixed $key, mixed $value =
null)
The write() method is the heart of the cookie component. $key is the cookie variable name you want,
and the $value is the information to be stored:
$this->Cookie->write('name', 'Larry');

You can also group your variables by using dot notation in the key parameter:

More on Controllers

207

CakePHP Cookbook Documentation, Release 3.x

$this->Cookie->write('User.name', 'Larry');
$this->Cookie->write('User.role', 'Lead');

If you want to write more than one value to the cookie at a time, you can pass an array:
$this->Cookie->write('User',
['name' => 'Larry', 'role' => 'Lead']
);

All values in the cookie are encrypted with AES by default. If you want to store the values as plain
text, be sure to configure the key space:
$this->Cookie->configKey('User', 'encryption', false);

Cake\Controller\Component\CookieComponent::read(mixed $key = null)


This method is used to read the value of a cookie variable with the name specified by $key.
// Outputs "Larry"
echo $this->Cookie->read('name');
// You can also use the dot notation for read
echo $this->Cookie->read('User.name');
// To get the variables which you had grouped
// using the dot notation as an array use the following
$this->Cookie->read('User');
// This outputs something like ['name' => 'Larry', 'role' => 'Lead']

Cake\Controller\Component\CookieComponent::check($key)
Parameters
$key (string) The key to check.
Used to check whether a key/path exists and has a non-null value.
Cake\Controller\Component\CookieComponent::delete(mixed $key)
Deletes a cookie variable of the name in $key. Works with dot notation:
// Delete a variable
$this->Cookie->delete('bar');
// Delete the cookie variable bar, but not everything under foo
$this->Cookie->delete('foo.bar');

Cross Site Request Forgery


By enabling the CSRF Component you get protection against attacks. CSRF2 or Cross Site Request Forgery
is a common vulnerability in web applications. It allows an attacker to capture and replay a previous request,
and sometimes submit data requests using image tags or resources on other domains.
2

http://en.wikipedia.org/wiki/Cross-site_request_forgery

208

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

The CsrfComponent works by setting a cookie to the users browser. When forms are created with the
Cake\View\Helper\FormHelper, a hidden field is added containing the CSRF token. During the
Controller.startup event, if the request is a POST, PUT, DELETE, PATCH request the component
will compare the request data & cookie value. If either is missing or the two values mismatch the component
will throw a Cake\Network\Exception\ForbiddenException.
Using the CsrfComponent

Simply by adding the CsrfComponent to your components array, you can benefit from the CSRF protection it provides:
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
}

Settings can be passed into the component through your components settings. The available configuration
options are:
cookieName The name of the cookie to send. Defaults to csrfToken.
expiry How long the CSRF token should last. Defaults to browser session.
secure Whether or not the cookie will be set with the Secure flag. That is, the cookie will only be
set on a HTTPS connection and any attempt over normal HTTP will fail. Defaults to false.
field The form field to check. Defaults to _csrfToken. Changing this will also require configuring FormHelper.
When enabled, you can access the current CSRF token on the request object:
$token = $this->request->param('_csrfToken');

Integration with FormHelper

The CsrfComponent integrates seamlessly with FormHelper. Each time you create a form with
FormHelper, it will insert a hidden field containing the CSRF token.
Note: When using the CsrfComponent you should always start your forms with the FormHelper. If you do
not, you will need to manually create hidden inputs in each of your forms.

CSRF Protection and AJAX Requests

In addition to request data parameters, CSRF tokens can be submitted through a special X-CSRF-Token
header. Using a header often makes it easier to integrate a CSRF token with JavaScript heavy applications,
or XML/JSON based API endpoints.

More on Controllers

209

CakePHP Cookbook Documentation, Release 3.x

Disabling the CSRF Component for Specific Actions

While not recommended, you may want to disable the CsrfComponent on certain requests. You can do this
using the controllers event dispatcher, during the beforeFilter() method:
public function beforeFilter(Event $event)
{
$this->eventManager()->off($this->Csrf);
}

Flash
class Cake\Controller\Component\FlashComponent(ComponentCollection
$collection, array $config =[])
FlashComponent provides a way to set one-time notification messages to be displayed after processing a
form or acknowledging data. CakePHP refers to these messages as flash messages. FlashComponent
writes flash messages to $_SESSION, to be rendered in a View using FlashHelper.
Setting Flash Messages

FlashComponent provides two ways to set flash messages: its __call() magic method and its set()
method. To furnish your application with verbosity, FlashComponents __call() magic method allows
you use a method name that maps to an element located under the src/Template/Element/Flash directory.
By convention, camelcased methods will map to the lowercased and underscored element name:
// Uses src/Template/Element/Flash/success.ctp
$this->Flash->success('This was successful');
// Uses src/Template/Element/Flash/great_success.ctp
$this->Flash->greatSuccess('This was greatly successful');

Alternatively, to set a plain-text message without rendering an element, you can use the set() method:
$this->Flash->set('This is a message');

FlashComponents __call() and set() methods optionally take a second parameter, an array of options:
key Defaults to flash. The array key found under the Flash key in the session.
element Defaults to null, but will automatically be set when using the __call() magic method.
The element name to use for rendering.
params An optional array of keys/values to make available as variables within an element.
An example of using these options:
// In your Controller
$this->Flash->success('The user has been saved', [
'key' => 'positive',
'params' => [
'name' => $user->name,

210

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

'email' => $user->email


]
]);
// In your View
<?= $this->Flash->render('positive') ?>
<!-- In src/Template/Element/Flash/success.ctp -->
<div id="flash-<?= h($key) ?>" class="message-info success">
<?= h($message) ?>: <?= h($params['name']) ?>, <?= h($params['email']) ?>.
</div>

Note that the parameter element will be always overridden while using __call(). In order to retrieve a
specific element from a plugin, you should set the plugin parameter. For example:
// In your Controller
$this->Flash->warning('My message', ['plugin' => 'PluginName']);

The code above will use the warning.ctp element under plugins/PluginName/src/Template/Element/Flash
for rendering the flash message.
Note: By default, CakePHP does not escape the HTML in flash messages. If you are using any request or
user data in your flash messages, you should escape it with h when formatting your messages.
For more information about rendering your flash messages, please refer to the FlashHelper section.
Security
class SecurityComponent(ComponentCollection $collection, array $config =[])
The Security Component creates an easy way to integrate tighter security in your application. It provides
methods for various tasks like:
Restricting which HTTP methods your application accepts.
Form tampering protection
Requiring that SSL be used.
Limiting cross controller communication.
Like all components it is configured through several configurable parameters. All of these properties can be
set directly or through setter methods of the same name in your controllers beforeFilter.
By using the Security Component you automatically get form tampering protection. Hidden token fields
will automatically be inserted into forms and checked by the Security component.
If you are using Security components form protection features and other components that process form
data in their startup() callbacks, be sure to place Security Component before those components in your
initialize() method.
Note: When using the Security Component you must use the FormHelper to create your forms. In
addition, you must not override any of the fields name attributes. The Security Component looks
More on Controllers

211

CakePHP Cookbook Documentation, Release 3.x

for certain indicators that are created and managed by the FormHelper (especially those created in
View\Helper\FormHelper::create() and View\Helper\FormHelper::end()). Dynamically altering the fields that are submitted in a POST request (e.g. disabling, deleting or creating new fields
via JavaScript) is likely to cause the request to be send to the blackhole callback. See the $validatePost
or $disabledFields configuration parameters.

Handling Blackhole Callbacks

SecurityComponent::blackHole(object $controller, string $error)


If an action is restricted by the Security Component it is black-holed as an invalid request which will
result in a 400 error by default. You can configure this behavior by setting the blackHoleCallback
configuration option to a callback function in the controller.
By configuring a callback method you can customize how the blackhole process works:
public function beforeFilter(Event $event)
{
$this->Security->config('blackHoleCallback', 'blackhole');
}
public function blackhole($type)
{
// Handle errors.
}

The $type parameter can have the following values:


auth Indicates a form validation error, or a controller/action mismatch error.
secure Indicates an SSL method restriction failure.
Restrict Actions to SSL

SecurityComponent::requireSecure()
Sets the actions that require a SSL-secured request. Takes any number of arguments. Can be called
with no arguments to force all actions to require a SSL-secured.
SecurityComponent::requireAuth()
Sets the actions that require a valid Security Component generated token. Takes any number of
arguments. Can be called with no arguments to force all actions to require a valid authentication.
Restricting Cross Controller Communication

property SecurityComponent::$allowedControllers
A list of controllers which can send requests to this controller. This can be used to control cross
controller requests.

212

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

property SecurityComponent::$allowedActions
A list of actions which are allowed to send requests to this controllers actions. This can be used to
control cross controller requests.
These configuration options allow you to restrict cross controller communication. Set them with the
config() method.
Form Tampering Prevention

By default the SecurityComponent prevents users from tampering with forms in specific ways. The
SecurityComponent will prevent the following things:
Unknown fields cannot be added to the form.
Fields cannot be removed from the form.
Values in hidden inputs cannot be modified.
Preventing these types of tampering is accomplished by working with the FormHelper and tracking which
fields are in a form. The values for hidden fields are tracked as well. All of this data is combined and turned
into a hash. When a form is submitted, the SecurityComponent will use the POST data to build the
same structure and compare the hash.
Note: The SecurityComponent will not prevent select options from being added/changed. Nor will it
prevent radio options from being added/changed.
property SecurityComponent::$unlockedFields
Set to a list of form fields to exclude from POST validation. Fields can be unlocked either in the
Component, or with FormHelper::unlockField(). Fields that have been unlocked are not
required to be part of the POST and hidden unlocked fields do not have their values checked.
property SecurityComponent::$validatePost
Set to false to completely skip the validation of POST requests, essentially turning off form validation.
Usage

Using the security component is generally done in the controllers beforeFilter(). You would specify
the security restrictions you want and the Security Component will enforce them on its startup:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{

More on Controllers

213

CakePHP Cookbook Documentation, Release 3.x

parent::initialize();
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
if (isset($this->request->params['admin'])) {
$this->Security->requireSecure();
}
}
}

The above example would force all actions that had admin routing to require secure SSL requests:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']);
}
public function beforeFilter(Event $event)
{
if (isset($this->params['admin'])) {
$this->Security->requireSecure();
}
}
public function forceSSL()
{
return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}
}

This example would force all actions that had admin routing to require secure SSL requests. When the
request is black holed, it will call the nominated forceSSL() callback which will redirect non-secure
requests to secure requests automatically.
CSRF Protection

CSRF or Cross Site Request Forgery is a common vulnerability in web applications. It allows an attacker to
capture and replay a previous request, and sometimes submit data requests using image tags or resources on
other domains. To enable CSRF protection features use the Cross Site Request Forgery.

214

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Disabling Security Component for Specific Actions

There may be cases where you want to disable all security checks for an action (ex. AJAX requests). You may unlock these actions by listing them in $this->Security->unlockedActions
in your beforeFilter(). The unlockedActions property will not affect other features of
SecurityComponent:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
$this->Security->config('unlockedActions', ['edit']);
}
}

This example would disable all security checks for the edit action.
Pagination
class Cake\Controller\Component\PaginatorComponent
One of the main obstacles of creating flexible and user-friendly web applications is designing an intuitive
user interface. Many applications tend to grow in size and complexity quickly, and designers and programmers alike find they are unable to cope with displaying hundreds or thousands of records. Refactoring takes
time, and performance and user satisfaction can suffer.
Displaying a reasonable number of records per page has always been a critical part of every application and
used to cause many headaches for developers. CakePHP eases the burden on the developer by providing a
quick, easy way to paginate data.
Pagination in CakePHP is offered by a Component in the controller, to make building paginated queries
easier. In the View View\Helper\PaginatorHelper is used to make the generation of pagination
links & buttons simple.
Using Controller::paginate()

In the controller, we start by defining the default query conditions pagination will use in the $paginate
controller variable. These conditions, serve as the basis for your pagination queries. They are augmented by
More on Controllers

215

CakePHP Cookbook Documentation, Release 3.x

the sort, direction limit, and page parameters passed in from the URL. It is important to note that the order
key must be defined in an array structure like below:
class ArticlesController extends AppController
{
public $paginate = [
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}

You can also include any of the options supported by ORM\Table::find(), such as fields:
class ArticlesController extends AppController
{
public $paginate = [
'fields' => ['Articles.id', 'Articles.created'],
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}

While you can pass most of the query options from the paginate property it is often cleaner and simpler to
bundle up your pagination options into a Custom Finder Methods. You can define the finder pagination uses
by setting the finder option:
class ArticlesController extends AppController
{
public $paginate = [
'finder' => 'published',
];
}

Because custom finder methods can also take in options, this is how you pass in options into a custom finder
method within the paginate property:
216

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

class ArticlesController extends AppController


{
// find articles by tag
public function tags()
{
$tags = $this->request->params['pass'];
$customFinderOptions = [
'tags' => $tags
];
// the custom finder method is called findTagged inside ArticlesTable.php
// it should look like this:
// public function findTagged(Query $query, array $options) {
// hence you use tagged as the key
$this->paginate = [
'finder' => [
'tagged' => $customFinderOptions
]
];
$articles = $this->paginate($this->Articles);
$this->set(compact('articles', 'tags'));
}
}

In addition to defining general pagination values, you can define more than one set of pagination defaults in
the controller, you just name the keys of the array after the model you wish to configure:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [],
'Authors' => [],
];
}

The values of the Articles and Authors keys could contain all the properties that a model/key less
$paginate array could.
Once
the
$paginate
property
has
been
defined,
we
can
use
the
Controller\Controller::paginate() method to create the pagination data, and add the
PaginatorHelper if it hasnt already been added. The controllers paginate method will return
the result set of the paginated query, and set pagination metadata to the request. You can access the
pagination metadata at $this->request->params[paging]. A more complete example of using
paginate() would be:
class ArticlesController extends AppController
{
public function index()

More on Controllers

217

CakePHP Cookbook Documentation, Release 3.x

{
$this->set('articles', $this->paginate());
}
}

By default the paginate() method will use the default model for a controller. You can also pass the
resulting query of a find method:
public function index()
{
$query = $this->Articles->find('popular')->where(['author_id' => 1]);
$this->set('articles', $this->paginate($query));
}

If you want to paginate a different model you can provide a query for it, the table object itself, or its name:
// Using a query
$comments = $this->paginate($commentsTable->find());
// Using the model name.
$comments = $this->paginate('Comments');
// Using a table object.
$comments = $this->paginate($commentTable);

Using the Paginator Directly

If you need to paginate data from another component you may want to use the PaginatorComponent directly.
It features a similar API to the controller method:
$articles = $this->Paginator->paginate($articleTable->find(), $config);
// Or
$articles = $this->Paginator->paginate($articleTable, $config);

The first parameter should be the query object from a find on table object you wish to paginate results from.
Optionally, you can pass the table object and let the query be constructed for you. The second parameter
should be the array of settings to use for pagination. This array should have the same structure as the
$paginate property on a controller.
Control which Fields Used for Ordering

By default sorting can be done on any non-virtual column a table has. This is sometimes undesirable as it
allows users to sort on un-indexed columns that can be expensive to order by. You can set the whitelist of
fields that can be sorted using the sortWhitelist option. This option is required when you want to sort
on any associated data, or computed fields that may be part of your pagination query:
public $paginate = [
'sortWhitelist' => [
'id', 'title', 'Users.username', 'created'

218

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

]
];

Any requests that attempt to sort on fields not in the whitelist will be ignored.
Limit the Maximum Number of Rows that can be Fetched

The number of results that are fetched is exposed to the user as the limit parameter. It is generally
undesirable to allow users to fetch all rows in a paginated set. By default CakePHP limits the maximum
number of rows that can be fetched to 100. If this default is not appropriate for your application, you can
adjust it as part of the pagination options:
public $paginate = [
// Other keys here.
'maxLimit' => 10
];

If the requests limit param is greater than this value, it will be reduced to the maxLimit value.
Joining Additional Associations

Additional associations can be loaded to the paginated table by using the contain parameter:
public function index()
{
$this->paginate = [
'contain' => ['Authors', 'Comments']
];
$this->set('articles', $this->paginate($this->Articles));
}

Out of Range Page Requests

The PaginatorComponent will throw a NotFoundException when trying to access a non-existent page,
i.e. page number requested is greater than total page count.
So you could either let the normal error page be rendered or use a try catch block and take appropriate action
when a NotFoundException is caught:
use Cake\Network\Exception\NotFoundException;
public function index()
{
try {
$this->paginate();
} catch (NotFoundException $e) {
// Do something here like redirecting to first or last page.
// $this->request->params['paging'] will give you required info.

More on Controllers

219

CakePHP Cookbook Documentation, Release 3.x

}
}

Pagination in the View

Check the View\Helper\PaginatorHelper documentation for how to create links for pagination
navigation.
Request Handling
class RequestHandlerComponent(ComponentCollection $collection, array $config =[])
The Request Handler component is used in CakePHP to obtain additional information about the HTTP
requests that are made to your applications. You can use it to inform your controllers about AJAX as well as
gain additional insight into content types that the client accepts and automatically changes to the appropriate
layout when file extensions are enabled.
By default RequestHandler will automatically detect AJAX requests based on the HTTP-XRequested-With header that many JavaScript libraries use.
When used in conjunction with
Cake\Routing\Router::extensions(), RequestHandler will automatically switch the layout
and template files to those that match the requested type. Furthermore, if a helper with the same
name as the requested extension exists, it will be added to the Controllers Helper array. Lastly, if
XML/JSON data is POSTed to your Controllers, it will be parsed into an array which is assigned to
$this->request->data, and can then be saved as model data. In order to make use of RequestHandler
it must be included in your initialize() method:
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
// Rest of controller
}

Obtaining Request Information

Request Handler has several methods that provide information about the client and its request.
RequestHandlerComponent::accepts($type = null)
$type can be a string, or an array, or null. If a string, accepts will return true if the client accepts the
content type. If an array is specified, accepts return true if any one of the content types is accepted
by the client. If null returns an array of the content-types that the client accepts. For example:

220

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

class ArticlesController extends AppController


{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function beforeFilter()
{
if ($this->RequestHandler->accepts('html')) {
// Execute code only if client accepts an HTML (text/html)
// response.
} elseif ($this->RequestHandler->accepts('xml')) {
// Execute XML-only code
}
if ($this->RequestHandler->accepts(['xml', 'rss', 'atom'])) {
// Executes if the client accepts any of the above: XML, RSS
// or Atom.
}
}
}

Other request type detection methods include:


RequestHandlerComponent::isXml()
Returns true if the current request accepts XML as a response.
RequestHandlerComponent::isRss()
Returns true if the current request accepts RSS as a response.
RequestHandlerComponent::isAtom()
Returns true if the current call accepts an Atom response, false otherwise.
RequestHandlerComponent::isMobile()
Returns true if user agent string matches a mobile web browser, or if the client accepts WAP content.
The supported Mobile User Agent strings are:
Android
AvantGo
BlackBerry
DoCoMo
Fennec
iPad
iPhone
iPod
J2ME

More on Controllers

221

CakePHP Cookbook Documentation, Release 3.x

MIDP
NetFront
Nokia
Opera Mini
Opera Mobi
PalmOS
PalmSource
portalmmm
Plucker
ReqwirelessWeb
SonyEricsson
Symbian
UP.Browser
webOS
Windows CE
Windows Phone OS
Xiino
RequestHandlerComponent::isWap()
Returns true if the client accepts WAP content.
All of the above request detection methods can be used in a similar fashion to filter functionality intended
for specific content types. For example when responding to AJAX requests, you often will want to disable
browser caching, and change the debug level. However, you want to allow caching for non-AJAX requests.
The following would accomplish that:
if ($this->request->is('ajax')) {
$this->disableCache();
}
// Continue Controller action

Automatically Decoding Request Data

RequestHandlerComponent::addInputType($type, $handler)
Add a request data decoder. The handler should contain a callback, and any additional arguments for the
callback. The callback should return an array of data contained in the request input. For example adding a
CSV handler in your controllers beforeFilter could look like:

222

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

$parser = function ($data) {


$rows = str_getcsv($data, "\n");
foreach ($rows as &$row) {
$row = str_getcsv($row, ',');
}
return $rows;
};
$this->RequestHandler->addInputType('csv', [$parser]);

You can use any callable3 for the handling function. You can also pass additional arguments to the callback,
this is useful for callbacks like json_decode:
$this->RequestHandler->addInputType('json', ['json_decode', true]);

The above will make $this->request->data an array of the JSON input data, without the additional
true youd get a set of StdClass objects.
Checking Content-Type Preferences

RequestHandlerComponent::prefers($type = null)
Determines which content-types the client prefers. If no parameter is given the most likely content type
is returned. If $type is an array the first type the client accepts will be returned. Preference is determined
primarily by the file extension parsed by Router if one has been provided, and secondly by the list of contenttypes in HTTP\_ACCEPT:
$this->RequestHandler->prefers('json');

Responding To Requests

RequestHandlerComponent::renderAs($controller, $type)
Change the render mode of a controller to the specified type. Will also append the appropriate helper to the
controllers helper array if available and not already in the array:
// Force the controller to render an xml response.
$this->RequestHandler->renderAs($this, 'xml');

This method will also attempt to add a helper that matches your current content type. For example if you
render as rss, the RssHelper will be added.
RequestHandlerComponent::respondAs($type, $options)
Sets the response header based on content-type map names. This method lets you set a number of response
properties at once:
$this->RequestHandler->respondAs('xml', [
// Force download
'attachment' => true,
3

http://php.net/callback

More on Controllers

223

CakePHP Cookbook Documentation, Release 3.x

'charset' => 'UTF-8'


]);

RequestHandlerComponent::responseType()
Returns the current response type Content-type header or null if one has yet to be set.
Taking Advantage of HTTP Cache Validation

The HTTP cache validation model is one of the processes used for cache gateways, also known as reverse
proxies, to determine if they can serve a stored copy of a response to the client. Under this model, you
mostly save bandwidth, but when used correctly you can also save some CPU processing, reducing this way
response times.
Enabling the RequestHandlerComponent in your controller automatically activates a check done before
rendering the view. This check compares the response object against the original request to determine
whether the response was not modified since the last time the client asked for it.
If response is evaluated as not modified, then the view rendering process is stopped, saving processing time,
saving bandwidth and no content is returned to the client. The response status code is then set to 304 Not
Modified.
You can opt-out this automatic checking by setting the checkHttpCache setting to false:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'checkHttpCache' => false
]);
}

Using custom ViewClasses

RequestHandlerComponent::viewClassMap($type, $viewClass)
When using JsonView/XmlView you might want to override the default serialization with a custom View
class, or add View classes for other types.
You can map existing and new types to your custom classes. You can also set this automatically by using
the viewClassMap setting:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler', [
'viewClassMap' => [
'json' => 'ApiKit.MyJson',
'xml' => 'ApiKit.MyXml',
'csv' => 'ApiKit.Csv'
]

224

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

]);
}

Configuring Components
Many of the core components require configuration. Some examples of components requiring configuration are Authentication and Cookie. Configuration for these components, and for components in general, is usually done via loadComponent() in your Controllers initialize() method or via the
$components array:
class PostsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => ['controller'],
'loginAction' => ['controller' => 'Users', 'action' => 'login']
]);
$this->loadComponent('Cookie', ['expiry' => '1 day']);
}
}

You can configure components at runtime using the config() method. Often, this is done in your controllers beforeFilter() method. The above could also be expressed as:
public function beforeFilter()
{
$this->Auth->config('authorize', ['controller']);
$this->Auth->config('loginAction', ['controller' => 'Users', 'action' => 'login']);
$this->Cookie->config('name', 'CookieMonster');
}

Like helpers, components implement a config() method that is used to get and set any configuration data
for a component:
// Read config data.
$this->Auth->config('loginAction');
// Set config
$this->Csrf->config('cookieName', 'token');

As with helpers, components will automatically merge their $_defaultConfig property with constructor configuration to create the $_config property which is accessible with config().

More on Controllers

225

CakePHP Cookbook Documentation, Release 3.x

Aliasing Components

One common setting to use is the className option, which allows you to alias components. This feature
is useful when you want to replace $this->Auth or another common Component reference with a custom
implementation:
// src/Controller/PostsController.php
class PostsController extends AppController
{
public function initialize()
{
$this->loadComponent('Auth', [
'className' => 'MyAuth'
]);
}
}
// src/Controller/Component/MyAuthComponent.php
use Cake\Controller\Component\AuthComponent;
class MyAuthComponent extends AuthComponent
{
// Add your code to override the core AuthComponent
}

The above would alias MyAuthComponent to $this->Auth in your controllers.


Note: Aliasing a component replaces that instance anywhere that component is used, including inside other
Components.

Loading Components on the Fly

You might not need all of your components available on every controller action. In situations like this you
can load a component at runtime using the loadComponent() method in your controller:
// In a controller action
$this->loadComponent('OneTimer');
$time = $this->OneTimer->getTime();

Note: Keep in mind that components loaded on the fly will not have missed callbacks called. If you rely on
the beforeFilter or startup callbacks being called, you may need to call them manually depending
on when you load your component.

Using Components
Once youve included some components in your controller, using them is pretty simple.
Each component you use is exposed as a property on your controller.
If you
had
loaded
up
the
Cake\Controller\Component\FlashComponent
and
the
226

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

Cake\Controller\Component\CookieComponent in your controller, you could access them like


so:
class PostsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Flash');
$this->loadComponent('Cookie');
}
public function delete()
{
if ($this->Post->delete($this->request->data('Post.id')) {
$this->Flash->success('Post deleted.');
return $this->redirect(['action' => 'index']);
}
}

Note: Since both Models and Components are added to Controllers as properties they share the same
namespace. Be sure to not give a component and a model the same name.

Creating a Component
Suppose our application needs to perform a complex mathematical operation in many different parts of the
application. We could create a component to house this shared logic for use in many different controllers.
The first step is to create a new component file and class.
Create the file in
src/Controller/Component/MathComponent.php.
The basic structure for the component would
look something like this:
namespace App\Controller\Component;
use Cake\Controller\Component;
class MathComponent extends Component
{
public function doComplexOperation($amount1, $amount2)
{
return $amount1 + $amount2;
}
}

Note: All components must extend Cake\Controller\Component. Failing to do this will trigger an
exception.

More on Controllers

227

CakePHP Cookbook Documentation, Release 3.x

Including your Component in your Controllers

Once our component is finished, we can use it in the applications controllers by loading it during the
controllers initialize() method. Once loaded, the controller will be given a new attribute named after
the component, through which we can access an instance of it:
// In a controller
// Make the new component available at $this->Math,
// as well as the standard $this->Csrf
public function initialize()
{
parent::initialize();
$this->loadComponent('Math');
$this->loadComponent('Csrf');
}

When including Components in a Controller you can also declare a set of parameters that will be passed on
to the Components constructor. These parameters can then be handled by the Component:
// In your controller.
public function initialize()
{
parent::initialize();
$this->loadComponent('Math', [
'precision' => 2,
'randomGenerator' => 'srand'
]);
$this->loadComponent('Csrf');
}

The above would pass the array containing precision


MathComponent::initialize() in the $config parameter.

and

randomGenerator

to

Using Other Components in your Component

Sometimes one of your components may need to use another component. In this case you can include
other components in your component the exact same way you include them in controllers - using the
$components var:
// src/Controller/Component/CustomComponent.php
namespace App\Controller\Component;
use Cake\Controller\Component;
class CustomComponent extends Component
{
// The other component your component uses
public $components = ['Existing'];
// Execute any other additional setup for your component.
public function initialize(array $config)
{

228

Chapter 10. Controllers

CakePHP Cookbook Documentation, Release 3.x

$this->Existing->foo();
}
public function bar()
{
// ...
}
}
// src/Controller/Component/ExistingComponent.php
namespace App\Controller\Component;
use Cake\Controller\Component;
class ExistingComponent extends Component
{
public function foo()
{
// ...
}
}

Note: In contrast to a component included in a controller no callbacks will be triggered on a components


component.

Accessing a Components Controller

From within a Component you can access the current controller through the registry:
$controller = $this->_registry->getController();

You can also easily access the controller in any callback method from the event object:
$controller = $event->subject();

Component Callbacks
Components also offer a few request life-cycle callbacks that allow them to augment the request cycle.
beforeFilter(Event $event)
Is called before the controllers beforeFilter method, but after the controllers initialize() method.
startup(Event $event)
Is called after the controllers beforeFilter method but before the controller executes the current action
handler.
beforeRender(Event $event)
Is called after the controller executes the requested actions logic, but before the controllers renders
views and layout.
More on Controllers

229

CakePHP Cookbook Documentation, Release 3.x

shutdown(Event $event)
Is called before output is sent to the browser.
beforeRedirect(Event $event, $url, Response $response)
Is invoked when the controllers redirect method is called but before any further action. If this method
returns false the controller will not continue on to redirect the request. The $url, and $response
parameters allow you to inspect and modify the location or any other headers in the response.

230

Chapter 10. Controllers

CHAPTER 11

Views

class Cake\View\View
Views are the V in MVC. Views are responsible for generating the specific output required for the request.
Often this is in the form of HTML, XML, or JSON, but streaming files and creating PDFs that users can
download are also responsibilities of the View Layer.
CakePHP comes with a few built-in View classes for handling the most common rendering scenarios:
To create XML or JSON webservices you can use the JSON and XML views.
To serve protected files, or dynamically generated files, you can use Sending Files.
To create multiple themed views, you can use Themes.

The App View


AppView is your applications default View class. AppView itself extends the Cake\View\View class
included in CakePHP and is defined in src/View/AppView.php as follows:
<?php
namespace App\View;
use Cake\View\View;
class AppView extends View
{
}

You can use your AppView to load helpers that will be used for every view rendered in your application.
CakePHP provides an initialize() method that is invoked at the end of a Views constructor for this
kind of use:
<?php
namespace App\View;

231

CakePHP Cookbook Documentation, Release 3.x

use Cake\View\View;
class AppView extends View
{
public function initialize()
{
// Always enable the MyUtils Helper
$this->loadHelper('MyUtils');
}
}

View Templates
The view layer of CakePHP is how you speak to your users. Most of the time your views will be showing
(X)HTML documents to browsers, but you might also need to reply to a remote application via JSON, or
output a CSV file for a user.
By default CakePHP template files are written in plain PHP and have a default extension of .ctp (CakePHP
Template). These files contain all the presentational logic needed to get the data it received from the controller in a format that is ready for the audience youre serving to. If youd prefer using a templating language
like Twig, a subclass of View will bridge your templating language and CakePHP.
Template files are stored in src/Template/, in a folder named after the controller that uses the files, and
named after the action it corresponds to. For example, the view file for the Products controllers view()
action, would normally be found in src/Template/Products/view.ctp.
The view layer in CakePHP can be made up of a number of different parts. Each part has different uses, and
will be covered in this chapter:
views: Templates are the part of the page that is unique to the action being run. They form the meat
of your applications response.
elements: small, reusable bits of view code. Elements are usually rendered inside views.
layouts: template files that contain presentational code that wraps many interfaces in your application.
Most views are rendered inside a layout.
helpers: these classes encapsulate view logic that is needed in many places in the view layer. Among
other things, helpers in CakePHP can help you build forms, build AJAX functionality, paginate model
data, or serve RSS feeds.
cells: these classes provide miniature controller-like features for creating self contained UI components. See the View Cells documentation for more information.

View Variables
Any variables you set in your controller with set() will be available in both the view and the layout your
action renders. In addition, any set variables will also be available in any element. If you need to pass

232

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

additional variables from the view to the layout you can either call set() in the view template, or use a
Using View Blocks.
You should remember to always escape any user data before outputting it as CakePHP does not automatically escape output. You can escape user content with the h() function:
<?= h($user->bio); ?>

Setting View Variables


Cake\View\View::set(string $var, mixed $value)
Views have a set() method that is analogous to the set() found in Controller objects. Using set() from
your view file will add the variables to the layout and elements that will be rendered later. See Setting View
Variables for more information on using set().
In your view file you can do:
$this->set('activeMenuButton', 'posts');

Then, in your layout, the $activeMenuButton variable will be available and contain the value posts.

Extending Views
View extending allows you to wrap one view in another. Combining this with view blocks gives you a
powerful way to keep your views DRY. For example, your application has a sidebar that needs to change
depending on the specific view being rendered. By extending a common view file, you can avoid repeating
the common markup for your sidebar, and only define the parts that change:
<!-- src/Template/Common/view.ctp -->
<h1><?= $this->fetch('title') ?></h1>
<?= $this->fetch('content') ?>
<div class="actions">
<h3>Related actions</h3>
<ul>
<?= $this->fetch('sidebar') ?>
</ul>
</div>

The above view file could be used as a parent view. It expects that the view extending it will define the
sidebar and title blocks. The content block is a special block that CakePHP creates. It will contain
all the uncaptured content from the extending view. Assuming our view file has a $post variable with the
data about our post, the view could look like:
<!-- src/Template/Posts/view.ctp -->
<?php
$this->extend('/Common/view');
$this->assign('title', $post);

View Templates

233

CakePHP Cookbook Documentation, Release 3.x

$this->start('sidebar');
?>
<li>
<?php
echo $this->Html->link('edit', [
'action' => 'edit',
$post->id
]); ?>
</li>
<?php $this->end(); ?>
// The remaining content will be available as the 'content' block
// In the parent view.
<?= h($post->body) ?>

The post view above shows how you can extend a view, and populate a set of blocks. Any content not already
in a defined block will be captured and put into a special block named content. When a view contains
a call to extend(), execution continues to the bottom of the current view file. Once it is complete, the
extended view will be rendered. Calling extend() more than once in a view file will override the parent
view that will be processed next:
$this->extend('/Common/view');
$this->extend('/Common/index');

The above will result in /Common/index.ctp being rendered as the parent view to the current view.
You can nest extended views as many times as necessary. Each view can extend another view if desired.
Each parent view will get the previous views content as the content block.
Note: You should avoid using content as a block name in your application. CakePHP uses this for
uncaptured content in extended views.
You can get the list of all populated blocks using the blocks() method:
$list = $this->blocks();

Using View Blocks


View blocks provide a flexible API that allows you to define slots or blocks in your views/layouts that will
be defined elsewhere. For example, blocks are ideal for implementing things such as sidebars, or regions to
load assets at the bottom/top of the layout. Blocks can be defined in two ways: either as a capturing block,
or by direct assignment. The start(), append(), prepend(), assign(), fetch(), and end()
methods allow you to work with capturing blocks:
// Create the sidebar block.
$this->start('sidebar');
echo $this->element('sidebar/recent_topics');
echo $this->element('sidebar/recent_comments');
$this->end();

234

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

// Append into the sidebar later on.


$this->start('sidebar');
echo $this->fetch('sidebar');
echo $this->element('sidebar/popular_topics');
$this->end();

You can also append into a block using append():


$this->append('sidebar');
echo $this->element('sidebar/popular_topics');
$this->end();
// The same as the above.
$this->append('sidebar', $this->element('sidebar/popular_topics'));

assign() can be used to clear or overwrite a block at any time:


// Clear the previous content from the sidebar block.
$this->assign('sidebar', '');

Assigning a blocks content is often useful when you want to convert a view variable into a block. For
example, you may want to use a block for the page title, and sometimes assign the title as a view variable in
the controller:
// In view file or layout above $this->fetch('title')
$this->assign('title', $title);

The prepend() method allows you to prepend content to an existing block:


// Prepend to sidebar
$this->prepend('sidebar', 'this content goes on top of sidebar');

Note: You should avoid using content as a block name. This is used by CakePHP internally for extended
views, and view content in the layout.

Displaying Blocks
You can display blocks using the fetch() method. fetch() will output a block, returning if a block
does not exist:
<?= $this->fetch('sidebar') ?>

You can also use fetch to conditionally show content that should surround a block should it exist. This is
helpful in layouts, or extended views where you want to conditionally show headings or other markup:
// In src/Template/Layout/default.ctp
<?php if ($this->fetch('menu')): ?>
<div class="menu">
<h3>Menu options</h3>
<?= $this->fetch('menu') ?>

Using View Blocks

235

CakePHP Cookbook Documentation, Release 3.x

</div>
<?php endif; ?>

You can also provide a default value for a block should it not have any content. This allows you to easily
add placeholder content for empty states. You can provide a default value using the second argument:
<div class="shopping-cart">
<h3>Your Cart</h3>
<?= $this->fetch('cart', 'Your cart is empty') ?>
</div>

Using Blocks for Script and CSS Files


The HtmlHelper ties into view blocks, and its script(), css(), and meta() methods each update a
block with the same name when used with the block = true option:
<?php
// In your view file
$this->Html->script('carousel', ['block' => true]);
$this->Html->css('carousel', null, ['block' => true]);
?>
// In your layout file.
<!DOCTYPE html>
<html lang="en">
<head>
<title><?= $this->fetch('title') ?></title>
<?= $this->fetch('script') ?>
<?= $this->fetch('css') ?>
</head>
// Rest of the layout follows

The Cake\View\Helper\HtmlHelper also allows you to control which block the scripts and CSS go
to:
// In your view
$this->Html->script('carousel', ['block' => 'scriptBottom']);
// In your layout
<?= $this->fetch('scriptBottom') ?>

Layouts
A layout contains presentation code that wraps around a view. Anything you want to see in all of your views
should be placed in a layout.
CakePHPs default layout is located at src/Template/Layout/default.ctp. If you want to change the overall
look of your application, then this is the right place to start, because controller-rendered view code is placed
inside of the default layout when the page is rendered.

236

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Other layout files should be placed in src/Template/Layout. When you create a layout, you need to tell
CakePHP where to place the output of your views. To do so, make sure your layout includes a place for
$this->fetch(content) Heres an example of what a default layout might look like:
<!DOCTYPE html>
<html lang="en">
<head>
<title><?= h($this->fetch('title')) ?></title>
<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<!-- Include external files and scripts here (See HTML helper for more info.) -->
<?php
echo $this->fetch('meta');
echo $this->fetch('css');
echo $this->fetch('script');
?>
</head>
<body>
<!-- If you'd like some sort of menu to
show up on all of your views, include it here -->
<div id="header">
<div id="menu">...</div>
</div>
<!-- Here's where I want my views to be displayed -->
<?= $this->fetch('content') ?>
<!-- Add a footer to each displayed page -->
<div id="footer">...</div>
</body>
</html>

The script, css and meta blocks contain any content defined in the views using the built-in HTML
helper. Useful for including JavaScript and CSS files from views.
Note: When using HtmlHelper::css() or HtmlHelper::script() in template files, specify
block => true to place the HTML source in a block with the same name. (See API for more details
on usage).
The content block contains the contents of the rendered view.
You can set the title block content from inside your view file:
$this->assign('title', 'View Active Users');

You can create as many layouts as you wish: just place them in the src/Template/Layout directory, and
switch between them inside of your controller actions using the controller or views $layout property:
// From a controller
public function admin_view()
{
// Stuff

Layouts

237

CakePHP Cookbook Documentation, Release 3.x

$this->layout = 'admin';
}
// From a view file
$this->layout = 'loggedin';

For example, if a section of my site included a smaller ad banner space, I might create a new layout with the
smaller advertising space and specify it as the layout for all controllers actions using something like:
namespace App\Controller;
class UsersController extends AppController
{
public function view_active()
{
$this->set('title', 'View Active Users');
$this->layout = 'default_small_ad';
}
public function view_image()
{
$this->layout = 'image';
// Output user image
}
}

Besides a default layout CakePHPs official skeleton app also has an ajax layout. The Ajax layout is handy
for crafting AJAX responses - its an empty layout. (Most AJAX calls only require a bit of markup in return,
rather than a fully-rendered interface.)
The skeleton app also has a default layout to help generate RSS.

Using Layouts from Plugins


If you want to use a layout that exists in a plugin, you can use plugin syntax. For example, to use the contact
layout from the Contacts plugin:
namespace App\Controller;
class UsersController extends AppController
{
public function view_active()
{
$this->layout = 'Contacts.contact';
}
}

Elements
Cake\View\View::element(string $elementPath, array $data, array $options =[])
238

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Many applications have small blocks of presentation code that need to be repeated from page to page,
sometimes in different places in the layout. CakePHP can help you repeat parts of your website that need to
be reused. These reusable parts are called Elements. Ads, help boxes, navigational controls, extra menus,
login forms, and callouts are often implemented in CakePHP as elements. An element is basically a miniview that can be included in other views, in layouts, and even within other elements. Elements can be used
to make a view more readable, placing the rendering of repeating elements in its own file. They can also
help you re-use content fragments in your application.
Elements live in the src/Template/Element/ folder, and have the .ctp filename extension. They are output
using the element method of the view:
echo $this->element('helpbox');

Passing Variables into an Element


You can pass data to an element through the elements second argument:
echo $this->element('helpbox', [
"helptext" => "Oh, this text is very helpful."
]);

Inside the element file, all the passed variables are available as members of the parameter array (in the same
way that Controller::set() in the controller works with template files). In the above example, the
src/Template/Element/helpbox.ctp file can use the $helptext variable:
// Inside src/Template/Element/helpbox.ctp
echo $helptext; // Outputs "Oh, this text is very helpful."

The View::element() method also supports options for the element. The options supported are cache
and callbacks. An example:
echo $this->element('helpbox', [
"helptext" => "This is passed to the element as $helptext",
"foobar" => "This is passed to the element as $foobar",
],
[
// uses the "long_view" cache configuration
"cache" => "long_view",
// set to true to have before/afterRender called for the element
"callbacks" => true
]
);

Element caching is facilitated through the Cache class. You can configure elements to be stored in any
Cache configuration youve set up. This gives you a great amount of flexibility to decide where and for
how long elements are stored. To cache different versions of the same element in an application, provide a
unique cache key value using the following format:
$this->element('helpbox', [], [
"cache" => ['config' => 'short', 'key' => 'unique value']
]
);

Elements

239

CakePHP Cookbook Documentation, Release 3.x

You can take full advantage of elements by using requestAction(), which fetches view variables from
a controller action and returns them as an array. This enables your elements to perform in true MVC style.
Create a controller action that prepares the view variables for your elements, then call requestAction()
inside the second parameter of element() to feed the element the view variables from your controller.
To do this, in your controller add something like the following for the Post example:
namespace App\Controller;
class PostsController extends AppController
{
// ...
public function index()
{
$posts = $this->paginate();
if ($this->request->is('requested')) {
return $posts;
} else {
$this->set('posts', $posts);
}
}
}

And then in the element we can access the paginated posts model. To get the latest five posts in an ordered
list, we would do something like the following:
<h2>Latest Posts</h2>
<?php $posts = $this->requestAction('posts/index?sort=created&direction=asc&limit=5'); ?>
<ol>
<?php foreach ($posts as $post): ?>
<li><?= $post['Post']['title'] ?></li>
<?php endforeach; ?>
</ol>

Caching Elements
You can take advantage of CakePHP view caching if you supply a cache parameter. If set to true, it will
cache the element in the default Cache configuration. Otherwise, you can set which cache configuration
should be used. See Caching for more information on configuring Cache. A simple example of caching an
element would be:
echo $this->element('helpbox', [], ['cache' => true]);

If you render the same element more than once in a view and have caching enabled, be sure to set the
key parameter to a different name each time. This will prevent each successive call from overwriting the
previous element() calls cached result. For example:
echo $this->element(
'helpbox',
['var' => $var],
['cache' => ['key' => 'first_use', 'config' => 'view_long']]
);

240

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

echo $this->element(
'helpbox',
['var' => $differenVar],
['cache' => ['key' => 'second_use', 'config' => 'view_long']]
);

The above will ensure that both element results are cached separately. If you want all element caching to
use the same cache configuration, you can avoid some repetition by setting View::$elementCache to
the cache configuration you want to use. CakePHP will use this configuration when none is given.

Requesting Elements from a Plugin


If you are using a plugin and wish to use elements from within the plugin, just use the familiar plugin syntax.
If the view is being rendered for a plugin controller/action, the plugin name will automatically be prefixed
onto all elements used, unless another plugin name is present. If the element doesnt exist in the plugin, it
will look in the main APP folder:
echo $this->element('Contacts.helpbox');

If your view is a part of a plugin, you can omit the plugin name. For example, if you are in the
ContactsController of the Contacts plugin, the following:
echo $this->element('helpbox');
// and
echo $this->element('Contacts.helpbox');

are equivalent and will result in the same element being rendered.
For elements inside subfolder of a plugin (e.g., plugins/Contacts/Template/Element/sidebar/helpbox.ctp),
use the following:
echo $this->element('Contacts.sidebar/helpbox');

Routing prefix and Elements


New in version 3.0.1.
If you have a Routing prefix configured, the Element path resolution can switch to a prefix location, as
Layouts and action View do. Assuming you have a prefix Admin configured and you call:
echo $this->element('my_element');

The element first be looked for in src/Template/Admin/Element/. If such a file does not exist, it will be
looked for in the default location.

Caching Sections of Your View


Cake\View\View::cache(callable $block, array $options =[])

Elements

241

CakePHP Cookbook Documentation, Release 3.x

Sometimes generating a section of your view output can be expensive because of rendered View Cells or
expensive helper operations. To help make your application run faster CakePHP provides a way to cache
view sections:
// Assuming some local variables
echo $this->cache(function () use ($user, $article) {
echo $this->cell('UserProfile', [$user]);
echo $this->cell('ArticleFull', [$article]);
}, ['key' => 'my_view_key']);

By default cached view content will go into the View::$elementCache cache config, but you can use
the config option to change this.

Creating Your Own View Classes


You may need to create custom view classes to enable new types of data views, or add additional custom
view-rendering logic to your application. Like most components of CakePHP, view classes have a few
conventions:
View class files should be put in src/View. For example: src/View/PdfView.php
View classes should be suffixed with View. For example: PdfView.
When referencing view class names you should omit the View suffix.
$this->viewClass = Pdf;.

For example:

Youll also want to extend View to ensure things work correctly:


// In src/View/PdfView.php
namespace App\View;
use Cake\View\View;
class PdfView extends View
{
public function render($view = null, $layout = null)
{
// Custom logic here.
}
}

Replacing the render method lets you take full control over how your content is rendered.

More About Views


View Cells
View cells are small mini-controllers that can invoke view logic and render out templates. They provide
a light-weight modular replacement to requestAction(). The idea of cells is borrowed from cells in

242

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Ruby1 , where they fulfill a similar role and purpose.


When to use Cells
Cells are ideal for building reusable page components that require interaction with models, view logic, and
rendering logic. A simple example would be the cart in an online store, or a data-driven navigation menu
in a CMS. Because cells do not dispatch sub-requests, they sidestep all of the overhead associated with
requestAction().
Creating a Cell
To create a cell, define a class in src/View/Cell and a template in src/Template/Cell/. In this example, well
be making a cell to display the number of messages in a users notification inbox. First, create the class file.
Its contents should look like:
namespace App\View\Cell;
use Cake\View\Cell;
class InboxCell extends Cell
{
public function display()
{
}
}

Save this file into src/View/Cell/InboxCell.php. As you can see, like other classes in CakePHP, Cells have
a few conventions:
Cells live in the App\View\Cell namespace. If you are making a cell in a plugin, the namespace
would be PluginName\View\Cell.
Class names should end in Cell.
Classes should inherit from Cake\View\Cell.
We added an empty display() method to our cell; this is the conventional default method when
rendering a cell. Well cover how to use other methods later in the docs. Now, create the file
src/Template/Cell/Inbox/display.ctp. This will be our template for our new cell.
You can generate this stub code quickly using bake:
bin/cake bake cell Inbox

Would generate the code we typed out.


1

https://github.com/apotonick/cells

More About Views

243

CakePHP Cookbook Documentation, Release 3.x

Implementing the Cell

Assume that we are working on an application that allows users to send messages to each other. We have a
Messages model, and we want to show the count of unread messages without having to pollute AppController. This is a perfect use case for a cell. In the class we just made, add the following:
namespace App\View\Cell;
use Cake\View\Cell;
class InboxCell extends Cell
{
public function display()
{
$this->loadModel('Messages');
$unread = $this->Messages->find('unread');
$this->set('unread_count', $unread->count());
}
}

Because Cells use the ModelAwareTrait and ViewVarsTrait, they behave very much like a controller would. We can use the loadModel() and set() methods just like we would in a controller. In
our template file, add the following:
<!-- src/Template/Cell/Inbox/display.ctp -->
<div class="notification-icon">
You have <?= $unread_count ?> unread messages.
</div>

Note: Cell templates have an isolated scope that does not share the same View instance as the one used to
render template and layout for the current controller action or other cells. Hence they are unaware of any
helper calls made or blocks set in the actions template / layout and vice versa.

Loading Cells
Cells can be loaded from views using the cell() method and works the same in both contexts:
// Load an application cell
$cell = $this->cell('Inbox');
// Load a plugin cell
$cell = $this->cell('Messaging.Inbox');

The above will load the named cell class and execute the display() method. You can execute other
methods using the following:
// Run the expanded() method on the Inbox cell
$cell = $this->cell('Inbox::expanded');

244

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

If you need controller logic to decide which cells to load in a request, you can use the CellTrait in your
controller to enable the cell() method there:
namespace App\Controller;
use App\Controller\AppController;
use Cake\View\CellTrait;
class DashboardsController extends AppController
{
use CellTrait;
// More code.
}

Passing Arguments to a Cell

You will often want to parameterize cell methods to make cells more flexible. By using the second and third
arguments of cell(), you can pass action parameters and additional options to your cell classes:
$cell = $this->cell('Inbox::recent', ['since' => '-3 days']);

The above would match the following function signature:


public function recent($since)
{
}

Rendering a Cell
Once a cell has been loaded and executed, youll probably want to render it. The easiest way to render a cell
is to echo it:
<?= $cell ?>

This will render the template matching the lowercased and underscored version of our action name, e.g.
display.ctp.
Because cells use View to render templates, you can load additional cells within a cell template if required.
Rendering Alternate Templates

By convention cells render templates that match the action they are executing. If you need to render a
different view template, you can specify the template to use when rendering the cell:
// Calling render() explicitly
echo $this->cell('Inbox::recent', ['since' => '-3 days'])->render('messages');
// Set template before echoing the cell.
$cell = $this->cell('Inbox');

More About Views

245

CakePHP Cookbook Documentation, Release 3.x

$cell->template = 'messages';
echo $cell;

Caching Cell Output

When rendering a cell you may want to cache the rendered output if the contents dont change often or to
help improve performance of your application. You can define the cache option when creating a cell to
enable & configure caching:
// Cache using the default config and a generated key
$cell = $this->cell('Inbox', [], ['cache' => true]);
// Cache to a specific cache config and a generated key
$cell = $this->cell('Inbox', [], ['cache' => ['config' => 'cell_cache']]);
// Specify the key and config to use.
$cell = $this->cell('Inbox', [], [
'cache' => ['config' => 'cell_cache', 'key' => 'inbox_' . $user->id]
]);

If a key is generated the underscored version of the cell class and template name will be used.

Themes
You can take advantage of themes, making it easy to switch the look and feel of your page quickly and easily.
Themes in CakePHP are simply plugins that focus on providing template files. In addition to template files,
they can also provide helpers and cells if your theming requires that. When using cells and helpers from
your theme, you will need to continue using the plugin syntax.
To use themes, specify the theme name in your controller:
class ExamplesController extends AppController
{
public $theme = 'Modern';
}

You can also set or change the theme name within an action or within the beforeFilter or
beforeRender callback functions:
$this->theme = 'AnotherExample';

Theme template files need to be within a plugin with the same name. For example, the above
theme would be found in plugins/AnotherExample/src/Template. Its important to remember that
CakePHP expects CamelCase plugin/theme names. Beyond that, the folder structure within the plugins/AnotherExample/src/Template folder is exactly the same as src/Template/.
For example, the view file for an edit
at plugins/Modern/src/Template/Posts/edit.ctp.
ins/Modern/src/Template/Layout/.

246

action of a Posts controller would


Layout files would reside in

reside
plug-

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

If a view file cant be found in the theme, CakePHP will try to locate the view file in the src/Template/
folder. This way, you can create master template files and simply override them on a case-by-case basis
within your theme folder.
Theme Assets
Because themes are standard CakePHP plugins, they can include any necessary assets in their webroot
directory. This allows for easy packaging and distribution of themes. Whilst in development, requests for
theme assets will be handled by Cake\Routing\Dispatcher. To improve performance for production
environments, its recommended that you Improve Your Applications Performance.
All of CakePHPs built-in helpers are aware of themes and will create the correct paths automatically. Like
template files, if a file isnt in the theme folder, it will default to the main webroot folder:
// When in a theme with the name of 'purple_cupcake'
$this->Html->css('main.css');
// creates a path like
/purple_cupcake/css/main.css
// and links to
plugins/PurpleCupcake/webroot/css/main.css

JSON and XML views


The JsonView and XmlView let you easily create JSON and XML responses, and integrate with the
Cake\Controller\Component\RequestHandlerComponent.
By enabling RequestHandlerComponent in your application, and enabling support for the json and
or xml extensions, you can automatically leverage the new view classes. JsonView and XmlView will
be referred to as data views for the rest of this page.
There are two ways you can generate data views. The first is by using the _serialize key, and the second
is by creating normal template files.
Enabling Data Views in Your Application
Before you can use the data view classes,
youll first need to
Cake\Controller\Component\RequestHandlerComponent in your contoller:

load

the

public function initialize()


{
...
$this->loadComponent('RequestHandler');
}

This can be done in your AppController and will enable automatic view class switching on content types.
You can also set the component up with the viewClassMap setting, to map types to your custom classes
and/or map other data types.

More About Views

247

CakePHP Cookbook Documentation, Release 3.x

You can optionally enable the json and or xml extensions with Routing File Extensions. This will allow you
to access the JSON, XML or any other special format views by using a custom URL ending with the name
of the response type as a file extension such as http://example.com/articles.json.
By default, when not enabling Routing File Extensions, the request the Accept header is used for selecting
which type of format should be rendered to the user. An example Accept format that is used to render
JSON responses is application/json.
Using Data Views with the Serialize Key
The _serialize key is a special view variable that indicates which other view variable(s) should be
serialized when using a data view. This lets you skip defining template files for your controller actions if
you dont need to do any custom formatting before your data is converted into json/xml.
If you need to do any formatting or manipulation of your view variables before generating the response, you
should use template files. The value of _serialize can be either a string or an array of view variables to
serialize:
namespace App\Controller;
class ArticlesController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function index()
{
// Set the view vars that have to be serialized.
$this->set('articles', $this->paginate());
// Specify which view vars JsonView should serialize.
$this->set('_serialize', ['articles']);
}
}

You can also define _serialize as an array of view variables to combine:


namespace App\Controller;
class ArticlesController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function index()
{

248

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

// Some code that created $articles and $comments


// Set the view vars that have to be serialized.
$this->set(compact('articles', 'comments'));
// Specify which view vars JsonView should serialize.
$this->set('_serialize', ['articles', 'comments']);
}
}

Defining _serialize as an array has the added benefit of automatically appending a top-level
<response> element when using XmlView. If you use a string value for _serialize and XmlView,
make sure that your view variable has a single top-level element. Without a single top-level element the Xml
will fail to generate.
Using a Data View with Template Files
You should use template files if you need to do some manipulation of your view content before creating
the final output. For example if we had articles, that had a field containing generated HTML, we would
probably want to omit that from a JSON response. This is a situation where a view file would be useful:
// Controller code
class ArticlesController extends AppController
{
public function index()
{
$articles = $this->paginate('Articles');
$this->set(compact('articles'));
}
}
// View code - src/Template/Articles/json/index.ctp
foreach ($articles as &$$article) {
unset($article->generated_html);
}
echo json_encode(compact('articles'));

You can do more complex manipulations, or use helpers to do formatting as well.


Note: The data view classes dont support layouts. They assume that the view file will output the serialized
content.

Creating XML Views


class XmlView
By default when using _serialize the XmlView will wrap your serialized view variables with a
<response> node. You can set a custom name for this node using the _rootNode view variable.

More About Views

249

CakePHP Cookbook Documentation, Release 3.x

The XmlView class supports the _xmlOptions variable that allows you to customize the options used to
generate XML, e.g. tags vs attributes.
Creating JSON Views
class JsonView
The JsonView class supports the _jsonOptions variable that allows you to customize the bit-mask used
to generate JSON. See the json_encode2 documentation for the valid values of this option.
JSONP Responses

When using JsonView you can use the special view variable _jsonp to enable returning a JSONP response. Setting it to true makes the view class check if query string parameter named callback is set
and if so wrap the json response in the function name provided. If you want to use a custom query string
parameter name instead of callback set _jsonp to required name instead of true.

Helpers
Helpers are the component-like classes for the presentation layer of your application. They contain presentational logic that is shared between many views, elements, or layouts. This chapter will show you how to
create your own helpers, and outline the basic tasks CakePHPs core helpers can help you accomplish.
CakePHP features a number of helpers that aid in view creation. They assist in creating well-formed markup
(including forms), aid in formatting text, times and numbers, and can even speed up AJAX functionality.
For more information on the helpers included in CakePHP, check out the chapter for each helper:
Flash
class Cake\View\Helper\FlashHelper(View $view, array $config =[])
FlashHelper provides a way to render flash messages that were set in $_SESSION by FlashComponent.
FlashComponent and FlashHelper primarily use elements to render flash messages. Flash elements are
found under the src/Template/Element/Flash directory. Youll notice that CakePHPs App template comes
with two flash elements: success.ctp and error.ctp.
Rendering Flash Messages

To render a flash message, you can simply use FlashHelpers render() method:
<?= $this->Flash->render() ?>

By default, CakePHP uses a flash key for flash messages in a session. But, if youve specified a key when
setting the flash message in FlashComponent, you can specify which flash key to render:
2

http://php.net/json_encode

250

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<?= $this->Flash->render('other') ?>

You can also override any of the options that were set in FlashComponent:
// In your Controller
$this->Flash->set('The user has been saved.', [
'element' => 'success'
]);
// In your View: Will use great_success.ctp instead of succcess.ctp
<?= $this->Flash->render('flash', [
'element' => 'great_success'
]);

Note: By default, CakePHP does not escape the HTML in flash messages. If you are using any request or
user data in your flash messages, you should escape it with h when formatting your messages.
For more information about the available array options, please refer to the FlashComponent section.
Routing Prefix and Flash Messages

New in version 3.0.1.


If you have a Routing prefix configured, you can now have your Flash elements stored in
src/Template/{Prefix}/Element/Flash. This way, you can have specific messages layouts for each part
of your application (for instance, have different layouts for you front-end and your admin side).
Flash Messages and Themes

The FlashHelper uses normal elements to render the messages and will therefore obey any theme you might
have specified. So when your theme has a src/Template/Element/Flash/error.ctp file it will be used, just
as with any Elements and Views.
Form
class Cake\View\Helper\FormHelper(View $view, array $config =[])
The FormHelper does most of the heavy lifting in form creation. The FormHelper focuses on creating forms
quickly, in a way that will streamline validation, re-population and layout. The FormHelper is also flexible
- it will do almost everything for you using conventions, or you can use specific methods to get only what
you need.
Starting a Form

Cake\View\Helper\FormHelper::create(mixed $model = null, array $options =[])

More About Views

251

CakePHP Cookbook Documentation, Release 3.x

The first method youll need to use in order to take advantage of the FormHelper is create(). This
method outputs an opening form tag.
All parameters are optional. If create() is called with no parameters supplied, it assumes you are building
a form that submits to the current controller, via the current URL. The default method for form submission is
POST. If you were to call create() inside the view for UsersController::add(), you would see something
like the following output in the rendered view:
<form method="post" action="/users/add">

The $model argument is used as the forms context. There are several built-in form contexts and you can
add your own, which well cover in the next section. The built-in providers map to the following values of
$model:
An Entity instance or, an iterator map to the EntityContext, this context allows FormHelper
to work with results from the built-in ORM.
An array containing the schema key, maps to ArrayContext which allows you to create simple
data structures to build forms against.
null and false map to the NullContext, this context class simply satisifies the interface
FormHelper requires. This context is useful if you want to build a short form that doesnt require
ORM persistence.
All contexts classes also have access to the request data, making it simpler to build forms.
Once a form has been created with a context, all inputs you create will use the active context. In the case of
an ORM backed form, FormHelper can access associated data, validation errors and schema metadata easily
making building forms simple. You can close the active context using the end() method, or by calling
create() again. To create a form for an entity, do the following:
// If you are on /articles/add
// $article should be an empty Article entity.
echo $this->Form->create($article);

Output:
<form method="post" action="/articles/add">

This will POST the form data to the add() action of ArticlesController. However, you can also use the
same logic to create an edit form. The FormHelper uses the $this->request->data property to
automatically detect whether to create an add or edit form. If the provided entity is not new, the form will
be created as an edit form. For example, if we browse to http://example.org/articles/edit/5, we could do the
following:
// src/Controller/ArticlesController.php:
public function edit($id = null)
{
if (empty($id)) {
throw new NotFoundException;
}
$article = $this->Articles->get($id);
// Save logic goes here
$this->set('article', $article);

252

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

}
// View/Articles/edit.ctp:
// Since $article->isNew() is false, we will get an edit form
<?= $this->Form->create($article) ?>

Output:
<form method="post" action="/articles/edit/5">
<input type="hidden" name="_method" value="PUT" />

Note: Since this is an edit form, a hidden input field is generated to override the default HTTP method.
The $options array is where most of the form configuration happens. This special array can contain a
number of different key-value pairs that affect the way the form tag is generated.
Changing the HTTP Method for a Form By using the type option you can change the HTTP method
a form will use:
echo $this->Form->create($article, ['type' => 'get']);

Output:
<form method="get" action="/articles/edit/5">

Specifying file changes the form submission method to post, and includes an enctype of multipart/formdata on the form tag. This is to be used if there are any file elements inside the form. The absence of the
proper enctype attribute will cause the file uploads not to function:
echo $this->Form->create($article, ['type' => 'file']);

Output:
<form enctype="multipart/form-data" method="post" action="/articles/add">

When using put, patch or delete, your form will be functionally equivalent to a post form, but when
submitted, the HTTP request method will be overridden with PUT, PATCH or DELETE, respectively.
This allows CakePHP to emulate proper REST support in web browsers.
Setting the Controller Action for the Form Using the action option allows you to point the form to a
specific action in your current controller. For example, if youd like to point the form to the login() action of
the current controller, you would supply an $options array like the following:
echo $this->Form->create($article, ['action' => 'login']);

Output:
<form method="post" action="/users/login">

More About Views

253

CakePHP Cookbook Documentation, Release 3.x

Setting a URL for the Form If the desired form action isnt in the current controller, you can specify a
URL for the form action using the url key of the $options array. The supplied URL can be relative to your
CakePHP application:
echo $this->Form->create(null, [
'url' => ['controller' => 'Articles', 'action' => 'publish']
]);

Output:
<form method="post" action="/articles/publish">

or can point to an external domain:


echo $this->Form->create(null, [
'url' => 'http://www.google.com/search',
'type' => 'get'
]);

Output:
<form method="get" action="http://www.google.com/search">

Using Custom Validators Often models will have multiple validation sets, and you will want FormHelper
to mark fields required based on a the specific validation rules your controller action is going to apply. For
example, your Users table has specific validation rules that only apply when an account is being registered:
echo $this->Form->create($user, [
'context' => ['validator' => 'register']
]);

The above will use the register validator for the $user and all related associations. If you are creating
a form for associated entities, you can define validation rules for each association by using an array:
echo $this->Form->create($user, [
'context' => [
'validator' => [
'Users' => 'register',
'Comments' => 'default'
]
]
]);

The above would use register for the user, and default for the users comments.
Creating context classes While the built-in context classes are intended to cover the basic cases youll
encounter you may need to build a new context class if you are using a different ORM. In these situations
you need to implement the Cake\View\Form\ContextInterface3 . Once you have implemented this interface
you can wire your new context into the FormHelper. It is often best to do this in a View.beforeRender
event listener, or in an application view class:
3

http://api.cakephp.org/3.0/class-Cake.View.Form.ContextInterface.html

254

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

$this->Form->addContextProvider('myprovider', function ($request, $data) {


if ($data['entity'] instanceof MyOrmClass) {
return new MyProvider($request, $data);
}
});

Context factory functions are where you can add logic for checking the form options for the correct type of
entity. If matching input data is found you can return an object. If there is no match return null.
Creating Form Inputs

Cake\View\Helper\FormHelper::input(string $fieldName, array $options =[])


The input() method lets you easily generate complete form inputs. These inputs will include a wrapping
div, label, input widget, and validation error if necessary. By using the metadata in the form context, this
method will choose an appropriate input type for each field. Internally input() uses the other methods of
FormHelper.
The type of input created depends on the column datatype:
Column Type Resulting Form Field
string, uuid (char, varchar, etc.) text
boolean, tinyint(1) checkbox
decimal number
float number
integer number
text textarea
text, with name of password, passwd password
text, with name of email email
text, with name of tel, telephone, or phone tel
date day, month, and year selects
datetime, timestamp day, month, year, hour, minute, and meridian selects
time hour, minute, and meridian selects
binary file
The $options parameter allows you to choose a specific input type if you need to:
echo $this->Form->input('published', ['type' => 'checkbox']);

The wrapping div will have a required class name appended if the validation rules for the models field
indicate that it is required and not allowed to be empty. You can disable automatic required flagging using
the required option:

More About Views

255

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->input('title', ['required' => false]);

To skip browser validation triggering for the whole form you can set option formnovalidate
=> true for the input button you generate using View\Helper\FormHelper::submit() or set
novalidate => true in options for View\Helper\FormHelper::create().
For example, lets assume that your User model includes fields for a username (varchar), password (varchar), approved (datetime) and quote (text). You can use the input() method of the FormHelper to create
appropriate inputs for all of these form fields:
echo $this->Form->create($user);
// Text
echo $this->Form->input('username');
// Password
echo $this->Form->input('password');
// Day, month, year, hour, minute, meridian
echo $this->Form->input('approved');
// Textarea
echo $this->Form->input('quote');
echo $this->Form->button('Add');
echo $this->Form->end();

A more extensive example showing some options for a date field:


echo $this->Form->input('birth_dt', [
'label' => 'Date of birth',
'minYear' => date('Y') - 70,
'maxYear' => date('Y') - 18,
]);

Besides the specific options for input() found below, you can specify any option for the input type & any
HTML attribute (for instance onfocus).
If you want to create a select field while using a belongsTo - or hasOne - Relation, you can add the following
to your Users-controller (assuming your User belongsTo Group):
$this->set('groups', $this->Users->Groups->find('list'));

Afterwards, add the following to your view template:


echo $this->Form->input('group_id', ['options' => $groups]);

To make a select box for a belongsToMany Groups association you can add the following to your UsersController:
$this->set('groups', $this->Users->Groups->find('list'));

Afterwards, add the following to your view template:


echo $this->Form->input('groups._ids', ['options' => $groups]);

If your model name consists of two or more words, e.g., UserGroup, when passing the data using set()
you should name your data in a pluralised and camelCased format as follows:
256

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

$this->set('userGroups', $this->UserGroups->find('list'));

Note:
You should not use FormHelper::input() to generate submit buttons.
View\Helper\FormHelper::submit() instead.

Use

Field Naming Conventions When creating input widgets you should name your fields after the matching
attributes in the forms entity. For example, if you created a form for an $article, you would create fields
named after the properities. E.g title, body and published.
You can create inputs for associated models,
association.fieldname as the first parameter:

or

arbitrary

models

by

passing

in

echo $this->Form->input('association.fieldname');

Any dots in your field names will be converted into nested request data. For example, if you created a field
with a name 0.comments.body you would get a name attribute that looks like 0[comments][body].
This convention makes it easy to save data with the ORM. Details for the various association types can be
found in the Creating Inputs for Associated Data section.
When creating datetime related inputs, FormHelper will append a field-suffix. You may notice additional
fields named year, month, day, hour, minute, or meridian being added. These fields will be
automatically converted into DateTime objects when entities are marshalled.
Options FormHelper::input() supports a large number of options. In addition to its own options
input() accepts options for the generated input types, as well as HTML attributes. The following will
cover the options specific to FormHelper::input().
$options[type] You can force the type of an input, overriding model introspection, by specifying a type. In addition to the field types found in the Creating Form Inputs, you can also create
file, password, and any type supported by HTML5:
echo $this->Form->input('field', ['type' => 'file']);
echo $this->Form->input('email', ['type' => 'email']);

Output:
<div class="input file">
<label for="field">Field</label>
<input type="file" name="field" value="" id="field" />
</div>
<div class="input email">
<label for="email">Email</label>
<input type="email" name="email" value="" id="email" />
</div>

$options[label] Set this key to the string you would like to be displayed within the label that
usually accompanies the input:

More About Views

257

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->input('name', [
'label' => 'The User Alias'
]);

Output:
<div class="input">
<label for="name">The User Alias</label>
<input name="name" type="text" value="" id="name" />
</div>

Alternatively, set this key to false to disable the output of the label:
echo $this->Form->input('name', ['label' => false]);

Output:
<div class="input">
<input name="name" type="text" value="" id="name" />
</div>

Set this to an array to provide additional options for the label element. If you do this, you can use
a text key in the array to customize the label text:
echo $this->Form->input('name', [
'label' => [
'class' => 'thingy',
'text' => 'The User Alias'
]
]);

Output:
<div class="input">
<label for="name" class="thingy">The User Alias</label>
<input name="name" type="text" value="" id="name" />
</div>

$options[error] Using this key allows you to override the default model error messages and
can be used, for example, to set i18n messages.
To disable error message output & field classes set the error key to false:
echo $this->Form->input('name', ['error' => false]);

To override the model error messages use an array with the keys matching the original validation error
messages:
$this->Form->input('name', [
'error' => ['Not long enough' => __('This is not long enough')]
]);

As seen above you can set the error message for each validation rule you have in your models. In
addition you can provide i18n messages for your forms.

258

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Generating Specific Types of Inputs

In addition to the generic input() method, FormHelper has specific methods for generating a number of different types of inputs. These can be used to generate just the input widget itself, and combined with other methods like View\Helper\FormHelper::label() and
View\Helper\FormHelper::error() to generate fully custom form layouts.
Common Options Many of the various input element methods support a common set of options. All of
these options are also supported by input(). To reduce repetition the common options shared by all input
methods are as follows:
$options[id] Set this key to force the value of the DOM id for the input. This will override
the idPrefix that may be set.
$options[default] Used to set a default value for the input field. The value is used if the
data passed to the form does not contain a value for the field (or if no data is passed at all).
Example usage:
echo $this->Form->text('ingredient', ['default' => 'Sugar']);

Example with select field (Size Medium will be selected as default):


$sizes = ['s' => 'Small', 'm' => 'Medium', 'l' => 'Large'];
echo $this->Form->select('size', $sizes, ['default' => 'm']);

Note:
You cannot use default to check a checkbox - instead you might set the value in
$this->request->data in your controller, or set the input option checked to true.
Date and datetime fields default values can be set by using the selected key.
Beware of using false to assign a default value. A false value is used to disable/exclude options of
an input field, so default => false would not set any value at all. Instead use default
=> 0.
In addition to the above options, you can mixin any HTML attribute you wish to use. Any non-special
option name will be treated as an HTML attribute, and applied to the generated HTML input element.
Options for Select, Checkbox and Radio Inputs
$options[value] Used in combination with a select-type input (i.e. For types select, date,
time, datetime). Set value to the value of the item you wish to be selected by default when the input
is rendered:
echo $this->Form->time('close_time', [
'value' => '13:30:00'
]);

Note: The value key for date and datetime inputs may also be a UNIX timestamp, or a DateTime
object.

More About Views

259

CakePHP Cookbook Documentation, Release 3.x

For select input where you set the multiple attribute to true, you can use an array of the values you
want to select by default:
echo $this->Form->select('rooms', [
'multiple' => true,
// options with values 1 and 3 will be selected as default
'default' => [1, 3]
]);

$options[empty] If set to true, forces the input to remain empty.


When passed to a select list, this creates a blank option with an empty value in your drop down list. If
you want to have a empty value with text displayed instead of just a blank option, pass in a string to
empty:
echo $this->Form->select(
'field',
[1, 2, 3, 4, 5],
['empty' => '(choose one)']
);

Output:
<select name="field">
<option value="">(choose one)</option>
<option value="0">1</option>
<option value="1">2</option>
<option value="2">3</option>
<option value="3">4</option>
<option value="4">5</option>
</select>

Options can also supplied as key-value pairs.


$options[hiddenField] For certain input types (checkboxes, radios) a hidden input is created so that the key in $this->request->data will exist even without a value specified:
<input type="hidden" name="published" value="0" />
<input type="checkbox" name="published" value="1" />

This can be disabled by setting the $options[hiddenField] = false:


echo $this->Form->checkbox('published', ['hiddenField' => false]);

Which outputs:
<input type="checkbox" name="published" value="1">

If you want to create multiple blocks of inputs on a form that are all grouped together, you should use
this parameter on all inputs except the first. If the hidden input is on the page in multiple places, only
the last group of inputs values will be saved
In this example, only the tertiary colors would be passed, and the primary colors would be overridden:

260

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<h2>Primary Colors</h2>
<input type="hidden" name="color" value="0" />
<label for="color-red">
<input type="checkbox" name="color[]" value="5" id="color-red" />
Red
</label>
<label for="color-blue">
<input type="checkbox" name="color[]" value="5" id="color-blue" />
Blue
</label>
<label for="color-yellow">
<input type="checkbox" name="color[]" value="5" id="color-yellow" />
Yellow
</label>
<h2>Tertiary Colors</h2>
<input type="hidden" name="color" value="0" />
<label for="color-green">
<input type="checkbox" name="color[]" value="5" id="color-green" />
Green
</label>
<label for="color-purple">
<input type="checkbox" name="color[]" value="5" id="color-purple" />
Purple
</label>
<label for="color-orange">
<input type="checkbox" name="color[]" value="5" id="color-orange" />
Orange
</label>

Disabling the hiddenField on the second input group would prevent this behavior.
You can set a different hidden field value other than 0 such as N:
echo $this->Form->checkbox('published', [
'value' => 'Y',
'hiddenField' => 'N',
]);

Datetime Options
$options[timeFormat] Used to specify the format of the select inputs for a time-related set
of inputs. Valid values include 12, 24, and null.
$options[minYear], $options[maxYear] Used in combination with a
date/datetime input. Defines the lower and/or upper end of values shown in the years select
field.
$options[orderYear] Used in combination with a date/datetime input. Defines the order in
which the year values will be set. Valid values include asc, desc. The default value is desc.

More About Views

261

CakePHP Cookbook Documentation, Release 3.x

$options[interval] This option specifies the number of minutes between each option in the
minutes select box:
echo $this->Form->input('time', [
'type' => 'time',
'interval' => 15
]);

Would create 4 options in the minute select. One for each 15 minutes.
$options[round] Can be set to up or down to force rounding in either direction. Defaults to
null which rounds half up according to interval.
$options[monthNames] If false, 2 digit numbers will be used instead of text. If it is given
an array like [01 => Jan, 02 => Feb, ...] then the given array will be used.
Creating Input Elements

Creating Text Inputs


Cake\View\Helper\FormHelper::text(string $name, array $options)
The rest of the methods available in the FormHelper are for creating specific form elements. Many of these
methods also make use of a special $options parameter. In this case, however, $options is used primarily to
specify HTML tag attributes (such as the value or DOM id of an element in the form):
echo $this->Form->text('username', ['class' => 'users']);

Will output:
<input name="username" type="text" class="users">

Creating Password Inputs


Cake\View\Helper\FormHelper::password(string $fieldName, array $options)
Creates a password field.
echo $this->Form->password('password');

Will output:
<input name="password" value="" type="password">

Creating Hidden Inputs


Cake\View\Helper\FormHelper::hidden(string $fieldName, array $options)
Creates a hidden form input. Example:
echo $this->Form->hidden('id');

Will output:
<input name="id" value="10" type="hidden" />

262

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Creating Textareas
Cake\View\Helper\FormHelper::textarea(string $fieldName, array $options)
Creates a textarea input field.
echo $this->Form->textarea('notes');

Will output:
<textarea name="notes"></textarea>

If the form is edited (that is, the array $this->request->data will contain the information saved
for the User model), the value corresponding to notes field will automatically be added to the HTML
generated. Example:
<textarea name="notes" id="notes">
This text is to be edited.
</textarea>

Note: The textarea input type allows for the $options attribute of escape which determines
whether or not the contents of the textarea should be escaped. Defaults to true.
echo $this->Form->textarea('notes', ['escape' => false]);
// OR....
echo $this->Form->input('notes', ['type' => 'textarea', 'escape' => false]);

Options
In addition to the Common Options, textarea() supports a few specific options:
$options[rows], $options[cols] These two keys specify the number of rows and
columns:
echo $this->Form->textarea('textarea', ['rows' => '5', 'cols' => '5']);

Output:
<textarea name="textarea" cols="5" rows="5">
</textarea>

Creating Checkboxes
Cake\View\Helper\FormHelper::checkbox(string $fieldName, array $options)
Creates a checkbox form element. This method also generates an associated hidden form input to force the
submission of data for the specified field.
echo $this->Form->checkbox('done');

Will output:
<input type="hidden" name="done" value="0">
<input type="checkbox" name="done" value="1">

It is possible to specify the value of the checkbox by using the $options array:

More About Views

263

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->checkbox('done', ['value' => 555]);

Will output:
<input type="hidden" name="done" value="0">
<input type="checkbox" name="done" value="555">

If you dont want the Form helper to create a hidden input:


echo $this->Form->checkbox('done', ['hiddenField' => false]);

Will output:
<input type="checkbox" name="done" value="1">

Creating Radio Buttons


Cake\View\Helper\FormHelper::radio(string $fieldName, array $options, array $attributes)
Creates a set of radio button inputs.
Attributes
value - Indicates the value when this radio button is checked.
label - boolean to indicate whether or not labels for widgets should be displayed.
hiddenField - boolean to indicate if you want the results of radio() to include a hidden input with
a value of . This is useful for creating radio sets that are non-continuous.
disabled - Set to true or disabled to disable all the radio buttons.
empty - Set to true to create an input with the value as the first option. When true the radio
label will be empty. Set this option to a string to control the label value.
Generally $options is a simple key => value pair. However, if you need to put custom attributes on your
radio buttons you can use an expanded format:
echo $this->Form->radio(
'favorite_color',
[
['value' => 'r', 'text' => 'Red', 'style' => 'color:red;'],
['value' => 'u', 'text' => 'Blue', 'style' => 'color:blue;'],
['value' => 'g', 'text' => 'Green', 'style' => 'color:green;'],
]
);

// Will output
<input type="hidden" name="favorite_color" value="">
<label for="favorite-color-r">
<input type="radio" name="favorite_color" value="r" style="color:red;" id="favorite-col
Red
</label>
<label for="favorite-color-u">
<input type="radio" name="favorite_color" value="u" style="color:blue;" id="favorite-co

264

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Blue
</label>
<label for="favorite-color-g">
<input type="radio" name="favorite_color" value="g" style="color:green;" id="favorite-c
Green
</label>

Creating Select Pickers


Cake\View\Helper\FormHelper::select(string $fieldName, array $options, array $attributes)
Creates a select element, populated with the items in $options, with the option specified by
$attributes[value] shown as selected by default. Set the empty key in the $attributes
variable to false to turn off the default empty option:
$options = ['M' => 'Male', 'F' => 'Female'];
echo $this->Form->select('gender', $options);

Will output:
<select name="gender">
<option value=""></option>
<option value="M">Male</option>
<option value="F">Female</option>
</select>

The select input type allows for a special $option attribute called escape which accepts a bool
and determines whether to HTML entity encode the contents of the select options. Defaults to true:
$options = ['M' => 'Male', 'F' => 'Female'];
echo $this->Form->select('gender', $options, ['escape' => false]);

$attributes[options] This key allows you to manually specify options for a select input,
or for a radio group. Unless the type is specified as radio, the FormHelper will assume that the
target output is a select input:
echo $this->Form->select('field', [1,2,3,4,5]);

Output:
<select name="field">
<option value="0">1</option>
<option value="1">2</option>
<option value="2">3</option>
<option value="3">4</option>
<option value="4">5</option>
</select>

Options can also be supplied as key-value pairs:


echo $this->Form->select('field', [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2',

More About Views

265

CakePHP Cookbook Documentation, Release 3.x

'Value 3' => 'Label 3'


]);

Output:
<select name="field">
<option value="Value 1">Label 1</option>
<option value="Value 2">Label 2</option>
<option value="Value 3">Label 3</option>
</select>

If you would like to generate a select with optgroups, just pass data in hierarchical format. This works
on multiple checkboxes and radio buttons too, but instead of optgroups wraps elements in fieldsets:
$options = [
'Group 1' => [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2'
],
'Group 2' => [
'Value 3' => 'Label 3'
]
];
echo $this->Form->select('field', $options);

Output:
<select name="field">
<optgroup label="Group 1">
<option value="Value 1">Label 1</option>
<option value="Value 2">Label 2</option>
</optgroup>
<optgroup label="Group 2">
<option value="Value 3">Label 3</option>
</optgroup>
</select>

$attributes[multiple] If multiple has been set to true for an input that outputs a select,
the select will allow multiple selections:
echo $this->Form->select('field', $options, ['multiple' => true]);

Alternatively set multiple to checkbox to output a list of related check boxes:


$options = [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2'
];
echo $this->Form->select('field', $options, [
'multiple' => 'checkbox'
]);

Output:

266

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<input name="field" value="" type="hidden">


<div class="checkbox">
<label for="field-1">
<input name="field[]" value="Value 1" id="field-1" type="checkbox">
Label 1
</label>
</div>
<div class="checkbox">
<label for="field-2">
<input name="field[]" value="Value 2" id="field-2" type="checkbox">
Label 2
</label>
</div>

$attributes[disabled] When creating checkboxes, this option can be set to disable all or
some checkboxes. To disable all checkboxes set disabled to true:
$options = [
'Value 1' => 'Label 1',
'Value 2' => 'Label 2'
];
echo $this->Form->select('field', $options, [
'multiple' => 'checkbox',
'disabled' => ['Value 1']
]);

Output:
<input name="field" value="" type="hidden">
<div class="checkbox">
<label for="field-1">
<input name="field[]" disabled="disabled" value="Value 1" type="checkbox">
Label 1
</label>
</div>
<div class="checkbox">
<label for="field-2">
<input name="field[]" value="Value 2" id="field-2" type="checkbox">
Label 2
</label>
</div>

Creating File Inputs


Cake\View\Helper\FormHelper::file(string $fieldName, array $options)
To add a file upload field to a form, you must first make sure that the form enctype is set to multipart/formdata, so start off with a create function such as the following:
echo $this->Form->create($document, ['enctype' => 'multipart/form-data']);
// OR
echo $this->Form->create($document, ['type' => 'file']);

Next add either of the two lines to your form view file:

More About Views

267

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->input('submittedfile', [
'type' => 'file'
]);
// OR
echo $this->Form->file('submittedfile');

Due to the limitations of HTML itself, it is not possible to put default values into input fields of type file.
Each time the form is displayed, the value inside will be empty.
Upon submission, file fields provide an expanded data array to the script receiving the form data.
For the example above, the values in the submitted data array would be organized as follows, if the CakePHP
was installed on a Windows server. tmp_name will have a different path in a Unix environment:
$this->request->data['submittedfile'] = [
'name' => 'conference_schedule.pdf',
'type' => 'application/pdf',
'tmp_name' => 'C:/WINDOWS/TEMP/php1EE.tmp',
'error' => 0, // On Windows this can be a string.
'size' => 41737,
];

This array is generated by PHP itself, so for more detail on the way PHP handles data passed via file fields
read the PHP manual section on file uploads4 .
Note: When using $this->Form->file(), remember to set the form encoding-type, by setting the
type option to file in $this->Form->create().

Creating DateTime Inputs


Cake\View\Helper\FormHelper::dateTime($fieldName, $options =[])
Creates a set of select inputs for date and time. This method accepts a number of options:
monthNames If false, 2 digit numbers will be used instead of text. If an array, the given array will
be used.
minYear The lowest year to use in the year select
maxYear The maximum year to use in the year select
interval The interval for the minutes select. Defaults to 1
empty - If true, the empty select option is shown. If a string, that string is displayed as the empty
element.
round - Set to up or down if you want to force rounding in either direction. Defaults to null.
default The default value to be used by the input. A value in $this->request->data matching the field name will override this value. If no default is provided time() will be used.
timeFormat The time format to use, either 12 or 24.
4

http://php.net/features.file-upload

268

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

second Set to true to enable seconds drop down.


To control the order of inputs, and any elements/content between the inputs you can override the
dateWidget template. By default the dateWidget template is:
{{year}}{{month}}{{day}}{{hour}}{{minute}}{{second}}{{meridian}}

Creating Time Inputs


Cake\View\Helper\FormHelper::time($fieldName, $options =[])
Creates two select elements populated with 24 hours and 60 minutes for hour and minute, respectively. Additionally, HTML attributes may be supplied in $options for each specific type. If
$options[empty] is false, the select will not include an empty option:
empty - If true, the empty select option is shown. If a string, that string is displayed as the empty
element.
default | value The default value to be used by the input.
A value in
$this->request->data matching the field name will override this value. If no default is
provided time() will be used.
timeFormat The time format to use, either 12 or 24. Defaults to 24.
second Set to true to enable seconds drop down.
interval The interval for the minutes select. Defaults to 1.
For example, to create a time range with minutes selectable in 15 minute increments, and to apply classes to
the select boxes, you could do the following:
echo $this->Form->time('released', [
'interval' => 15,
'hour' => [
'class' => 'foo-class',
],
'minute' => [
'class' => 'bar-class',
],
]);

Which would create the following two selects:


<select name="released[hour]" class="foo-class">
<option value="" selected="selected"></option>
<option value="00">0</option>
<option value="01">1</option>
<!-- .. snipped for brevity .. -->
<option value="22">22</option>
<option value="23">23</option>
</select>
<select name="released[minute]" class="bar-class">
<option value="" selected="selected"></option>
<option value="00">00</option>
<option value="15">15</option>
<option value="30">30</option>

More About Views

269

CakePHP Cookbook Documentation, Release 3.x

<option value="45">45</option>
</select>

Creating Year Inputs


Cake\View\Helper\FormHelper::year(string $fieldName, array $options =[])
Creates a select element populated with the years from minYear to maxYear. Additionally, HTML
attributes may be supplied in $options. If $options[empty] is false, the select will not include an
empty option:
empty - If true, the empty select option is shown. If a string, that string is displayed as the empty
element.
orderYear - Ordering of year values in select options. Possible values asc, desc. Default desc
value The selected value of the input.
maxYear The max year to appear in the select element.
minYear The min year to appear in the select element.
For example, to create a year range from 2000 to the current year you would do the following:
echo $this->Form->year('purchased', [
'minYear' => 2000,
'maxYear' => date('Y')
]);

If it was 2009, you would get the following:


<select name="purchased[year]">
<option value=""></option>
<option value="2009">2009</option>
<option value="2008">2008</option>
<option value="2007">2007</option>
<option value="2006">2006</option>
<option value="2005">2005</option>
<option value="2004">2004</option>
<option value="2003">2003</option>
<option value="2002">2002</option>
<option value="2001">2001</option>
<option value="2000">2000</option>
</select>

Creating Month Inputs


Cake\View\Helper\FormHelper::month(string $fieldName, array $attributes)
Creates a select element populated with month names:
echo $this->Form->month('mob');

Will output:

270

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<select name="mob[month]">
<option value=""></option>
<option value="01">January</option>
<option value="02">February</option>
<option value="03">March</option>
<option value="04">April</option>
<option value="05">May</option>
<option value="06">June</option>
<option value="07">July</option>
<option value="08">August</option>
<option value="09">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>

You can pass in your own array of months to be used by setting the monthNames attribute, or have months
displayed as numbers by passing false. (Note: the default months can be localized with CakePHP Internationalization & Localization features.):
echo $this->Form->month('mob', ['monthNames' => false]);

Creating Day Inputs


Cake\View\Helper\FormHelper::day(string $fieldName, array $attributes)
Creates a select element populated with the (numerical) days of the month.
To create an empty option with prompt text of your choosing (e.g. the first option is Day), you can supply
the text as the final parameter as follows:
echo $this->Form->day('created');

Will output:
<select name="created[day]">
<option value=""></option>
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
...
<option value="31">31</option>
</select>

Creating Hour Inputs


Cake\View\Helper\FormHelper::hour(string $fieldName, array $attributes)
Creates a select element populated with the hours of the day. You can create either 12 or 24 hour pickers
using the format option:
echo $this->Form->hour('created', [
'format' => 12
]);
echo $this->Form->hour('created', [

More About Views

271

CakePHP Cookbook Documentation, Release 3.x

'format' => 24
]);

Creating Minute Inputs


Cake\View\Helper\FormHelper::minute(string $fieldName, array $attributes)
Creates a select element populated with the minutes of the hour. You can create a select that only contains
specific values using the interval option. For example, if you wanted 10 minute increments you would
do the following:
echo $this->Form->minute('created', [
'interval' => 10
]);

Creating Meridian Inputs


Cake\View\Helper\FormHelper::meridian(string $fieldName, array $attributes)
Creates a select element populated with am and pm.
Creating Labels

Cake\View\Helper\FormHelper::label(string $fieldName, string $text, array $options)


Create a label element. $fieldName is used for generating the DOM id. If $text is undefined,
$fieldName will be used to inflect the labels text:
echo $this->Form->label('User.name');
echo $this->Form->label('User.name', 'Your username');

Output:
<label for="user-name">Name</label>
<label for="user-name">Your username</label>

$options can either be an array of HTML attributes, or a string that will be used as a class name:
echo $this->Form->label('User.name', null, ['id' => 'user-label']);
echo $this->Form->label('User.name', 'Your username', 'highlight');

Output:
<label for="user-name" id="user-label">Name</label>
<label for="user-name" class="highlight">Your username</label>

Displaying and Checking Errors

Cake\View\Helper\FormHelper::error(string $fieldName, mixed $text, array $options)


Shows a validation error message, specified by $text, for the given field, in the event that a validation error
has occurred.

272

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Options:
escape bool Whether or not to HTML escape the contents of the error.
Cake\View\Helper\FormHelper::isFieldError(string $fieldName)
Returns true if the supplied $fieldName has an active validation error.
if ($this->Form->isFieldError('gender')) {
echo $this->Form->error('gender');
}

Note: When using View\Helper\FormHelper::input(), errors are rendered by default.

Creating Buttons and Submit Elements

Cake\View\Helper\FormHelper::submit(string $caption, array $options)


Creates a submit input with $caption as the text. If the supplied $caption is a URL to an image, an
image submit button will be generated. The following:
echo $this->Form->submit();

Will output:
<div class="submit"><input value="Submit" type="submit"></div>

You can pass a relative or absolute URL to an image for the caption parameter instead of caption text:
echo $this->Form->submit('ok.png');

Will output:
<div class="submit"><input type="image" src="/img/ok.png"></div>

Submit inputs are useful when you only need basic text or images. If you need more complex button content
you should use button().
Creating Button Elements
Cake\View\Helper\FormHelper::button(string $title, array $options =[])
Creates an HTML button with the specified title and a default type of button.
$options[type] will output one of the three possible button types:

Setting

1. submit: Same as the $this->Form->submit method - (the default).


2. reset: Creates a form reset button.
3. button: Creates a standard push button.
echo
echo
echo
echo

$this->Form->button('A Button');
$this->Form->button('Another Button', ['type' => 'button']);
$this->Form->button('Reset the Form', ['type' => 'reset']);
$this->Form->button('Submit Form', ['type' => 'submit']);

More About Views

273

CakePHP Cookbook Documentation, Release 3.x

Will output:
<button
<button
<button
<button

type="submit">A Button</button>
type="button">Another Button</button>
type="reset">Reset the Form</button>
type="submit">Submit Form</button>

The button input type supports the escape option, which accepts a boolean and defaults to false. It
determines whether to HTML encode the $title of the button:
// Will render escaped HTML.
echo $this->Form->button('<em>Submit Form</em>', [
'type' => 'submit',
'escape' => true
]);

Closing the Form

Cake\View\Helper\FormHelper::end($secureAttributes =[])
The end() method closes and completes a form. Often, end() will only output a closing form
tag, but using end() is a good practice as it enables FormHelper to insert hidden form elements that
Cake\Controller\Component\SecurityComponent requires:
<?= $this->Form->create(); ?>
<!-- Form elements go here -->
<?= $this->Form->end(); ?>

The $secureAttributes parameter allows you to pass additional HTML attributes to the hidden inputs
that are generated when your application is using SecurityComponent. If you need to add additional
attributes to the generated hidden inputs you can use the $secureAttributes argument:
echo $this->Form->end(['data-type' => 'hidden']);

Will output:
<div style="display:none;">
<input type="hidden" name="_Token[fields]" data-type="hidden"
value="2981c38990f3f6ba935e6561dc77277966fabd6d%3AAddresses.id">
<input type="hidden" name="_Token[unlocked]" data-type="hidden"
value="address%7Cfirst_name">
</div>

Note: If you are using Cake\Controller\Component\SecurityComponent in your application


you should always end your forms with end().

274

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Creating Standalone Buttons and POST links

Cake\View\Helper\FormHelper::postButton(string $title, mixed $url, array $options


=[])
Create a <button> tag with a surrounding <form> that submits via POST.
This method creates a <form> element.
So do not use this method in some
opened form.
Instead use Cake\View\Helper\FormHelper::submit() or
Cake\View\Helper\FormHelper::button() to create buttons inside opened forms.
Cake\View\Helper\FormHelper::postLink(string $title, mixed $url = null, array $options =[])
Creates an HTML link, but accesses the URL using method POST. Requires JavaScript to be enabled
in browser.
This method creates a <form> element. So do not use this method inside an existing form. Instead
you should add a submit button using Cake\View\Helper\FormHelper::submit()
Customizing the Templates FormHelper Uses

Like many helpers in CakePHP, FormHelper uses string templates to format the HTML it creates. While the
default templates are intended to be a reasonable set of defaults. You may need to customize the templates
to suit your application.
To change the templates when the helper is loaded you can set the templates option when including the
helper in your controller:
// In a View class
$this->loadHelper('Form', [
'templates' => 'app_form',
]);

This would load the tags in config/app_form.php. This file should contain an array of templates indexed
by name:
// in config/app_form.php
return [
'inputContainer' => '<div class="form-control">{{content}}</div>',
];

Any templates you define will replace the default ones included in the helper. Templates that are not replaced, will continue to use the default values. You can also change the templates at runtime using the
templates() method:
$myTemplates = [
'inputContainer' => '<div class="form-control">{{content}}</div>',
];
$this->Form->templates($myTemplates);

Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>
More About Views

275

CakePHP Cookbook Documentation, Release 3.x

List of Templates A list of the default templates and the variables they can expect are:
button {{attrs}}, {{text}}
checkbox {{name}}, {{value}}, {{attrs}}
checkboxFormGroup {{label}}
checkboxWrapper {{label}}
dateWidget {{year}}, {{month}}, {{day}}, {{hour}}, {{minute}}, {{second}}, {{meridian}}
error {{content}}
errorList {{content}}
errorItem {{text}}
file {{name}}, {{attrs}}
formGroup {{label}}, {{input}}, {{error}}
formStart {{attrs}}
formEnd No variables are provided.
hiddenBlock {{content}}
input {{type}}, {{name}}, {{attrs}}
inputContainer {{type}}, {{required}}, {{content}}
inputContainerError {{type}}, {{required}}, {{content}}, {{error}}
inputSubmit {{type}}, {{attrs}}
label {{attrs}}, {{text}}, {{hidden}}, {{input}}
nestingLabel {{hidden}}, {{attrs}}, {{input}}, {{text}}
legend {{text}}
option {{value}}, {{attrs}}, {{text}}
optgroup {{label}}, {{attrs}}, {{content}}
radio {{name}}, {{value}}, {{attrs}}
radioWrapper {{input}}, {{label}}
select {{name}}, {{attrs}}, {{content}}
selectMultiple {{name}}, {{attrs}}, {{content}}
submitContainer {{content}}
textarea {{name}}, {{attrs}}, {{value}}

276

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

In addition to these templates, the input() method will attempt to use distinct templates for each input
container. For example, when creating a datetime input the datetimeContainer will be used if it is
present. If that container is missing the inputContainer template will be used. For example:
// Add custom radio wrapping HTML
$this->Form->templates([
'radioContainer' => '<div class="form-radio">{{content}}</div>'
]);
// Create a radio set with our custom wrapping div.
echo $this->Form->radio('User.email_notifications', ['y', 'n']);

Similar to input containers, the input() method will also attempt to use distinct templates for each
form group. A form group is a combo of label and input. For example, when creating a radio input the
radioFormGroup will be used if it is present. If that template is missing by default each set of label &
input is rendered using the formGroup template. For example:
// Add custom radio form group
$this->Form->templates([
'radioFormGroup' => '<div class="radio">{{label}}{{input}}</div>'
]);

Moving Checkboxes & Radios Outside of a Label By default CakePHP nests checkboxes and radio
buttons within label elements. This helps make it easier to integrate popular CSS frameworks. If you need
to place checkbox/radio inputs outside of the label you can do so by modifying the templates:
$this->Form->templates([
'nestingLabel' => '{{input}}<label{{attrs}}>{{text}}</label>',
'formGroup' => '{{input}}{{label}}',
]);

This will make radio buttons and checkboxes render outside of their labels.
Generating Entire Forms

Cake\View\Helper\FormHelper::inputs(array $fields =[], $options =[])


Generates a set of inputs for the given context wrapped in a fieldset. You can specify the generated fields by
including them:
echo $this->Form->inputs([
'name' => ['label' => 'custom label']
]);

You can customize the legend text using an option:


echo $this->Form->inputs($fields, ['legend' => 'Update news post']);

You can customize the generated inputs by defining additional options in the $fields parameter:

More About Views

277

CakePHP Cookbook Documentation, Release 3.x

echo $this->Form->inputs([
'name' => ['label' => 'custom label']
]);

When customizing, fields, you can use the $options parameter to control the generated legend/fieldset.
fieldset Set to false to disable the fieldset. You can also pass an array of parameters to be
applied as HTML attributes to the fieldset tag. If you pass an empty array, the fieldset will be displayed
without attributes.
legend Set to false to disable the legend for the generated input set. Or supply a string to customize the legend text.
For example:
echo $this->Form->allInputs(
[
'name' => ['label' => 'custom label']
],
null,
['legend' => 'Update your post']
);

If you disable the fieldset, the legend will not print.


Cake\View\Helper\FormHelper::allInputs(array $fields, $options =[])
This method is closely related to inputs(), however the $fields argument is defaulted to all fields in
the current top-level entity. To exclude specific fields from the generated inputs, set them to false in the
fields parameter:
echo $this->Form->allInputs(['password' => false]);

Creating Inputs for Associated Data

Creating forms for associated data is straightforward and is closely related to the paths in your entitys data.
Assuming the following table relations:
Authors HasOne Profiles
Authors HasMany Articles
Articles HasMany Comments
Articles BelongsTo Authors
Articles BelongsToMany Tags
If we were editing an article with its associations loaded we could create the following inputs:
$this->Form->create($article);
// Article inputs.
echo $this->Form->input('title');

278

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

// Author inputs (belongsTo)


echo $this->Form->input('author.id');
echo $this->Form->input('author.first_name');
echo $this->Form->input('author.last_name');
// Author profile (belongsTo + hasOne)
echo $this->Form->input('author.profile.id');
echo $this->Form->input('author.profile.username');
// Tags inputs (belongsToMany)
echo $this->Form->input('tags.0.id');
echo $this->Form->input('tags.0.name');
echo $this->Form->input('tags.1.id');
echo $this->Form->input('tags.1.name');
// Multiple select element for belongsToMany
echo $this->Form->input('tags._ids', [
'type' => 'select',
'multiple' => true,
'options' => $tagList,
]);
// Inputs for the joint table (articles_tags)
echo $this->Form->input('tags.0._joinData.starred');
echo $this->Form->input('tags.1._joinData.starred');
// Comments inputs (hasMany)
echo $this->Form->input('comments.0.id');
echo $this->Form->input('comments.0.comment');
echo $this->Form->input('comments.1.id');
echo $this->Form->input('comments.1.comment');

The above inputs could then be marshalled into a completed entity graph using the following code in your
controller:
$article = $this->Articles->patchEntity($article, $this->request->data, [
'associated' => [
'Authors',
'Authors.Profiles',
'Tags',
'Comments'
]
]);

Adding Custom Widgets

CakePHP makes it easy to add custom input widgets in your application, and use them like any other input
type. All of the core input types are implemented as wigets, which means you can easily override any core
widget with your own implemenation as well.

More About Views

279

CakePHP Cookbook Documentation, Release 3.x

Building a Widget Class Widget classes have a very simple required interface. They must implement the
Cake\View\Widget\WidgetInterface. This interface requires the render(array $data)
and secureFields(array $data) methods to be implemented. The render() method expects
an array of data to build the widget and is expected to return a string of HTML for the widget. The
secureFields() method expects an array of data as well and is expected to return an array containing the list of fields to secure for this widget. If CakePHP is constructing your widget you can expect to
get a Cake\View\StringTemplate instance as the first argument, followed by any dependencies you
define. If we wanted to build an Autocomplete widget you could do the following:
namespace App\View\Widget;
use Cake\View\Form\ContextInterface;
use Cake\View\Widget\WidgetInterface;
class AutocompleteWidget implements WidgetInterface
{
protected $_templates;
public function __construct($templates)
{
$this->_templates = $templates;
}
public function render(array $data, ContextInterface $context)
{
$data += [
'name' => '',
];
return $this->_templates->format('autocomplete', [
'name' => $data['name'],
'attrs' => $this->_templates->formatAttributes($data, ['name'])
]);
}
public function secureFields(array $data)
{
return [$data['name']];
}
}

Obviously, this is a very simple example, but it demonstrates how a custom widget could be built.
Using Widgets You can load custom widgets when loading FormHelper or by using the addWidget()
method. When loading FormHelper, widgets are defined as a setting:
// In View class
$this->loadHelper('Form', [
'widgets' => [
'autocomplete' => ['Autocomplete']
]
]);

280

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

If your widget requires other widgets, you can have FormHelper populate those dependencies by declaring
them:
$this->loadHelper('Form', [
'widgets' => [
'autocomplete' => [
'App\View\Widget\AutocompleteWidget',
'text',
'label'
]
]
]);

In the above example, the autocomplete widget would depend on the text and label widgets. If your
widget needs access to the View, you should use the _view widget. When the autocomplete widget is
created, it will be passed the widget objects that are related to the text and label names. To add widgets
using the addWidget() method would look like:
// Using a classname.
$this->Form->addWidget(
'autocomplete',
['Autocomplete', 'text', 'label']
);
// Using an instance - requires you to resolve dependencies.
$autocomplete = new AutocompleteWidget(
$this->Form->getTemplater(),
$this->Form->widgetRegistry()->get('text'),
$this->Form->widgetRegistry()->get('label'),
);
$this->Form->addWidget('autocomplete', $autocomplete);

Once added/replaced, widgets can be used as the input type:


echo $this->Form->input('search', ['type' => 'autocomplete']);

This will create the custom widget with a label and wrapping div just like input() always does. Alternatively, you can create just the input widget using the magic method:
echo $this->Form->autocomplete('search', $options);

Working with SecurityComponent

Cake\Controller\Component\SecurityComponent offers several features that make your


forms safer and more secure. By simply including the SecurityComponent in your controller, youll
automatically benefit from form tampering features.
As mentioned previously when using SecurityComponent, you should always close your forms using
View\Helper\FormHelper::end(). This will ensure that the special _Token inputs are generated.
Cake\View\Helper\FormHelper::unlockField($name)

More About Views

281

CakePHP Cookbook Documentation, Release 3.x

Unlocks a field making it exempt from the SecurityComponent field hashing. This also allows
the fields to be manipulated by JavaScript. The $name parameter should be the entity property name
for the input:
$this->Form->unlockField('id');

Cake\View\Helper\FormHelper::secure(array $fields =[])


Generates a hidden field with a security hash based on the fields used in the form.
Html
class Cake\View\Helper\HtmlHelper(View $view, array $config =[])
The role of the HtmlHelper in CakePHP is to make HTML-related options easier, faster, and more resilient
to change. Using this helper will enable your application to be more light on its feet, and more flexible on
where it is placed in relation to the root of a domain.
Many HtmlHelper methods include a $attributes parameter, that allow you to tack on any extra attributes on your tags. Here are a few examples of how to use the $attributes parameter:
Desired attributes: <tag class="someClass" />
Array parameter: ['class' => 'someClass']
Desired attributes: <tag name="foo" value="bar" />
Array parameter: ['name' => 'foo', 'value' => 'bar']

Inserting Well-Formatted Elements

The most important task the HtmlHelper accomplishes is creating well formed markup. This section will
cover some of the methods of the HtmlHelper and how to use them.
Creating Charset Tags
Cake\View\Helper\HtmlHelper::charset($charset=null)
Used to create a meta tag specifying the documents character. The default value is UTF-8. An example use:
echo $this->Html->charset();

Will output:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

Alternatively,
echo $this->Html->charset('ISO-8859-1');

Will output:
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

282

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Linking to CSS Files


Cake\View\Helper\HtmlHelper::css(mixed $path, array $options =[])
Creates a link(s) to a CSS style-sheet. If the block option is set to true, the link tags are added to the
css block which you can print inside the head tag of the document.
You can use the block option to control which block the link element will be appended to. By default it
will append to the css block.
If key rel in $options array is set to import the stylesheet will be imported.
This method of CSS inclusion assumes that the CSS file specified resides inside the webroot/css directory
if path doesnt start with a /.
echo $this->Html->css('forms');

Will output:
<link rel="stylesheet" href="/css/forms.css" />

The first parameter can be an array to include multiple files.


echo $this->Html->css(['forms', 'tables', 'menu']);

Will output:
<link rel="stylesheet" href="/css/forms.css" />
<link rel="stylesheet" href="/css/tables.css" />
<link rel="stylesheet" href="/css/menu.css" />

You can include CSS files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/css/toolbar.css you could use the following:

To include plug-

echo $this->Html->css('DebugKit.toolbar.css');

If you want to include a CSS file which shares a name with a loaded plugin you can do the following. For
example if you had a Blog plugin, and also wanted to include webroot/css/Blog.common.css, you would:
echo $this->Html->css('Blog.common.css', ['plugin' => false]);

Creating CSS Programatically


Cake\View\Helper\HtmlHelper::style(array $data, boolean $oneline = true)
Builds CSS style definitions based on the keys and values of the array passed to the method. Especially
handy if your CSS file is dynamic.
echo $this->Html->style([
'background' => '#633',
'border-bottom' => '1px solid #000',
'padding' => '10px'
]);

Will output:

More About Views

283

CakePHP Cookbook Documentation, Release 3.x

background:#633; border-bottom:1px solid #000; padding:10px;

Creating meta Tags


Cake\View\Helper\HtmlHelper::meta(string $type, string $url = null, array $options =[
])
This method is handy for linking to external resources like RSS/Atom feeds and favicons. Like css(), you
can specify whether or not youd like this tag to appear inline or appended to the meta block by setting the
block key in the $attributes parameter to true, ie - [block => true].
If you set the type attribute using the $attributes parameter, CakePHP contains a few shortcuts:
type
html
rss
atom
icon

translated value
text/html
application/rss+xml
application/atom+xml
image/x-icon

<?= $this->Html->meta(
'favicon.ico',
'/favicon.ico',
['type' => 'icon']
);
?>
// Output (line breaks added)
<link
href="http://example.com/favicon.ico"
title="favicon.ico" type="image/x-icon"
rel="alternate"
/>
<?= $this->Html->meta(
'Comments',
'/comments/index.rss',
['type' => 'rss']
);
?>
// Output (line breaks added)
<link
href="http://example.com/comments/index.rss"
title="Comments"
type="application/rss+xml"
rel="alternate"
/>

This method can also be used to add the meta keywords and descriptions. Example:
<?= $this->Html->meta(
'keywords',
'enter any meta keyword here'
);
?>
// Output
<meta name="keywords" content="enter any meta keyword here" />

284

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<?= $this->Html->meta(
'description',
'enter any meta description here'
);
?>
// Output
<meta name="description" content="enter any meta description here" />

Creating Doctype Tags


Cake\View\Helper\HtmlHelper::docType(string $type = html5)
Returns a (X)HTML doctype tag. Supply the doctype according to the following table:
type
html4-strict
html4-trans
html4-frame
html5
xhtml-strict
xhtml-trans
xhtml-frame
xhtml11

translated value
HTML4 Strict
HTML4 Transitional
HTML4 Frameset
HTML5
XHTML1 Strict
XHTML1 Transitional
XHTML1 Frameset
XHTML1.1

echo $this->Html->docType();
// Outputs: <!DOCTYPE html>
echo $this->Html->docType('html4-trans');
// Outputs:
// <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
//
"http://www.w3.org/TR/html4/loose.dtd">

Linking to Images
Cake\View\Helper\HtmlHelper::image(string $path, array $options =[])
Creates a formatted image tag. The path supplied should be relative to webroot/img/.
echo $this->Html->image('cake_logo.png', ['alt' => 'CakePHP']);

Will output:
<img src="/img/cake_logo.png" alt="CakePHP" />

To create an image link specify the link destination using the url option in $attributes.
echo $this->Html->image("recipes/6.jpg", [
"alt" => "Brownies",
'url' => ['controller' => 'Recipes', 'action' => 'view', 6]
]);

Will output:

More About Views

285

CakePHP Cookbook Documentation, Release 3.x

<a href="/recipes/view/6">
<img src="/img/recipes/6.jpg" alt="Brownies" />
</a>

If you are creating images in emails, or want absolute paths to images you can use the fullBase option:
echo $this->Html->image("logo.png", ['fullBase' => true]);

Will output:
<img src="http://example.com/img/logo.jpg" alt="" />

You can include image files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/img/icon.png You could use the following:

To include plug-

echo $this->Html->image('DebugKit.icon.png');

If you want to include an image file which shares a name with a loaded plugin you can do the following.
For example if you had a Blog plugin, and also wanted to include webroot/js/Blog.icon.png, you
would:
echo $this->Html->image('Blog.icon.png', ['plugin' => false]);

Creating Links
Cake\View\Helper\HtmlHelper::link(string $title, mixed $url = null, array $options =[
])
General purpose method for creating HTML links. Use $options to specify attributes for the element and
whether or not the $title should be escaped.
echo $this->Html->link(
'Enter',
'/pages/home',
['class' => 'button', 'target' => '_blank']
);

Will output:
<a href="/pages/home" class="button" target="_blank">Enter</a>

Use _full=>true option for absolute URLs:


echo $this->Html->link(
'Dashboard',
['controller' => 'Dashboards', 'action' => 'index', '_full' => true]
);

Will output:
<a href="http://www.yourdomain.com/dashboards/index">Dashboard</a>

Specify confirm key in options to display a JavaScript confirm() dialog:

286

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

echo $this->Html->link(
'Delete',
['controller' => 'Recipes', 'action' => 'delete', 6],
['confirm' => 'Are you sure you wish to delete this recipe?'],
);

Will output:
<a href="/recipes/delete/6"
onclick="return confirm(
'Are you sure you wish to delete this recipe?'
);">
Delete
</a>

Query strings can also be created with link().


echo $this->Html->link('View image', [
'controller' => 'Images',
'action' => 'view',
1,
'?' => ['height' => 400, 'width' => 500]
]);

Will output:
<a href="/images/view/1?height=400&width=500">View image</a>

HTML special characters in $title will be converted to HTML entities. To disable this conversion, set
the escape option to false in the $options array.
echo $this->Html->link(
$this->Html->image("recipes/6.jpg", ["alt" => "Brownies"]),
"recipes/view/6",
['escape' => false]
);

Will output:
<a href="/recipes/view/6">
<img src="/img/recipes/6.jpg" alt="Brownies" />
</a>

Setting escape to false will also disable escaping of attributes of the link. You can use the option
escapeTitle to disable just escaping of title and not the attributes.
echo $this->Html->link(
$this->Html->image('recipes/6.jpg', ['alt' => 'Brownies']),
'recipes/view/6',
['escapeTitle' => false, 'title' => 'hi "howdy"']
);

Will output:

More About Views

287

CakePHP Cookbook Documentation, Release 3.x

<a href="/recipes/view/6" title="hi &quot;howdy&quot;">


<img src="/img/recipes/6.jpg" alt="Brownies" />
</a>

Also check Cake\View\Helper\UrlHelper::build() method for more examples of different


types of URLs.
Linking to Videos and Audio Files
Cake\View\Helper\HtmlHelper::media(string|array $path, array $options)
Options:
type Type of media element to generate, valid values are audio or video. If type is not provided
media type is guessed based on files mime type.
text Text to include inside the video tag
pathPrefix Path prefix to use for relative URLs, defaults to files/
fullBase If provided the src attribute will get a full address including domain name
Returns a formatted audio/video tag:
<?= $this->Html->media('audio.mp3') ?>
// Output
<audio src="/files/audio.mp3"></audio>
<?= $this->Html->media('video.mp4', [
'fullBase' => true,
'text' => 'Fallback text'
]) ?>
// Output
<video src="http://www.somehost.com/files/video.mp4">Fallback text</video>

<?= $this->Html->media(
['video.mp4', ['src' => 'video.ogg', 'type' => "video/ogg; codecs='theora, vorbis'"]],
['autoplay']
) ?>
// Output
<video autoplay="autoplay">
<source src="/files/video.mp4" type="video/mp4"/>
<source src="/files/video.ogg" type="video/ogg;
codecs='theora, vorbis'"/>
</video>

Linking to Javascript Files


Cake\View\Helper\HtmlHelper::script(mixed $url, mixed $options)
Include a script file(s), contained either locally or as a remote URL.
By default, script tags are added to the document inline.
If you override this by setting
$options[block] to true, the script tags will instead be added to the script block which you
288

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

can print elsewhere in the document. If you wish to override which block name is used, you can do so by
setting $options[block].
$options[once] controls whether or not you want to include this script once per request or more
than once. This defaults to true.
You can use $options to set additional properties to the generated script tag. If an array of script tags is used,
the attributes will be applied to all of the generated script tags.
This method of JavaScript file inclusion assumes that the JavaScript file specified resides inside the webroot/js directory:
echo $this->Html->script('scripts');

Will output:
<script src="/js/scripts.js"></script>

You can link to files with absolute paths as well to link files that are not in webroot/js:
echo $this->Html->script('/otherdir/script_file');

You can also link to a remote URL:


echo $this->Html->script('http://code.jquery.com/jquery.min.js');

Will output:
<script src="http://code.jquery.com/jquery.min.js"></script>

The first parameter can be an array to include multiple files.


echo $this->Html->script(['jquery', 'wysiwyg', 'scripts']);

Will output:
<script src="/js/jquery.js"></script>
<script src="/js/wysiwyg.js"></script>
<script src="/js/scripts.js"></script>

You can append the script tag to a specific block using the block option:
echo $this->Html->script('wysiwyg', ['block' => 'scriptBottom']);

In your layout you can output all the script tags added to scriptBottom:
echo $this->fetch('scriptBottom');

You can include script files from any loaded plugin using plugin syntax.
ins/DebugKit/webroot/js/toolbar.js You could use the following:

To include plug-

echo $this->Html->script('DebugKit.toolbar.js');

If you want to include a script file which shares a name with a loaded plugin you can do the following. For
example if you had a Blog plugin, and also wanted to include webroot/js/Blog.plugins.js, you
would:
More About Views

289

CakePHP Cookbook Documentation, Release 3.x

echo $this->Html->script('Blog.plugins.js', ['plugin' => false]);

Creating Inline Javascript Blocks


Cake\View\Helper\HtmlHelper::scriptBlock($code, $options =[])
Generate a code block containing $code set $options[block] to true to have the script block
appear in the script view block. Other options defined will be added as attributes to script tags.
$this->Html->scriptBlock(stuff, [defer => true]); will create a script tag with
defer="defer" attribute.
Creating Javascript Blocks
Cake\View\Helper\HtmlHelper::scriptStart($options =[])
Begin a buffering code block. This code block will capture all output between scriptStart() and
scriptEnd() and create an script tag. Options are the same as scriptBlock(). An example of using
scriptStart() and scriptEnd() would be:
$this->Html->scriptStart(['block' => true]);
echo "alert('I am in the JavaScript');"
$this->Html->scriptEnd();

Creating Nested Lists


Cake\View\Helper\HtmlHelper::nestedList(array $list, array $options =[], array
$itemOptions =[])
Build a nested list (UL/OL) out of an associative array:
$list = [
'Languages' => [
'English' => [
'American',
'Canadian',
'British',
],
'Spanish',
'German',
]
];
echo $this->Html->nestedList($list);

Output:
// Output (minus the whitespace)
<ul>
<li>Languages
<ul>
<li>English
<ul>
<li>American</li>
<li>Canadian</li>
<li>British</li>
</ul>

290

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

</li>
<li>Spanish</li>
<li>German</li>
</ul>
</li>
</ul>

Creating Table Headings


Cake\View\Helper\HtmlHelper::tableHeaders(array $names, array $trOptions =
null, array $thOptions = null)
Creates a row of table header cells to be placed inside of <table> tags.
echo $this->Html->tableHeaders(['Date', 'Title', 'Active']);

Output:
<tr>
<th>Date</th>
<th>Title</th>
<th>Active</th>
</tr>
echo $this->Html->tableHeaders(
['Date','Title','Active'],
['class' => 'status'],
['class' => 'product_table']
);

Output:
<tr class="status">
<th class="product_table">Date</th>
<th class="product_table">Title</th>
<th class="product_table">Active</th>
</tr>

You can set attributes per column, these are used instead of the defaults provided in the $thOptions:
echo $this->Html->tableHeaders([
'id',
['Name' => ['class' => 'highlight']],
['Date' => ['class' => 'sortable']]
]);

Output:
<tr>
<th>id</th>
<th class="highlight">Name</th>
<th class="sortable">Date</th>
</tr>

More About Views

291

CakePHP Cookbook Documentation, Release 3.x

Creating Table Cells


Cake\View\Helper\HtmlHelper::tableCells(array $data, array $oddTrOptions =
null, array $evenTrOptions = null,
$useCount = false, $continueOddEven =
true)
Creates table cells, in rows, assigning <tr> attributes differently for odd- and even-numbered rows. Wrap a
single table cell within an [] for specific <td>-attributes.
echo $this->Html->tableCells([
['Jul 7th, 2007', 'Best Brownies', 'Yes'],
['Jun 21st, 2007', 'Smart Cookies', 'Yes'],
['Aug 1st, 2006', 'Anti-Java Cake', 'No'],
]);

Output:
<tr><td>Jul 7th, 2007</td><td>Best Brownies</td><td>Yes</td></tr>
<tr><td>Jun 21st, 2007</td><td>Smart Cookies</td><td>Yes</td></tr>
<tr><td>Aug 1st, 2006</td><td>Anti-Java Cake</td><td>No</td></tr>
echo $this->Html->tableCells([
['Jul 7th, 2007', ['Best Brownies', ['class' => 'highlight']] , 'Yes'],
['Jun 21st, 2007', 'Smart Cookies', 'Yes'],
['Aug 1st, 2006', 'Anti-Java Cake', ['No', ['id' => 'special']]],
]);

Output:
<tr>
<td>
Jul 7th, 2007
</td>
<td class="highlight">
Best Brownies
</td>
<td>
Yes
</td>
</tr>
<tr>
<td>
Jun 21st, 2007
</td>
<td>
Smart Cookies
</td>
<td>
Yes
</td>
</tr>
<tr>
<td>
Aug 1st, 2006
</td>

292

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<td>
Anti-Java Cake
</td>
<td id="special">
No
</td>
</tr>
echo $this->Html->tableCells(
[
['Red', 'Apple'],
['Orange', 'Orange'],
['Yellow', 'Banana'],
],
['class' => 'darker']
);

Output:
<tr class="darker"><td>Red</td><td>Apple</td></tr>
<tr><td>Orange</td><td>Orange</td></tr>
<tr class="darker"><td>Yellow</td><td>Banana</td></tr>

Changing the Tags Output by HtmlHelper

Cake\View\Helper\HtmlHelper::templates($templates)
The $templates parameter can be either a string file path to the PHP file containing the tags you want to
load, or an array of templates to add/replace:
// Load templates from config/my_html.php
$this->Html->templates('my_html.php');
// Load specific templates.
$this->Html->templates([
'javascriptlink' => '<script src="{{url}}" type="text/javascript"{{attrs}}></script>'
]);

When loading files of templates, your file should look like:


<?php
return [
'javascriptlink' => '<script src="{{url}}" type="text/javascript"{{attrs}}></script>'
];

Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>

More About Views

293

CakePHP Cookbook Documentation, Release 3.x

Creating Breadcrumb Trails with HtmlHelper

Cake\View\Helper\HtmlHelper::addCrumb(string $name, string $link = null, mixed


$options = null)
Cake\View\Helper\HtmlHelper::getCrumbs(string $separator = &raquo;, string
$startText = false)
Cake\View\Helper\HtmlHelper::getCrumbList(array $options =[], $startText =
false)
Many applications have breadcrumb trails to ease end user navigations. You can create a breadcrumb trail
in your app with some help from HtmlHelper. To make bread crumbs, first the following in your layout
template:
echo $this->Html->getCrumbs(' > ', 'Home');

The $startText option can also accept an array. This gives more control over the generated first link:
echo $this->Html->getCrumbs(' > ', [
'text' => $this->Html->image('home.png'),
'url' => ['controller' => 'Pages', 'action' => 'display', 'home'],
'escape' => false
]);

Any keys that are not text or url will be passed to link() as the $options parameter.
Now, in your view youll want to add the following to start the breadcrumb trails on each of the pages:
$this->Html->addCrumb('Users', '/users');
$this->Html->addCrumb('Add User', ['controller' => 'Users', 'action' => 'add']);

This will add the output of Home > Users > Add User in your layout where getCrumbs was added.
You can also fetch the crumbs formatted inside an HTML list:
echo $this->Html->getCrumbList();

As options you can use regular HTML parameter that fits in the <ul> (Unordered List) such as class and
for the specific options, you have: separator (will be between the <li> elements), firstClass and
lastClass like:
echo $this->Html->getCrumbList(
[
'firstClass' => false,
'lastClass' => 'active',
'class' => 'breadcrumb'
],
'Home'
);

This method uses Cake\View\Helper\HtmlHelper::tag() to generate list and its elements.


Works similar to View\Helper\HtmlHelper::getCrumbs(), so it uses options which every crumb
was added with. You can use the $startText parameter to provide the first breadcrumb link/text. This

294

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

is useful when you always want to include a root link. This option works the same as the $startText
option for View\Helper\HtmlHelper::getCrumbs().
Number
class Cake\View\Helper\NumberHelper(View $view, array $config =[])
The NumberHelper contains convenient methods that enable display numbers in common formats in your
views. These methods include ways to format currency, percentages, data sizes, format numbers to specific
precisions and also to give you more flexibility with formatting numbers.
All of these functions return the formatted number; they do not automatically echo the output into the view.
Formatting Currency Values

Cake\View\Helper\NumberHelper::currency(mixed $value, string $currency = null,


array $options =[])
This method is used to display a number in common currency formats (EUR, GBP, USD). Usage in a view
looks like:
// Called as NumberHelper
echo $this->Number->currency($value, $currency);
// Called as Number
echo Number::currency($value, $currency);

The first parameter, $value, should be a floating point number that represents the amount of money you
are expressing. The second parameter is a string used to choose a predefined currency formatting scheme:
$currency
EUR
GBP
USD

1234.56, formatted by currency type


C1.234,56
1,234.56
$1,234.56

The third parameter is an array of options for further defining the output. The following options are available:
Option
before
after
zero
places
precision
locale
fractionSymbol
fractionPosition
pattern
useIntlCode

Description
Text to display before the rendered number.
Text to display before the rendered number.
The text to use for zero values; can be a string or a number. ie. 0, Free!.
Number of decimal places to use, ie. 2
Maximal number of decimal places to use, ie. 2
The locale name to use for formating number, ie. fr_FR.
String to use for fraction numbers, ie. cents.
Either before or after to place the fraction symbol.
An ICU number pattern to use for formatting the number ie. #,###.00
Set to true to replace the currency symbol with the international currency code.

If
$currency
value
is
null,
the
default
Cake\I18n\Number::defaultCurrency()
More About Views

currency

will

be

retrieved

from

295

CakePHP Cookbook Documentation, Release 3.x

Setting the Default Currency

Cake\View\Helper\NumberHelper::defaultCurrency($currency)
Setter/getter for the default currency.
This removes the need to always pass the currency to
Cake\I18n\Number::currency() and change all currency outputs by setting other default. If
$currency is set to false, it will clear the currently stored value. By default, it will retrieve the
intl.default_locale if set and en_US if not.
Formatting Floating Point Numbers

Cake\View\Helper\NumberHelper::precision(float $value, int $precision = 3, array


$options =[])
This method displays a number with the specified amount of precision (decimal places). It will round in
order to maintain the level of precision defined.
// Called as NumberHelper
echo $this->Number->precision(456.91873645, 2);
// Outputs
456.92
// Called as Number
echo Number::precision(456.91873645, 2);

Formatting Percentages

Cake\View\Helper\NumberHelper::toPercentage(mixed $value, int $precision = 2,


array $options =[])
Option
multiply

Description
Boolean to indicate whether the value has to be multiplied by 100. Useful for decimal
percentages.

Like Cake\I18n\Number::precision(), this method formats a number according to the supplied


precision (where numbers are rounded to meet the given precision). This method also expresses the number
as a percentage and prepends the output with a percent sign.
// Called as NumberHelper. Output: 45.69%
echo $this->Number->toPercentage(45.691873645);
// Called as Number. Output: 45.69%
echo Number::toPercentage(45.691873645);
// Called with multiply. Output: 45.7%
echo Number::toPercentage(0.45691, 1, [
'multiply' => true
]);

296

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Interacting with Human Readable Values

Cake\View\Helper\NumberHelper::toReadableSize(string $size)
This method formats data sizes in human readable forms. It provides a shortcut way to convert bytes to
KB, MB, GB, and TB. The size is displayed with a two-digit precision level, according to the size of data
supplied (i.e. higher sizes are expressed in larger terms):
// Called as NumberHelper
echo $this->Number->toReadableSize(0); // 0 Byte
echo $this->Number->toReadableSize(1024); // 1 KB
echo $this->Number->toReadableSize(1321205.76); // 1.26 MB
echo $this->Number->toReadableSize(5368709120); // 5 GB
// Called as Number
echo Number::toReadableSize(0); // 0 Byte
echo Number::toReadableSize(1024); // 1 KB
echo Number::toReadableSize(1321205.76); // 1.26 MB
echo Number::toReadableSize(5368709120); // 5 GB

Formatting Numbers

Cake\View\Helper\NumberHelper::format(mixed $value, array $options =[])


This method gives you much more control over the formatting of numbers for use in your views (and is used
as the main method by most of the other NumberHelper methods). Using this method might looks like:
// Called as NumberHelper
$this->Number->format($value, $options);
// Called as Number
Number::format($value, $options);

The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter is where the real magic for this method resides.
If you pass an integer then this becomes the amount of precision or places for the function.
If you pass an associated array, you can use the following keys:
Option
places
precision
pattern
locale
before
after

Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
An ICU number pattern to use for formatting the number ie. #,###.00
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.

Example:

More About Views

297

CakePHP Cookbook Documentation, Release 3.x

// Called as NumberHelper
echo $this->Number->format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo $this->Number->format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'
// Called as Number
echo Number::format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo Number::format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'

Format Differences

Cake\View\Helper\NumberHelper::formatDelta(mixed $value, array $options =[])


This method displays differences in value as a signed number:
// Called as NumberHelper
$this->Number->formatDelta($value, $options);
// Called as Number
Number::formatDelta($value, $options);

The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter takes the same keys as Number::format() itself:
Option
places
precision
locale
before
after

Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.

Example:

298

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

// Called as NumberHelper
echo $this->Number->formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
// Called as Number
echo Number::formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'

Warning: All symbols are UTF-8.

Paginator
class Cake\View\Helper\PaginatorHelper(View $view, array $config =[])
The Pagination helper is used to output pagination controls such as page numbers and next/previous links.
It works in tandem with PaginatorComponent.
See also Pagination for information on how to create paginated datasets and do paginated queries.
PaginatorHelper Templates

Internally PaginatorHelper uses a series of simple HTML templates to generate markup. You can modify
these templates to customize the HTML generated by the PaginatorHelper.
Templates use {{var}} style placeholders. It is important to not add any spaces around the {{}} or the
replacements will not work.
Loading Templates from a File When adding the PaginatorHelper in your controller, you can define the
templates setting to define a template file to load. This allows you easily customize multiple templates and
keep your code DRY:
// In a controller.
public $helpers = [
'Paginator' => ['templates' => 'paginator-templates']
];

This will load the file located at config/paginator-templates.php. See the example below for
how the file should look like. You can also load templates from a plugin using plugin syntax:

More About Views

299

CakePHP Cookbook Documentation, Release 3.x

// In a controller.
public $helpers = [
'Paginator' => ['templates' => 'MyPlugin.paginator-templates']
];

Whether your templates are in the primary application or a plugin, your templates file should look something
like:
return [
'number' => '<a href="{{url}}">{{text}}</a>',
];

Changing Templates at Run-time


Cake\View\Helper\PaginatorHelper::templates($templates = null)
This method allows you to change the templates used by PaginatorHelper at runtime. This can be useful
when you want to customize templates for a particular method call:
// Read the current template value.
$result = $this->Paginator->templates('number');
// Change a template
$this->Paginator->templates([
'number' => '<em><a href="{{url}}">{{text}}</a></em>'
]);

Warning: Template strings containing a percentage sign (%) need special attention, you should prefix
this character with another percentage so it looks like %%. The reason is that internally templates are compiled to be used with sprintf(). Example: <div style=width:{{size}}%%>{{content}}</div>

Template Names PaginatorHelper uses the following templates:


nextActive The active state for a link generated by next().
nextDisabled The disabled state for next().
prevActive The active state for a link generated by prev().
prevDisabled The disabled state for prev()
counterRange The template counter() uses when format == range.
counterPages The template counter() uses when format == pages.
first The template used for a link generated by first().
last The template used for a link generated by last()
number The template used for a link generated by numbers().
current The template used for the current page.
ellipsis The template used for ellipses generated by numbers().
sort The template for a sort link with no direction.
300

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

sortAsc The template for a sort link with an ascending direction.


sortDesc The template for a sort link with a descending direction.
Creating Sort Links

Cake\View\Helper\PaginatorHelper::sort($key, $title = null, $options =[])


Parameters
$key (string) The name of the column that the recordset should be sorted.
$title (string) Title for the link. If $title is null $key will be used for the title and
will be generated by inflection.
$options (array) Options for sorting link.
Generates a sorting link. Sets querystring parameters for the sort and direction. Links will default to sorting
by asc. After the first click, links generated with sort() will handle direction switching automatically. If
the resultset is sorted asc by the specified key the returned link will sort by desc.
Accepted keys for $options:
escape Whether you want the contents HTML entity encoded, defaults to true.
model The model to use, defaults to PaginatorHelper::defaultModel().
direction The default direction to use when this link isnt active.
lock Lock direction. Will only use the default direction then, defaults to false.
Assuming you are paginating some posts, and are on page one:
echo $this->Paginator->sort('user_id');

Output:
<a href="/posts/index?page=1&amp;sort=user_id&amp;direction=asc">User Id</a>

You can use the title parameter to create custom text for your link:
echo $this->Paginator->sort('user_id', 'User account');

Output:
<a href="/posts/index?page=1&amp;sort=user_id&amp;direction=asc">User account</a>

If you are using HTML like images in your links remember to set escaping off:
echo $this->Paginator->sort(
'user_id',
'<em>User account</em>',
['escape' => false]
);

Output:

More About Views

301

CakePHP Cookbook Documentation, Release 3.x

<a href="/posts/index?page=1&amp;sort=user_id&amp;direction=asc"><em>User account</em></a>

The direction option can be used to set the default direction for a link. Once a link is active, it will automatically switch directions like normal:
echo $this->Paginator->sort('user_id', null, ['direction' => 'desc']);

Output:
<a href="/posts/index?page=1&amp;sort=user_id&amp;direction=desc">User Id</a>

The lock option can be used to lock sorting into the specified direction:
echo $this->Paginator->sort('user_id', null, ['direction' => 'asc', 'lock' => true]);

Cake\View\Helper\PaginatorHelper::sortDir(string $model = null, mixed $options


=[])
Gets the current direction the recordset is sorted.
Cake\View\Helper\PaginatorHelper::sortKey(string $model = null, mixed $options
=[])
Gets the current key by which the recordset is sorted.
Creating page number links

Cake\View\Helper\PaginatorHelper::numbers($options =[])
Returns a set of numbers for the paged result set. Uses a modulus to decide how many numbers to show on
each side of the current page By default 8 links on either side of the current page will be created if those
pages exist. Links will not be generated for pages that do not exist. The current page is also not a link.
Supported options are:
before Content to be inserted before the numbers.
after Content to be inserted after the numbers.
model Model to create numbers for, defaults to PaginatorHelper::defaultModel().
modulus how many numbers to include on either side of the current page, defaults to 8.
first Whether you want first links generated, set to an integer to define the number of first links
to generate. Defaults to false. If a string is set a link to the first page will be generated with the
value as the title:
echo $this->Paginator->numbers(['first' => 'First page']);

last Whether you want last links generated, set to an integer to define the number of last links to
generate. Defaults to false. Follows the same logic as the first option. There is a last()
method to be used separately as well if you wish.
While this method allows a lot of customization for its output. It is also ok to just call the method without
any params.

302

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

echo $this->Paginator->numbers();

Using the first and last options you can create links to the beginning and end of the page set. The following
would create a set of page links that include links to the first 2 and last 2 pages in the paged results:
echo $this->Paginator->numbers(['first' => 2, 'last' => 2]);

Creating jump links

In addition to generating links that go directly to specific page numbers, youll often want links that go to
the previous and next links, first and last pages in the paged data set.
Cake\View\Helper\PaginatorHelper::prev($title = << Previous, $options =[])
Parameters
$title (string) Title for the link.
$options (mixed) Options for pagination link.
Generates a link to the previous page in a set of paged records.
$options supports the following keys:
escape Whether you want the contents HTML entity encoded, defaults to true.
model The model to use, defaults to PaginatorHelper::defaultModel().
disabledTitle The text to use when the link is disabled. Defaults to the $title parameter.
A simple example would be:
echo $this->Paginator->prev(' << ' . __('previous'));

If you were currently on the second page of posts, you would get the following:
<li class="prev">
<a rel="prev" href="/posts/index?page=1&amp;sort=title&amp;order=desc">
&lt;&lt; previous
</a>
</li>

If there were no previous pages you would get:


<li class="prev disabled"><span>&lt;&lt; previous</span></li>

To change the templates used by this method see PaginatorHelper Templates.


Cake\View\Helper\PaginatorHelper::next($title = Next >>, $options =[])
This method is identical to prev() with a few exceptions. It creates links pointing to the next page
instead of the previous one. It also uses next as the rel attribute value instead of prev
Cake\View\Helper\PaginatorHelper::first($first = << first, $options =[])
Returns a first or set of numbers for the first pages. If a string is given, then only a link to the first
page with the provided text will be created:
More About Views

303

CakePHP Cookbook Documentation, Release 3.x

echo $this->Paginator->first('< first');

The above creates a single link for the first page. Will output nothing if you are on the first page. You
can also use an integer to indicate how many first paging links you want generated:
echo $this->Paginator->first(3);

The above will create links for the first 3 pages, once you get to the third or greater page. Prior to that
nothing will be output.
The options parameter accepts the following:
model The model to use defaults to PaginatorHelper::defaultModel()
escape Whether or not the text should be escaped. Set to false if your content contains
HTML.
Cake\View\Helper\PaginatorHelper::last($last = last >>, $options =[])
This method works very much like the first() method. It has a few differences though. It will not
generate any links if you are on the last page for a string values of $last. For an integer value of
$last no links will be generated once the user is inside the range of last pages.
Checking the Pagination State

Cake\View\Helper\PaginatorHelper::current(string $model = null)


Gets the current page of the recordset for the given model:
// Our URL is: http://example.com/comments/view/page:3
echo $this->Paginator->current('Comment');
// Output is 3

Cake\View\Helper\PaginatorHelper::hasNext(string $model = null)


Returns true if the given result set is not at the last page.
Cake\View\Helper\PaginatorHelper::hasPrev(string $model = null)
Returns true if the given result set is not at the first page.
Cake\View\Helper\PaginatorHelper::hasPage(string $model = null, integer $page =
1)
Returns true if the given result set has the page number given by $page.
Creating a Page Counter

Cake\View\Helper\PaginatorHelper::counter($options =[])
Returns a counter string for the paged result set. Using a provided format string and a number of options
you can create localized and application specific indicators of where a user is in the paged data set.
There are a number of options for counter(). The supported ones are:

304

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

format Format of the counter. Supported formats are range, pages and custom. Defaults to pages
which would output like 1 of 10. In the custom mode the supplied string is parsed and tokens are
replaced with actual values. The available tokens are:
{{page}} - the current page displayed.
{{pages}} - total number of pages.
{{current}} - current number of records being shown.
{{count}} - the total number of records in the result set.
{{start}} - number of the first record being displayed.
{{end} - number of the last record being displayed.
{{model}} - The pluralized human form of the model name. If your model was RecipePage,
{{model}} would be recipe pages.
You could also supply only a string to the counter method using the tokens available. For example:
echo $this->Paginator->counter(
'Page {{page}} of {{pages}}, showing {{current}} records out of
{{count}} total, starting on record {{start}}, ending on {{end}}'
);

Setting format to range would output like 1 - 3 of 13:


echo $this->Paginator->counter([
'format' => 'range'
]);

model
The
name
of
the
model
being
paginated,
defaults
to
PaginatorHelper::defaultModel(). This is used in conjunction with the custom
string on format option.
Modifying the Options PaginatorHelper Uses

Cake\View\Helper\PaginatorHelper::options($options =[])
Sets all the options for the Paginator Helper. Supported options are:
url The URL of the paginating action. url has a few sub options as well:
sort The key that the records are sorted by.
direction The direction of the sorting. Defaults to ASC.
page The page number to display.
The above mentioned options can be used to force particular pages/directions. You can also append
additional URL content into all URLs generated in the helper:
$this->Paginator->options([
'url' => [
'sort' => 'email',

More About Views

305

CakePHP Cookbook Documentation, Release 3.x

'direction' => 'desc',


'page' => 6,
'lang' => 'en'
]
]);

The above adds the en route parameter to all links the helper will generate. It will also create links
with specific sort, direction and page values. By default PaginatorHelper will merge in all of the
current passed arguments and query string parameters.
escape Defines if the title field for links should be HTML escaped. Defaults to true.
model
The
name
of
the
model
PaginatorHelper::defaultModel().

being

paginated,

defaults

to

Pagination in Views

Its up to you to decide how to show records to the user, but most often this will be done inside HTML
tables. The examples below assume a tabular layout, but the PaginatorHelper available in views doesnt
always need to be restricted as such.
See the details on PaginatorHelper5 in the API. As mentioned, the PaginatorHelper also offers sorting features which can be easily integrated into your table column headers:
<!-- src/Template/Posts/index.ctp -->
<table>
<tr>
<th><?= $this->Paginator->sort('id', 'ID') ?></th>
<th><?= $this->Paginator->sort('title', 'Title') ?></th>
</tr>
<?php foreach ($recipes as $recipe): ?>
<tr>
<td><?= $recipe->id ?> </td>
<td><?= h($recipe->title) ?> </td>
</tr>
<?php endforeach; ?>
</table>

The links output from the sort() method of the PaginatorHelper allow users to click on table headers
to toggle the sorting of the data by a given field.
It is also possible to sort a column based on associations:
<table>
<tr>
<th><?= $this->Paginator->sort('title', 'Title') ?></th>
<th><?= $this->Paginator->sort('Authors.name', 'Author') ?></th>
</tr>
<?php foreach ($recipes as $recipe): ?>
<tr>
<td><?= h($recipe->title) ?> </td>
5

http://api.cakephp.org/3.0/class/paginator-helper

306

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

<td><?= h($recipe->name) ?> </td>


</tr>
<?php endforeach; ?>
</table>

The final ingredient to pagination display in views is the addition of page navigation, also supplied by the
PaginationHelper:
// Shows the page numbers
<?= $this->Paginator->numbers() ?>
// Shows the next and previous links
<?= $this->Paginator->prev(' Previous') ?>
<?= $this->Paginator->next('Next ') ?>
// Prints X of Y, where X is current page and Y is number of pages
<?= $this->Paginator->counter() ?>

The wording output by the counter() method can also be customized using special markers:
<?= $this->Paginator->counter([
'format' => 'Page {{page}} of {{pages}}, showing {{current}} records out of
{{count}} total, starting on record {{start}}, ending on {{end}}'
]) ?>

Generating Pagination URLs

Cake\View\Helper\PaginatorHelper::generateUrl(array $options =[], $model =


null, $full = false)
By default returns a full pagination URL string for use in non-standard contexts (i.e. JavaScript).
echo $this->Paginator->generateUrl(['sort' => 'title']);

Rss
class Cake\View\Helper\RssHelper(View $view, array $config =[])
The RSS helper makes generating XML for RSS feeds6 easy.
Creating an RSS Feed with the RssHelper

This example assumes you have a Articles Controller, Articles Table and an Article Entity already created
and want to make an alternative view for RSS.
Creating an XML/RSS version of articles/index is a snap with CakePHP. After a few simple steps you can simply append the desired extension .rss to articles/index making your URL
6

https://en.wikipedia.org/wiki/RSS

More About Views

307

CakePHP Cookbook Documentation, Release 3.x

articles/index.rss. Before we jump too far ahead trying to get our webservice up and running
we need to do a few things. First extensions parsing needs to be activated, this is done in config/routes.php:
Router::extensions('rss');

In
the
call
above
weve
activated
the
.rss
extension.
When
using
Cake\Routing\Router::extensions() you can pass a string or an array of extensions as
first argument. This will activate each extension/content-type for use in your application. Now when the
address articles/index.rss is requested you will get an XML version of your articles/index.
However, first we need to edit the controller to add in the rss-specific code.
Controller Code It is a good idea to add RequestHandler to your ArticlesControllers initialize()
method. This will allow a lot of automagic to occur:
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}

Before we can make an RSS version of our articles/index we need to get a few things in order. It may be tempting to put the channel metadata in the controller action and pass it to your view
using the Cake\Controller\Controller::set() method but this is inappropriate. That information can also go in the view. That will come later though, for now if you have a different
set of logic for the data used to make the RSS feed and the data for the HTML view you can use
the Cake\Controller\Component\RequestHandler::isRss() method, otherwise your controller can stay the same:
// Modify the Posts Controller action that corresponds to
// the action which deliver the rss feed, which is the
// Index action in our example.
public function index()
{
if ($this->RequestHandler->isRss() ) {
$articles = $this->Articles
->find()
->limit(20)
->order(['created' => 'desc']);
$this->set(compact('articles'));
} else {
// this is not an Rss request, so deliver
// data used by website's interface.
$this->paginate = [
'order' => ['created' => 'desc'],
'limit' => 10
];
$this->set('articles', $this->paginate($this->Articles));
$this->set('_serialize', ['articles']);
}
}

308

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

With all the View variables set we need to create an rss layout.
Layout An Rss layout is very simple, put the following contents in src/Template/Layout/rss/default.ctp:
if (!isset($documentData)) {
$documentData = [];
}
if (!isset($channelData)) {
$channelData = [];
}
if (!isset($channelData['title'])) {
$channelData['title'] = $this->fetch('title');
}
$channel = $this->Rss->channel([], $channelData, $this->fetch('content'));
echo $this->Rss->document($documentData, $channel);

It doesnt look like much but thanks to the power in the RssHelper its doing a lot of lifting for us. We
havent set $documentData or $channelData in the controller, however in CakePHP your views can
pass variables back to the layout. Which is where our $channelData array will come from setting all of
the meta data for our feed.
Next up is view file for my articles/index. Much like the layout file we created, we need to create a
src/Template/Posts/rss/ directory and create a new index.ctp inside that folder. The contents of the
file are below.
View Our view, located at src/Template/Posts/rss/index.ctp, begins by setting the $documentData
and $channelData variables for the layout, these contain all the metadata for our RSS feed.
This is done by using the Cake\View\View::set() method which is analogous to the
Cake\Controller\Controller::set() method. Here though we are passing the channels metadata back to the layout:
$this->set('channelData', [
'title' => __("Most Recent Posts"),
'link' => $this->Url->build('/', true),
'description' => __("Most recent posts."),
'language' => 'en-us'
]);

The second part of the view generates the elements for the actual records of the feed. This is accomplished
by looping through the data that has been passed to the view ($items) and using the RssHelper::item()
method. The other method you can use, RssHelper::items() which takes a callback and an array of
items for the feed. The callback method is usually called transformRss(). There is one downfall to this
method, which is that you cannot use any of the other helper classes to prepare your data inside the callback
method because the scope inside the method does not include anything that is not passed inside, thus not
giving access to the TimeHelper or any other helper that you may need. The RssHelper::item()
transforms the associative array into an element for each key value pair.
Note: You will need to modify the $link variable as appropriate to your application. You might also want
to use a virtual property in your Entity.

More About Views

309

CakePHP Cookbook Documentation, Release 3.x

foreach ($articles as $article) {


$created = strtotime($article->created);
$link = [
'controller' => 'Articles',
'action' => 'view',
'year' => date('Y', $created),
'month' => date('m', $created),
'day' => date('d', $created),
'slug' => $article->slug
];
// Remove & escape any HTML to make sure the feed content will validate.
$body = h(strip_tags($article->body));
$body = $this->Text->truncate($body, 400, [
'ending' => '...',
'exact' => true,
'html'
=> true,
]);
echo

$this->Rss->item([], [
'title' => $article->title,
'link' => $link,
'guid' => ['url' => $link, 'isPermaLink' => 'true'],
'description' => $body,
'pubDate' => $article->created

]);
}

You can see above that we can use the loop to prepare the data to be transformed into XML elements. It is
important to filter out any non-plain text characters out of the description, especially if you are using a rich
text editor for the body of your blog. In the code above we used strip_tags() and h() to remove/escape
any XML special characters from the content, as they could cause validation errors. Once we have set up the
data for the feed, we can then use the RssHelper::item() method to create the XML in RSS format.
Once you have all this setup, you can test your RSS feed by going to your site /posts/index.rss
and you will see your new feed. It is always important that you validate your RSS feed before making it
live. This can be done by visiting sites that validate the XML such as Feed Validator or the w3c site at
http://validator.w3.org/feed/.
Note: You may need to set the value of debug in your core configuration to false to get a valid feed,
because of the various debug information added automagically under higher debug settings that break XML
syntax or feed validation rules.

Session
class Cake\View\Helper\SessionHelper(View $view, array $config =[])
As a natural counterpart to the Session Component, the Session Helper replicates most of the components
functionality and makes it available in your view.

310

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

The major difference between the Session Helper and the Session Component is that the helper does not
have the ability to write to the session.
As with the session object, data is read by using dot notation array structures:
['User' => [
'username' => '[email protected]'
]];

Given the previous array structure, the node would be accessed by User.username, with the dot indicating the nested array. This notation is used for all Session helper methods wherever a $key is used.
Cake\View\Helper\SessionHelper::read(string $key)
Return type mixed
Read from the Session. Returns a string or array depending on the contents of the session.
Cake\View\Helper\SessionHelper::check(string $key)
Return type boolean
Check to see whether a key is in the Session. Returns a boolean representing the keys existence.
Text
class Cake\View\Helper\TextHelper(View $view, array $config =[])
The TextHelper contains methods to make text more usable and friendly in your views. It aids in enabling
links, formatting URLs, creating excerpts of text around chosen words or phrases, highlighting key words
in blocks of text, and gracefully truncating long stretches of text.
Linking Email addresses

Cake\View\Helper\TextHelper::autoLinkEmails(string $text, array $options=[])


Adds links to the well-formed email addresses in $text, according to any options defined in $options (see
HtmlHelper::link()).
$myText = 'For more information regarding our world-famous ' .
'pastries and desserts, contact [email protected]';
$linkedText = $this->Text->autoLinkEmails($myText);

Output:
For more information regarding our world-famous pastries and desserts,
contact <a href="mailto:[email protected]">[email protected]</a>

This method automatically escapes its input. Use the escape option to disable this if necessary.

More About Views

311

CakePHP Cookbook Documentation, Release 3.x

Linking URLs

Cake\View\Helper\TextHelper::autoLinkUrls(string $text, array $options=[])


Same as autoLinkEmails(), only this method searches for strings that start with https, http, ftp, or nntp
and links them appropriately.
This method automatically escapes its input. Use the escape option to disable this if necessary.
Linking Both URLs and Email Addresses

Cake\View\Helper\TextHelper::autoLink(string $text, array $options=[])


Performs the functionality in both autoLinkUrls() and autoLinkEmails() on the supplied
$text. All URLs and emails are linked appropriately given the supplied $options.
This method automatically escapes its input. Use the escape option to disable this if necessary.
Converting Text into Paragraphs

Cake\View\Helper\TextHelper::autoParagraph(string $text)
Adds proper <p> around text where double-line returns are found, and <br> where single-line returns are
found.
$myText = 'For more information
regarding our world-famous pastries and desserts.
contact [email protected]';
$formattedText = $this->Text->autoParagraph($myText);

Output:
<p>For more information<br />
regarding our world-famous pastries and desserts.<p>
<p>contact [email protected]</p>

Highlighting Substrings

Cake\View\Helper\TextHelper::highlight(string $haystack, string $needle, array


$options =[])
Highlights $needle in $haystack using the $options[format] string specified or a default
string.
Options:
format string - The piece of HTML with the phrase that will be highlighted
html bool - If true, will ignore any HTML tags, ensuring that only the correct text is highlighted

312

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

Example:
// Called as TextHelper
echo $this->Text->highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
// Called as Text
use Cake\Utility\Text;
echo Text::highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);

Output:
Highlights $needle in $haystack <span class="highlight">using</span>
the $options['format'] string specified or a default string.

Removing Links

Cake\View\Helper\TextHelper::stripLinks($text)
Strips the supplied $text of any HTML links.
Truncating Text

Cake\View\Helper\TextHelper::truncate(string $text, int $length = 100, array $options)


If $text is longer than $length, this method truncates it at $length and adds a prefix consisting of
ellipsis, if defined. If exact is passed as false, the truncation will occur at the first whitespace
after the point at which $length is exceeded. If html is passed as true, HTML tags will be respected
and will not be cut off.
$options is used to pass all extra parameters, and has the following possible keys by default, all of which
are optional:
If ``$text`` is longer than ``$length`` characters, this method truncates it
at ``$length`` and adds a prefix consisting of ``'ellipsis'``, if defined.
If ``'exact'`` is passed as ``false``, the truncation will occur at the
first whitespace after the point at which ``$length`` is exceeded. If
``'html'`` is passed as ``true``, HTML tags will be respected and will not
be cut off.

Example:

More About Views

313

CakePHP Cookbook Documentation, Release 3.x

// Called as TextHelper
echo $this->Text->truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);

Output:
The killer crept...

Truncating the Tail of a String

Cake\View\Helper\TextHelper::tail(string $text, int $length = 100, array $options)


If $text is longer than $length, this method removes an initial substring with length consisting of the
difference and prepends a suffix consisting of ellipsis, if defined. If exact is passed as false,
the truncation will occur at the first whitespace prior to the point at which truncation would otherwise take
place.
$options is used to pass all extra parameters, and has the following possible keys by default, all of which
are optional:
[
'ellipsis' => '...',
'exact' => true
]

Example:
$sampleText = 'I packed my bag and in it I put a PSP, a PS3, a TV, ' .
'a C# program that can divide by zero, death metal t-shirts'
// Called as TextHelper
echo $this->Text->tail(
$sampleText,
70,

314

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);

Output:
...a TV, a C# program that can divide by zero, death metal t-shirts

Extracting an Excerpt

Cake\View\Helper\TextHelper::excerpt(string $haystack, string $needle, integer $radius=100, string $ellipsis=...)


Extracts an excerpt from $haystack surrounding the $needle with a number of characters on each side
determined by $radius, and prefix/suffix with $ellipsis. This method is especially handy for search
results. The query string or keywords can be shown within the resulting document.
// Called as TextHelper
echo $this->Text->excerpt($lastParagraph, 'method', 50, '...');
// Called as Text
use Cake\Utility\Text;
echo Text::excerpt($lastParagraph, 'method', 50, '...');

Output:
... by $radius, and prefix/suffix with $ellipsis. This method is
especially handy for search results. The query...

Converting an Array to Sentence Form

Cake\View\Helper\TextHelper::toList(array $list, $and=and)


Creates a comma-separated list where the last two items are joined with and.

More About Views

315

CakePHP Cookbook Documentation, Release 3.x

// Called as TextHelper
echo $this->Text->toList($colors);
// Called as Text
use Cake\Utility\Text;
echo Text::toList($colors);

Output:
red, orange, yellow, green, blue, indigo and violet

Time
class Cake\View\Helper\TimeHelper(View $view, array $config =[])
The Time Helper does what it says on the tin: saves you time. It allows for the quick processing of time
related information. The Time Helper has two main tasks that it can perform:
1. It can format time strings.
2. It can test time (but cannot bend time, sorry).
Using the Helper

A common use of the Time Helper is to offset the date and time to match a users time zone. Lets use a
forum as an example. Your forum has many users who may post messages at any time from any part of the
world. An easy way to manage the time is to save all dates and times as GMT+0 or UTC. Uncomment the
line date_default_timezone_set(UTC); in config/bootstrap.php to ensure your applications
time zone is set to GMT+0.
Next add a time zone field to your users table and make the necessary modifications to allow your users to
set their time zone. Now that we know the time zone of the logged in user we can correct the date and time
on our posts using the Time Helper:
echo $this->Time->format(
$post->created,
\IntlDateFormatter::FULL,
null,
$user->time_zone
);
// Will display 'Saturday, August 22, 2011 at 11:53:00 PM GMT'
// for a user in GMT+0. While displaying,
// 'Saturday, August 22, 2011 at 03:53 PM GMT-8:00'
// for a user in GMT-8

Most of TimeHelpers features are intended as backwards compatible interfaces for applications that are
upgrading from older versions of CakePHP. Because the ORM returns Cake\I18n\Time instances for

316

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

every timestamp and datetime column, you can use the methods there to do most tasks. E.g. to read
about the accepted formatting strings take a look at the Cake\I18n\Time::i18nFormat()7 method.
Url
class Cake\View\UrlHelper\UrlHelper(View $view, array $config =[])
The UrlHelper makes it easy for you to generate URLs from your other helpers. It also gives you a single
place to customize how URLs are generated by overriding the core helper with an application one. See the
Aliasing Helpers section for how to do this.
Generating URLs

Cake\View\UrlHelper\UrlHelper::build(mixed $url = NULL, boolean $full = false)


Returns a URL pointing to a combination of controller and action. If $url is empty, it returns the
REQUEST\_URI, otherwise it generates the URL for the controller and action combo. If full is true,
the full base URL will be prepended to the result:
echo $this->Url->build([
"controller" => "Posts",
"action" => "view",
"bar"
]);
// Output
/posts/view/bar

Here are a few more usage examples:


URL with named parameters:
echo $this->Url->build([
"controller" => "Posts",
"action" => "view",
"foo" => "bar"
]);
// Output
/posts/view/foo:bar

URL with extension:


echo $this->Url->build([
"controller" => "Posts",
"action" => "list",
"_ext" => "rss"
]);
7

http://api.cakephp.org/3.0/class-Cake.I18n.Time.html#_i18nFormat

More About Views

317

CakePHP Cookbook Documentation, Release 3.x

// Output
/posts/list.rss

URL (starting with /) with the full base URL prepended:


echo $this->Url->build('/posts', true);
// Output
http://somedomain.com/posts

URL with GET params and named anchor:


echo $this->Url->build([
"controller" => "Posts",
"action" => "search",
"?" => ["foo" => "bar"],
"#" => "first"
]);
// Output
/posts/search?foo=bar#first

URL for named route:


echo $this->Url->build(['_name' => 'product-page', 'slug' => 'i-m-slug']);
// Assuming route is setup like:
// $router->connect(
//
'/products/:slug',
//
[
//
'controller' => 'Products',
//
'action' => 'view'
//
],
//
[
//
'_name' => 'product-page'
//
]
// );
/products/i-m-slug

For further information check Router::url8 in the API.


Configuring Helpers
You enable helpers in CakePHP by declaring them in a view class. An AppView class comes with every
CakePHP application and is the ideal place to load helpers:
class AppView extends View
{
public function initialize()
{
parent::initialize();
8

http://api.cakephp.org/3.0/class-Cake.Routing.Router.html#_url

318

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

$this->loadHelper('Html');
$this->loadHelper('Form');
$this->loadHelper('Flash');
}
}

Loading helpers from plugins uses the plugin syntax used elsewhere in CakePHP:
$this->loadHelper('Blog.Comment');

You dont have to explicitly load Helpers that come from CakePHP or your application. These helpers can
be lazily loaded upon first use. For example:
// Loads the FormHelper if it has not already been loaded.
$this->Form->create($article);

From within a plugins views, plugin helpers can also be lazily loaded. For example, view templates in the
Blog plugin, can lazily load helpers from the same plugin.
Conditionally Loading Helpers

You can use the current action name to conditionally load helpers:
class AppView extends View
{
public function initialize()
{
parent::initialize();
if ($this->request->action === 'index') {
$this->loadHelper('ListPage');
}
}
}

You can also use your controllers beforeRender method to load helpers:
class ArticlesController extends AppController
{
public function beforeRender(Event $event)
{
parent::beforeRender($event);
$this->getView()->loadHelper('MyHelper');
}
}

Configuration options

You can pass configuration options to helpers. These options can be used to set attribute values or modify
behavior of a helper:

More About Views

319

CakePHP Cookbook Documentation, Release 3.x

namespace App\View\Helper;
use Cake\View\Helper;
class AwesomeHelper extends Helper
{
public function __construct(View $view, $config = [])
{
parent::__construct($view, $config);
debug($config);
}
}
class AwesomeController extends AppController
{
public $helpers = ['Awesome' => ['option1' => 'value1']];
}

By default all configuration options will be merged with the $_defaultConfig property. This property
should define the default values of any configuration your helper requires. For example:
namespace App\View\Helper;
use Cake\View\Helper;
use Cake\View\StringTemplateTrait;
class AwesomeHelper extends Helper
{
use StringTemplateTrait;
protected $_defaultConfig = [
'errorClass' => 'error',
'templates' => [
'label' => '<label for="{{for}}">{{content}}</label>',
],
];
}

Any configuration provided to your helpers constructor will be merged with the default values during construction and the merged data will be set to _config. You can use the config() method to read runtime
configuration:
// Read the errorClass config option.
$class = $this->Awesome->config('errorClass');

Using helper configuration allows you to declaratively configure your helpers and keep configuration logic
out of your controller actions. If you have configuration options that cannot be included as part of a class
declaration, you can set those in your controllers beforeRender callback:
class PostsController extends AppController
{
public function beforeRender(Event $event)

320

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

{
parent::beforeRender($event);
$view = $this->getView();
$view->loadHelper('CustomStuff', $this->_getCustomStuffConfig());
}
}

Aliasing Helpers

One common setting to use is the className option, which allows you to create aliased helpers in your
views. This feature is useful when you want to replace $this->Html or another common Helper reference
with a custom implementation:
// src/View/AppView.php
class AppView extends View
{
public function initialize()
{
$this->loadHelper('Html', [
'className' => 'MyHtml'
]);
}
}
// src/View/Helper/MyHtmlHelper.php
namespace App\View\Helper;
use Cake\View\Helper\HtmlHelper;
class MyHtmlHelper extends HtmlHelper
{
// Add your code to override the core HtmlHelper
}

The above would alias MyHtmlHelper to $this->Html in your views.


Note: Aliasing a helper replaces that instance anywhere that helper is used, including inside other Helpers.

Using Helpers
Once youve configured which helpers you want to use in your controller, each helper is exposed as a public
property in the view. For example, if you were using the HtmlHelper you would be able to access it by
doing the following:
echo $this->Html->css('styles');

The above would call the css() method on the HtmlHelper. You can access any loaded helper using
$this->{$helperName}.

More About Views

321

CakePHP Cookbook Documentation, Release 3.x

Loading Helpers On The Fly

There may be situations where you need to dynamically load a helper from inside a view. You can use the
views Cake\View\HelperRegistry to do this:
// Either one works.
$mediaHelper = $this->loadHelper('Media', $mediaConfig);
$mediaHelper = $this->helpers()->load('Media', $mediaConfig);

The HelperRegistry is a registry and supports the registry API used elsewhere in CakePHP.
Callback Methods
Helpers feature several callbacks that allow you to augment the view rendering process. See the Helper
Class and the Events System documentation for more information.
Creating Helpers
If a core helper (or one showcased on GitHub or in the Bakery) doesnt fit your needs, helpers are easy to
create.
Lets say we wanted to create a helper that could be used to output a specifically crafted CSS-styled link
you needed at many different places in your application. In order to fit your logic into CakePHPs existing
helper structure, youll need to create a new class in src/View/Helper. Lets call our helper LinkHelper.
The actual PHP class file would look something like this:
/* src/View/Helper/LinkHelper.php */
namespace App\View\Helper;
use Cake\View\Helper;
class LinkHelper extends Helper
{
public function makeEdit($title, $url)
{
// Logic to create specially formatted link goes here...
}
}

Including Other Helpers

You may wish to use some functionality already existing in another helper. To do so, you can specify helpers
you wish to use with a $helpers array, formatted just as you would in a controller:
/* src/View/Helper/LinkHelper.php (using other helpers) */
namespace App\View\Helper;
use Cake\View\Helper;

322

Chapter 11. Views

CakePHP Cookbook Documentation, Release 3.x

class LinkHelper extends Helper


{
public $helpers = ['Html'];
public function makeEdit($title, $url)
{
// Use the HTML helper to output
// Formatted data:
$link = $this->Html->link($title, $url, ['class' => 'edit']);
return '<div class="editOuter">' . $link . '</div>';
}
}

Using Your Helper

Once youve created your helper and placed it in src/View/Helper/, you can load it in your views:
class AppView extends View
{
public function initialize()
{
parent::initialize();
$this->loadHelper('Link');
}
}

Once your helper has been loaded, you can use it in your views by accessing the matching view property:
<!-- make a link using the new helper -->
<?= $this->Link->makeEdit('Change this Recipe', '/recipes/edit/5') ?>

Helper Class
class Helper
Callbacks

By implementing a callback method in a helper, CakePHP will automatically subscribe your helper to the
relevant event. Unlike previous versions of CakePHP you should not call parent in your callbacks, as the
base Helper class does not implement any of the callback methods.
Helper::beforeRenderFile(Event $event, $viewFile)
Is called before each view file is rendered. This includes elements, views, parent views and layouts.
Helper::afterRenderFile(Event $event, $viewFile, $content)
Is called after each view file is rendered. This includes elements, views, parent views and layouts. A

More About Views

323

CakePHP Cookbook Documentation, Release 3.x

callback can modify and return $content to change how the rendered content will be displayed in
the browser.
Helper::beforeRender(Event $event, $viewFile)
The beforeRender method is called after the controllers beforeRender method but before the controller renders view and layout. Receives the file being rendered as an argument.
Helper::afterRender(Event $event, $viewFile)
Is called after the view has been rendered but before layout rendering has started.
Helper::beforeLayout(Event $event, $layoutFile)
Is called before layout rendering starts. Receives the layout filename as an argument.
Helper::afterLayout(Event $event, $layoutFile)
Is called after layout rendering is complete. Receives the layout filename as an argument.

324

Chapter 11. Views

CHAPTER 12

Database Access & ORM

In CakePHP working with data through the database is done with two primary object types. The first are
repositories or table objects. These objects provide access to collections of data. They allow you to save
new records, modify/delete existing ones, define relations, and perform bulk operations. The second type of
objects are entities. Entities represent individual records and allow you to define row/record level behavior
& functionality.
These two classes are usually responsible for managing almost everything that happens regarding your data,
its validity, interactions and evolution of the information workflow in your domain of work.
CakePHPs built-in ORM specializes in relational databases, but can be extended to support alternative
datasources.
The CakePHP ORM borrows ideas and concepts from both ActiveRecord and Datamapper patterns. It aims
to create a hybrid implementation that combines aspects of both patterns to create a fast, simple to use ORM.
Before we get started exploring the ORM, make sure you configure your database connections.
Note: If you are familiar with previous versions of CakePHP, you should read the New ORM Upgrade
Guide for important differences between CakePHP 3.0 and older versions of CakePHP.

Quick Example
To get started you dont have to write any code. If youve followed the CakePHP conventions for your
database tables you can just start using the ORM. For example if we wanted to load some data from our
articles table we could do:
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');
$query = $articles->find();
foreach ($query as $row) {
echo $row->title;
}

325

CakePHP Cookbook Documentation, Release 3.x

Note that we didnt have to create any code or wire any configuration up. The conventions in CakePHP
allow us to skip some boilerplate code and allow the framework to insert base classes when your application
has not created a concrete class. If we wanted to customize our ArticlesTable class adding some associations
or defining some additional methods we would add the following to src/Model/Table/ArticlesTable.php
after the <?php opening tag:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
}

Table classes use the CamelCased version of the table name with the Table suffix as the class name. Once
your class has been created you get a reference to it using the ORM\TableRegistry as before:
use Cake\ORM\TableRegistry;
// Now $articles is an instance of our ArticlesTable class.
$articles = TableRegistry::get('Articles');

Now that we have a concrete table class, well probably want to use a concrete entity class. Entity classes let
you define accessor and mutator methods, define custom logic for individual records and much more. Well
start off by adding the following to src/Model/Entity/Article.php after the <?php opening tag:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
}

Entities use the singular CamelCase version of the table name as their class name by default. Now that we
have created our entity class, when we load entities from the database well get instances of our new Article
class:
use Cake\ORM\TableRegistry;
// Now an instance of ArticlesTable.
$articles = TableRegistry::get('Articles');
$query = $articles->find();
foreach ($query as $row) {
// Each row is now an instance of our Article class.
echo $row->title;
}

CakePHP uses naming conventions to link the Table and Entity class together. If you need to customize
which entity a table uses you can use the entityClass() method to set a specific classname.
See the chapters on Table Objects and Entities for more information on how to use table objects and entities
326

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

in your application.

More Information
Database Basics
The CakePHP database access layer abstracts and provides help with most aspects of dealing with relational
databases such as, keeping connections to the server, building queries, preventing SQL injections, inspecting
and altering schemas, and with debugging and profiling queries sent to the database.
Quick Tour
The functions described in this chapter illustrate what is possible to do with the lower-level database access
API. If instead you want to learn more about the complete ORM, you can read the Query Builder and Table
Objects sections.
The easiest way to create a database connection is using a DSN string:
use Cake\Datasource\ConnectionManager;
$dsn = 'mysql://root:password@localhost/my_database';
ConnectionManager::config('default', ['url' => $dsn]);

Once created, you can access the connection object to start using it:
$connection = ConnectionManager::get('default');

Supported Databases

CakePHP supports the following relational database servers:


MySQL 5.1+
SQLite 3
PostgreSQL 8+
SQLServer 2008+
You will need the correct PDO extension installed for each of the above database drivers. Procedural APIs
are not supported.
Running Select Statements

Running raw SQL queries is a breeze:

More Information

327

CakePHP Cookbook Documentation, Release 3.x

use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$results = $connection->execute('SELECT * FROM articles')->fetchAll('assoc');

You can use prepared statements to insert parameters:


$results = $connection
->execute('SELECT * FROM articles WHERE id = :id', ['id' => 1])
->fetchAll('assoc');

It is also possible to use complex data types as arguments:


$results = $connection
->execute(
'SELECT * FROM articles WHERE created >= :created',
['created' => DateTime('1 day ago')],
['created' => 'datetime']
)
->fetchAll('assoc');

Instead of writing the SQL manually, you can use the query builder:
$results = $connection
->newQuery()
->select('*')
->from('articles')
->where(['created >' => new DateTime('1 day ago'), ['created' => 'datetime']])
->order(['title' => 'DESC'])
->execute()
->fetchAll('assoc');

Running Insert Statements

Inserting rows in the database is usually a matter of a couple lines:


use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$connection->insert('articles', [
'title' => 'A New Article',
'created' => new DateTime('now')
], ['created' => 'datetime']);

Running Update Statements

Updating rows in the database is equally intuitive, the following example will update the article with id 10:
use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$connection->update('articles', ['title' => 'New title'], ['id' => 10]);

328

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Running Delete Statements

Similarly, the delete() method is used to delete rows from the database, the following example deletes
the article with id 10:
use Cake\Datasource\ConnectionManager;
$connection = ConnectionManager::get('default');
$connection->delete('articles', ['id' => 10]);

Configuration
By convention database connections are configured in config/app.php. The connection information defined
in this file is fed into Cake\Datasource\ConnectionManager creating the connection configuration
your application will be using. Sample connection information can be found in config/app.default.php. A
sample connection configuration would look like:
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'my_app',
'password' => 'sekret',
'database' => 'my_app',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
]
],

The above will create a default connection, with the provided parameters. You can define as many connections as you want in your configuration file. You can also define additional connections at runtime using
Cake\Datasource\ConnectionManager::config(). An example of that would be:
use Cake\Datasource\ConnectionManager;
ConnectionManager::config('default', [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'username' => 'my_app',
'password' => 'sekret',
'database' => 'my_app',
'encoding' => 'utf8',
'timezone' => 'UTC',
'cacheMetadata' => true,
]);

Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
More Information

329

CakePHP Cookbook Documentation, Release 3.x

ConnectionManager::config('default', [
'url' => 'mysql://my_app:sekret@localhost/my_app?encoding=utf8&timezone=UTC&cacheMetada
]);

When using a DSN string you can define any additional parameters/options as query string arguments.
By default, all Table objects will use the default connection. To use a non-default connection, see
Configuring Connections.
There are a number of keys supported in database configuration. A full list is as follows:
className The fully namespaced class name of the class that represents the connection to a database server.
This class is responsible for loading the database driver, providing SQL transaction mechanisms and
preparing SQL statements among other things.
driver The class name of the driver used to implements all specificities for a database engine. This can
either be a short classname using plugin syntax, a fully namespaced name, or a constructed driver
instance. Examples of short classnames are Mysql, Sqlite, Postgres, and Sqlserver.
persistent Whether or not to use a persistent connection to the database.
host The database servers hostname (or IP address).
username The username for the account.
password The password for the account.
database The name of the database for this connection to use.
port (optional) The TCP port or Unix socket used to connect to the server.
encoding Indicates the character set to use when sending SQL statements to the server. This defaults to the
databases default encoding for all databases other than DB2. If you wish to use UTF-8 encoding with
MySQL connections you must use utf8 without the hyphen.
timezone Server timezone to set.
schema Used in PostgreSQL database setups to specify which schema to use.
unix_socket Used by drivers that support it to connect via Unix socket files. If you are using PostgreSQL
and want to use Unix sockets, leave the host key blank.
ssl_key The file path to the SSL key file. (Only supported by MySQL).
ssl_cert The file path to the SSL certificate file. (Only supported by MySQL).
ssl_ca The file path to the SSL certificate authority. (Only supported by MySQL).
init A list of queries that should be sent to the database server as when the connection is created.
log Set to true to enable query logging. When enabled queries will be logged at a debug level with the
queriesLog scope.
quoteIdentifiers Set to true if you are using reserved words or special characters in your table or column
names. Enabling this setting will result in queries built using the Query Builder having identifiers
quoted when creating SQL. It should be noted that this decreases performance because each query
needs to be traversed and manipulated before being executed.

330

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

flags An associative array of PDO constants that should be passed to the underlying PDO instance. See the
PDO documentation for the flags supported by the driver you are using.
cacheMetadata Either boolean true, or a string containing the cache configuration to store meta data in.
Having metadata caching disable is not advised and can result in very poor performance. See the
Metadata Caching section for more information.
At this point, you might want to take a look at the CakePHP Conventions. The correct naming for your tables
(and the addition of some columns) can score you some free functionality and help you avoid configuration.
For example, if you name your database table big_boxes, your table BigBoxesTable, and your controller
BigBoxesController, everything will work together automatically. By convention, use underscores, lower
case, and plural forms for your database table names - for example: bakers, pastry_stores, and savory_cakes.

Managing Connections
class Cake\Datasource\ConnectionManager
The ConnectionManager class acts as a registry to access database connections your application has. It
provides a place that other objects can get references to existing connections.
Accessing Connections

static Cake\Datasource\ConnectionManager::get($name)
Once configured connections can be fetched using Cake\Datasource\ConnectionManager::get().
This method will construct and load a connection if it has not been built before, or return the existing known
connection:
use Cake\Datasource\ConnectionManager;
$conn = ConnectionManager::get('default');

Attempting to load connections that do not exist will throw an exception.


Creating Connections at Runtime

Using config() and get() you can create new connections that are not defined in your configuration
files at runtime:
ConnectionManager::config('my_connection', $config);
$conn = ConnectionManager::get('my_connection');

See the Configuration for more information on the configuration data used when creating connections.
Data Types
class Cake\Database\Type

More Information

331

CakePHP Cookbook Documentation, Release 3.x

Since not every database vendor includes the same set of data types, or the same names for similar data
types, CakePHP provides a set of abstracted data types for use with the database layer. The types CakePHP
supports are:
string Generally backed by CHAR or VARCHAR columns. Using the fixed option will force a CHAR
column. In SQL Server, NCHAR and NVARCHAR types are used.
text Maps to TEXT types
uuid Maps to the UUID type if a database provides one, otherwise this will generate a CHAR(36) field.
integer Maps to the INTEGER type provided by the database.
biginteger Maps to the BIGINT type provided by the database.
float Maps to either DOUBLE or FLOAT depending on the database. The precision option can be used
to define the precision used.
decimal Maps to the DECIMAL type. Supports the length and precision options.
boolean Maps to BOOLEAN except in MySQL, where TINYINT(1) is used to represent booleans.
binary Maps to the BLOB or BYTEA type provided by the database.
date Maps to a timezone naive DATE column type.
datetime Maps to a timezone naive DATETIME column type. In PostgreSQL, and SQL Server this turns
into a TIMESTAMP type. The default return value of this column type is Cake\I18n\Time which
extends the built-in DateTime class and Carbon1 .
timestamp Maps to the TIMESTAMP type.
time Maps to a TIME type in all databases.
These types are used in both the schema reflection features that CakePHP provides, and schema generation
features CakePHP uses when using test fixtures.
Each type can also provide translation functions between PHP and SQL representations. These methods
are invoked based on the type hints provided when doing queries. For example a column that is marked
as datetime will automatically convert input parameters from DateTime instances into a timestamp or
formatted datestrings. Likewise, binary columns will accept file handles, and generate file handles when
reading data.
Adding Custom Types

static Cake\Database\Type::map($name, $class)


If you need to use vendor specific types that are not built into CakePHP you can add additional new types to
CakePHPs type system. Type classes are expected to implement the following methods:
toPHP
toDatabase
toStatement
1

https://github.com/briannesbitt/Carbon

332

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

marshal
An easy way to fulfill the basic interface is to extend Cake\Database\Type. For example if we wanted
to add a JSON type, we could make the following type class:
// in src/Database/Type/JsonType.php
namespace App\Database\Type;
use Cake\Database\Driver;
use Cake\Database\Type;
use PDO;
class JsonType extends Type
{
public function toPHP($value, Driver $driver)
{
if ($value === null) {
return null;
}
return json_decode($value, true);
}
public function marshal($value)
{
if (is_array($value) || $value === null) {
return $value;
}
return json_decode($value, true);
}
public function toDatabase($value, Driver $driver)
{
return json_encode($value);
}
public function toStatement($value, Driver $driver)
{
if ($value === null) {
return PDO::PARAM_NULL;
}
return PDO::PARAM_STR;
}
}

By default the toStatement() method will treat values as strings which will work for our new type.
Once weve created our new type, we need to add it into the type mapping. During our application bootstrap
we should do the following:
use Cake\Database\Type;
Type::map('json', 'App\Database\Type\JsonType');

More Information

333

CakePHP Cookbook Documentation, Release 3.x

We can then overload the reflected schema data to use our new type, and CakePHPs database layer will
automatically convert our JSON data when creating queries. You can use the custom types youve created
by mapping the types in your Tables _initializeSchema() method:
use Cake\Database\Schema\Table as Schema;
class WidgetsTable extends Table
{
protected function _initializeSchema(Schema $schema)
{
$schema->columnType('widget_prefs', 'json');
return $schema;
}
}

Connection Classes
class Cake\Database\Connection
Connection classes provide a simple interface to interact with database connections in a consistent way.
They are intended as a more abstract interface to the driver layer and provide features for executing queries,
logging queries, and doing transactional operations.
Executing Queries

Cake\Database\Connection::query($sql)
Once youve gotten a connection object, youll probably want to issue some queries with it. CakePHPs
database abstraction layer provides wrapper features on top of PDO and native drivers. These wrappers
provide a similar interface to PDO. There are a few different ways you can run queries depending on the
type of query you need to run and what kind of results you need back. The most basic method is query()
which allows you to run already completed SQL queries:
$stmt = $conn->query('UPDATE posts SET published = 1 WHERE id = 2');

Cake\Database\Connection::execute($sql, $params, $types)


The query() method does not allow for additional parameters. If you need additional parameters you
should use the execute() method, which allows for placeholders to be used:
$stmt = $conn->execute(
'UPDATE posts SET published = ? WHERE id = ?',
[1, 2]
);

Without any type hinting information, execute will assume all placeholders are string values. If you need
to bind specific types of data, you can use their abstract type names when creating a query:

334

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$stmt = $conn->execute(
'UPDATE posts SET published_date = ? WHERE id = ?',
[new DateTime('now'), 2],
['date', 'integer']
);

Cake\Database\Connection::newQuery()
This allows you to use rich data types in your applications and properly convert them into SQL statements.
The last and most flexible way of creating queries is to use the Query Builder. This approach allows you to
build complex and expressive queries without having to use platform specific SQL:
$query = $conn->newQuery();
$query->update('posts')
->set(['publised' => true])
->where(['id' => 2]);
$stmt = $query->execute();

When using the query builder, no SQL will be sent to the database server until the execute() method is
called, or the query is iterated. Iterating a query will first execute it and then start iterating over the result
set:
$query = $conn->newQuery();
$query->select('*')
->from('posts')
->where(['published' => true]);
foreach ($query as $row) {
// Do something with the row.
}

Note: When you have an instance of Cake\ORM\Query you can use all() to get the result set for
SELECT queries.

Using Transactions

The connection objects provide you a few simple ways you do database transactions. The most basic way of
doing transactions is through the begin(), commit() and rollback() methods, which map to their
SQL equivalents:
$conn->begin();
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [true, 2]);
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [false, 4]);
$conn->commit();

Cake\Database\Connection::transactional(callable $callback)
In addition to this interface connection instances also provide the transactional() method which
makes handling the begin/commit/rollback calls much simpler:

More Information

335

CakePHP Cookbook Documentation, Release 3.x

$conn->transactional(function ($conn) {
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [true, 2]);
$conn->execute('UPDATE posts SET published = ? WHERE id = ?', [false, 4]);
});

In addition to basic queries, you can execute more complex queries using either the Query Builder or Table
Objects. The transactional method will do the following:
Call begin.
Call the provided closure.
If the closure raises an exception, a rollback will be issued. The original exception will be re-thrown.
If the closure returns false, a rollback will be issued.
If the closure executes successfully, the transaction will be committed.
Interacting with Statements
When using the lower level database API, you will often encounter statement objects. These objects allow
you to manipulate the underlying prepared statement from the driver. After creating and executing a query
object, or using execute() you will have a StatementDecorator instance. It wraps the underlying
basic statement object and provides a few additional features.
Preparing a Statement

You can create a statement object using execute(), or prepare(). The execute() method returns
a statement with the provided values bound to it. While prepare() returns an incomplete statement:
// Statements from execute will have values bound to them already.
$stmt = $conn->execute(
'SELECT * FROM articles WHERE published = ?',
[true]
);
// Statements from prepare will be parameters for placeholders.
// You need to bind parameters before attempting to execute it.
$stmt = $conn->prepare('SELECT * FROM articles WHERE published = ?');

Once youve prepared a statement you can bind additional data and execute it.
Binding Values

Once youve created a prepared statement, you may need to bind additional data. You can bind multiple
values at once using the bind() method, or bind individual elements using bindValue:
$stmt = $conn->prepare(
'SELECT * FROM articles WHERE published = ? AND created > ?'
);

336

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// Bind multiple values


$stmt->bind(
[true, new DateTime('2013-01-01')],
['boolean', 'date']
);
// Bind a single value
$stmt->bindValue(0, true, 'boolean');
$stmt->bindValue(1, new DateTime('2013-01-01'), 'date');

When creating statements you can also use named array keys instead of positional ones:
$stmt = $conn->prepare(
'SELECT * FROM articles WHERE published = :published AND created > :created'
);
// Bind multiple values
$stmt->bind(
['published' => true, 'created' => new DateTime('2013-01-01')],
['published' => 'boolean', 'created' => 'date']
);
// Bind a single value
$stmt->bindValue('published', true, 'boolean');
$stmt->bindValue('created', new DateTime('2013-01-01'), 'date');

Warning: You cannot mix positional and named array keys in the same statement.

Executing & Fetching Rows

After preparing a statement and binding data to it, you can execute it and fetch rows. Statements should
be executed using the execute() method. Once executed, results can be fetched using fetch(),
fetchAll() or iterating the statement:
$stmt->execute();
// Read one row.
$row = $stmt->fetch('assoc');
// Read all rows.
$rows = $stmt->fetchAll('assoc');
// Read rows through iteration.
foreach ($rows as $row) {
// Do work
}

Note: Reading rows through iteration will fetch rows in both mode. This means you will get both the
numerically indexed and associatively indexed results.

More Information

337

CakePHP Cookbook Documentation, Release 3.x

Getting Row Counts

After executing a statement, you can fetch the number of affected rows:
$rowCount = count($stmt);
$rowCount = $stmt->rowCount();

Checking Error Codes

If your query was not successful, you can get related error information using the errorCode() and
errorInfo() methods. These methods work the same way as the ones provided by PDO:
$code = $stmt->errorCode();
$info = $stmt->errorInfo();

Query Logging
Query logging can be enabled when configuring your connection by setting the log option to true. You
can also toggle query logging at runtime, using logQueries:
// Turn query logging on.
$conn->logQueries(true);
// Turn query logging off
$conn->logQueries(false);

When query logging is enabled, queries will be logged to Cake\Log\Log using the debug level, and the
queriesLog scope. You will need to have a logger configured to capture this level & scope. Logging to
stderr can be useful when working on unit tests, and logging to files/syslog can be useful when working
with web requests:
use Cake\Log\Log;
// Console logging
Log::config('queries', [
'className' => 'Console',
'stream' => 'php://stderr',
'scopes' => ['queriesLog']
]);
// File logging
Log::config('queries', [
'className' => 'File',
'path' => LOGS,
'file' => 'queries.log',
'scopes' => ['queriesLog']
]);

Note: Query logging is only intended for debugging/development uses. You should never leave query
logging on in production as it will negatively impact the performance of your application.
338

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Identifier Quoting
By default CakePHP does not quote identifiers in generated SQL queries. The reason for this is identifier
quoting has a few drawbacks:
Performance overhead - Quoting identifiers is much slower and complex than not doing it.
Not necessary in most cases - In non-legacy databases that follow CakePHPs conventions there is no
reason to quote identifiers.
If you are using a legacy schema that requires identifier quoting you can enable it using the
quoteIdentifiers setting in your Configuration. You can also enable this feature at runtime:
$conn->driver()->autoQuoting(true);

When enabled, identifier quoting will cause additional query traversal that converts all identifiers into
IdentifierExpression objects.
Note: SQL snippets contained in QueryExpression objects will not be modified.

Metadata Caching
CakePHPs ORM uses database reflection to determine the schema, indexes and foreign keys your application contains. Because this metadata changes infrequently and can be expensive to access, it is typically
cached. By default, metadata is stored in the _cake_model_ cache configuration. You can define a
custom cache configuration using the cacheMetatdata option in your datasource configuration:
'Datasources' => [
'default' => [
// Other keys go here.
// Use the 'orm_metadata' cache config for metadata.
'cacheMetadata' => 'orm_metadata',
]
],

You can also configure the metadata caching at runtime with the cacheMetadata() method:
// Disable the cache
$connection->cacheMetadata(false);
// Enable the cache
$connection->cacheMetadata(true);
// Use a custom cache config
$connection->cacheMetadata('orm_metadata');

CakePHP also includes a CLI tool for managing metadata caches. See the ORM Cache Shell chapter for
more information.
More Information

339

CakePHP Cookbook Documentation, Release 3.x

Query Builder
class Cake\ORM\Query
The ORMs query builder provides a simple to use fluent interface for creating and running queries. By
composing queries together, you can create advanced queries using unions and subqueries with ease.
Underneath the covers, the query builder uses PDO prepared statements which protect against SQL injection
attacks.
The Query Object
The easiest way to create a Query object is to use find() from a Table object. This method will return
an incomplete query ready to be modified. You can also use a tables connection object to access the lower
level Query builder that does not include ORM features, if necessary. See the Executing Queries section for
more information:
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');
// Start a new query.
$query = $articles->find();

When inside a controller, you can use the automatic table variable that is created using the conventions
system:
// Inside ArticlesController.php
$query = $this->Articles->find();

Selecting Rows From A Table


use Cake\ORM\TableRegistry;
$query = TableRegistry::get('Articles')->find();
foreach ($query as $article) {
debug($article->title);
}

For the remaining examples, assume that $articles is a ORM\Table. When inside controllers, you can
use $this->Articles instead of $articles.
Almost every method in a Query object will return the same query, this means that Query objects are lazy,
and will not be executed unless you tell them to:
$query->where(['id' => 1]); // Return the same query object
$query->order(['title' => 'DESC']); // Still same object, no SQL executed

You can of course chain the methods you call on Query objects:

340

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$query = $articles
->find()
->select(['id', 'name'])
->where(['id !=' => 1])
->order(['created' => 'DESC']);
foreach ($query as $article) {
debug($article->created);
}

If you try to call debug() on a Query object, you will see its internal state and the SQL that will be
executed in the database:
debug($articles->find()->where(['id' => 1]));
//
//
//
//

Outputs
...
'sql' => 'SELECT * FROM articles where id = ?'
...

You can execute a query directly without having to use foreach on it. The easiest way is to either call the
all() or toArray() methods:
$resultsIteratorObject = $articles
->find()
->where(['id >' => 1])
->all();
foreach ($resultsIteratorObject as $article) {
debug($article->id);
}
$resultsArray = $articles
->find()
->where(['id >' => 1])
->toArray();
foreach ($resultsArray as $article) {
debug($article->id);
}
debug($resultsArray[0]->title);

In the above example, $resultsIteratorObject will be an instance of Cake\ORM\ResultSet,


an object you can iterate and apply several extracting and traversing methods on.
Often, there is no need to call all(), you can simply iterate the Query object to get its results. Query
objects can also be used directly as the result object; trying to iterate the query, calling toArray() or
some of the methods inherited from Collection, will result in the query being executed and results returned
to you.

More Information

341

CakePHP Cookbook Documentation, Release 3.x

Selecting A Single Row From A Table

You can use the first() method to get the first result in the query:
$article = $articles
->find()
->where(['id' => 1])
->first();
debug($article->title);

Getting A List Of Values From A Column


// Use the extract() method from the collections library
// This executes the query as well
$allTitles = $articles->find()->extract('title');
foreach ($allTitles as $title) {
echo $title;
}

You can also get a key-value list out of a query result:


$list = $articles->find('list')->select(['id', 'title']);
foreach ($list as $id => $title) {
echo "$id : $title"
}

Queries Are Collection Objects

Once you get familiar with the Query object methods, it is strongly encouraged that you visit the Collection
section to improve your skills in efficiently traversing the data. In short, it is important to remember that
anything you can call on a Collection object, you can also do in a Query object:
// Use the combine() method from the collections library
// This is equivalent to find('list')
$keyValueList = $articles->find()->combine('id', 'title');
// An advanced example
$results = $articles->find()
->where(['id >' => 1])
->order(['title' => 'DESC'])
->map(function ($row) { // map() is a collection method, it executes the query
$row->trimmedTitle = trim($row->title);
return $row;
})
->combine('id', 'trimmedTitle') // combine() is another collection method
->toArray(); // Also a collections library method

342

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

foreach ($results as $id => $trimmedTitle) {


echo "$id : $trimmedTitle";
}

How Are Queries Lazily Evaluated

Query objects are lazily evaluated. This means a query is not executed until one of the following things
occur:
The query is iterated with foreach().
The querys execute() method is called. This will return the underlying statement object, and is
to be used with insert/update/delete queries.
The querys first() method is called. This will return the first result in the set built by SELECT (it
adds LIMIT 1 to the query).
The querys all() method is called. This will return the result set and can only be used with SELECT
statements.
The querys toArray() method is called.
Until one of these conditions are met, the query can be modified without additional SQL being sent to the
database. It also means that if a Query hasnt been evaluated, no SQL is ever sent to the database. Once
executed, modifying and re-evaluating a query will result in additional SQL being run.
If you want to take a look at what SQL CakePHP is generating, you can turn database query logging on.
The following sections will show you everything there is to know about using and combining the Query
object methods to construct SQL statements and extract data.
Selecting Data
Most web applications make heavy use of SELECT queries. CakePHP makes building them a snap. To limit
the fields fetched, you can use the select() method:
$query = $articles->find();
$query->select(['id', 'title', 'body']);
foreach ($query as $row) {
debug($row->title);
}

You can set aliases for fields by providing fields as an associative array:
// Results in SELECT id AS pk, title AS aliased_title, body ...
$query = $articles->find();
$query->select(['pk' => 'id', 'aliased_title' => 'title', 'body']);

To select distinct fields, you can use the distinct() method:

More Information

343

CakePHP Cookbook Documentation, Release 3.x

// Results in SELECT DISTINCT country FROM ...


$query = $articles->find();
$query->select(['country'])
->distinct(['country']);

To set some basic conditions you can use the where() method:
// Conditions are combined with AND
$query = $articles->find();
$query->where(['title' => 'First Post', 'published' => true]);
// You can call where() multiple times
$query = $articles->find();
$query->where(['title' => 'First Post'])
->where(['published' => true]);

See the Advanced Conditions section to find out how to construct more complex WHERE conditions. To
apply ordering, you can use the order method:
$query = $articles->find()
->order(['title' => 'ASC', 'id' => 'ASC']);

To limit the number of rows or set the row offset you can use the limit() and page() methods:
// Fetch rows 50 to 100
$query = $articles->find()
->limit(50)
->page(2);

As you can see from the examples above, all the methods that modify the query provide a fluent interface,
allowing you to build a query through chained method calls.
Using SQL Functions

CakePHPs ORM offers abstraction for some commonly used SQL functions. Using the abstraction allows
the ORM to select the platform specific implementation of the function you want. For example, concat is
implemented differently in MySQL, PostgreSQL and SQL Server. Using the abstraction allows your code
to be portable:
// Results in SELECT COUNT(*) count FROM ...
$query = $articles->find();
$query->select(['count' => $query->func()->count('*')]);

A number of commonly used functions can be created with the func() method:
sum() Calculate a sum. The arguments will be treated as literal values.
avg() Calculate an average. The arguments will be treated as literal values.
min() Calculate the min of a column. The arguments will be treated as literal values.
max() Calculate the max of a column. The arguments will be treated as literal values.
count() Calculate the count. The arguments will be treated as literal values.
344

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

concat() Concatenate two values together. The arguments are treated as bound parameters unless
marked as literal.
coalesce() Coalesce values. The arguments are treated as bound parameters unless marked as
literal.
dateDiff() Get the difference between two dates/times. The arguments are treated as bound
parameters unless marked as literal.
now() Take either time or date as an argument allowing you to get either the current time, or
current date.
When providing arguments for SQL functions, there are two kinds of parameters you can use, literal arguments and bound parameters. Literal parameters allow you to reference columns or other SQL literals.
Bound parameters can be used to safely add user data to SQL functions. For example:
$query = $articles->find();
$concat = $query->func()->concat([
'title' => 'literal',
' NEW'
]);
$query->select(['title' => $concat]);

By making arguments with a value of literal, the ORM will know that the key should be treated as a
literal SQL value. The above would generate the following SQL on MySQL:
SELECT CONCAT(title, :c0) FROM articles;

The :c0 value will have the NEW text bound when the query is executed.
In addition to the above functions, the func() method can be used to create any generic SQL function
such as year, date_format, convert, etc. For example:
$query = $articles->find();
$year = $query->func()->year([
'created' => 'literal'
]);
$time = $query->func()->date_format([
'created' => 'literal',
"'%H:%i'" => 'literal'
]);
$query->select([
'yearCreated' => $year,
'timeCreated' => $time
]);

Would result in:

SELECT YEAR(created) as yearCreated, DATE_FORMAT(created, '%H:%i') as timeCreated FROM arti

Aggregates - Group and Having

When using aggregate functions like count and sum you may want to use group by and having
clauses:
More Information

345

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->find();
$query->select([
'count' => $query->func()->count('view_count'),
'published_date' => 'DATE(created)'
])
->group('published_date')
->having(['count >' => 3]);

Case statements

The ORM also offers the SQL case expression. The case expression allows for implementing if ...
then ... else logic inside your SQL. This can be useful for reporting on data where you need to
conditionally sum or count data, or where you need to specific data based on a condition.
If we wished to know how many published articles are in our database, wed need to generate the following
SQL:

SELECT SUM(CASE published = 'Y' THEN 1 ELSE 0) AS number_published, SUM(CASE published = 'N
FROM articles GROUP BY published

To do this with the query builder, wed use the following code:

$query = $articles->find();
$publishedCase = $query->newExpr()->addCase($query->newExpr()->add(['published' => 'Y']), 1
$notPublishedCase = $query->newExpr()->addCase($query->newExpr()->add(['published' => 'N'])
$query->select([
'number_published' => $query->func()->sum($publishedCase),
'number_unpublished' => $query->func()->sum($unpublishedCase)
])
->group('published');

The addCase function can also chain together multiple statements to create if ..
[elseif .. then .. ] [ .. else ] logic inside your SQL.

then ..

If we wanted to classify cities into SMALL, MEDIUM, or LARGE based on population size, we could do
the following:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->addCase(
[
$q->newExpr()->lt('population', 100000),
$q->newExpr()->between('population', 100000, 999000),
$q->newExpr()->gte('population', 999001),
],
['SMALL', 'MEDIUM', 'LARGE'], # values matching conditions
['string', 'string', 'string'] # type of each value
);
});
# WHERE CASE
#
WHEN population < 100000 THEN 'SMALL'

346

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

#
#
#

WHEN population BETWEEN 100000 AND 999000 THEN 'MEDIUM'


WHEN population >= 999001 THEN 'LARGE'
END

Any time there are fewer case conditions than values, addCase will automatically produce an if ..
then .. else statement:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->addCase(
[
$q->newExpr()->eq('population', 0),
],
['DESERTED', 'INHABITED'], # values matching conditions
['string', 'string'] # type of each value
);
});
# WHERE CASE
#
WHEN population = 0 THEN 'DESERTED' ELSE 'INHABITED' END

Disabling Hydration

While ORMs and object result sets are powerful, hydrating entities is sometimes unnecessary. For example,
when accessing aggregated data, building an Entity may not make sense. In these situations you may want
to disable entity hydration:
$query = $articles->find();
$query->hydrate(false);

Note: When hydration is disabled results will be returned as basic arrays.

Advanced Conditions
The query builder makes it simple to build complex where clauses. Grouped conditions can be expressed
by providing combining where(), andWhere() and orWhere(). The where() method works similar
to the conditions arrays in previous versions of CakePHP:
$query = $articles->find()
->where([
'author_id' => 3,
'OR' => [['view_count' => 2], ['view_count' => 3]],
]);

The above would generate SQL like:


SELECT * FROM articles WHERE author_id = 3 AND (view_count = 2 OR view_count = 3)

If youd prefer to avoid deeply nested arrays, you can use the orWhere() and andWhere() methods
to build your queries. Each method sets the combining operator used between the current and previous
More Information

347

CakePHP Cookbook Documentation, Release 3.x

condition. For example:


$query = $articles->find()
->where(['author_id' => 2])
->orWhere(['author_id' => 3]);

The above will output SQL similar to:


SELECT * FROM articles WHERE (author_id = 2 OR author_id = 3)

By combining orWhere() and andWhere(), you can express complex conditions that use a mixture of
operators:
$query = $articles->find()
->where(['author_id' => 2])
->orWhere(['author_id' => 3])
->andWhere([
'published' => true,
'view_count >' => 10
])
->orWhere(['promoted' => true]);

The above generates SQL similar to:


SELECT *
FROM articles
WHERE (promoted = true
OR (
(published = true AND view_count > 10)
AND (author_id = 2 OR author_id = 3)
))

By using functions as the parameters to orWhere() and andWhere(), you can easily compose conditions together with the expression objects:
$query = $articles->find()
->where(['title LIKE' => '%First%'])
->andWhere(function ($exp) {
return $exp->or_([
'author_id' => 2,
'is_highlighted' => true
]);
});

The above would create SQL like:


SELECT *
FROM articles
WHERE ((author_id = 2 OR is_highlighted = 1)
AND title LIKE '%First%')

The expression object that is passed into where() functions has two kinds of methods. The first type of
methods are combinators. The and_() and or_() methods create new expression objects that change
how conditions are combined. The second type of methods are conditions. Conditions are added into an
expression where they are combined with the current combinator.
348

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

For example, calling $exp->and_(...) will create a new Expression object that combines all conditions it contains with AND. While $exp->or_() will create a new Expression object that combines
all conditions added to it with OR. An example of adding conditions with an Expression object would
be:
$query = $articles->find()
->where(function ($exp) {
return $exp
->eq('author_id', 2)
->eq('published', true)
->notEq('spam', true)
->gt('view_count', 10);
});

Since we started off using where(), we dont need to call and_(), as that happens implicitly. Much like
how we would not need to call or_(), had we started our query with orWhere(). The above shows a
few new condition methods being combined with AND. The resulting SQL would look like:
SELECT *
FROM articles
WHERE (
author_id = 2
AND published = 1
AND spam != 1
AND view_count > 10)

However, if we wanted to use both AND & OR conditions we could do the following:
$query = $articles->find()
->where(function ($exp) {
$orConditions = $exp->or_(['author_id' => 2])
->eq('author_id', 5);
return $exp
->add($orConditions)
->eq('published', true)
->gte('view_count', 10);
});

Which would generate the SQL similar to:


SELECT *
FROM articles
WHERE (
(author_id = 2 OR author_id = 5)
AND published = 1
AND view_count > 10)

The or_() and and_() methods also allow you to use functions as their parameters. This is often easier
to read than method chaining:
$query = $articles->find()
->where(function ($exp) {
$orConditions = $exp->or_(function ($or) {
return $or->eq('author_id', 2)

More Information

349

CakePHP Cookbook Documentation, Release 3.x

->eq('author_id', 5);
});
return $exp
->not($orConditions)
->lte('view_count', 10);
});

You can negate sub-expressions using not():


$query = $articles->find()
->where(function ($exp) {
$orConditions = $exp->or_(['author_id' => 2])
->eq('author_id', 5);
return $exp
->not($orConditions)
->lte('view_count', 10);
});

Which will generate the following SQL looking like:


SELECT *
FROM articles
WHERE (
NOT (author_id = 2 OR author_id = 5)
AND view_count <= 10)

It is also possible to build expressions using SQL functions:


$query = $articles->find()
->where(function ($exp, $q) {
$year = $q->func()->year([
'created' => 'literal'
]);
return $exp
->gte($year, 2014)
->eq('published', true);
});

Which will generate the following SQL looking like:


SELECT *
FROM articles
WHERE (
YEAR(created) >= 2014
AND published = 1
)

When using the expression objects you can use the following methods to create conditions:
eq() Creates an equality condition:
$query = $cities->find()
->where(function ($exp, $q) {
return $exp->eq('population', '10000');

350

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

});
# WHERE population = 10000

notEq() Creates an inequality condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->notEq('population', '10000');
});
# WHERE population != 10000

like() Creates a condition using the LIKE operator:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->like('name', '%A%');
});
# WHERE name LIKE "%A%"

notLike() Creates a negated LIKE condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->notLike('name', '%A%');
});
# WHERE name NOT LIKE "%A%"

in() Create a condition using IN:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->in('country_id', ['AFG', 'USA', 'EST']);
});
# WHERE country_id IN ('AFG', 'USA', 'EST')

notIn() Create a negated condition using IN:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->notIn('country_id', ['AFG', 'USA', 'EST']);
});
# WHERE country_id NOT IN ('AFG', 'USA', 'EST')

gt() Create a > condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->gt('population', '10000');
});
# WHERE population > 10000

gte() Create a >= condition:

More Information

351

CakePHP Cookbook Documentation, Release 3.x

$query = $cities->find()
->where(function ($exp, $q) {
return $exp->gte('population', '10000');
});
# WHERE population >= 10000

lt() Create a < condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->lt('population', '10000');
});
# WHERE population < 10000

lte() Create a <= condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->lte('population', '10000');
});
# WHERE population <= 10000

isNull() Create an IS NULL condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->isNull('population');
});
# WHERE (population) IS NULL

isNotNull() Create a negated IS NULL condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->isNotNull('population');
});
# WHERE (population) IS NOT NULL

between() Create a BETWEEN condition:


$query = $cities->find()
->where(function ($exp, $q) {
return $exp->between('population', 999, 5000000);
});
# WHERE population BETWEEN 999 AND 5000000,

Automatically Creating IN Clauses

When building queries using the ORM, you will generally not have to indicate the data types of the columns
you are interacting with, as CakePHP can infer the types based on the schema data. If in your queries youd
like CakePHP to automatically convert equality to IN comparisons, youll need to indicate the column data
type:
352

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->find()
->where(['id' => $ids], ['id' => 'integer[]']);
// Or include IN to automatically cast to an array.
$query = $articles->find()
->where(['id IN' => $ids]);

The above will automatically create id IN (...) instead of id = ?. This can be useful when you
do not know whether you will get a scalar or array of parameters. The [] suffix on any data type name
indicates to the query builder that you want the data handled as an array. If the data is not an array, it will
first be cast to an array. After that, each value in the array will be cast using the type system. This works
with complex types as well. For example, you could take a list of DateTime objects using:
$query = $articles->find()
->where(['post_date' => $dates], ['post_date' => 'date[]']);

Automatic IS NULL Creation

When a condition value is expected to be null or any other value, you can use the IS operator to automatically create the correct expression:
$query = $categories->find()
->where(['parent_id IS' => $parentId]);

The above will create parent_id = :c1 or parent_id IS NULL depending on the type of
$parentId
Automatic IS NOT NULL Creation

When a condition value is expected not to be null or any other value, you can use the IS NOT operator
to automatically create the correct expression:
$query = $categories->find()
->where(['parent_id IS NOT' => $parentId]);

The above will create parent_id != :c1 or parent_id IS NOT NULL depending on the type of
$parentId
Raw Expressions

When you cannot construct the SQL you need using the query builder, you can use expression objects to
add snippets of SQL to your queries:
$query = $articles->find();
$expr = $query->newExpr()->add('1 + 1');
$query->select(['two' => $expr]);

More Information

353

CakePHP Cookbook Documentation, Release 3.x

Expression objects can be used with any query builder methods like where(), limit(), group(),
select() and many other methods.
Warning: Using expression objects leaves you vulnerable to SQL injection. You should avoid interpolating user data into expressions.

Getting Results
Once youve made your query, youll want to retrieve rows from it. There are a few ways of doing this:
// Iterate the query
foreach ($query as $row) {
// Do stuff.
}
// Get the results
$results = $query->all();

You can use any of the collection methods on your query objects to pre-process or transform the results:
// Use one of the collection methods.
$ids = $query->map(function ($row) {
return $row->id;
});
$maxAge = $query->max(function ($row) {
return $max->age;
});

You can use first or firstOrFail to retrieve a single record. These methods will alter the query
adding a LIMIT 1 clause:
// Get just the first row
$row = $query->first();
// Get the first row or an exception.
$row = $query->firstOrFail();

Returning the Total Count of Records

Using a single query object, it is possible to obtain the total number of rows found for a set of conditions:
$total = $articles->find()->where(['is_active' => true])->count();

The count() method will ignore the limit, offset and page clauses, thus the following will return
the same result:
$total = $articles->find()->where(['is_active' => true])->limit(10)->count();

354

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

This is useful when you need to know the total result set size in advance, without having to construct
another Query object. Likewise, all result formatting and map-reduce routines are ignored when using the
count() method.
Moreover, it is possible to return the total count for a query containing group by clauses without having to
rewrite the query in any way. For example, consider this query for retrieving article ids and their comments
count:
$query = $articles->find();
$query->select(['Articles.id', $query->func()->count('Comments.id')])
->matching('Comments')
->group(['Articles.id']);
$total = $query->count();

After counting, the query can still be used for fetching the associated records:
$list = $query->all();

Sometimes, you may want to provide an alternate method for counting the total records of a query. One
common use case for this is providing a cached value or an estimate of the total rows, or to alter the query
to remove expensive unneeded parts such as left joins. This becomes particularly handy when using the
CakePHP built-in pagination system which calls the count() method:
$query = $query->where(['is_active' => true])->counter(function ($query) {
return 100000;
});
$query->count(); // Returns 100000

In the example above, when the pagination component calls the count method, it will receive the estimated
hard-coded number of rows.
Caching Loaded Results

When fetching entities that dont change often you may want to cache the results. The Query class makes
this simple:
$query->cache('recent_articles');

Will enable caching on the querys result set. If only one argument is provided to cache() then the
default cache configuration will be used. You can control which caching configuration is used with the
second parameter:
// String config name.
$query->cache('recent_articles', 'dbResults');
// Instance of CacheEngine
$query->cache('recent_articles', $memcache);

In addition to supporting static keys, the cache() method accepts a function to generate the key. The
function you give it will receive the query as an argument. You can then read aspects of the query to
dynamically generate the cache key:

More Information

355

CakePHP Cookbook Documentation, Release 3.x

// Generate a key based on a simple checksum


// of the query's where clause
$query->cache(function ($q) {
return 'articles-' . md5(serialize($q->clause('where')));
});

The cache method makes it simple to add cached results to your custom finders or through event listeners.
When the results for a cached query are fetched the following happens:
1. The Model.beforeFind event is triggered.
2. If the query has results set, those will be returned.
3. The cache key will be resolved and cache data will be read. If the cache data is not empty, those
results will be returned.
4. If the cache misses, the query will be executed and a new ResultSet will be created. This
ResultSet will be written to the cache and returned.
Note: You cannot cache a streaming query result.

Loading Associations
The builder can help you retrieve data from multiple tables at the same time with the minimum amount of
queries possible. To be able to fetch associated data, you first need to setup associations between the tables
as described in the Associations - Linking Tables Together section. This technique of combining queries to
fetch associated data from other tables is called eager loading.
Eager loading helps avoid many of the potential performance problems surrounding lazy-loading in an
ORM. The queries generated by eager loading can better leverage joins, allowing more efficient queries to
be made. In CakePHP you define eager loaded associations using the contain method:
// In a controller or table method.
// As an option to find()
$query = $articles->find('all', ['contain' => ['Authors', 'Comments']]);
// As a method on the query object
$query = $articles->find('all');
$query->contain(['Authors', 'Comments']);

The above will load the related author and comments for each article in the result set. You can load nested
associations using nested arrays to define the associations to be loaded:
$query = $articles->find()->contain([
'Authors' => ['Addresses'], 'Comments' => ['Authors']
]);

Alternatively, you can express nested associations using the dot notation:

356

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->find()->contain([
'Authors.Addresses',
'Comments.Authors'
]);

You can eager load associations as deep as you like:


$query = $products->find()->contain([
'Shops.Cities.Countries',
'Shops.Managers'
]);

If you need to reset the containments on a query you can set the second argument to true:
$query = $articles->find();
$query->contain(['Authors', 'Comments'], true);

Passing Conditions to Contain

When using contain you are able to restrict the data returned by the associations and filter them by
conditions:
// In a controller or table method.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q
->select(['body', 'author_id'])
->where(['Comments.approved' => true]);
}
]);

Note: When you limit the fields that are fetched from an association, you must ensure that the foreign key
columns are selected. Failing to select foreign key fields will cause associated data to not be present in the
final result.
It is also possible to restrict deeply nested associations using the dot notation:
$query = $articles->find()->contain([
'Comments',
'Authors.Profiles' => function ($q) {
return $q->where(['Profiles.is_published' => true]);
}
]);

If you have defined some custom finder methods in your associated table, you can use them inside
contain:
// Bring all articles, but only bring the comments that are approved and
// popular.
$query = $articles->find()->contain([

More Information

357

CakePHP Cookbook Documentation, Release 3.x

'Comments' => function ($q) {


return $q->find('approved')->find('popular');
}
]);

Note: For BelongsTo and HasOne associations only the where and select clauses are used when
loading the associated records. For the rest of the association types you can use every clause that the query
object provides.
If you need full control over the query that is generated, you can tell contain to not append
the foreignKey constraints to the generated query. In that case you should use an array passing
foreignKey and queryBuilder:
$query = $articles->find()->contain([
'Authors' => [
'foreignKey' => false,
'queryBuilder' => function ($q) {
return $q->where(...); // Full conditions for filtering
}
]
]);

If you have limited the fields you are loading with select() but also want to load fields off of contained
associations, you can use autoFields():
// Select id & title from articles, but all fields off of Users.
$query->select(['id', 'title'])
->contain(['Users' => function($q) {
return $q->autoFields(true);
}]);

Filtering by Associated Data

A fairly common query case with associations is finding records matching specific associated data. For
example if you have Articles belongsToMany Tags you will probably want to find Articles that have the
CakePHP tag. This is extremely simple to do with the ORM in CakePHP:
// In a controller or table method.
$query = $articles->find();
$query->matching('Tags', function ($q) {
return $q->where(['Tags.name' => 'CakePHP']);
});

You can apply this strategy to HasMany associations as well. For example if Authors HasMany Articles,
you could find all the authors with recently published articles using the following:
$query = $authors->find();
$query->matching('Articles', function ($q) {
return $q->where(['Articles.created >=' => new DateTime('-10 days')]);
});

358

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Filtering by deep associations is surprisingly easy, and the syntax should be already familiar to you:
// In a controller or table method.
$query = $products->find()->matching(
'Shops.Cities.Countries', function ($q) {
return $q->where(['Countries.name' => 'Japan']);
}
);
// Bring unique articles that were commented by 'markstory' using passed variable
$username = 'markstory';
$query = $articles->find()->matching('Comments.Users', function ($q) use ($username) {
return $q->where(['username' => $username]);
});

Note: As this function will create an INNER JOIN, you might want to consider calling distinct on
the find query as you might get duplicate rows if your conditions dont filter them already. This might be
the case, for example, when the same users comments more than once on a single article.
The data from the association that is matched will be available on the _matchingData property of entities. If you both match and contain the same association, you can expect to get both the _matchingData
and standard association properties in your results.
Adding Joins

In addition to loading related data with contain(), you can also add additional joins with the query
builder:
$query = $articles->find()
->hydrate(false)
->join([
'table' => 'comments',
'alias' => 'c',
'type' => 'LEFT',
'conditions' => 'c.article_id = articles.id',
]);

You can append multiple joins at the same time by passing an associative array with multiple joins:
$query = $articles->find()
->hydrate(false)
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => 'c.article_id = articles.id',
],
'u' => [
'table' => 'users',

More Information

359

CakePHP Cookbook Documentation, Release 3.x

'type' => 'INNER',


'conditions' => 'u.id = articles.user_id',
]
]);

As seen above, when adding joins the alias can be the outer array key. Join conditions can also be expressed
as an array of conditions:
$query = $articles->find()
->hydrate(false)
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => [
'c.created >' => new DateTime('-5 days'),
'c.moderated' => true,
'c.article_id = articles.id'
]
],
], ['a.created' => 'datetime', 'c.moderated' => 'boolean']);

When creating joins by hand and using array based conditions, you need to provide the datatypes for each
column in the join conditions. By providing datatypes for the join conditions, the ORM can correctly
convert data types into SQL. In addition to join() you can use rightJoin(), leftJoin() and
innerJoin() to create joins:
// Join with an alias and string conditions
$query = $articles->find();
$query->leftJoin(
['Authors' => 'authors'],
['Authors.id = Articles.author_id']);
// Join with an alias, array conditions, and types
$query = $articles->find();
$query->innerJoin(
['Authors' => 'authors'],
[
'Authors.promoted' => true,
'Authors.created' => new DateTime('-5 days'),
'Authors.id = Articles.author_id'
],
['Authors.promoted' => 'boolean', 'Authors.created' => 'datetime']);

It should be noted that if you set the quoteIdentifiers option to true when defining your
Connection, join conditions between table fields should be set as follow:
$query = $articles->find()
->join([
'c' => [
'table' => 'comments',
'type' => 'LEFT',
'conditions' => [

360

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

'c.article_id' => new \Cake\Database\Expression\IdentifierExpression('artic


]
],
]);

This ensures that all of your identifiers will be quoted across the Query, avoiding errors with some database
Drivers (PostgreSQL notably)
Inserting Data
Unlike earlier examples, you should not use find() to create insert queries. Instead, create a new Query
object using query():
$query = $articles->query();
$query->insert(['title', 'body'])
->values([
'title' => 'First post',
'body' => 'Some body text'
])
->execute();

Generally, it is easier to insert data using entities and ORM\Table::save(). By composing a SELECT
and INSERT query together, you can create INSERT INTO ... SELECT style queries:
$select = $articles->find()
->select(['title', 'body', 'published'])
->where(['id' => 3]);
$query = $articles->query()
->insert(['title', 'body', 'published'])
->values($select)
->execute();

Updating Data
As with insert queries, you should not use find() to create update queries. Instead, create new a Query
object using query():
$query = $articles->query();
$query->update()
->set(['published' => true])
->where(['id' => $id])
->execute();

Generally, it is easier to update data using entities and ORM\Table::patchEntity().


Deleting Data
As with insert queries, you should not use find() to create delete queries. Instead, create new a query
object using query():
More Information

361

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->query();
$query->delete()
->where(['id' => $id])
->execute();

Generally, it is easier to delete data using entities and ORM\Table::delete().


More Complex Queries
The query builder is capable of building complex queries like UNION queries and sub-queries.
Unions

Unions are created by composing one or more select queries together:


$inReview = $articles->find()
->where(['need_review' => true]);
$unpublished = $articles->find()
->where(['published' => false]);
$unpublished->union($inReview);

You can create UNION ALL queries using the unionAll() method:
$inReview = $articles->find()
->where(['need_review' => true]);
$unpublished = $articles->find()
->where(['published' => false]);
$unpublished->unionAll($inReview);

Subqueries

Subqueries are a powerful feature in relational databases and building them in CakePHP is fairly intuitive.
By composing queries together, you can make subqueries:
$matchingComment = $articles->association('Comments')->find()
->select(['article_id'])
->distinct()
->where(['comment LIKE' => '%CakePHP%']);
$query = $articles->find()
->where(['id' => $matchingComment]);

Subqueries are accepted anywhere a query expression can be used. For example, in the select() and
join() methods.

362

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Adding Calculated Fields


After your queries, you may need to do some post-processing. If you need to add a few calculated fields
or derived data, you can use the formatResults() method. This is a lightweight way to map over
the result sets. If you need more control over the process, or want to reduce results you should use the
Map/Reduce feature instead. If you were querying a list of people, you could easily calculate their age with
a result formatter:
// Assuming we have built the fields, conditions and containments.
$query->formatResults(function (\Cake\Datasource\ResultSetInterface $results) {
return $results->map(function ($row) {
$row['age'] = $row['birth_date']->diff(new \DateTime)->y;
return $row;
});
});

As you can see in the example above, formatting callbacks will get a ResultSetDecorator as their first
argument. The second argument will be the Query instance the formatter was attached to. The $results
argument can be traversed and modified as necessary.
Result formatters are required to return an iterator object, which will be used as the return value for the query.
Formatter functions are applied after all the Map/Reduce routines have been executed. Result formatters
can be applied from within contained associations as well. CakePHP will ensure that your formatters are
properly scoped. For example, doing the following would work as you may expect:
// In a method in the Articles table
$query->contain(['Authors' => function ($q) {
return $q->formatResults(function ($authors) {
return $authors->map(function ($author) {
$author['age'] = $author['birth_date']->diff(new \DateTime)->y;
return $author;
});
});
});
// Get results
$results = $query->all();
// Outputs 29
echo $results->first()->author->age;

As seen above, the formatters attached to associated query builders are scoped to operate only on the data in
the association. CakePHP will ensure that computed values are inserted into the correct entity.

Table Objects
class Cake\ORM\Table
Table objects provide access to the collection of entities stored in a specific table. Each table in your
application should have an associated Table class which is used to interact with a given table. If you do not
need to customize the behavior of a given table CakePHP will generate a Table instance for you to use.

More Information

363

CakePHP Cookbook Documentation, Release 3.x

Before trying to use Table objects and the ORM, you should ensure that you have configured your database
connection.
Basic Usage
To get started, create a Table class. These classes live in src/Model/Table. Tables are a type model collection
specific to relational databases, and the main interface to your database in CakePHPs ORM. The most basic
table class would look like:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
}

Note that we did not tell the ORM which table to use for our class. By convention table objects will use
a table that matches the lower cased and underscored version of the class name. In the above example the
articles table will be used. If our table class was named BlogPosts your table should be named
blog_posts. You can specify the table to using the table() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->table('my_table');
}
}

No inflection conventions will be applied when specifying a table. By convention the ORM also expects each table to have a primary key with the name of id. If you need to modify this you can use
the primaryKey() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->primaryKey('my_id');
}
}

364

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Customizing the Entity Class a Table Uses

By default table objects use an entity class based on naming conventions. For example if your table class is
called ArticlesTable the entity would be Article. If the table class was PurchaseOrdersTable
the entity would be PurchaseOrder. If however, you want to use an entity that doesnt follow the
conventions you can use the entityClass() method to change things up:
class PurchaseOrdersTable extends Table
{
public function initialize(array $config)
{
$this->entityClass('App\Model\PO');
}
}

As seen in the examples above Table objects have an initialize() method which is called at the end of
the constructor. It is recommended that you use this method to do initialization logic instead of overriding
the constructor.
Getting Instances of a Table Class

Before you can query a table, youll need to get an instance of the table. You can do this by using the
TableRegistry class:
// In a controller or table method.
use Cake\ORM\TableRegistry;
$articles = TableRegistry::get('Articles');

The TableRegistry class provides the various dependencies for constructing a table, and maintains a registry
of all the constructed table instances making it easier to build relations and configure the ORM. See Using
the TableRegistry for more information.
Lifecycle Callbacks
As you have seen above table objects trigger a number of events. Events are useful if you want to hook into
the ORM and add logic in without subclassing or overriding methods. Event listeners can be defined in table
or behavior classes. You can also use a tables event manager to bind listeners in.
When using callback methods behaviors attached in the initialize() method will have their listeners
fired before the table callback methods are triggered. This follows the same sequencing as controllers &
components.
To add an event listener to a Table class or Behavior simply implement the method signatures as described
below. See the Events System for more detail on how to use the events subsystem.

More Information

365

CakePHP Cookbook Documentation, Release 3.x

beforeMarshal

Cake\ORM\Table::beforeMarshal(Event $event, ArrayObject $data, ArrayObject $options)


The Model.beforeMarshal event is fired before request data is converted into entities. See the Modifying Request Data Before Building Entities documentation for more information.
beforeFind

Cake\ORM\Table::beforeFind(Event $event, Query $query, ArrayObject $options, boolean


$primary)
The Model.beforeFind event is fired before each find operation. By stopping the event and supplying
a return value you can bypass the find operation entirely. Any changes done to the $query instance will be
retained for the rest of the find. The $primary parameter indicates whether or not this is the root query,
or an associated query. All associations participating in a query will have a Model.beforeFind event
triggered. For associations that use joins, a dummy query will be provided. In your event listener you can
set additional fields, conditions, joins or result formatters. These options/features will be copied onto the
root query.
You might use this callback to restrict find operations based on a users role, or make caching decisions
based on the current load.
In previous versions of CakePHP there was an afterFind callback, this has been replaced with the Modifying Results with Map/Reduce features and entity constructors.
buildValidator

Cake\ORM\Table::buildValidator(Event $event, Validator $validator, $name)


The Model.buildValidator event is fired when $name validator is created. Behaviors, can use this
hook to add in validation methods.
buildRules

Cake\ORM\Table::buildRules(Event $event, RulesChecker $rules)


The Model.buildRules event is fired before after a rules instance has been created and the tables
beforeRules() method has been called.
beforeRules

Cake\ORM\Table::beforeRules(Event $event, Entity $entity, ArrayObject $options, $operation)


The Model.beforeRules event is fired before an entity has rules applied. By stopping this event, you
can short circuit the rules checking and set the result of applying rules.

366

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

afterRules

Cake\ORM\Table::afterRules(Event $event, Entity $entity, bool $result, $operation)


The Model.afterRules event is fired after an entity has rules applied. By stopping this event, you can
return the final value of the rules checking operation.
beforeSave

Cake\ORM\Table::beforeSave(Event $event, Entity $entity, ArrayObject $options)


The Model.beforeSave event is fired before each entity is saved. Stopping this event will abort the save
operation. When the event is stopped the result of the event will be returned.
afterSave

Cake\ORM\Table::afterSave(Event $event, Entity $entity, ArrayObject $options)


The Model.afterSave event is fired after an entity is saved.
afterSaveCommit

Cake\ORM\Table::afterSaveCommit(Event $event, Entity $entity, ArrayObject $options)


The Model.afterSaveCommit event is fired after the transaction in which the save operation is
wrapped has been committed. Its also triggered for non atomic saves where database operations are implicitly committed. The event is triggered only for the primary table on which save() is directly called. The
event is not triggered if a transaction is started before calling save.
beforeDelete

Cake\ORM\Table::beforeDelete(Event $event, Entity $entity, ArrayObject $options)


The Model.beforeDelete event is fired before an entity is deleted. By stopping this event you will
abort the delete operation.
afterDelete

Cake\ORM\Table::afterDelete(Event $event, Entity $entity, ArrayObject $options)


The Model.afterDelete event is fired after an entity has been deleted.

More Information

367

CakePHP Cookbook Documentation, Release 3.x

afterDeleteCommit

Cake\ORM\Table::afterDeleteCommit(Event $event, Entity $entity, ArrayObject $options)


The Model.afterDeleteCommit event is fired after the transaction in which the delete operation is
wrapped has been is committed. Its also triggered for non atomic deletes where database operations are
implicitly committed. The event is triggered only for the primary table on which delete() is directly
called. The event is not triggered if a transaction is started before calling delete.
Behaviors
Cake\ORM\Table::addBehavior($name, array $options =[])
Behaviors provide an easy way to create horizontally re-usable pieces of logic related to table classes. You
may be wondering why behaviors are regular classes and not traits. The primary reason for this is event
listeners. While traits would allow for re-usable pieces of logic, they would complicate binding events.
To add a behavior to your table you can call the addBehavior() method. Generally the best place to do
this is in the initialize() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}

As with associations, you can use plugin syntax and provide additional configuration options:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'modified_at' => 'always'
]
]
]);
}
}

368

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

You can find out more about behaviors, including the behaviors provided by CakePHP in the chapter on
Behaviors.
Configuring Connections
By default all table instances use the default database connection. If your application uses multiple database connections you will want to configure which tables use which connections. This is the
defaultConnectionName() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public static function defaultConnectionName() {
return 'slavedb';
}
}

Note: The defaultConnectionName() method must be static.

Using the TableRegistry


class Cake\ORM\TableRegistry
As weve seen earlier, the TableRegistry class provides an easy to use factory/registry for accessing your
applications table instances. It provides a few other useful features as well.
Configuring Table Objects

static Cake\ORM\TableRegistry::get($alias, $config)


When loading tables from the registry you can customize their dependencies, or use mock objects by providing an $options array:
$articles = TableRegistry::get('Articles', [
'className' => 'App\Custom\ArticlesTable',
'table' => 'my_articles',
'connection' => $connectionObject,
'schema' => $schemaObject,
'entityClass' => 'Custom\EntityClass',
'eventManager' => $eventManager,
'behaviors' => $behaviorRegistry
]);

Pay attention to the connection and schema configuration settings, they arent string values but
objects.
The connection will take an object of Cake\Database\Connection and schema
Cake\Database\Schema\Collection.
More Information

369

CakePHP Cookbook Documentation, Release 3.x

Note: If your table also does additional configuration in its initialize() method, those values will
overwrite the ones provided to the registry.
You can also pre-configure the registry using the config() method. Configuration data is stored per alias,
and can be overridden by an objects initialize() method:
TableRegistry::config('Users', ['table' => 'my_users']);

Note: You can only configure a table before or during the first time you access that alias. Doing it after the
registry is populated will have no effect.

Flushing the Registry

static Cake\ORM\TableRegistry::clear
During test cases you may want to flush the registry. Doing so is often useful when you are using mock
objects, or modifying a tables dependencies:
TableRegistry::clear();

Entities
class Cake\ORM\Entity
While Table Objects represent and provide access to a collection of objects, entities represent individual rows
or domain objects in your application. Entities contain persistent properties and methods to manipulate and
access the data they contain.
Entities are created for you by CakePHP each time you use find() on a table object.
Creating Entity Classes
You dont need to create entity classes to get started with the ORM in CakePHP. However, if you want
to have custom logic in your entities you will need to create classes. By convention entity classes live in
src/Model/Entity/. If our application had an articles table we could create the following entity:
// src/Model/Entity/Article.php
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
}

Right now this entity doesnt do very much. However, when we load data from our articles table, well get
instances of this class.
370

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Note: If you dont define an entity class CakePHP will use the basic Entity class.

Creating Entities
Entities can be directly instantiated:
use App\Model\Entity\Article;
$article = new Article();

When instantiating an entity you can pass the properties with the data you want to store in them:
use App\Model\Entity\Article;
$article = new Article([
'id' => 1,
'title' => 'New Article',
'created' => new DateTime('now')
]);

Another way of getting new entities is using the newEntity() method from the Table objects:
use Cake\ORM\TableRegistry;
$article = TableRegistry::get('Articles')->newEntity();
$article = TableRegistry::get('Articles')->newEntity([
'id' => 1,
'title' => 'New Article',
'created' => new DateTime('now')
]);

Accessing Entity Data


Entities provide a few ways to access the data they contain. Most commonly you will access the data in an
entity using object notation:
use App\Model\Entity\Article;
$article = new Article;
$article->title = 'This is my first post';
echo $article->title;

You can also use the get() and set() methods:


$article->set('title', 'This is my first post');
echo $article->get('title');

When using set() you can update multiple properties at once using an array:

More Information

371

CakePHP Cookbook Documentation, Release 3.x

$article->set([
'title' => 'My first post',
'body' => 'It is the best ever!'
]);

Warning: When updating entities with request data you should whitelist which fields can be set with
mass assignment.

Accessors & Mutators


Cake\ORM\Entity::set($field = null, $value = null)
In addition to the simple get/set interface, entities allow you to provide accessors and mutator methods.
These methods let you customize how properties are read or set. For example:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
protected function _getTitle($title)
{
return ucwords($title);
}
}

Accessors use the convention of _get followed by the CamelCased version of the field name. They receive
the basic value stored in the _properties array as their only argument. Accessors will be used when
saving entities, so be careful when defining methods that format data, as the formatted data will be persisted.
You can customize how properties get set by defining a mutator:
namespace App\Model\Entity;
use Cake\ORM\Entity;
use Cake\Utility\Inflector;
class Article extends Entity
{
protected function _setTitle($title)
{
$this->set('slug', Inflector::slug($title));
return $title;
}
}

Mutator methods should always return the value that should be stored in the property. As you can see above,
you can also use mutators to set other calculated properties. When doing this, be careful to not introduce any
loops, as CakePHP will not prevent infinitely looping mutator methods. Mutators allow you easily convert
372

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

properties as they are set, or create calculated data. Mutators and accessors are applied when properties are
read using object notation, or using get() and set().
Creating Virtual Properties

By defining accessors you can provide access to properties that do not actually exist. For example if your
users table has first_name and last_name you could create a method for the full name:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected function _getFullName()
{
return $this->_properties['first_name'] . '
$this->_properties['last_name'];
}

' .

You can access virtual properties as if they existed on the entity. The property name will be the lower case
and underscored version of the method:
echo $user->full_name;

Do bear in mind that virtual properties cannot be used in finds.


Checking if an Entity Has Been Modified
Cake\ORM\Entity::dirty($field = null, $dirty = null)
You may want to make code conditional based on whether or not properties have changed in an entity. For
example, may only want to validate fields when they change:
// See if the title has been modified.
$article->dirty('title');

You can also flag fields as being modified. This is handy when appending into array properties:
// Add a comment and mark the field as changed.
$article->comments[] = $newComment;
$article->dirty('comments', true);

In addition you can also base you conditional code on the original properties values by using the
getOriginal() method. This method will either return the original value of the property if it has been
modified or its actual value.
You can also check for changes to any property in the entity:

More Information

373

CakePHP Cookbook Documentation, Release 3.x

// See if the entity has changed


$article->dirty();

To remove the dirty mark from fields in an entity, you can use the clean() method:
$article->clean();

When creating a new entity, you can avoid the fields from being marked as dirty by passing an extra option:
$article = new Article(['title' => 'New Article'], ['markClean' => true]);

Validation Errors
Cake\ORM\Entity::errors($field = null, $errors = null)
After you save an entity any validation errors will be stored on the entity itself. You can access any validation
errors using the errors() method:
// Get all the errors
$errors = $user->errors();
// Get the errors for a single field.
$errors = $user->errors('password');

The errors() method can also be used to set the errors on an entity, making it easier to test code that
works with error messages:
$user->errors('password', ['Password is required.']);

Mass Assignment
While setting properties to entities in bulk is simple and convenient, it can create significant security issues.
Bulk assigning user data from the request into an entity allows the user to modify any and all columns.
When using anonymous entity classes CakePHP does not protect against mass-assignment. You can easily
protect against mass-assignment by using Bake Console to generate your entities.
The _accessible property allows you to provide a map of properties and whether or not they can be
mass-assigned. The values true and false indicate whether a field can or cannot be mass-assigned:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
protected $_accessible = [
'title' => true,
'body' => true,
];
}

374

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

In addition to concrete fields there is a special * field which defines the fallback behavior if a field is not
specifically named:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class Article extends Entity
{
protected $_accessible = [
'title' => true,
'body' => true,
'*' => false,
];
}

If the * property is not defined it will default to false.


Avoiding Mass Assignment Protection

When creating a new entity using the new keyword you can tell it to not protect itself against mass assignment:
use App\Model\Entity\Article;
$article = new Article(['id' => 1, 'title' => 'Foo'], ['guard' => false]);

Modifying the Guarded Fields at Runtime

You can modify the list of guarded fields at runtime using the accessible method:
// Make user_id accessible.
$article->accessible('user_id', true);
// Make title guarded.
$article->accessible('title', false);

Note: Modifying accessible fields effects only the instance the method is called on.
When using the newEntity() and patchEntity() methods in the Table objects you can customize
mass assignment protection with options. Please refer to the Changing Accessible Fields section for more
information.
Bypassing Field Guarding

There are sometimes situations when you want to allow mass-assignment to guarded fields:

More Information

375

CakePHP Cookbook Documentation, Release 3.x

$article->set($properties, ['guard' => false]);

By setting the guard option to false, you can ignore the accessible field list for a single call to set().
Checking if an Entity was Persisted

It is often necessary to know if an entity represents a row that is already in the database. In those situations
use the isNew() method:
if (!$article->isNew()) {
echo 'This article was saved already!';
}

If you are certain that an entity has already been persisted, you can use isNew() as a setter:
$article->isNew(false);
$article->isNew(true);

Lazy Loading Associations


While eager loading associations is generally the most efficient way to access your associations, there may
be times when you need to lazily load associated data. Before we get into how to lazy load associations, we
should discuss the differences between eager loading and lazy loading associations:
Eager loading Eager loading uses joins (where possible) to fetch data from the database in as few queries
as possible. When a separate query is required, like in the case of a HasMany association, a single
query is emitted to fetch all the associated data for the current set of objects.
Lazy loading Lazy loading defers loading association data until it is absolutely required. While this can
save CPU time because possibly unused data is not hydrated into objects, it can result in many more
queries being emitted to the database. For example looping over a set of articles & their comments
will frequently emit N queries where N is the number of articles being iterated.
While lazy loading is not included by CakePHPs ORM, it is not hard to implement it yourself when and
where you need it. When implementing an accessor method you can lazily load associated data:
namespace App\Model\Entity;
use Cake\ORM\Entity;
use Cake\ORM\TableRegistry;
class Article extends Entity
{
protected function _getComments()
{
$comments = TableRegistry::get('Comments');
return $comments->find('all')
->where(['article_id' => $this->id])
->toArray();

376

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

}
}

Implementing the above method will enable you to do the following:


$article = $this->Articles->findById($id);
foreach ($article->comments as $comment) {
echo $comment->body;
}

Creating Re-usable Code with Traits


You may find yourself needing the same logic in multiple entity classes. PHPs traits are a great fit for this.
You can put your applications traits in src/Model/Entity. By convention traits in CakePHP are suffixed
with Trait so they are easily discernible from classes or interfaces. Traits are often a good compliment to
behaviors, allowing you to provide functionality for the table and entity objects.
For example if we had SoftDeletable plugin, it could provide a trait. This trait could give methods for
marking entities as deleted, the method softDelete could be provided by a trait:
// SoftDelete/Model/Entity/SoftDeleteTrait.php
namespace SoftDelete\Model\Entity;
trait SoftDeleteTrait {
public function softDelete()
{
$this->set('deleted', true);
}
}

You could then use this trait in your entity class by importing it and including it:
namespace App\Model\Entity;
use Cake\ORM\Entity;
use SoftDelete\Model\Entity\SoftDeleteTrait;
class Article extends Entity
{
use SoftDeleteTrait;
}

Converting to Arrays/JSON
When building APIs, you may often need to convert entities into arrays or JSON data. CakePHP makes this
simple:

More Information

377

CakePHP Cookbook Documentation, Release 3.x

// Get an array.
$array = $user->toArray();
// Convert to JSON
$json = json_encode($user);

When converting an entity to an array/JSON the virtual & hidden field lists are applied. Entities are converted recursively as well. This means that if you eager loaded entities and their associations CakePHP will
correctly handle converting the associated data into the correct format.
Exposing Virtual Properties

By default virtual properties are not exported when converting entities to arrays or JSON. In order to expose
virtual properties you need to make them visible. When defining your entity class you can provide a list of
virtual properties that should be exposed:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected $_virtual = ['full_name'];
}

This list can be modified at runtime using virtualProperties:


$user->virtualProperties(['full_name', 'is_admin']);

Hiding Properties

There are often fields you do not want exported in JSON or array formats. For example it is often unwise
to expose password hashes or account recovery questions. When defining an entity class, define which
properties should be hidden:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected $_hidden = ['password'];
}

This list can be modified at runtime using hiddenProperties:

378

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$user->hiddenProperties(['password', 'recovery_question']);

Storing Complex Types


Accessor & Mutator methods on entities are not intended to contain the logic for serializing and unserializing
complex data coming from the database. Refer to the Saving Complex Types section to understand how your
application can store more complex data types like arrays and objects.

Retrieving Data & Results Sets


class Cake\ORM\Table
While table objects provide an abstraction around a repository or collection of objects, when you query
for individual records you get entity objects. While this section discusses the different ways you can find
and load entities, you should read the Entities section for more information on entities.
Debugging Queries and ResultSets
Since the ORM now returns Collections and Entities, debugging these objects can be more complicated than
in previous CakePHP versions. There are now various ways to inspect the data returned by the ORM.
debug($query) Shows the SQL and bound params, does not show results.
debug($query->all()) Shows the ResultSet properties (not the results).
debug($query->toArray()) An easy way to show each of the results.
debug(json_encode($query, JSON_PRETTY_PRINT)) More human readable results.
debug($query->first()) Show the properties of a single entity.
debug((string)$query->first()) Show the properties of a single entity as JSON.
Getting a Single Entity by Primary Key
Cake\ORM\Table::get($id, $options =[])
It is often convenient to load a single entity from the database when editing or view entities and their related
data. You can do this easily by using get():
// In a controller or table method.
// Get a single article
$article = $articles->get($id);
// Get a single article, and related comments
$article = $articles->get($id, [
'contain' => ['Comments']
]);

More Information

379

CakePHP Cookbook Documentation, Release 3.x

If the get operation does not find any results a Cake\Datasource\Exception\RecordNotFoundException


will be raised. You can either catch this exception yourself, or allow CakePHP to convert it into a 404 error.
Like find() get has caching integrated. You can use the cache option when calling get() to perform
read-through caching:
// In a controller or table method.
// Use any cache config or CacheEngine instance & a generated key
$article = $articles->get($id, [
'cache' => 'custom',
]);
// Use any cache config or CacheEngine instance & specific key
$article = $articles->get($id, [
'cache' => 'custom', 'key' => 'mykey'
]);
// Explicitly disable caching
$article = $articles->get($id, [
'cache' => false
]);

Optionally you can get() an entity using Custom Finder Methods. For example you may want to get all
translations for an entity. You can achieve that by using the finder option:
$article = $articles->get($id, [
'finder' => 'translations',
]);

Using Finders to Load Data


Cake\ORM\Table::find($type, $options =[])
Before you can work with entities, youll need to load them. The easiest way to do this is using the find()
method. The find method provides an easy and extensible way to find the data you are interested in:
// In a controller or table method.
// Find all the articles
$query = $articles->find('all');

The return value of any find() method is always a Cake\ORM\Query object. The Query class allows
you to further refine a query after creating it. Query objects are evaluated lazily, and do not execute until
you start fetching rows, convert it to an array, or when the all() method is called:
// In a controller or table method.
// Find all the articles.
// At this point the query has not run.
$query = $articles->find('all');
// Iteration will execute the query.

380

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

foreach ($query as $row) {


}
// Calling execute will execute the query
// and return the result set.
$results = $query->all();
// Once we have a result set we can get all the rows
$data = $results->toArray();
// Converting the query to an array will execute it.
$results = $query->toArray();

Note: Once youve started a query you can use the Query Builder interface to build more complex queries,
adding additional conditions, limits, or include associations using the fluent interface.
// In a controller or table method.
$query = $articles->find('all')
->where(['Articles.created >' => new DateTime('-10 days')])
->contain(['Comments', 'Authors'])
->limit(10);

You can also provide many commonly used options to find(). This can help with testing as there are
fewer methods to mock:
// In a controller or table method.
$query = $articles->find('all', [
'conditions' => ['Articles.created >' => new DateTime('-10 days')],
'contain' => ['Authors', 'Comments'],
'limit' => 10
]);

The list of options supported by find() are:


conditions provide conditions for the WHERE clause of your query.
limit Set the number of rows you want.
offset Set the page offset you want. You can also use page to make the calculation simpler.
contain define the associations to eager load.
fields limit the fields loaded into the entity. Only loading some fields can cause entities to behave
incorrectly.
group add a GROUP BY clause to your query. This is useful when using aggregating functions.
having add a HAVING clause to your query.
join define additional custom joins.
order order the result set.
Any options that are not in this list will be passed to beforeFind listeners where they can be used to modify
the query object. You can use the getOptions() method on a query object to retrieve the options used.
More Information

381

CakePHP Cookbook Documentation, Release 3.x

While you can very easily pass query objects to your controllers, we recommend that you package your
queries up as Custom Finder Methods instead. Using custom finder methods will let you re-use your queries
more easily and make testing easier.
By default queries and result sets will return Entities objects. You can retrieve basic arrays by disabling
hydration:
$query->hydrate(false);
// $data is ResultSet that contains array data.
$data = $query->all();

Getting the First Result


The first() method allows you to fetch only the first row from a query. If the query has not been
executed, a LIMIT 1 clause will be applied:
// In a controller or table method.
$query = $articles->find('all', [
'order' => ['Articles.created' => 'DESC']
]);
$row = $query->first();

This approach replaces find(first) in previous versions of CakePHP. You may also want to use the
get() method if you are loading entities by primary key.
Getting a Count of Results
Once you have created a query object, you can use the count() method to get a result count of that query:
// In a controller or table method.
$query = $articles->find('all', [
'conditions' => ['Articles.title LIKE' => '%Ovens%']
]);
$number = $query->count();

See Returning the Total Count of Records for additional usage of the count() method.
Finding Key/Value Pairs
It is often useful to generate an associative array of data from your applications data. For example, this is
very useful when creating <select> elements. CakePHP provides a simple to use method for generating
lists of data:
// In a controller or table method.
$query = $articles->find('list');
$data = $query->toArray();
// Data now looks like
$data = [

382

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

1 => 'First post',


2 => 'Second article I wrote',
];

With no additional options the keys of $data will be the primary key of your table, while the values will be
the displayField of the table. You can use the displayField() method on a table object to configure
the display field of a table:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->displayField('title');
}
}

When calling list you can configure the fields used for the key and value with the keyField and
valueField options respectively:
// In a controller or table method.
$query = $articles->find('list', [
'keyField' => 'slug',
'valueField' => 'title'
]);
$data = $query->toArray();
// Data now looks like
$data = [
'first-post' => 'First post',
'second-article-i-wrote' => 'Second article I wrote',
];

Results can be grouped into nested sets. This is useful when you want bucketed sets, or want to build
<optgroup> elements with FormHelper:
// In a controller or table method.
$query = $articles->find('list', [
'keyField' => 'slug',
'valueField' => 'title',
'groupField' => 'author_id'
]);
$data = $query->toArray();
// Data now looks like
$data = [
1 => [
'first-post' => 'First post',
'second-article-i-wrote' => 'Second article I wrote',
],
2 => [
// More data.
]
];

More Information

383

CakePHP Cookbook Documentation, Release 3.x

You can also create list data from associations that can be reached with joins:
$query = $articles->find('list', [
'keyField' => 'id',
'valueField' => 'author.name'
])->contain(['Authors']);

Finding Threaded Data


The find(threaded) finder returns nested entities that are threaded together through a key field. By
default this field is parent_id. This finder allows you to easily access data stored in an adjacency list
style table. All entities matching a given parent_id are placed under the children attribute:
// In a controller or table method.
$query = $comments->find('threaded');
// Expanded default values
$query = $comments->find('threaded', [
'keyField' => $comments->primaryKey(),
'parentField' => 'parent_id'
]);
$results = $query->toArray();
echo count($results[0]->children);
echo $results[0]->children[0]->comment;

The parentField and keyField keys can be used to define the fields that threading will occur on.
Tip: If you need to manage more advanced trees of data, consider using Tree instead.

Custom Finder Methods


The examples above show how to use the built-in all and list finders. However, it is possible and
recommended that you implement your own finder methods. Finder methods are the ideal way to package
up commonly used queries, allowing you to abstract query details into a simple to use method. Finder
methods are defined by creating methods following the convention of findFoo where Foo is the name
of the finder you want to create. For example if we wanted to add a finder to our articles table for finding
published articles we would do the following:
use Cake\ORM\Query;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function findPublished(Query $query, array $options)
{
$query->where([

384

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

'Articles.published' => true,


'Articles.moderated' => true
]);
return $query;
}
}
// In a controller or table method.
$articles = TableRegistry::get('Articles');
$query = $articles->find('published');

Finder methods can modify the query as required, or use the $options to customize the finder operation
with relevant application logic. You can also stack finders, allowing you to express complex queries
effortlessly. Assuming you have both the published and recent finders, you could do the following:
// In a controller or table method.
$articles = TableRegistry::get('Articles');
$query = $articles->find('published')->find('recent');

While all the examples so far have show finder methods on table classes, finder methods can also be defined
on Behaviors.
If you need to modify the results after they have been fetched you should use a Modifying Results with
Map/Reduce function to modify the results. The map reduce features replace the afterFind callback found
in previous versions of CakePHP.
Dynamic Finders
CakePHPs ORM provides dynamically constructed finder methods which allow you to easily express simple queries with no additional code. For example if you wanted to find a user by username you could do:
// In a controller
// The following two calls are equal.
$query = $this->Users->findByUsername('joebob');
$query = $this->Users->findAllByUsername('joebob');
// In a table method
$users = TableRegistry::get('Users');
// The following two calls are equal.
$query = $users->findByUsername('joebob');
$query = $users->findAllByUsername('joebob');

When using dynamic finders you can constrain on multiple fields:


$query = $users->findAllByUsernameAndApproved('joebob', 1);

You can also create OR conditions:


$query = $users->findAllByUsernameOrEmail('joebob', '[email protected]');

While you can use either OR or AND conditions, you cannot combine the two in a single dynamic finder.
Other query options like contain are also not supported with dynamic finders. You should use Custom
More Information

385

CakePHP Cookbook Documentation, Release 3.x

Finder Methods to encapsulate more complex queries. Lastly, you can also combine dynamic finders with
custom finders:
$query = $users->findTrollsByUsername('bro');

The above would translate into the following:


$users->find('trolls', [
'conditions' => ['username' => 'bro']
]);

Once you have a query object from a dynamic finder, youll need to call first() if you want the first
result.
Note: While dynamic finders make it simple to express queries, they come with some additional performance overhead.

Retrieving Associated Data


When you want to grab associated data, or filter based on associated data, there are two ways:
use CakePHP ORM query functions like contain() and matching()
use join functions like innerJoin(), leftJoin(), and rightJoin()
You should use contain() when you want to load the primary model, and its associated data. While
contain() will let you apply additional conditions to the loaded associations, you cannot constrain the
primary model based on the associations. For more details on the contain(), look at Eager Loading
Associations.
You should use matching() when you want to restrict the primary model based on associations. For
example, you want to load all the articles that have a specific tag on them. For more details on the
matching(), look at Filtering by Associated Data.
If you prefer to use join functions, you can look at Adding Joins for more information.
Eager Loading Associations
By default CakePHP does not load any associated data when using find(). You need to contain or
eager-load each association you want loaded in your results.
Eager loading helps avoid many of the potential performance problems surrounding lazy-loading in an
ORM. The queries generated by eager loading can better leverage joins, allowing more efficient queries to
be made. In CakePHP you define eager loaded associations using the contain method:
// In a controller or table method.
// As an option to find()
$query = $articles->find('all', ['contain' => ['Authors', 'Comments']]);
// As a method on the query object

386

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->find('all');
$query->contain(['Authors', 'Comments']);

The above will load the related author and comments for each article in the result set. You can load nested
associations using nested arrays to define the associations to be loaded:
$query = $articles->find()->contain([
'Authors' => ['Addresses'], 'Comments' => ['Authors']
]);

Alternatively, you can express nested associations using the dot notation:
$query = $articles->find()->contain([
'Authors.Addresses',
'Comments.Authors'
]);

You can eager load associations as deep as you like:


$query = $products->find()->contain([
'Shops.Cities.Countries',
'Shops.Managers'
]);

If you need to reset the containments on a query you can set the second argument to true:
$query = $articles->find();
$query->contain(['Authors', 'Comments'], true);

Passing Conditions to Contain

When using contain you are able to restrict the data returned by the associations and filter them by
conditions:
// In a controller or table method.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q
->select(['body', 'author_id'])
->where(['Comments.approved' => true]);
}
]);

Note: When you limit the fields that are fetched from an association, you must ensure that the foreign key
columns are selected. Failing to select foreign key fields will cause associated data to not be present in the
final result.
It is also possible to restrict deeply nested associations using the dot notation:

More Information

387

CakePHP Cookbook Documentation, Release 3.x

$query = $articles->find()->contain([
'Comments',
'Authors.Profiles' => function ($q) {
return $q->where(['Profiles.is_published' => true]);
}
]);

If you have defined some custom finder methods in your associated table, you can use them inside
contain:
// Bring all articles, but only bring the comments that are approved and
// popular.
$query = $articles->find()->contain([
'Comments' => function ($q) {
return $q->find('approved')->find('popular');
}
]);

Note: For BelongsTo and HasOne associations only the where and select clauses are used when
loading the associated records. For the rest of the association types you can use every clause that the query
object provides.
If you need full control over the query that is generated, you can tell contain to not append
the foreignKey constraints to the generated query. In that case you should use an array passing
foreignKey and queryBuilder:
$query = $articles->find()->contain([
'Authors' => [
'foreignKey' => false,
'queryBuilder' => function ($q) {
return $q->where(...); // Full conditions for filtering
}
]
]);

If you have limited the fields you are loading with select() but also want to load fields off of contained
associations, you can use autoFields():
// Select id & title from articles, but all fields off of Users.
$query->select(['id', 'title'])
->contain(['Users' => function($q) {
return $q->autoFields(true);
}]);

Filtering by Associated Data

A fairly common query case with associations is finding records matching specific associated data. For
example if you have Articles belongsToMany Tags you will probably want to find Articles that have the
CakePHP tag. This is extremely simple to do with the ORM in CakePHP:

388

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// In a controller or table method.


$query = $articles->find();
$query->matching('Tags', function ($q) {
return $q->where(['Tags.name' => 'CakePHP']);
});

You can apply this strategy to HasMany associations as well. For example if Authors HasMany Articles,
you could find all the authors with recently published articles using the following:
$query = $authors->find();
$query->matching('Articles', function ($q) {
return $q->where(['Articles.created >=' => new DateTime('-10 days')]);
});

Filtering by deep associations is surprisingly easy, and the syntax should be already familiar to you:
// In a controller or table method.
$query = $products->find()->matching(
'Shops.Cities.Countries', function ($q) {
return $q->where(['Countries.name' => 'Japan']);
}
);
// Bring unique articles that were commented by 'markstory' using passed variable
$username = 'markstory';
$query = $articles->find()->matching('Comments.Users', function ($q) use ($username) {
return $q->where(['username' => $username]);
});

Note: As this function will create an INNER JOIN, you might want to consider calling distinct on
the find query as you might get duplicate rows if your conditions dont filter them already. This might be
the case, for example, when the same users comments more than once on a single article.
The data from the association that is matched will be available on the _matchingData property of entities. If you both match and contain the same association, you can expect to get both the _matchingData
and standard association properties in your results.
Changing Fetching Strategies

As you may know already, belongsTo and hasOne associations are loaded using a JOIN in the main
finder query. While this improves query and fetching speed and allows for creating more expressive conditions when retrieving data, this may be a problem when you want to apply certain clauses to the finder query
for the association, such as order() or limit().
For example, if you wanted to get the first comment of an article as an association:
$articles->hasOne('FirstComment', [
'className' => 'Comments',
'foreignKey' => 'article_id'
]);

More Information

389

CakePHP Cookbook Documentation, Release 3.x

In order to correctly fetch the data from this association, we will need to tell the query to use the select
strategy, since we want order by a particular column:
$query = $articles->find()->contain([
'FirstComment' => [
'strategy' => 'select',
'queryBuilder' => function ($q) {
return $q->order(['FirstComment.created' =>'ASC'])->limit(1);
}
]
]);

Dynamically changing the strategy in this way will only apply to a specific query. If you want to make the
strategy change permanent you can do:
$articles->FirstComment->strategy('select');

Using the select strategy is also a great way of making associations with tables in another database, since
it would not be possible to fetch records using joins.
Fetching With The Subquery Strategy

As your tables grow in size, fetching associations from them can become slower, especially if you
are querying big batches at once. A good way of optimizing association loading for hasMany and
belongsToMany associations is by using the subquery strategy:
$query = $articles->find()->contain([
'Comments' => [
'strategy' => 'subquery',
'queryBuilder' => function ($q) {
return $q->where(['Comments.approved' => true]);
}
]
]);

The result will remain the same as with using the default strategy, but this can greatly improve the query and
fetching time in some databases, in particular it will allow to fetch big chunks of data at the same time in
databases that limit the amount of bound parameters per query, such as Microsoft SQL Server.
You can also make the strategy permanent for the association by doing:
$articles->Comments->strategy('subquery');

Lazy Loading Associations

While CakePHP makes it easy to eager load your associations, there may be cases where you need to lazyload associations. You should refer to the Lazy Loading Associations section for more information.

390

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Working with Result Sets


Once a query is executed with all(), you will get an instance of Cake\ORM\ResultSet. This object
offers powerful ways to manipulate the resulting data from your queries. Like Query objects, ResultSets are
a Collection and you can use any collection method on ResultSet objects.
Result set objects will lazily load rows from the underlying prepared statement. By default results will be
buffered in memory allowing you to iterate a result set multiple times, or cache and iterate the results. If
you need work with a data set that does not fit into memory you can disable buffering on the query to stream
results:
$query->bufferResults(false);

Turning buffering off has a few caveats:


1. You will not be able to iterate a result set more than once.
2. You will also not be able to iterate & cache the results.
3. Buffering cannot be disabled for queries that eager load hasMany or belongsToMany associations, as
these association types require eagerly loading all results so that dependent queries can be generated.
This limitation is not present when using the subquery strategy for those associations.
Warning: Streaming results will still allocate memory for the entire results when using PostgreSQL
and SQL Server. This is due to limitations in PDO.
Result sets allow you to easily cache/serialize or JSON encode results for API results:
// In a controller or table method.
$results = $query->all();
// Serialized
$serialized = serialize($results);
// Json
$json = json_encode($results);

Both serializing and JSON encoding result sets work as you would expect. The serialized data can be
unserialized into a working result set. Converting to JSON respects hidden & virtual field settings on all
entity objects within a result set.
In addition to making serialization easy, result sets are a Collection object and support the same methods
that collection objects do. For example, you can extract a list of unique tags on a collection of articles quite
easily:
// In a controller or table method.
$articles = TableRegistry::get('Articles');
$query = $articles->find()->contain(['Tags']);
$reducer = function ($output, $value) {
if (!in_array($value, $output)) {
$output[] = $value;
}

More Information

391

CakePHP Cookbook Documentation, Release 3.x

return $output;
};
$uniqueTags = $query->all()
->extract('tags.name')
->reduce($reducer, []);

The Collections chapter has more detail on what can be done with result sets using the collections features.
Getting the First & Last Record From a ResultSet

You can use the first() and last() methods to get the respective records from a result set:
$result = $articles->find('all')->all();
// Get the first and/or last result.
$row = $result->first();
$row = $result->last();

Getting an Arbitrary Index From a ResultSet

You can use skip() and first() to get an arbitrary record from a ResultSet:
$result = $articles->find('all')->all();
// Get the 5th record
$row = $result->skip(4)->first();

Checking if a Query or ResultSet is Empty

You can use the isEmpty() method on a Query or ResultSet object to see if it has any rows in it. Calling
isEmpty() on a Query object will evaluate the query:
// Check a query.
$query->isEmpty();
// Check results
$results = $query->all();
$results->isEmpty();

Modifying Results with Map/Reduce


More often than not, find operations require post-processing the data that is found in the database. While
entities getter methods can take care of most of the virtual property generation or special data formatting,
sometimes you need to change the data structure in a more fundamental way.
For those cases, the Query object offers the mapReduce() method, which is a way of processing results
once they are fetched from the database.
392

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

A common example of changing the data structure is grouping results together based on certain conditions.
For this task we can use the mapReduce() function. We need two callable functions the $mapper and
the $reducer. The $mapper callable receives the current result from the database as first argument, the
iteration key as second argument and finally it receives an instance of the MapReduce routine it is running:
$mapper = function ($article, $key, $mapReduce) {
$status = 'published';
if ($article->isDraft() || $article->isInReview()) {
$status = 'unpublished';
}
$mapReduce->emitIntermediate($article, $status);
};

In the above example $mapper is calculating the status of an article, either published or unpublished, then
it calls emitIntermediate() on the MapReduce instance. This method stores the article in the list of
articles labelled as either published or unpublished.
The next step in the map-reduce process is to consolidate the final results. For each status created in the
mapper, the $reducer function will be called so you can do any extra processing. This function will
receive the list of articles in a particular bucket as the first parameter, the name of the bucket it needs to
process as the second parameter, and again, as in the mapper() function, the instance of the MapReduce
routine as the third parameter. In our example, we did not have to do any extra processing, so we just
emit() the final results:
$reducer = function ($articles, $status, $mapReduce) {
$mapReduce->emit($articles, $status);
};

Finally, we can put these two functions together to do the grouping:


$articlesByStatus = $articles->find()
->where(['author_id' => 1])
->mapReduce($mapper, $reducer);
foreach ($articlesByStatus as $status => $articles) {
echo sprintf("The are %d %s articles", count($articles), $status);
}

The above will ouput the following lines:


There are 4 published articles
There are 5 unpublished articles

Of course, this is a simplistic example that could actually be solved in another way without the help of a
map-reduce process. Now, lets take a look at another example in which the reducer function will be needed
to do something more than just emitting the results.
Calculating the most commonly mentioned words, where the articles contain information about CakePHP,
as usual we need a mapper function:
$mapper = function ($article, $key, $mapReduce) {
if (stripos('cakephp', $article['body']) === false) {
return;
}

More Information

393

CakePHP Cookbook Documentation, Release 3.x

$words = array_map('strtolower', explode(' ', $article['body']));


foreach ($words as $word) {
$mapReduce->emitIntermediate($article['id'], $word);
}
};

It first checks for whether the cakephp word is in the articles body, and then breaks the body into individual words. Each word will create its own bucket where each article id will be stored. Now lets reduce
our results to only extract the count:
$reducer = function ($occurrences, $word, $mapReduce) {
$mapReduce->emit(count($occurrences), $word);
}

Finally, we put everything together:


$articlesByStatus = $articles->find()
->where(['published' => true])
->andWhere(['published_date >=' => new DateTime('2014-01-01')])
->hydrate(false)
->mapReduce($mapper, $reducer);

This could return a very large array if we dont clean stop words, but it could look something like this:
[
'cakephp' => 100,
'awesome' => 39,
'impressive' => 57,
'outstanding' => 10,
'mind-blowing' => 83
]

One last example and you will be a map-reduce expert. Imagine you have a friends table and you want
to find fake friends in our database, or better said, people who do not follow each other. Lets start with
our mapper() function:
$mapper = function ($rel, $key, $mr) {
$mr->emitIntermediate($rel['source_user_id'], $rel['target_user_id']);
$mr->emitIntermediate($rel['target_user_id'], $rel['source_target_id']);
};

We just duplicated our data to have a list of users each other user follows. Now its time to reduce it. For
each call to the reducer, it will receive a list of followers per user:
// $friends list will look like
// repeated numbers mean that the relationship existed in both directions
[2, 5, 100, 2, 4]
$reducer = function ($friendsList, $user, $mr) {
$friends = array_count_values($friendsList);
foreach ($friends as $friend => $count) {
if ($count < 2) {
$mr->emit($friend, $user);

394

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

}
}
}

And we supply our functions to a query:


$fakeFriends = $friends->find()
->hydrate(false)
->mapReduce($mapper, $reducer)
->toArray();

This would return an array similar to this:


[
1 => [2, 4],
3 => [6]
...
]

The resulting array means, for example, that user with id 1 follows users 2 and 4, but those do not follow 1
back.
Stacking Multiple Operations

Using mapReduce in a query will not execute it immediately. The operation will be registered to be run as
soon as the first result is attempted to be fetched. This allows you to keep chaining additional methods and
filters to the query even after adding a map-reduce routine:
$query = $articles->find()
->where(['published' => true])
->mapReduce($mapper, $reducer);
// At a later point in your app:
$query->where(['created >=' => new DateTime('1 day ago')]);

This is particularly useful for building custom finder methods as described in the Custom Finder Methods
section:
public function findPublished(Query $query, array $options)
{
return $query->where(['published' => true]);
}
public function findRecent(Query $query, array $options)
{
return $query->where(['created >=' => new DateTime('1 day ago')]);
}
public function findCommonWords(Query $query, array $options)
{
// Same as in the common words example in the previous section
$mapper = ...;

More Information

395

CakePHP Cookbook Documentation, Release 3.x

$reducer = ...;
return $query->mapReduce($mapper, $reducer);
}
$commonWords = $articles
->find('commonWords')
->find('published')
->find('recent');

Moreover, it is also possible to stack more than one mapReduce operation for a single query. For example,
if we wanted to have the most commonly used words for articles, but then filter it to only return words that
were mentioned more than 20 times across all articles:
$mapper = function ($count, $word, $mr) {
if ($count > 20) {
$mr->emit($count, $word);
}
};
$articles->find('commonWords')->mapReduce($mapper);

Removing All Stacked Map-reduce Operations

Under some circumstances you may want to modify a Query object so that no mapReduce operations are
executed at all. This can be easily done by calling the method with both parameters as null and the third
parameter (overwrite) as true:
$query->mapReduce(null, null, true);

Validating Data
Before you save your data you will probably want to ensure the data is correct and consistent. In CakePHP
we have two stages of validation:
1. Before request data is converted into entities validation rules around data types, and formatting can be
applied.
2. Before data is saved, domain or application rules can be applied. These rules help ensure that your
applications data remains consistent.
Validating Data Before Building Entities
When marshalling data into entities, you can validate data. Validating data allows you to check the type,
shape and size of data. By default request data will be validated before it is converted into entities. If any
validation rules fail, the returned entity will contain errors. The fields with errors will not be present in the
returned entity:

396

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$article = $articles->newEntity($this->request->data);
if ($article->errors()) {
// Entity failed validation.
}

When building an entity with validation enabled the following things happen:
1. The validator object is created.
2. The table and default validation provider are attached.
3. The named validation method is invoked. For example, validationDefault.
4. The Model.buildValidator event will be triggered.
5. Request data will be validated.
6. Request data will be type cast into types that match the column types.
7. Errors will be set into the entity.
8. Valid data will be set into the entity, while fields that failed validation will be left out.
If youd like to disable validation when converting request data, set the validate option to false:
$article = $articles->newEntity(
$this->request->data,
['validate' => false]
);

The same can be said about the patchEntity() method:


$article = $articles->patchEntity($article, $newData, [
'validate' => false
]);

Creating A Default Validation Set


Validation rules are defined in the Table classes for convenience. This helps find what data should be
validated in correspondence to where it will be saved.
To create a default validation object in your table, create the validationDefault() function:
use Cake\ORM\Table;
use Cake\Validation\Validator;
class ArticlesTable extends Table
{
public function validationDefault(Validator $validator)
{
$validator
->requirePresence('title', 'create')
->notEmpty('title');

More Information

397

CakePHP Cookbook Documentation, Release 3.x

$validator
->allowEmpty('link')
->add('link', 'valid-url', ['rule' => 'url']);
...
return $validator;
}
}

The available validation methods and rules come from the Validator class and they are documented in
the Creating Validators section.
Note: Validation objects are mainly meant to be used to validate user input, i.e. forms and any other posted
request data.

Using A Different Validation Set


In addition to disabling validation you can choose which validation rule set you want applied:
$article = $articles->newEntity(
$this->request->data,
['validate' => 'update']
);

The above would call the validationUpdate() method on the table instance to build the required rules.
By default the validationDefault() method will be used. A sample validator for our articles table
would be:
class ArticlesTable extends Table
{
public function validationUpdate($validator)
{
$validator
->add('title', 'notEmpty', [
'rule' => 'notEmpty',
'message' => __('You need to provide a title'),
])
->add('body', 'notEmpty', [
'rule' => 'notEmpty',
'message' => __('A body is required')
]);
return $validator;
}
}

You can have as many validation sets as you need. See the validation chapter for more information on
building validation rule-sets.

398

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Using A Different Validation Set For Associations

Validation sets can also be defined per association. When using the newEntity() or patchEntity()
methods, you can pass extra options to each of the associations to be converted:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'user' => [
'username' => 'mark'
],
'comments' => [
['body' => 'First comment'],
['body' => 'Second comment'],
]
];
$article = $articles->patchEntity($article, $data, [
'validate' => 'update',
'associated' => [
'Users' => ['validate' => 'signup'],
'Comments' => ['validate' => 'custom']
]
]);

Combining Validators
Because of the way validator objects are built, it is easy to beak their construction process into multiple
reusable steps:
// UsersTable.php
public function validateDefault(Validator $validator)
{
$validator->notEmpty('username');
$validator->notEmpty('password');
$validator->add('email', 'valid-email', ['rule' => 'email']);
...
return $validator;
}
public function validateHardened(Validator $validator)
{
$validator = $this->validateDefault($validator);
$validator->add('password', 'length', ['rule' => 'between', 8, 100]);
return $validator;
}

Given the above setup, when using the hardened validation set, it will also contain the rules from the
More Information

399

CakePHP Cookbook Documentation, Release 3.x

default set.
Validation Providers
Validation rules can use functions defined on any known providers. By default CakePHP sets up a few
providers:
1. Methods on the table class, or its behaviors are available on the table provider.
2. The core Validation\Validation class is setup as the default provider.
When a validation rule is created you can name the provider of that rule. For example, if your table had a
isValidRole method you could use it as a validation rule:
use Cake\ORM\Table;
use Cake\Validation\Validator;
class UsersTable extends Table
{
public function validationDefault(Validator $validator)
{
$validator
->add('role', 'validRole', [
'rule' => 'isValidRole',
'message' => __('You need to provide a valid role'),
'provider' => 'table',
]);
return $validator;
}
public function isValidRole($value, array $context)
{
return in_array($value, ['admin', 'editor', 'author'], true);
}
}

You can also use closures for validation rules:


$validator->add('name', 'myRule', [
'rule' => function ($data, $provider) {
if ($data > 1) {
return true;
}
return 'Not a good value.';
}
]);

Validation methods can return error messages when they fail. This is a simple way to make error messages
dynamic based on the provided value.

400

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Getting Validators From Tables


Once you have created a few validation sets in your table class, you can get the resulting object by name:
$defaultValidator = $usersTable->validator('default');
$hardenedValidator = $usersTable->validator('hardened');

Default Validator Class


As stated above,
by default the validation methods receive an instance of
Cake\Validation\Validator. Instead, if you want your custom validators instance to be
used each time, you can use tables $_validatorClass property:
// In your table class
public function initialize()
{
$this->_validatorClass = '\FullyNamespaced\Custom\Validator';
}

Applying Application Rules


While basic data validation is done when request data is converted into entities, many applications also have
more complex validation that should only be applied after basic validation has completed.
These types of rules are often referred to as domain rules or application rules. CakePHP exposes this
concept through RulesCheckers which are applied before entities are persisted. Some example domain
rules are:
Ensuring email uniqueness
State transitions or workflow steps, for example updating an invoices status.
Preventing modification of soft deleted items.
Enforcing usage/rate limit caps.
Domain rules are checked when calling the Table save() and delete() methods.
Creating a Rules Checker

Rules checker classes are generally defined by the buildRules() method in your table class. Behaviors
and other event subscribers can use the Model.buildRules event to augment the rules checker for a
given Table class:
use Cake\ORM\RulesChecker;
// In a table class
public function buildRules(RulesChecker $rules)
{

More Information

401

CakePHP Cookbook Documentation, Release 3.x

// Add a rule that is applied for create and update operations


$rules->add(function ($entity, $options) {
// Return a boolean to indicate pass/fail
}, 'ruleName');
// Add a rule for create.
$rules->addCreate(function ($entity, $options) {
}, 'ruleName');
// Add a rule for update
$rules->addUpdate(function ($entity, $options) {
}, 'ruleName');
// Add a rule for the deleting.
$rules->addDelete(function ($entity, $options) {
}, 'ruleName');
return $rules;
}

Your rules functions can expect to get the Entity being checked, and an array of options. The options
array will contain errorField, message, and repository. The repository option will contain
the table class the rules are attached to. Because rules accept any callable, you can also use instance
functions:
$rules->addCreate([$this, 'uniqueEmail'], 'uniqueEmail');

or callable classes:
$rules->addCreate(new IsUnique(['email']), 'uniqueEmail');

When adding rules you can define the field the rule is for, and the error message as options:
$rules->add([$this, 'isValidState'], 'validState', [
'errorField' => 'status',
'message' => 'This invoice cannot be moved to that status.'
]);

The error will be visible when calling the errors() method in the entity:
$entity->errors(); // Contains the domain rules error messages

Creating Unique Field Rules

Because unique rules are quite common, CakePHP includes a simple Rule class that allows you to easily
define unique field sets:
use Cake\ORM\Rule\IsUnique;
// A single field.
$rules->add($rules->isUnique(['email']));

402

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// A list of fields
$rules->add($rules->isUnique(['username', 'account_id']));

When setting rules on foreign key fields it is important to remember, that only the fields listed are used in
the rule. This means that setting $user->account->id will not trigger the above rule.
Foreign Key Rules

While you could rely on database errors to enforce constraints, using rules code can help provide a nicer
user experience. Because of this CakePHP includes an ExistsIn rule class:
// A single field.
$rules->add($rules->existsIn('article_id', 'articles'));
// Multiple keys, useful for composite primary keys.
$rules->add($rules->existsIn(['site_id', 'article_id'], 'articles'));

The fields to check existence against in the related table must be part of the primary key.
Using Entity Methods as Rules

You may want to use entity methods as domain rules:


$rules->add(function ($entity, $options) {
return $entity->isOkLooking();
}, 'ruleName');

Creating Custom Rule objects

If your application has rules that are commonly reused, it is helpful to package those rules into re-usable
classes:
// in src/Model/Rule/CustomRule.php
namespace App\Model\Rule;
use Cake\Datasource\EntityInterface;
class CustomRule
{
public function __invoke(EntityInterface $entity, array $options)
{
// Do work
return false;
}
}

// Add the custom rule


use App\Model\Rule\CustomRule;

More Information

403

CakePHP Cookbook Documentation, Release 3.x

$rules->add(new CustomRule(...), 'ruleName');

By creating custom rule classes you can keep your code DRY and make your domain rules easy to test.
Disabling Rules

When saving an entity, you can disable the rules if necessary:


$articles->save($article, ['checkRules' => false]);

Validation vs. Application Rules


The CakePHP ORM is unique in that it uses a two-layered approach to validation. As you already
discovered, the first layer is done through the Validator objects when calling newEntity() or
patchEntity():
$validatedEntity = $articlesTable->newEntity($unsafeData);
$validedEntity = $articlesTable->patchEntity($entity, $unsafeData);

Validation is defined using the validationCustomName() methods:


public function validationCustom($validator)
{
$validator->add(...);
return $validator;
}

Validation is meant for forms, and request data. This means that validation rule sets can assume things about
the structure of a form, and validate fields not in the schema of the database. Validation assumes strings or
array are passed as that is what is received from any request:
// In src/Model/Table/UsersTable.php
public function validatePasswords($validator)
{
$validator->add('confirm_password', 'no-misspelling', [
'rule' => ['compareWith', 'password'],
'message' => 'Passwords are not equal',
]);
...
return $validator;
}

Validation is not triggered when directly setting properties to your entities:


$userEntity->email = 'not an email!!';
$usersTable->save($userEntity);

In the above example the entity will be saved as validation is only triggered for the newEntity() and
patchEntity() methods. The second level of validation is meant to deal with this situation.

404

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Application rules, as explained above will be checked whenever save() or delete() are called:
// In src/Model/Table/UsersTable.php
public function buildRules(RulesChecker $rules)
{
$rules->add($rules->isUnique('email'));
return $rules;
}
// Elsewhere in application code
$useEntity->email = '[email protected]';
$usersTable->save($entity); // Returns false

While Validation is meant for direct user input, application rules are specific for data transitions generated
inside your application:
// In src/Model/Table/OrdersTable.php
public function buildRules(RulesChecker $rules)
{
$check = function ($order) {
return $order->price < 100 && $order->shipping_mode === 'free';
};
$rules->add($check, [
'errorField' => 'shipping_mode',
'message' => 'No free shipping for order under 100!'
]);
return $rules;
}
// Elsewhere in application code
$order->price = 50;
$oder->shipping_mode = 'free';
$ordersTable->save($order); // Returns false

Using Validation as Application Rules

In certain situations you may want to run the same data validation routines for data that was both generated
by users and inside your application. This could come up when running a CLI script that directly sets
properties to entities:
// In src/Model/Table/UsersTable.php
public function validationDefault(Validator $validator)
{
$validator->add('email', 'valid', [
'rule' => 'email',
'message' => 'Invalid email'
]);
...
return $validator;
}
public function buildRules(RulesChecker $rules)

More Information

405

CakePHP Cookbook Documentation, Release 3.x

{
// Add validation rules
$rules->add(function ($entity) {
$data = $entity->extract($this->schema()->columns(), true);
$validator = $this->validator('default');
$errors = $validator->errors($data, $entity->isNew());
$entity->errors($errors);
return empty($errors);
});
...
return $rules;
}

When executed, the following code will fail saving thanks to the new application rule that was added:
$userEntity->email = 'not an email!!!';
$usersTable->save($userEntity);
$userEntity->errors('email'); // Invalid email

The same result can be expected when using newEntity() or patchEntity():


$userEntity = $usersTable->newEntity(['email' => 'not an email!!']);
$userEntity->errors('email'); // Invalid email

Saving Data
class Cake\ORM\Table
After you have loaded your data you will probably want to update & save the changes.
A Glance Over Saving Data
Applications will usually have a couple ways in which data is saved. The first one is obviously though web
forms and the other is by directly generating or changing data in the code to be sent to the database.
Inserting Data

The easiest way to insert data in the database is creating a new entity and passing it to the save() method
in the Table class:
use Cake\ORM\TableRegistry;
$articlesTable = TableRegistry::get('Articles');
$article = $articlesTable->newEntity();
$article->title = 'A New Article';
$article->body = 'This is the body of the article';

406

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

if ($articlesTable->save($article)) {
// The $article entity contain the id now
$id = $article->id;
}

Updating Data

Updating is equally easy, and the save() method is also used for that purpose:
use Cake\ORM\TableRegistry;
$articlesTable = TableRegistry::get('Articles');
$article = $articlesTable->get(12); // article with id 12
$article->title = 'A new title for the article';
$articlesTable->save($article);

CakePHP will know whether to do an insert or an update based on the return value of the isNew() method.
Entities that were retrieved with get() or find() will always return false when isNew() is called
on them.
Saving With Associations

By default the save() method will also save one level of associations:
$articlesTable = TableRegistry::get('Articles');
$author = $articlesTable->Authors->findByUserName('mark')->first();
$article = $articlesTable->newEntity();
$article->title = 'An article by mark';
$article->author = $author;
if ($articlesTable->save($article)) {
// The foreign key value was set automatically.
echo $article->author_id;
}

The save() method is also able to create new records for associations:
$firstComment = $articlesTable->Comments->newEntity();
$firstComment->body = 'This is a great article';
$secondComment = $articlesTable->Comments->newEntity();
$secondComment->body = 'I like reading this!';
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag2 = $articlesTable->Tags->newEntity();
$tag2->name = 'awesome';
$article = $articlesTable->get(12);

More Information

407

CakePHP Cookbook Documentation, Release 3.x

$article->comments = [$firstComment, $secondComment];


$article->tags = [$tag1, $tag2];
$articlesTable->save($article);

Associate Many To Many Records

In the code above there was already an example of linking an article to a couple tags. There is another way
of doing the same by using the link() method in the association:
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag2 = $articlesTable->Tags->newEntity();
$tag2->name = 'awesome';
$articlesTable->Tags->link($article, [$tag1, $tag2]);

Saving Data To The Join Table

Saving data to the join table is done by using the special _joinData property. This property should be an
Entity instance from the join Table class:
$tag1 = $articlesTable->Tags->findByName('cakephp')->first();
$tag1->_joinData = $articlesTable->ArticlesTags->newEntity();
$tag1->_joinData->tagComment = 'I think this is related to cake';
$articlesTable->Tags->link($article, [$tag1]);

Unlink Many To Many Records

Unlinking many to many records is done via the unlink() method:


$tags = $articlesTable
->Tags
->find()
->where(['name IN' => ['cakephp', 'awesome']])
->toArray();
$articlesTable->Tags->unlink($article, $tags);

When modifying records by directly setting or changing the properties no validation happens, which is a
problem when accepting form data. The following sections will show you how to efficiently convert form
data into entities so that they can be validated and saved.
Converting Request Data into Entities
Before editing and saving data back into the database, youll need to convert the request data from the array
format held in the request, and the entities that the ORM uses. The Table class provides an easy way to
408

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

convert one or many entities from request data. You can convert a single entity using:
// In a controller.
$articles = TableRegistry::get('Articles');
// Validate and convert to an Entity object
$entity = $articles->newEntity($this->request->data());

The request data should follow the structure of your entities. For example if you had an article, which
belonged to a user, and had many comments, your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'user' => [
'username' => 'mark'
],
'comments' => [
['body' => 'First comment'],
['body' => 'Second comment'],
]
];

By default, the newEntity() method validates the data that gets passed to it, as explained in the Validating Data Before Building Entities section. If you wish to prevent data from being validated, pass the
validate => false option:
$entity = $articles->newEntity($data, ['validate' => false]);

When building forms that save nested associations, you need to define which associations should be marshalled:
// In a controller
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => [
'Tags', 'Comments' => ['associated' => ['Users']]
]
]);

The above indicates that the Tags, Comments and Users for the Comments should be marshalled.
Alternatively, you can use dot notation for brevity:
// In a controller.
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => ['Tags', 'Comments.Users']
]);

Associated data is also validated by default unless told otherwise. You may also change the validation set to
be used per association:
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [

More Information

409

CakePHP Cookbook Documentation, Release 3.x

'associated' => [
'Tags' => ['validate' => false],
'Comments.Users' => ['validate' => 'signup']
]
]);

Converting BelongsToMany Data

If you are saving belongsToMany associations you can either use a list of entity data or a list of ids. When
using a list of entity data your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
['tag' => 'CakePHP'],
['tag' => 'Internet'],
]
];

The above will create 2 new tags. If you want to link an article with existing tags you can use a list of ids.
Your request data should look like:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
'_ids' => [1, 2, 3, 4]
]
];

If you need to link against some existing belongsToMany records, and create new ones at the same time you
can use an expanded format:
$data = [
'title' => 'My title',
'body' => 'The text',
'user_id' => 1,
'tags' => [
['name' => 'A new tag'],
['name' => 'Another new tag'],
['id' => 5],
['id' => 21]
]
];

When the above data is converted into entities, you will have 4 tags. The first two will be new objects, and
the second two will be references to existing records.

410

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Converting HasMany Data

If you are saving hasMany associations and want to link existing records to a new parent record you can use
the _ids format:
$data = [
'title' => 'My new article',
'body' => 'The text',
'user_id' => 1,
'comments' => [
'_ids' => [1, 2, 3, 4]
]
];

Converting Multiple Records

When creating forms that create/update multiple records at once you can use newEntities():
// In a controller.
$articles = TableRegistry::get('Articles');
$entities = $articles->newEntities($this->request->data());

In this situation, the request data for multiple articles should look like:
$data = [
[
'title' => 'First post',
'published' => 1
],
[
'title' => 'Second post',
'published' => 1
],
];

Changing Accessible Fields

Its also possible to allow newEntity() to write into non accessible fields. For example, id is usually
absent from the _accessible property. In such case, you can use the accessibleFields option. It
could be useful to keep ids of associated entities:
// In a controller
$articles = TableRegistry::get('Articles');
$entity = $articles->newEntity($this->request->data(), [
'associated' => [
'Tags', 'Comments' => [
'associated' => [
'Users' => [
'accessibleFields' => ['id' => true]
]

More Information

411

CakePHP Cookbook Documentation, Release 3.x

]
]
]
]);

The above will keep the association unchanged between Comments and Users for the concerned entity.
Once youve converted request data into entities you can save() or delete() them:
// In a controller.
foreach ($entities as $entity) {
// Save entity
$articles->save($entity);
// Delete entity
$articles->delete($entity);
}

The above will run a separate transaction for each entity saved. If youd like to process all the entities as a
single transaction you can use transactional():
// In a controller.
$articles->connection()->transactional(function () use ($articles, $entities) {
foreach ($entities as $entity) {
$articles->save($entity, ['atomic' => false]);
}
});

Note: If you are using newEntity() and the resulting entities are missing some or all of the data they were
passed, double check that the columns you want to set are listed in the $_accessible property of your
entity.

Merging Request Data Into Entities

In order to update entities you may choose to apply request data directly to an existing entity. This has
the advantage that only the fields that actually changed will be saved, as opposed to sending all fields
to the database to be persisted. You can merge an array of raw data into an existing entity using the
patchEntity() method:
// In a controller.
$articles = TableRegistry::get('Articles');
$article = $articles->get(1);
$articles->patchEntity($article, $this->request->data());
$articles->save($article);

Validation and patchEntity Similar to newEntity(), the patchEntity method will validate the
data before it is copied to the entity. The mechanism is explained in the Validating Data Before Building
Entities section. If you wish to disable validation while patching an entity, pass the validate option as
follows:
412

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// In a controller.
$articles = TableRegistry::get('Articles');
$article = $articles->get(1);
$articles->patchEntity($article, $data, ['validate' => false]);

You may also change the validation set used for the entity or any of the associations:
$articles->patchEntity($article, $this->request->data(), [
'validate' => 'custom',
'associated' => ['Tags', 'Comments.Users' => ['validate' => 'signup']]
]);

Patching HasMany and BelongsToMany As explained in the previous section, the request data should
follow the structure of your entity. The patchEntity() method is equally capable of merging associations, by default only the first level of associations are merged, but if you wish to control the list of
associations to be merged or merge deeper to deeper levels, you can use the third parameter of the method:
// In a controller.
$article = $articles->get(1);
$articles->patchEntity($article, $this->request->data(), [
'associated' => ['Tags', 'Comments.Users']
]);
$articles->save($article);

Associations are merged by matching the primary key field in the source entities to the corresponding fields
in the data array. For belongsTo and hasOne associations, new entities will be constructed if no previous
entity is found for the target property.
For example give some request data like the following:
$data = [
'title' => 'My title',
'user' => [
'username' => 'mark'
]
];

Trying to patch an entity without an entity in the user property will create a new user entity:
// In a controller.
$entity = $articles->patchEntity(new Article, $data);
echo $entity->user->username; // Echoes 'mark'

The same can be said about hasMany and belongsToMany associations, but an important note should be
made.
Note: For belongsToMany associations, ensure the relevant entity has a property accessible for the associated entity.
If a Product belongsToMany Tag:

More Information

413

CakePHP Cookbook Documentation, Release 3.x

// in the
protected
// ..
'tags'
];

Product Entity
$_accessible = [
other properties
=> true,

Note: For hasMany and belongsToMany associations, if there were any entities that could not be matched
by primary key to any record in the data array, then those records will be discarded from the resulting entity.
Remember that using either patchEntity() or patchEntities() does not persist the data, it just
edits (or creates) the given entities. In order to save the entity you will have to call the save() method.
For example, consider the following case:
$data = [
'title' => 'My title',
'body' => 'The text',
'comments' => [
['body' => 'First comment', 'id' => 1],
['body' => 'Second comment', 'id' => 2],
]
];
$entity = $articles->newEntity($data);
$articles->save($article);
$newData = [
'comments' => [
['body' => 'Changed comment', 'id' => 1],
['body' => 'A new comment'],
]
];
$articles->patchEntity($entity, $newData);
$articles->save($article);

At the end, if the entity is converted back to an array you will obtain the following result:
[
'title' => 'My title',
'body' => 'The text',
'comments' => [
['body' => 'Changed comment', 'id' => 1],
['body' => 'A new comment'],
]
];

As you can see, the comment with id 2 is no longer there, as it could not be matched to anything in the
$newData array. This is done this way to better capture the intention of a request data post. The sent data
is reflecting the new state that the entity should have.
Some additional advantages of this approach is that it reduces the number of operations to be executed when
persisting the entity again.
Please note that this does not mean that the comment with id 2 was removed from the database, if you wish
414

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

to remove the comments for that article that are not present in the entity, you can collect the primary keys
and execute a batch delete for those not in the list:
// In a controller.
$comments = TableRegistry::get('Comments');
$present = (new Collection($entity->comments))->extract('id');
$comments->deleteAll([
'article_id' => $article->id,
'id NOT IN' => $present
]);

As you can see, this also helps creating solutions where an association needs to be implemented like a single
set.
You can also patch multiple entities at once. The consideration made for patching hasMany and belongsToMany associations apply for patching multiple entities: Matches are done by the primary key field
value and missing matches in the original entities array will be removed and not present in the result:
// In a controller.
$articles = TableRegistry::get('Articles');
$list = $articles->find('popular')->toArray();
$patched = $articles->patchEntities($list, $this->request->data());
foreach ($patched as $entity) {
$articles->save($entity);
}

Similarly to using patchEntity(), you can use the third argument for controlling the associations that
will be merged in each of the entities in the array:
// In a controller.
$patched = $articles->patchEntities(
$list,
$this->request->data(),
['associated' => ['Tags', 'Comments.Users']]
);

Modifying Request Data Before Building Entities

If you need to modify request data before it is converted into entities, you can use the
Model.beforeMarshal event. This event lets you manipulate the request data just before entities are
created:
// In a table or behavior class
public function beforeMarshal(Event $event, ArrayObject $data, ArrayObject $options)
{
$data['username'] .= 'user';
}

The $data parameter is an ArrayObject instance, so you dont have to return it to change the data used
to create entities.

More Information

415

CakePHP Cookbook Documentation, Release 3.x

Validating Data Before Building Entities

The Validating Data chapter has more information on how to use the validation features of CakePHP to
ensure your data stays correct and consistent.
Avoiding Property Mass Assignment Attacks

When creating or merging entities from request data you need to be careful of what you allow your users to
change or add in the entities. For example, by sending an array in the request containing the user_id an
attacker could change the owner of an article, causing undesirable effects:
// Contains ['user_id' => 100, 'title' => 'Hacked!'];
$data = $this->request->data;
$entity = $this->patchEntity($entity, $data);
$this->save($entity);

There are two ways of protecting you against this problem. The first one is by setting the default columns
that can be safely set from a request using the Mass Assignment feature in the entities.
The second way is by using the fieldList option when creating or merging data into an entity:
// Contains ['user_id' => 100, 'title' => 'Hacked!'];
$data = $this->request->data;
// Only allow title to be changed
$entity = $this->patchEntity($entity, $data, [
'fieldList' => ['title']
]);
$this->save($entity);

You can also control which properties can be assigned for associations:
// Only allow changing the title and tags
// and the tag name is the only column that can be set
$entity = $this->patchEntity($entity, $data, [
'fieldList' => ['title', 'tags'],
'associated' => ['Tags' => ['fieldList' => ['name']]]
]);
$this->save($entity);

Using this feature is handy when you have many different functions your users can access and you want to
let your users edit different data based on their privileges.
The fieldList options is also accepted by the newEntity(),
patchEntities() methods.

newEntities() and

Saving Entities
Cake\ORM\Table::save(Entity $entity, array $options =[])

416

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

When saving request data to your database you need to first hydrate a new entity using newEntity() for
passing into save(). For example:
// In a controller
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($this->request->data);
if ($articles->save($article)) {
// ...
}

The ORM uses the isNew() method on an entity to determine whether or not an insert or update should be
performed. If the isNew() method returns true and the entity has a primary key value, an exists query
will be issued. The exists query can be suppressed by passing checkExisting => false in the
$options argument:
$articles->save($article, ['checkExisting' => false]);

Once youve loaded some entities youll probably want to modify them and update your database. This is a
pretty simple exercise in CakePHP:
$articles = TableRegistry::get('Articles');
$article = $articles->find('all')->where(['id' => 2])->first();
$article->title = 'My new title';
$articles->save($article);

When saving, CakePHP will apply your rules, and wrap the save operation in a database transaction. It will
also only update properties that have changed. The above save() call would generate SQL like:
UPDATE articles SET title = 'My new title' WHERE id = 2;

If you had a new entity, the following SQL would be generated:


INSERT INTO articles (title) VALUES ('My new title');

When an entity is saved a few things happen:


1. Rule checking will be started if not disabled.
2. Rule checking will trigger the Model.beforeRules event. If this event is stopped, the save operation will fail and return false.
3. Rules will be checked. If the entity is being created, the create rules will be used. If the entity is
being updated, the update rules will be used.
4. The Model.afterRules event will be triggered.
5. The Model.beforeSave event is dispatched. If it is stopped, the save will be aborted, and save()
will return false.
6. Parent associations are saved. For example, any listed belongsTo associations will be saved.
7. The modified fields on the entity will be saved.
8. Child associations are saved. For example, any listed hasMany, hasOne, or belongsToMany associations will be saved.
More Information

417

CakePHP Cookbook Documentation, Release 3.x

9. The Model.afterSave event will be dispatched.


See the Applying Application Rules section for more information on creating and using rules.
Warning: If no changes are made to the entity when it is saved, the callbacks will not fire because no
save is performed.
The save() method will return the modified entity on success, and false on failure. You can disable
rules and/or transactions using the $options argument for save:
// In a controller or table method.
$articles->save($article, ['checkRules' => false, 'atomic' => false]);

Saving Associations

When you are saving an entity, you can also elect to save some or all of the associated entities. By default
all first level entities will be saved. For example saving an Article, will also automatically update any dirty
entities that are directly related to articles table.
You can fine tune which associations are saved by using the associated option:
// In a controller.
// Only save the comments association
$articles->save($entity, ['associated' => ['Comments']]);

You can define save distant or deeply nested associations by using dot notation:
// Save the company, the employees and related addresses for each of them.
$companies->save($entity, ['associated' => ['Employees.Addresses']]);

Moreover, you can combine the dot notation for associations with the options array:
$companies->save($entity, [
'associated' => [
'Employees',
'Employees.Addresses'
]
]);

Your entities should be structured in the same way as they are when loaded from the database. See the form
helper documentation for how to build inputs for associations.
If you are building or modifying association data after building your entities you will have to mark the
association property as modified with dirty():
$company->author->name = 'Master Chef';
$company->dirty('author', true);

418

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Saving BelongsTo Associations

When saving belongsTo associations, the ORM expects a single nested entity at the singular, underscored
version of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'user' => [
'id' => 1,
'username' => 'mark'
]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Users']
]);
$articles->save($article);

Saving HasOne Associations

When saving hasOne associations, the ORM expects a single nested entity at the singular, underscored
version of the association name. For example:
// In a controller.
$data = [
'id' => 1,
'username' => 'cakephp',
'profile' => [
'twitter' => '@cakephp'
]
];
$users = TableRegistry::get('Users');
$user = $users->newEntity($data, [
'associated' => ['Profiles']
]);
$users->save($user);

Saving HasMany Associations

When saving hasMany associations, the ORM expects an array of entities at the plural, underscored version
of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'comments' => [
['body' => 'Best post ever'],
['body' => 'I really like this.']

More Information

419

CakePHP Cookbook Documentation, Release 3.x

]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Comments']
]);
$articles->save($article);

When saving hasMany associations, associated records will either be updated, or inserted. The ORM will
not remove or sync a hasMany association. Whenever you add new records into an existing association
you should always mark the association property as dirty. This lets the ORM know that the association
property has to be persisted:
$article->comments[] = $comment;
$article->dirty('comments', true);

Without the call to dirty() the updated comments will not be saved.
Saving BelongsToMany Associations

When saving belongsToMany associations, the ORM expects an array of entities at the plural, underscored
version of the association name. For example:
// In a controller.
$data = [
'title' => 'First Post',
'tags' => [
['tag' => 'CakePHP'],
['tag' => 'Framework']
]
];
$articles = TableRegistry::get('Articles');
$article = $articles->newEntity($data, [
'associated' => ['Tags']
]);
$articles->save($article);

When converting request data into entities, the newEntity() and newEntities() methods will handle
both arrays of properties, as well as a list of ids at the _ids key. Using the _ids key makes it easy to build
a select box or checkbox based form controls for belongs to many associations. See the Converting Request
Data into Entities section for more information.
When saving belongsToMany associations, you have the choice between 2 saving strategies:
append Only new links will be created between each side of this association. This strategy will not destroy
existing links even though they may not be present in the array of entities to be saved.
replace When saving, existing links will be removed and new links will be created in the joint table. If
there are existing link in the database to some of the entities intended to be saved, those links will be
updated, not deleted and then re-saved.

420

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

By default the replace strategy is used. Whenever you add new records into an existing association you
should always mark the association property as dirty. This lets the ORM know that the association property
has to be persisted:
$article->tags[] = $tag;
$article->dirty('tags', true);

Without the call to dirty() the updated tags will not be saved.
Often youll find yourself wanting to make an association between two existing entities, eg. a user coauthoring an article. This is done by using the method link(), like this:
$article = $this->Articles->get($articleId);
$user = $this->Users->get($userId);
$this->Articles->Users->link($article, [$user]);

When saving belongsToMany Associations, it can be relevant to save some additional data to the Joint
Table. In the previous example of tags, it could be the vote_type of person who voted on that article.
The vote_type can be either upvote or downvote and is represented by a string. The relation is
between Users and Articles.
Saving that association, and the vote_type is done by first adding some data to _joinData and then
saving the association with link(), example:
$article = $this->Articles->get($articleId);
$user = $this->Users->get($userId);
$user->_joinData = new Entity(['vote_type' => $voteType, ['markNew' => true]]);
$this->Articles->Users->link($article, [$user]);

Saving Additional Data to the Joint Table

In some situations the table joining your BelongsToMany association, will have additional columns on it.
CakePHP makes it simple to save properties into these columns. Each entity in a belongsToMany association
has a _joinData property that contains the additional columns on the joint table. This data can be either
an array or an Entity instance. For example if Students BelongsToMany Courses, we could have a joint table
that looks like:
id | student_id | course_id | days_attended | grade

When saving data you can populate the additional columns on the joint table by setting data to the
_joinData property:
$student->courses[0]->_joinData->grade = 80.12;
$student->courses[0]->_joinData->days_attended = 30;
$studentsTable->save($student);

The _joinData property can be either an entity, or an array of data if you are saving entities built from
request data. When saving joint table data from request data your POST data should look like:

More Information

421

CakePHP Cookbook Documentation, Release 3.x

$data = [
'first_name' => 'Sally',
'last_name' => 'Parker',
'courses' => [
[
'id' => 10,
'_joinData' => [
'grade' => 80.12,
'days_attended' => 30
]
],
// Other courses.
]
];
$student = $this->Students->newEntity($data, [
'associated' => ['Courses._joinData']
]);

See the Creating Inputs for Associated Data documentation for how to build inputs with FormHelper
correctly.
Saving Complex Types

Tables are capable of storing data represented in basic types, like strings, integers, floats, booleans, etc. But
It can also be extended to accept more complex types such as arrays or objects and serialize this data into
simpler types that can be saved in the database.
This functionality is achieved by using the custom types system. See the Adding Custom Types section to
find out how to build custom column Types:
// In config/bootstrap.php
use Cake\Database\Type;
Type::map('json', 'App\Database\Type\JsonType');
// In src/Model/Table/UsersTable.php
use Cake\Database\Schema\Table as Schema;
class UsersTable extends Table
{
protected function _initializeSchema(Schema $schema)
{
$schema->columnType('preferences', 'json');
return $schema;
}
}

The code above maps the preferences column to the json custom type. This means that when retrieving data for that column, it will be unserialized from a JSON string in the database and put into an entity as
an array.

422

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Likewise, when saved, the array will be transformed back into its JSON representation:
$user = new User([
'preferences' => [
'sports' => ['football', 'baseball'],
'books' => ['Mastering PHP', 'Hamlet']
]
]);
$usersTable->save($user);

When using complex types it is important to validate that the data you are receiving from the end user is
the correct type. Failing to correctly handle complex data could result in malicious users being able to store
data they would not normally be able to.
Bulk Updates
Cake\ORM\Table::updateAll($fields, $conditions)
There may be times when updating rows individually is not efficient or necessary. In these cases it is more
efficient to use a bulk-update to modify many rows at once:
// Publish all the unpublished articles.
function publishAllUnpublished()
{
$this->updateAll(['published' => true], ['published' => false]);
}

If you need to do bulk updates and use SQL expressions, you will need to use an expression object as
updateAll() uses prepared statements under the hood:
function incrementCounters()
{
$expression = new QueryExpression('view_count = view_count + 1');
$this->updateAll([$expression], ['published' => true]);
}

A bulk-update will be considered successful if 1 or more rows are updated.


Warning: updateAll will not trigger beforeSave/afterSave events. If you need those first load a collection of records and update them.

Deleting Data
class Cake\ORM\Table
Cake\ORM\Table::delete(Entity $entity, $options =[])
Once youve loaded an entity you can delete it by calling the originating tables delete method:

More Information

423

CakePHP Cookbook Documentation, Release 3.x

// In a controller.
$entity = $this->Articles->get(2);
$result = $this->Articles->delete($entity);

When deleting entities a few things happen:


1. The delete rules will be applied. If the rules fail, deletion will be prevented.
2. The Model.beforeDelete event is triggered. If this event is stopped, the delete will be aborted
and the events result will be returned.
3. The entity will be deleted.
4. All dependent associations will be deleted. If associations are being deleted as entities, additional
events will be dispatched.
5. Any junction table records for BelongsToMany associations will be removed.
6. The Model.afterDelete event will be triggered.
By default all deletes happen within a transaction. You can disable the transaction with the atomic option:
$result = $this->Articles->delete($entity, ['atomic' => false]);

Cascading Deletes
When deleting entities, associated data can also be deleted. If your HasOne and HasMany associations are
configured as dependent, delete operations will cascade to those entities as well. By default entities
in associated tables are removed using ORMTable::deleteAll(). You can elect to have the ORM
load related entities, and delete them individually by setting the cascadeCallbacks option to true. A
sample HasMany association with both these options enabled would be:
// In a Table's initialize method.
$this->hasMany('Comments', [
'dependent' => true,
'cascadeCallbacks' => true,
]);

Note: Setting cascadeCallbacks to true, results in considerably slower deletes when compared to
bulk deletes. The cascadeCallbacks option should only be enabled when your application has important
work handled by event listeners.

Bulk Deletes
Cake\ORM\Table::deleteAll($conditions)
There may be times when deleting rows one by one is not efficient or useful. In these cases it is more
performant to use a bulk-delete to remove many rows at once:

424

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// Delete all the spam


function destroySpam()
{
return $this->deleteAll(['is_spam' => true]);
}

A bulk-delete will be considered successful if 1 or more rows are deleted.


Warning: deleteAll will not trigger beforeDelete/afterDelete events. If you need those first load a
collection of records and delete them.

Associations - Linking Tables Together


Defining relations between different objects in your application should be a natural process. For example, an
article may have many comments, and belong to an author. Authors may have many articles and comments.
CakePHP makes managing these associations easy. The four association types in CakePHP are: hasOne,
hasMany, belongsTo, and belongsToMany.
Relationship
one to one
one to many
many to one
many to many

Association Type
hasOne
hasMany
belongsTo
belongsToMany

Example
A user has one profile.
A user can have multiple articles.
Many articles belong to a user.
Tags belong to many articles.

Associations are defined during the initialize() method of your table object. Methods matching the
association type allow you to define the associations in your application. For example if we wanted to define
a belongsTo association in our ArticlesTable:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Authors');
}
}

The simplest form of any association setup takes the table alias you want to associate with. By default
all of the details of an association will use the CakePHP conventions. If you want to customize how your
associations are handled you can do so with the second parameter:
class ArticlesTable extends Table
{
public function initialize(array $config)
{

More Information

425

CakePHP Cookbook Documentation, Release 3.x

$this->belongsTo('Authors', [
'className' => 'Publishing.Authors',
'foreignKey' => 'authorid',
'propertyName' => 'person'
]);
}
}

The same table can be used multiple times to define different types of associations. For example consider a
case where you want to separate approved comments and those that have not been moderated yet:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('Comments', [
'className' => 'Comments',
'conditions' => ['approved' => true]
]);
$this->hasMany('UnapprovedComments', [
'className' => 'Comments',
'conditions' => ['approved' => false],
'propertyName' => 'unnaproved_comments'
]);
}
}

As you can see, by specifying the className key, it is possible to use the same table as different associations for the same table. You can even create self-associated tables to create parent-child relationships:
class CategoriesTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('SubCategories', [
'className' => 'Categories',
]);
$this->belongsTo('ParentCategories', [
'className' => 'Categories',
]);
}
}

You can all setup associations en mass by making a single call to Table::addAssociations(). It
takes an array containing set of table names indexed by association type as argument:
class PostsTable extends Table
{

426

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

public function initialize(array $config)


{
$this->addAssociations([
'belongsTo' => [
'Users' => ['className' => 'App\Model\Table\UsersTable']
],
'hasMany' => ['Comments'],
'belongsToMany' => ['Tags']
]);
}
}

Each association type accepts multiple associations where the keys are the aliases, and the values are association config data. If numeric keys are used the values will be treated as association aliases.
HasOne Associations
Lets set up a Users Table with a hasOne relationship to an Addresses Table.
First, your database tables need to be keyed correctly. For a hasOne relationship to work, one table has to
contain a foreign key that points to a record in the other. In this case the addresses table will contain a field
called user_id. The basic pattern is:
hasOne: the other model contains the foreign key.
Relation
Users hasOne Addresses
Doctors hasOne Mentors

Schema
addresses.user_id
mentors.doctor_id

Note: It is not mandatory to follow CakePHP conventions, you can easily override the use of any foreignKey in your associations definitions. Nevertheless sticking to conventions will make your code less
repetitive, easier to read and to maintain.
If we had the UsersTable and AddressesTable classes made we could make the association with the
following code:
class UsersTable extends Table
{
public function initialize(array $config)
{
$this->hasOne('Addresses');
}
}

If you need more control, you can define your associations using array syntax. For example, you might want
to limit the association to include only certain records:
class UsersTable extends Table
{
public function initialize(array $config)
{

More Information

427

CakePHP Cookbook Documentation, Release 3.x

$this->hasOne('Addresses', [
'className' => 'Addresses',
'conditions' => ['Addresses.primary' => '1'],
'dependent' => true
]);
}
}

Possible keys for hasOne association arrays include:


className: the class name of the table being associated to the current model. If youre defining a
User hasOne Address relationship, the className key should equal Addresses.
foreignKey: the name of the foreign key found in the other table. This is especially handy if you need
to define multiple hasOne relationships. The default value for this key is the underscored, singular
name of the current model, suffixed with _id. In the example above it would default to user_id.
bindingKey: The name of the column in the current table, that will be used for matching the
foreignKey. If not specified, the primary key (for example the id column of the Users table)
will be used.
conditions: an array of find() compatible conditions such as [Addresses.primary =>
true]
joinType: the type of the join to use in the SQL query, default is LEFT. You can use INNER if your
hasOne association is always present.
dependent: When the dependent key is set to true, and an entity is deleted, the associated model
records are also deleted. In this case we set it to true so that deleting a User will also delete her
associated Address.
cascadeCallbacks: When this and dependent are true, cascaded deletes will load and delete entities
so that callbacks are properly triggered. When false, deleteAll() is used to remove associated
data and no callbacks are triggered.
propertyName: The property name that should be filled with data from the associated table into
the source table results. By default this is the underscored & singular name of the association so
address in our example.
finder: The finder method to use when loading associated records.
Once this association has been defined, find operations on the Users table can contain the Address record if
it exists:
// In a controller or table method.
$query = $users->find('all')->contain(['Addresses']);
foreach ($query as $user) {
echo $user->address->street;
}

The above would emit SQL that is similar to:


SELECT * FROM users INNER JOIN addresses ON addresses.user_id = users.id;

428

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

BelongsTo Associations
Now that we have Address data access from the User table, lets define a belongsTo association in the Addresses table in order to get access to related User data. The belongsTo association is a natural complement
to the hasOne and hasMany associations.
When keying your database tables for a belongsTo relationship, follow this convention:
belongsTo: the current model contains the foreign key.
Relation
Addresses belongsTo Users
Mentors belongsTo Doctors

Schema
addresses.user_id
mentors.doctor_id

Tip: If a Table contains a foreign key, it belongs to the other Table.


We can define the belongsTo association in our Addresses table as follows:
class AddressesTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Users');
}
}

We can also define a more specific relationship using array syntax:


class AddressesTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Users', [
'foreignKey' => 'user_id',
'joinType' => 'INNER',
]);
}
}

Possible keys for belongsTo association arrays include:


className: the class name of the model being associated to the current model. If youre defining a
Profile belongsTo User relationship, the className key should equal Users.
foreignKey: the name of the foreign key found in the current table. This is especially handy if you
need to define multiple belongsTo relationships to the same model. The default value for this key is
the underscored, singular name of the other model, suffixed with _id.
bindingKey: The name of the column in the other table, that will be used for matching the
foreignKey. If not specified, the primary key (for example the id column of the Users table)
will be used.

More Information

429

CakePHP Cookbook Documentation, Release 3.x

conditions: an array of find() compatible conditions or SQL strings such as [Users.active


=> true]
joinType: the type of the join to use in the SQL query, default is LEFT which may not fit your needs
in all situations, INNER may be helpful when you want everything from your main and associated
models or nothing at all.
propertyName: The property name that should be filled with data from the associated table into the
source table results. By default this is the underscored & singular name of the association so user in
our example.
finder: The finder method to use when loading associated records.
Once this association has been defined, find operations on the User table can contain the Address record if
it exists:
// In a controller or table method.
$query = $addresses->find('all')->contain(['Users']);
foreach ($query as $address) {
echo $address->user->username;
}

The above would emit SQL that is similar to:


SELECT * FROM addresses LEFT JOIN users ON addresses.user_id = users.id;

HasMany Associations
An example of a hasMany association is Article hasMany Comments. Defining this association will allow
us to fetch an articles comments when the article is loaded.
When creating your database tables for a hasMany relationship, follow this convention:
hasMany: the other model contains the foreign key.
Relation
Article hasMany Comment
Product hasMany Option
Doctor hasMany Patient

Schema
Comment.article_id
Option.product_id
Patient.doctor_id

We can define the hasMany association in our Articles model as follows:


class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('Comments');
}
}

We can also define a more specific relationship using array syntax:

430

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

class ArticlesTable extends Table


{
public function initialize(array $config)
{
$this->hasMany('Comments', [
'foreignKey' => 'article_id',
'dependent' => true,
]);
}
}

Possible keys for hasMany association arrays include:


className: the class name of the model being associated to the current model. If youre defining a
User hasMany Comment relationship, the className key should equal Comment.
foreignKey: the name of the foreign key found in the other table. This is especially handy if you need
to define multiple hasMany relationships. The default value for this key is the underscored, singular
name of the actual model, suffixed with _id.
bindingKey: The name of the column in the current table, that will be used for matching the
foreignKey. If not specified, the primary key (for example the id column of the Articles
table) will be used.
conditions:
an array of find() compatible
[Comments.visible => true]

conditions

or

SQL

strings

such

as

sort an array of find() compatible order clauses or SQL strings such as [Comments.created
=> ASC]
dependent: When dependent is set to true, recursive model deletion is possible. In this example,
Comment records will be deleted when their associated Article record has been deleted.
cascadeCallbacks: When this and dependent are true, cascaded deletes will load and delete entities
so that callbacks are properly triggered. When false, deleteAll() is used to remove associated
data and no callbacks are triggered.
propertyName: The property name that should be filled with data from the associated table into the
source table results. By default this is the underscored & plural name of the association so comments
in our example.
strategy: Defines the query strategy to use. Defaults to select. The other valid value is subquery,
which replaces the IN list with an equivalent subquery.
finder: The finder method to use when loading associated records.
Once this association has been defined, find operations on the Articles table can contain the Comment
records if they exist:
// In a controller or table method.
$query = $articles->find('all')->contain(['Comments']);
foreach ($query as $article) {
echo $article->comments[0]->text;
}

More Information

431

CakePHP Cookbook Documentation, Release 3.x

The above would emit SQL that is similar to:


SELECT * FROM articles;
SELECT * FROM comments WHERE article_id IN (1, 2, 3, 4, 5);

When the subquery strategy is used, SQL similar to the following will be generated:
SELECT * FROM articles;
SELECT * FROM comments WHERE article_id IN (SELECT id FROM articles);

You may want to cache the counts for your hasMany associations. This is useful when you often need
to show the number of associated records, but dont want to load all the records just to count them. For
example, the comment count on any given article is often cached to make generating lists of articles more
efficient. You can use the CounterCacheBehavior to cache counts of associated records.
You should make sure that your database tables do not contain columns that match association property
names. If for example you have counter fields that conflict with association properties, you must either
rename the association property, or the column name.
BelongsToMany Associations
An example of a BelongsToMany association is Article BelongsToMany Tags, where the tags from one
article are shared with other articles. BelongsToMany is often referred to as has and belongs to many, and
is a classic many to many association.
The main difference between hasMany and BelongsToMany is that the link between the models in a BelongsToMany association are not exclusive. For example, we are joining our Articles table with a Tags
table. Using funny as a Tag for my Article, doesnt use up the tag. I can also use it on the next article I
write.
Three database tables are required for a BelongsToMany association. In the example above we would need
tables for articles, tags and articles_tags. The articles_tags table contains the data that
links tags and articles together. The joining table is named after the two tables involved, separated with an
underscore by convention. In its simplest form, this table consists of article_id and tag_id.
belongsToMany requires a separate join table that includes both model names.
Relationship
Article belongsToMany Tag
Patient belongsToMany
Doctor

Pivot Table Fields


articles_tags.id, articles_tags.tag_id, articles_tags.article_id
doctors_patients.id, doctors_patients.doctor_id,
doctors_patients.patient_id.

We can define the belongsToMany association in our Articles model as follows:


class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->belongsToMany('Tags');
}
}

432

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

We can also define a more specific relationship using array syntax:


class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->belongsToMany('Tags', [
'joinTable' => 'article_tag',
]);
}
}

Possible keys for belongsToMany association arrays include:


className: the class name of the model being associated to the current model. If youre defining a
Article belongsToMany Tag relationship, the className key should equal Tags.
joinTable: The name of the join table used in this association (if the current table doesnt adhere to
the naming convention for belongsToMany join tables). By default this table name will be used to
load the Table instance for the join/pivot table.
foreignKey: the name of the foreign key found in the current model. This is especially handy if you
need to define multiple belongsToMany relationships. The default value for this key is the underscored, singular name of the current model, suffixed with _id.
targetForeignKey: the name of the foreign key found in the target model. The default value for this
key is the underscored, singular name of the target model, suffixed with _id.
conditions: an array of find() compatible conditions. If you have conditions on an associated table,
you should use a through model, and define the necessary belongsTo associations on it.
sort an array of find() compatible order clauses.
dependent: When the dependent key is set to false, and an entity is deleted, the data of the join
table will not be deleted.
through Allows you to provide a either the name of the Table instance you want used on the join
table, or the instance itself. This makes customizing the join table keys possible, and allows you to
customize the behavior of the pivot table.
cascadeCallbacks: When this is true, cascaded deletes will load and delete entities so that callbacks are properly triggered on join table records. When false, deleteAll() is used to remove
associated data and no callbacks are triggered. This defaults to false to help reduce overhead.
propertyName: The property name that should be filled with data from the associated table into the
source table results. By default this is the underscored & plural name of the association, so tags in
our example.
strategy: Defines the query strategy to use. Defaults to select. The other valid value is subquery,
which replaces the IN list with an equivalent subquery.
saveStrategy: Either append or replace. Indicates the mode to be used for saving associated
entities. The former will only create new links between both side of the relation and the latter will do
a wipe and replace to create the links between the passed entities when saving.

More Information

433

CakePHP Cookbook Documentation, Release 3.x

finder: The finder method to use when loading associated records.


Once this association has been defined, find operations on the Articles table can contain the Tag records if
they exist:
// In a controller or table method.
$query = $articles->find('all')->contain(['Tags']);
foreach ($query as $article) {
echo $article->tags[0]->text;
}

The above would emit SQL that is similar to:


SELECT * FROM articles;
SELECT * FROM tags
INNER JOIN articles_tags ON (
tags.id = article_tags.tag_id
AND article_id IN (1, 2, 3, 4, 5)
);

When the subquery strategy is used, SQL similar to the following will be generated:
SELECT * FROM articles;
SELECT * FROM tags
INNER JOIN articles_tags ON (
tags.id = article_tags.tag_id
AND article_id IN (SELECT id FROM articles)
);

Using the through Option

If you plan on adding extra information to the join/pivot table, or if you need to use join columns outside
of the conventions, you will need to define the through option. The through option provides you full
control over how the belongsToMany association will be created.
It is sometimes desirable to store additional data with a many to many association. Consider the following:
Student BelongsToMany Course
Course BelongsToMany Student

A Student can take many Courses and a Course can be taken by many Students. This is a simple many to
many association. The following table would suffice:
id | student_id | course_id

Now what if we want to store the number of days that were attended by the student on the course and their
final grade? The table wed want would be:
id | student_id | course_id | days_attended | grade

The way to implement our requirement is to use a join model, otherwise known as a hasMany through
association. That is, the association is a model itself. So, we can create a new model CoursesMemberships.
Take a look at the following models.
434

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

class StudentsTable extends Table


{
public function initialize(array $config)
{
$this->belongsToMany('Courses', [
'through' => 'CourseMemberships',
]);
}
}
class CoursesTable extends Table
{
public function initialize(array $config)
{
$this->belongsToMany('Students', [
'through' => 'CourseMemberships',
]);
}
}
class CoursesMembershipsTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Students');
$this->belongsTo('Courses');
}
}

The CoursesMemberships join table uniquely identifies a given Students participation on a Course in addition to extra meta-information.
Default Association Conditions

The finder option allows you to use a custom finder to load associated record data. This lets you encapsulate your queries better and keep your code DRYer. There are some limitations when using finders to
load data in associations that are loaded using joins (belongsTo/hasOne). Only the following aspects of the
query will be applied to the root query:
WHERE conditions.
Additional joins.
Contained associations.
Other aspects of the query, such as selected columns, order, group by, having and other sub-statements, will
not be applied to the root query. Associations that are not loaded through joins (hasMany/belongsToMany),
do not have the above restrictions and can also use result formatters or map/reduce functions.

More Information

435

CakePHP Cookbook Documentation, Release 3.x

Behaviors
Behaviors are a way to organize and enable horizontal re-use of Model layer logic. Conceptually they are
similar to traits. However, behaviors are implemented as separate classes. This allows them to hook into the
life-cycle callbacks that models emit, while providing trait-like features.
Behaviors provide a convenient way to package up behavior that is common across many models. For
example, CakePHP includes a TimestampBehavior. Many models will want timestamp fields, and the
logic to manage these fields is not specific to any one model. It is these kinds of scenarios that behaviors are
a perfect fit for.
Using Behaviors
Behaviors provide an easy way to create horizontally re-usable pieces of logic related to table classes. You
may be wondering why behaviors are regular classes and not traits. The primary reason for this is event
listeners. While traits would allow for re-usable pieces of logic, they would complicate binding events.
To add a behavior to your table you can call the addBehavior() method. Generally the best place to do
this is in the initialize() method:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}

As with associations, you can use plugin syntax and provide additional configuration options:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'modified_at' => 'always'
]
]
]);
}
}

436

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Core Behaviors
CounterCache

class Cake\ORM\Behavior\CounterCacheBehavior
Often times web applications need to display counts of related objects. For example, when showing a list
of articles you may want to display how many comments it has. Or when showing a user you might want
to show how many friends/followers she has. The CounterCache behavior is intended for these situations.
CounterCache will update a field in the associated models assigned in the options when it is invoked. The
fields should exist in the database and be of the type INT.
Basic Usage You enable the CounterCache behavior like any other behavior, but it wont do anything until
you configure some relations and the field counts that should be stored on each of them. Using our example
below, we could cache the comment count for each article with the following:
class CommentsTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('CounterCache', [
'Articles' => ['comment_count']
]);
}
}

The CounterCache configuration should be a map of relation names and the specific configuration for that
relation.
The counters value will be updated each time an entity is saved or deleted. The counter will not be updated
when you use updateAll() or deleteAll(), or execute SQL you have written.
Advanced Usage If you need to keep a cached counter for less than all of the related records, you can
supply additional conditions or finder methods to generate a counter value:
// Use a specific find method.
// In this case find(published)
$this->addBehavior('CounterCache', [
'Articles' => [
'comment_count' => [
'finder' => 'published'
]
]
]);

If you dont have a custom finder method you can provide an array of conditions to find records instead:
$this->addBehavior('CounterCache', [
'Articles' => [
'comment_count' => [
'conditions' => ['Comments.spam' => false]

More Information

437

CakePHP Cookbook Documentation, Release 3.x

]
]
]);

If you want CounterCache to update multiple fields, for example both showing a conditional count and a
basic count you can add these fields in the array:
$this->addBehavior('CounterCache', [
'Articles' => ['comment_count',
'published_comment_count' => [
'finder' => 'published'
]
]
]);

Lastly, if a custom finder and conditions are not suitable you can provide a callback method. This callable
must return the count value to be stored:
$this->addBehavior('CounterCache', [
'Articles' => [
'rating_avg' => function ($event, $entity, $table) {
return 4.5;
}
]
]);

Timestamp

class Cake\ORM\Behavior\TimestampBehavior
The timestamp behavior allows your table objects to update one or more timestamps on each model event.
This is primarily used to populate data into created and modified fields. However, with some additional configuration, you can update any timestamp/datetime column on any event a table publishes.
Basic Usage You enable the timestamp behavior like any other behavior:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp');
}
}

The default configuration will do the following:


When a new entity is saved the created and modified fields will be set to the current time.
When an entity is updated, the modified field is set to the current time.

438

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Using and Configuring the Behavior If you need to modify fields with different names, or want to update
additional timestamp fields on custom events you can use some additional configuration:
class OrdersTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Timestamp', [
'events' => [
'Model.beforeSave' => [
'created_at' => 'new',
'updated_at' => 'always',
],
'Orders.completed' => [
'completed_at' => 'always'
]
]
]);
}
}

As you can see above, in addition to the standard Model.beforeSave event, we are also updating the
completed_at column when orders are completed.
Updating Timestamps on Entities Sometimes youll want to update just the timestamps on an entity
without changing any other properties. This is sometimes referred to as touching a record. In CakePHP
you can use the touch() method to do exactly this:
// Touch based on the Model.beforeSave event.
$articles->touch($article);
// Touch based on a specific event.
$orders->touch($order, 'Orders.completed');

Touching records can be useful when you want to signal that a parent resource has changed when a child
resource is created/updated. For example: updating an article when a new comment is added.
Translate

class Cake\ORM\Behavior\TranslateBehavior
The Translate behavior allows you to create and retrieve translated copies of your entities in multiple languages. It does so by using a separate i18n table where it stores the translation for each of the fields of any
given Table object that its bound to.
Warning: The TranslateBehavior does not support composite primary keys at this point in time.

A Quick Tour After creating the i18n table in your database attach the behavior to any Table object you
want to make translatable:
More Information

439

CakePHP Cookbook Documentation, Release 3.x

class ArticlesTable extends Table


{
public function initialize(array $config)
{
$this->addBehavior('Translate', ['fields' => ['title']]);
}
}

Now, select a language to be used for retrieving entities by changing the application language, which will
affect all translations:
I18n::locale('spa');
$articles = TableRegistry::get('Articles');

Then, get an existing entity:


$article = $articles->get(12);
echo $article->title; // Echoes 'A title', not translated yet

Next, translate your entity:


$article->title = 'Un Artculo';
$articles->save($article);

You can try now getting your entity again:


$article = $articles->get(12);
echo $article->title; // Echoes 'Un Artculo', yay piece of cake!

Working with multiple translations can be done easily by using a special trait in your Entity class:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}

Now you can find all translations for a single entity:


$article = $articles->find('translations')->first();
echo $article->translation('spa')->title; // 'Un Artculo'
echo $article->translation('eng')->title; // 'An Article';

It is equally easy to save multiple translations at once:


$article->translation('spa')->title = 'Otro Ttulo';
$article->translation('fre')->title = 'Un autre Titre';
$articles->save($articles);

Yes, that easy. If you want to go deeper on how it works or how to tune the behavior for your needs, keep
on reading the rest of this chapter.
440

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

Initializing the i18n Database Table In order to use the behavior, you need to create a i18n table with
the correct schema. Currently the only way of loading the i18n table is by manually running the following
SQL script in your database:
CREATE TABLE i18n (
id int NOT NULL auto_increment,
locale varchar(6) NOT NULL,
model varchar(255) NOT NULL,
foreign_key int(10) NOT NULL,
field varchar(255) NOT NULL,
content text,
PRIMARY KEY
(id),
UNIQUE INDEX I18N_LOCALE_FIELD(locale, model, foreign_key, field),
INDEX I18N_FIELD(model, foreign_key, field)
);

Attaching the Translate Behavior to Your Tables Attaching the behavior can be done in the
initialize() method in your Table class:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', ['fields' => ['title', 'body']]);
}
}

The first thing to note is that you are required to pass the fields key in the configuration array. This list
of fields is needed to tell the behavior what columns will be able to store translations.
Using a Separate Translations Table If you wish to use a table other than i18n for translating a particular repository, you can specify it in the behaviors configuration. This is common when you have multiple
tables to translate and you want a cleaner separation of the data that is stored for each different table:
class Articles extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', [
'fields' => ['title', 'body'],
'translationTable' => 'ArticlesI18n'
]);
}
}

You need to make sure that any custom table you use has the columns field, foreign_key, locale
and model.

More Information

441

CakePHP Cookbook Documentation, Release 3.x

Reading Translated Content As shown above you can use the locale() method to choose the active
translation for entities that are loaded:
I18n::locale('spa');
$articles = TableRegistry::get('Articles');
// All entities in results will contain spanish translation
$results = $articles->find()->all();

This method works with any finder in your tables. For example, you can use TranslateBehavior with
find(list):
I18n::locale('spa');
$data = $articles->find('list')->toArray();
// Data will contain
[1 => 'Mi primer artculo', 2 => 'El segundo artculo', 15 => 'Otro articulo' ...]

Retrieve All Translations For An Entity When building interfaces for updating translated content, it is
often helpful to show one or more translation(s) at the same time. You can use the translations finder
for this:
// Find the first article with all corresponding translations
$article = $articles->find('translations')->first();

In the example above you will get a list of entities back that have a _translations property set. This
property will contain a list of translation data entities. For example the following properties would be
accessible:
// Outputs 'eng'
echo $article->_translations['eng']->locale;
// Outputs 'title'
echo $article->_translations['eng']->field;
// Outputs 'My awesome post!'
echo $article->_translations['eng']->body;

A more elegant way for dealing with this data is by adding a trait to the entity class that is used for your
table:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}

This trait contains a single method called translation, which lets you access or create new translation
entities on the fly:

442

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

// Outputs 'title'
echo $article->translation('eng')->title;
// Adds a new translation data entity to the article
$article->translation('deu')->title = 'Wunderbar';

Limiting the Translations to be Retrieved You can limit the languages that are fetched from the database
for a particular set of records:
$results = $articles->find('translations', ['locales' => ['eng', 'spa']]);
$article = $results->first();
$spanishTranslation = $article->translation('spa');
$englishTranslation = $article->translation('eng');

Preventing Retrieval of Empty Translations Translation records can contain any string, if a record has
been translated and stored as an empty string () the translate behavior will take and use this to overwrite
the original field value.
If this is undesired, you can ignore translations which are empty using the allowEmptyTranslations
config key:
class Articles extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', [
'fields' => ['title', 'body'],
'allowEmptyTranslations' => false
]);
}
}

The above would only load translated data that had content.
Retrieving All Translations For Associations It is also possible to find translations for any association
in a single find operation:
$article = $articles->find('translations')->contain([
'Categories' => function ($query) {
return $query->find('translations');
}
])->first();
// Outputs 'Programacin'
echo $article->categories[0]->translation('spa')->name;

This assumes that Categories has the TranslateBehavior attached to it. It simply uses the query builder
function for the contain clause to use the translations custom finder in the association.

More Information

443

CakePHP Cookbook Documentation, Release 3.x

Retrieving one language without using I18n::locale calling I18n::locale(spa); changes the
default locale for all translated finds, there may be times you wish to retrieve translated content without
modifying the applications state. For these scenarios use the behavior locale() method:
I18n::locale('eng'); // reset for illustration
$articles = TableRegistry::get('Articles');
$articles->locale('spa'); // specific locale
$article = $articles->get(12);
echo $article->title; // Echoes 'Un Artculo', yay piece of cake!

Note that this only changes the locale of the Articles table, it would not affect the langauge of associated
data. To use this technique to affect associated data its necessary to call locale on each table for example:
I18n::locale('eng'); // reset for illustration
$articles = TableRegistry::get('Articles');
$articles->locale('spa');
$articles->categories->locale('spa');
$data = $articles->find('all', ['contain' => ['Categories']]);

This example also assumes that Categories has the TranslateBehavior attached to it.
Saving in Another Language The philosophy behind the TranslateBehavior is that you have an entity
representing the default language, and multiple translations that can override certain fields in such entity.
Keeping this in mind, you can intuitively save translations for any given entity. For example, given the
following setup:
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Translate', ['fields' => ['title', 'body']]);
}
}
class Article extends Entity
{
use TranslateTrait;
}
$articles = TableRegistry::get('Articles');
$article = new Article([
'title' => 'My First Article',
'body' => 'This is the content',
'footnote' => 'Some afterwords'
]);
$articles->save($article);

So, after you save your first article, you can now save a translation for it, there are a couple ways to do it.
The first one is setting the language directly into the entity:

444

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$article->_locale = 'spa';
$article->title = 'Mi primer Artculo';
$articles->save($article);

After the entity has been saved, the translated field will be persisted as well, one thing to note is that values
from the default language that were not overridden will be preserved:
// Outputs 'This is the content'
echo $article->body;
// Outputs 'Mi primer Artculo'
echo $article->title;

Once you override the value, the translation for that field will be saved and can be retrieved as usual:
$article->body = 'El contendio';
$articles->save($article);

The second way to use for saving entities in another language is to set the default language directly to the
table:
I18n::locale('spa');
$article->title = 'Mi Primer Artculo';
$articles->save($article);

Setting the language directly in the table is useful when you need to both retrieve and save entities for the
same language or when you need to save multiple entities at once.
Saving Multiple Translations It is a common requirement to be able to add or edit multiple translations
to any database record at the same time. This can be easily done using the TranslateTrait:
use Cake\ORM\Behavior\Translate\TranslateTrait;
use Cake\ORM\Entity;
class Article extends Entity
{
use TranslateTrait;
}

Now, You can populate translations before saving them:


$translations = [
'fra' => ['title' => "Un article"],
'spa' => ['title' => 'Un artculo']
];
foreach ($translations as $lang => $data) {
$article->translation($lang)->set($data, ['guard' => false]);
}
$articles->save($article);

More Information

445

CakePHP Cookbook Documentation, Release 3.x

Tree

class Cake\ORM\Behavior\TreeBehavior
Its fairly common to want to store hierarchical data in a database table. Examples of such data might be
categories with unlimited subcategories, data related to a multilevel menu system or a literal representation
of hierarchy such as departments in a company.
Relational databases are usually not well suited for storing and retrieving this type of data, but there are a
few known techniques that can make them effective for working with multi-level information.
The TreeBehavior helps you maintain a hierarchical data structure in the database that can be queried without
much overhead and helps reconstruct the tree data for finding and displaying processes.
Requirements This behavior requires the following columns in your table:
parent_id (nullable) The column holding the ID of the parent row
lft (integer, signed) Used to maintain the tree structure
rght (integer, signed) Used to maintain the tree structure
You can configure the name of those fields should you need to customize them. More information on the
meaning of the fields and how they are used can be found in this article describing the MPTT logic2
Warning: The TreeBehavior does not support composite primary keys at this point in time.

A Quick Tour You enable the Tree behavior by adding it to the Table you want to store hierarchical data
in:
class CategoriesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Tree');
}
}

Once added, you can let CakePHP build the internal structure if the table is already holding some rows:
$categories = TableRegistry::get('Categories');
$categories->recover();

You can verify it works by getting any row from the table and asking for the count of descendants it has:
$node = $categories->get(1);
echo $categories->childCount($node);

Getting a flat list of the descendants for a node is equally easy:


2

http://www.sitepoint.com/hierarchical-data-database-2/

446

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$descendants = $categories->find('children', ['for' => 1]);


foreach ($descendants as $category) {
echo $category->name . "\n";
}

If you instead need a threaded list, where children for each node are nested in a hierarchy, you can stack the
threaded finder:
$children = $categories
->find('children', ['for' => 1])
->find('threaded')
->toArray();
foreach ($children as $child) {
echo "{$child->name} has " . count($child->children) . " direct children";
}

Traversing threaded results usually requires recursive functions in, but if you only require a result set containing a single field from each level so you can display a list, in an HTML select for example, it is better to
use the treeList finder:
$list = $categories->find('treeList');
// In a CakePHP template file:
echo $this->Form->input('categories', ['options' => $list]);
// Or you can output it in plain text, for example in a CLI script
foreach ($list as $categoryName) {
echo $categoryName . "\n";
}

The output will be similar to:


My Categories
_Fun
__Sport
___Surfing
___Skating
_Trips
__National
__International

The treeList finder takes a number of options:


keyPath: A dot separated path to fetch the field to use for the array key, or a closure to return the
key out of the provided row.
valuePath: A dot separated path to fetch the field to use for the array value, or a closure to return
the value out of the provided row.
spacer: A string to be used as prefix for denoting the depth in the tree for each item
An example of all options in use is:

More Information

447

CakePHP Cookbook Documentation, Release 3.x

$query = $categories->find('treeList', [
'keyPath' => 'url',
'valuePath' => 'id',
'spacer' => ' '
]);

One very common task is to find the tree path from a particular node to the root of the tree. This is useful,
for example, for adding the breadcrumbs list for a menu structure:
$nodeId = 5;
$crumbs = $categories->find('path', ['for' => $nodeId]);
foreach ($crumbs as $crumb) {
echo $crumb->name . ' > ';
}

Trees constructed with the TreeBehavior cannot be sorted by any column other than lft, this is because
the internal representation of the tree depends on this sorting. Luckily, you can reorder the nodes inside the
same level without having to change their parent:
$node = $categories->get(5);
// Move the node so it shows up one position up when listing children.
$categories->moveUp($node);
// Move the node to the top of the list inside the same level.
$categories->moveUp($node, true);
// Move the node to the bottom.
$categories->moveDown($node, true);

Configuration If the default column names that are used by this behavior dont match your own schema,
you can provide aliases for them:
public function initialize(array $config)
{
$this->addBehavior('Tree', [
'parent' => 'ancestor_id', // Use this instead of parent_id
'left' => 'tree_left', // Use this instead of lft
'right' => 'tree_right' // Use this instead of rght
]);
}

Node Level (Depth) Knowing the depth of tree nodes can be useful when you want to retrieve nodes only
upto a certain level for e.g. when generating menus. You can use the level option to specify the field that
will save level of each node:
$this->addBehavior('Tree', [
'level' => 'level', // Defaults to null, i.e. no level saving
]);

448

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

If you dont want to cache the level using a db field you can use TreeBehavior::getLevel() method
to get level of a node.
Scoping and Multi Trees Sometimes you want to persist more than one tree structure inside the same
table, you can achieve that by using the scope configuration. For example, in a locations table you may
want to create one tree per country:
class LocationsTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Tree', [
'scope' => ['country_name' => 'Brazil']
]);
}
}

In the previous example, all tree operations will be scoped to only the rows having the column
country_name set to Brazil. You can change the scoping on the fly by using the config function:
$this->behaviors()->Tree->config('scope', ['country_name' => 'France']);

Optionally, you can have a finer grain control of the scope by passing a closure as the scope:
$this->behaviors()->Tree->config('scope', function ($query) {
$country = $this->getConfigureContry(); // A made-up function
return $query->where(['country_name' => $country]);
});

Saving Hierarchical Data When using the Tree behavior, you usually dont need to worry about the
internal representation of the hierarchical structure. The positions where nodes are placed in the tree are
deduced from the parent_id column in each of your entities:
$aCategory = $categoriesTable->get(10);
$aCategory->parent_id = 5;
$categoriesTable->save($aCategory);

Providing inexistent parent ids when saving or attempting to create a loop in the tree (making a node child
of itself) will throw an exception.
You can make a node a root in the tree by setting the parent_id column to null:
$aCategory = $categoriesTable->get(10);
$aCategory->parent_id = null;
$categoriesTable->save($aCategory);

Children for the new root node will be preserved.

More Information

449

CakePHP Cookbook Documentation, Release 3.x

Deleting Nodes Deleting a node and all its sub-tree (any children it may have at any depth in the tree) is
trivial:
$aCategory = $categoriesTable->get(10);
$categoriesTable->delete($aCategory);

The TreeBehavior will take care of all internal deleting operations for you. It is also possible to only delete
one node and re-assign all children to the immediately superior parent node in the tree:
$aCategory = $categoriesTable->get(10);
$categoriesTable->removeFromTree($aCategory);
$categoriesTable->delete($aCategory);

All children nodes will be kept and a new parent will be assigned to them.
The deletion of a node is based off of the lft and rght values of the entity. This is important to note when
looping through the various children of a node for conditional deletes:
$descendants = $teams->find('children', ['for' => 1]);
foreach ($descendants as $descendant) {
$team = $teams->get($descendant->id); // search for the up-to-date entity object
if ($team->expired) {
$teams->delete($team); // deletion reorders the lft and rght of database entries
}
}

The TreeBehavior reorders the lft and rght values of records in the table when a node is deleted. As such,
the lft and rght values of the entities inside $descendants (saved before the delete operation) will be
inaccurate. Entities will have to be loaded and modified on the fly to prevent inconsistencies in the table.
Creating a Behavior
In the following examples we will create a very simple SluggableBehavior. This behavior will allow
us to populate a slug field with the results of Inflector::slug() based on another field.
Before we create our behavior we should understand the conventions for behaviors:
Behavior files are located in src/Model/Behavior, or MyPlugin\Model\Behavior.
Behavior classes should be in the
MyPlugin\Model\Behavior namespace.

App\Model\Behavior

namespace,

or

Behavior class names end in Behavior.


Behaviors extend Cake\ORM\Behavior.
To create our sluggable behavior. Put the following into src/Model/Behavior/SluggableBehavior.php:
namespace App\Model\Behavior;
use Cake\ORM\Behavior;
class SluggableBehavior extends Behavior

450

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

{
}

Similar to tables, behaviors also have an initialize() hook where you can put your behaviors initialization code, if required:
public function initialize(array $config)
{
// Some initialization code here
}

We can now add this behavior to one of our table classes. In this example well use an ArticlesTable,
as articles often have slug properties for creating friendly URLs:
namespace App\Model\Table;
use Cake\ORM\Table;
class ArticlesTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Sluggable');
}
}

Our new behavior doesnt do much of anything right now. Next, well add a mixin method and an event
listener so that when we save entities we can automatically slug a field.
Defining Mixin Methods

Any public method defined on a behavior will be added as a mixin method on the table object it is attached
to. If you attach two behaviors that provide the same methods an exception will be raised. If a behavior
provides the same method as a table class, the behavior method will not be callable from the table. Behavior
mixin methods will receive the exact same arguments that are provided to the table. For example, if our
SluggableBehavior defined the following method:
public function slug($value)
{
return Inflector::slug($value, $this->_config['replacement']);
}

It could be invoked using:


$slug = $articles->slug('My article name');

More Information

451

CakePHP Cookbook Documentation, Release 3.x

Limiting or Renaming Exposed Mixin Methods

When creating behaviors, there may be situations where you dont want to expose public methods as mixin
methods. In these cases you can use the implementedMethods configuration key to rename or exclude
mixin methods. For example if we wanted to prefix our slug() method we could do the following:
protected $_defaultConfig = [
'implementedMethods' => [
'superSlug' => 'slug',
]
];

Applying this configuration will make slug() not callable, however it will add a superSlug() mixin
method to the table. Notably if our behavior implemented other public methods they would not be available
as mixin methods with the above configuration.
Since the exposed methods are decided by configuration you can also rename/remove mixin methods when
adding a behavior to a table. For example:
// In a table's initialize() method.
$this->addBehavior('Sluggable', [
'implementedMethods' => [
'superSlug' => 'slug',
]
]);

Defining Event Listeners

Now that our behavior has a mixin method to slug fields, we can implement a callback listener to automatically slug a field when entities are saved. Well also modify our slug method to accept an entity instead of
just a plain value. Our behavior should now look like:
namespace App\Model\Behavior;
use
use
use
use
use

Cake\Event\Event;
Cake\ORM\Behavior;
Cake\ORM\Entity;
Cake\ORM\Query;
Cake\Utility\Inflector;

class SluggableBehavior extends Behavior


{
protected $_defaultConfig = [
'field' => 'title',
'slug' => 'slug',
'replacement' => '-',
];
public function slug(Entity $entity)
{
$config = $this->config();

452

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$value = $entity->get($config['field']);
$entity->set($config['slug'], Inflector::slug($value, $config['replacement']));
}
public function beforeSave(Event $event, Entity $entity)
{
$this->slug($entity);
}
}

The above code shows a few interesting features of behaviors:


Behaviors can define callback methods by defining methods that follow the Lifecycle Callbacks conventions.
Behaviors can define a default configuration property. This property is merged with the overrides
when a behavior is attached to the table.
To prevent the saving from continuing simply stop event propagation in your callback:
public function beforeSave(Event $event, Entity $entity)
{
if (...) {
$event->stopPropagation();
return;
}
$this->slug($entity);
}

Defining Finders

Now that we are able to save articles with slug values, we should implement a finder method so we can
easily fetch articles by their slug. Behavior finder methods, use the same conventions as Custom Finder
Methods do. Our find(slug) method would look like:
public function findSlug(Query $query, array $options)
{
return $query->where(['slug' => $options['slug']]);
}

Once our behavior has the above method we can call it:
$article = $articles->find('slug', ['slug' => $value])->first();

Limiting or Renaming Exposed Finder Methods

When creating behaviors, there may be situations where you dont want to expose finder methods, or you need to rename finders to avoid duplicated methods. In these cases you can use the
implementedFinders configuration key to rename or exclude finder methods. For example if we
wanted to rename our find(slug) method we could do the following:
More Information

453

CakePHP Cookbook Documentation, Release 3.x

protected $_defaultConfig = [
'implementedFinders' => [
'slugged' => 'findSlug',
]
];

Applying this configuration will make find(slug) trigger an error. However it will make
find(slugged) available. Notably if our behavior implemented other finder methods they would
not be available, as they are not included in the configuration.
Since the exposed methods are decided by configuration you can also rename/remove finder methods when
adding a behavior to a table. For example:
// In a table's initialize() method.
$this->addBehavior('Sluggable', [
'implementedFinders' => [
'slugged' => 'findSlug',
]
]);

Removing Loaded Behaviors


To remove a behavior from your table you can call the removeBehavior() method:
// Remove the loaded behavior
$this->removeBehavior('Sluggable');

Accessing Loaded Behaviors


Once youve attached behaviors to your Table instance you can introspect the loaded behaviors, or access
specific behaviors using the BehaviorRegistry:
// See which behaviors are loaded
$table->behaviors()->loaded();
// Check if a specific behavior is loaded.
// Remember to omit plugin prefixes.
$table->behaviors()->has('CounterCache');
// Get a loaded behavior
// Remember to omit plugin prefixes
$table->behaviors()->get('CounterCache');

Schema System
CakePHP features a schema system that is capable of reflecting and generating schema information for tables
in SQL datastores. The schema system can generate/reflect a schema for any SQL platform that CakePHP
supports.

454

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

The main pieces of the schema system are Cake\Database\Schema\Table and


Cake\Database\Schema\Collection. These classes give you access to database-wide and
individual Table object features respectively.
The primary use of the schema system is for Fixtures. However, it can also be used in your application if
required.
Schema\Table Objects
class Cake\Database\Schema\Table
The schema subsystem provides a simple Table object to hold data about a table in a database. This object
is returned by the schema reflection features:
use Cake\Database\Schema\Table;
// Create a table one column at a time.
$t = new Table('posts');
$t->addColumn('id', [
'type' => 'integer',
'length' => 11,
'null' => false,
'default' => null,
])->addColumn('title', [
'type' => 'string',
'length' => 255,
// Create a fixed length (char field)
'fixed' => true
])->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id']
]);
// Schema\Table classes could also be created with array data
$t = new Table('posts', $columns);

Schema\Table objects allow you build up information about a tables schema. It helps to normalize and
validate the data used to describe a table. For example, the following two forms are equivalent:
$t->addColumn('title', 'string');
// and
$t->addColumn('title', [
'type' => 'string'
]);

While equivalent, the 2nd form allows more detail and control. This emulates the existing features available
in Schema files + the fixture schema in 2.x.

More Information

455

CakePHP Cookbook Documentation, Release 3.x

Accessing Column Data

Columns are either added as constructor arguments, or via addColumn(). Once fields are added information
can be fetched using column() or columns():
// Get the array of data about a column
$c = $t->column('title');
// Get the list of all columns.
$cols = $t->columns();

Indexes and Constraints

Indexes are added using the addIndex(). Constraints are added using addConstraint(). Indexes &
constraints cannot be added for columns that do not exist, as it would result in an invalid state. Indexes are
different from constraints and exceptions will be raised if you try to mix types between the methods. An
example of both methods is:
$t = new Table('posts');
$t->addColumn('id', 'integer')
->addColumn('author_id', 'integer')
->addColumn('title', 'string')
->addColumn('slug', 'string');
// Add a primary key.
$t->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id']
]);
// Add a unique key
$t->addConstraint('slug_idx', [
'columns' => ['slug'],
'type' => 'unique',
]);
// Add index
$t->addIndex('slug_title', [
'columns' => ['slug', 'title'],
'type' => 'index'
]);
// Add a foreign key
$t->addConstraint('author_id_idx', [
'columns' => ['author_id'],
'type' => 'foreign',
'references' => ['authors', 'id'],
'update' => 'cascade',
'delete' => 'cascade'
]);

If you add a primary key constraint to a single integer column it will automatically be converted into a
auto-increment/serial column depending on the database platform:

456

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$t = new Table('posts');
$t->addColumn('id', 'integer')
->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id']
]);

In the above example the id column would generate the following SQL in MySQL:
CREATE TABLE `posts` (
`id` INTEGER AUTO_INCREMENT,
PRIMARY KEY (`id`)
)

If your primary key contains more than one column, none of them will automatically be converted to an
auto-increment value. Instead you will need to tell the table object which column in the composite key you
want to auto-increment:
$t = new Table('posts');
$t->addColumn('id', [
'type' => 'integer',
'autoIncrement' => true,
])
->addColumn('account_id', 'integer')
->addConstraint('primary', [
'type' => 'primary',
'columns' => ['id', 'account_id']
]);

The autoIncrement option only works with integer and biginteger columns.
Reading Indexes and Constraints

Indexes and constraints can be read out of a table object using accessor methods. Assuming that $t is a
populated Table instance you could do the following:
// Get contraints. Will return the
// names of all constraints.
$constraints = $t->constraints()
// Get data about a single constraint.
$constraint = $t->constraint('author_id_idx')
// Get indexes. Will return the
// names of all indexes.
$indexes = $t->indexes()
// Get data about a single index.
$index = $t->index('author_id_idx')

More Information

457

CakePHP Cookbook Documentation, Release 3.x

Adding Table Options

Some drivers (primarily MySQL) support & require additional table metadata. In the case of MySQL the
CHARSET, COLLATE and ENGINE properties are required for maintaining a tables structure in MySQL.
The following could be used to add table options:
$t->options([
'engine' => 'InnoDB',
'collate' => 'utf8_unicode_ci',
]);

Platform dialects only handle the keys they are interested in and ignore the rest. Not all options are support
on all platforms.
Converting Tables into SQL

Using the createSql() or dropSql() you can get platform specific SQL for creating or dropping a
specific table:
$db = ConnectionManager::get('default');
$schema = new Table('posts', $fields, $indexes);
// Create a table
$queries = $schema->createSql($db);
foreach ($queries as $sql) {
$db->execute($sql);
}
// Drop a table
$sql = $schema->dropSql($db);
$db->execute($sql);

By using a connections driver the schema data can be converted into platform specific SQL. The return of
createSql and dropSql is a list of SQL queries required to create a table and the required indexes.
Some platforms may require multiple statements to create tables with comments and/or indexes. An array
of queries is always returned.
Schema Collections
class Cake\Database\Schema\Collection
Collection provides access to the various tables available on a connection. You can use it to get the list
of tables or reflect tables into Table objects. Basic usage of the class looks like:
$db = ConnectionManager::get('default');
// Create a schema collection.
$collection = $db->schemaCollection();
// Get the table names

458

Chapter 12. Database Access & ORM

CakePHP Cookbook Documentation, Release 3.x

$tables = $collection->listTables();
// Get a single table (instance of Schema\Table)
$table = $collection->describe('posts')

ORM Cache Shell


The OrmCacheShell provides a simple CLI tool for managing your applications metadata caches. In deployment situations it is helpful to rebuild the metadata cache in-place without clearing the existing cache
data. You can do this by running:
bin/cake orm_cache build --connection default

This will rebuild the metadata cache for all tables on the default connection. If you only need to rebuild
a single table you can do that by providing its name:
bin/cake orm_cache build --connection default articles

In addition to building cached data, you can use the OrmCacheShell to remove cached metadata as well:
# Clear all metadata
bin/cake orm_cache clear
# Clear a single table
bin/cake orm_cache clear articles

More Information

459

CakePHP Cookbook Documentation, Release 3.x

460

Chapter 12. Database Access & ORM

CHAPTER 13

Authentication

class AuthComponent(ComponentCollection $collection, array $config =[])


Identifying, authenticating, and authorizing users is a common part of almost every web application. In
CakePHP AuthComponent provides a pluggable way to do these tasks. AuthComponent allows you to
combine authentication objects and authorization objects to create flexible ways of identifying and checking
user authorization.

Suggested Reading Before Continuing


Configuring authentication requires several steps including defining a users table, creating a model, controller & views, etc.
This is all covered step by step in the Blog Tutorial.

Authentication
Authentication is the process of identifying users by provided credentials and ensuring that users are who
they say they are. Generally this is done through a username and password, that are checked against a known
list of users. In CakePHP, there are several built-in ways of authenticating users stored in your application.
FormAuthenticate allows you to authenticate users based on form POST data. Usually this is a
login form that users enter information into.
BasicAuthenticate allows you to authenticate users using Basic HTTP authentication.
DigestAuthenticate allows you to authenticate users using Digest HTTP authentication.
By default AuthComponent uses FormAuthenticate.

461

CakePHP Cookbook Documentation, Release 3.x

Choosing an Authentication Type


Generally youll want to offer form based authentication. It is the easiest for users using a web-browser to
use. If you are building an API or webservice, you may want to consider basic authentication or digest
authentication. The key differences between digest and basic authentication are mostly related to how
passwords are handled. In basic authentication, the username and password are transmitted as plain-text to
the server. This makes basic authentication un-suitable for applications without SSL, as you would end up
exposing sensitive passwords. Digest authentication uses a digest hash of the username, password, and a few
other details. This makes digest authentication more appropriate for applications without SSL encryption.
You can also use authentication systems like openid as well; however, openid is not part of CakePHP core.

Configuring Authentication Handlers


You configure authentication handlers using the authenticate config. You can configure one or many
handlers for authentication. Using multiple handlers allows you to support different ways of logging users in.
When logging users in, authentication handlers are checked in the order they are declared. Once one handler
is able to identify the user, no other handlers will be checked. Conversely you can halt all authentication by
throwing an exception. You will need to catch any thrown exceptions and handle them as needed.
You can configure authentication handlers in your controllers beforeFilter() or initialize()
methods. You can pass configuration information into each authentication object using an array:
// Basic setup
$this->Auth->config('authenticate', ['Form']);
// Pass settings in
$this->Auth->config('authenticate', [
'Basic' => ['userModel' => 'Members'],
'Form' => ['userModel' => 'Members']
]);

In the second example youll notice that we had to declare the userModel key twice. To help you keep
your code DRY, you can use the all key. This special key allows you to set settings that are passed to every
attached object. The all key is also exposed as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authenticate', [
AuthComponent::ALL => ['userModel' => 'Members'],
'Basic',
'Form'
]);

In the above example, both Form and Basic will get the settings defined for the all key. Any settings
passed to a specific authentication object will override the matching key in the all key. The core authentication objects support the following configuration keys.
fields The fields to use to identify a user by. You can use keys username and password to
specify your username and password fields respectively.
userModel The model name of the users table; defaults to Users.

462

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

scope Additional conditions to use when looking up and authenticating users,


[Users.is_active => true].

i.e.

contain Extra models to contain and return with identified users info.
passwordHasher Password hasher class; defaults to Default.
To configure different fields for user in your initialize() method:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email', 'password' => 'passwd']
]
]
]);
}

Do not put other Auth configuration keys, such as authError, loginAction, etc., within the
authenticate or Form element. They should be at the same level as the authenticate key. The setup
above with other Auth configuration should look like:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
'plugin' => 'Users'
],
'authError' => 'Did you really think you are allowed to see that?',
'authenticate' => [
'Form' => [
'fields' => ['username' => 'email']
]
]
]);
}

In addition to the common configuration, Basic authentication supports the following keys:
realm The realm being authenticated. Defaults to env(SERVER_NAME).
In addition to the common configuration Digest authentication supports the following keys:
realm The realm authentication is for. Defaults to the servername.
nonce A nonce used for authentication. Defaults to uniqid().
qop Defaults to auth; no other values are supported at this time.
opaque A string that must
md5($config[realm])
Authentication

be

returned

unchanged

by

clients.

Defaults

to

463

CakePHP Cookbook Documentation, Release 3.x

Identifying Users and Logging Them In


AuthComponent::identify()
You need to manually call $this->Auth->identify() to identify the user using credentials provided
in request. Then use $this->Auth->setUser() to log the user in, i.e., save user info to session.
When authenticating users, attached authentication objects are checked in the order they are attached. Once
one of the objects can identify the user, no other objects are checked. A sample login function for working
with a login form could look like:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
} else {
$this->Flash->error(
__('Username or password is incorrect'),
'default',
[],
'auth'
);
}
}
}

The above code will attempt to first identify a user by using the POST data. If successful we set the user info
to the session so that it persists across requests and then redirect to either the last page they were visiting or
a URL specified in the loginRedirect config. If the login is unsuccessful, a flash message is set.
Warning: $this->Auth->setUser($data) will log the user in with whatever data is passed to
the method. It wont actually check the credentials against an authentication class.

Redirecting Users After Login


AuthComponent::redirectUrl()
After logging a user in, youll generally want to redirect them back to where they came from. Pass a URL
in to set the destination a user should be redirected to upon logging in.
If no parameter is passed, it gets the authentication redirect URL. The URL returned is as per following
rules:
Returns the normalized URL from session Auth.redirect value if it is present and for the same domain
the current app is running on.
If there is no session value and there is a config loginRedirect, the loginRedirect value is
returned.

464

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

If there is no session and no loginRedirect, / is returned.


Using Digest and Basic Authentication for Logging In
Basic and digest are stateless authentication schemes and dont require an initial POST or a form. If using only basic / digest authenticators you dont require a login action in your controller. Also you can set
$this->Auth->sessionKey to false to ensure AuthComponent doesnt try to read user info from
session. You may also want to set config unauthorizedRedirect to false which will cause AuthComponent to throw a ForbiddenException instead of default behavior of redirecting to referrer.
Stateless authentication will re-verify the users credentials on each request; this creates a small amount of
additional overhead, but allows clients to login in without using cookies and makes is suitable for APIs.

Creating Custom Authentication Objects


Because authentication objects are pluggable, you can create custom authentication objects in your
application or plugins. If for example you wanted to create an OpenID authentication object. In
src/Auth/OpenidAuthenticate.php you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthenticate;
class OpenidAuthenticate extends BaseAuthenticate
{
public function authenticate(Request $request, Response $response)
{
// Do things for OpenID here.
// Return an array of user if they could authenticate the user,
// return false if not.
}
}

Authentication objects should return false if they cannot identify the user and an array of user information
if they can. Its not required that you extend BaseAuthenticate, only that your authentication object
implements Cake\Event\EventListenerInterface. The BaseAuthenticate class provides
a number of helpful methods that are commonly used. You can also implement a getUser() method if
your authentication object needs to support stateless or cookie-less authentication. See the sections on basic
and digest authentication below for more information.
AuthComponent triggers two events, Auth.afterIdentify and Auth.logout, after a user has
been identified and before a user is logged out respectively. You can set callback functions for these events
by returning a mapping array from implementedEvents() method of your authenticate class:
public function implementedEvents()
{
return [
'Auth.afterIdentify' => 'afterIdentify',
'Auth.logout' => 'logout'
];
}

Authentication

465

CakePHP Cookbook Documentation, Release 3.x

Using Custom Authentication Objects


Once youve created your custom authentication object, you can use them by including them in AuthComponents authenticate array:
$this->Auth->config('authenticate', [
'Openid', // app authentication object.
'AuthBag.Openid', // plugin authentication object.
]);

Note: Note that when using simple notation theres no Authenticate word when initiating the authentication object. Instead, if using namespaces, youll need to set the full namespace of the class, including the
Authenticate word.

Creating Stateless Authentication Systems


Authentication objects can implement a getUser() method that can be used to support user login systems that dont rely on cookies. A typical getUser method looks at the request/environment and uses
the information there to confirm the identity of the user. HTTP Basic authentication for example uses
$_SERVER[PHP_AUTH_USER] and $_SERVER[PHP_AUTH_PW] for the username and password fields. On each request, these values are used to re-identify the user and ensure they are valid user. As
with authentication objects authenticate() method, the getUser() method should return an array
of user information on success or false on failure.
public function getUser($request)
{
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (empty($username) || empty($pass)) {
return false;
}
return $this->_findUser($username, $pass);
}

The above is how you could implement getUser method for HTTP basic authentication.
The
_findUser() method is part of BaseAuthenticate and identifies a user based on a username and
password.

Handling Unauthenticated Requests


When an unauthenticated user tries to access a protected page first the unauthenticated() method
of the last authenticator in the chain is called. The authenticate object can handle sending response or
redirection by returning a response object to indicate no further action is necessary. Due to this, the order in
which you specify the authentication provider in authenticate config matters.
If authenticator returns null, AuthComponent redirects user to login action. If its an AJAX request and
config ajaxLogin is specified that element is rendered else a 403 HTTP status code is returned.

466

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

Displaying Auth Related Flash Messages


In order to display the session error messages that Auth generates, you need to add the following code to
your layout. Add the following two lines to the src/Template/Layout/default.ctp file in the body section:
echo $this->Flash->render();
echo $this->Flash->render('auth');

You can customize the error messages and flash settings AuthComponent uses. Using flash config you
can configure the parameters AuthComponent uses for setting flash messages. The available keys are
key - The key to use, defaults to auth.
params - The array of additional params to use, defaults to [].
In addition to the flash message settings you can customize other error messages AuthComponent uses. In
your controllers beforeFilter, or component settings you can use authError to customize the error used
for when authorization fails:
$this->Auth->config('authError', "Woopsie, you are not authorized to access this area.");

Sometimes, you want to display the authorization error only after the user has already logged-in. You can
suppress this message by setting its value to boolean false.
In your controllers beforeFilter() or component settings:
if (!$this->Auth->user()) {
$this->Auth->config('authError', false);
}

Hashing Passwords
You are responsible for hashing the passwords before they are persisted to the database, the easiest way is
to use a setter function in your User entity:
namespace App\Model\Entity;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Entity;
class User extends Entity
{
// ...
protected function _setPassword($password)
{
return (new DefaultPasswordHasher)->hash($password);
}
// ...
}

Authentication

467

CakePHP Cookbook Documentation, Release 3.x

AuthComponent is configured by default to use the DefaultPasswordHasher when validating user


credentials so no additional configuration is required in order to authenticate users.
DefaultPasswordHasher uses the bcrypt hashing algorithm internally, which is one of the stronger
password hashing solution used in the industry. While it is recommended that you use this password hasher
class, the case may be that you are managing a database of users whose password was hashed differently.

Creating Custom Password Hasher Classes


In order to use a different password hasher, you need to create the class in
src/Auth/LegacyPasswordHasher.php and implement the hash() and check() methods. This
class needs to extend the AbstractPasswordHasher class:
namespace App\Auth;
use Cake\Auth\AbstractPasswordHasher;
class LegacyPasswordHasher extends AbstractPasswordHasher
{
public function hash($password)
{
return sha1($password);
}
public function check($password, $hashedPassword)
{
return sha1($password) === $hashedPassword;
}
}

Then you are required to configure the AuthComponent to use your own password hasher:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Legacy',
]
]
]
]);
}

Supporting legacy systems is a good idea, but it is even better to keep your database with the latest security
advancements. The following section will explain how to migrate from one hashing algorithm to CakePHPs
default

468

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

Changing Hashing Algorithms


CakePHP provides a clean way to migrate your users passwords from one algorithm to another, this is
achieved through the FallbackPasswordHasher class. Assuming you are migrating your app from
CakePHP 2.x which uses sha1 password hashes, you can configure the AuthComponent as follows:
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Form' => [
'passwordHasher' => [
'className' => 'Fallback',
'hashers' => [
'Default',
'Weak' => ['hashType' => 'sha1']
]
]
]
]
]);
}

The first name appearing in the hashers key indicates which of the classes is the preferred one, but it will
fallback to the others in the list if the check was unsuccessful.
When using the WeakPasswordHasher you will need to set the Security.salt configure value to
ensure passwords are salted.
In order to update old users passwords on the fly, you can change the login function accordingly:
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
if ($this->Auth->authenticationProvider()->needsPasswordRehash()) {
$user = $this->Users->get($this->Auth->user('id'));
$user->password = $this->request->data('password');
$this->Users->save($user);
}
return $this->redirect($this->Auth->redirectUrl());
}
...
}
}

As you can see we are just setting the plain password again so the setter function in the entity will hash the
password as shown in the previous example and then save the entity.

Authentication

469

CakePHP Cookbook Documentation, Release 3.x

Hashing Passwords For Digest Authentication


Because Digest authentication requires a password hashed in the format defined by the RFC, in order to
correctly hash a password for use with Digest authentication you should use the special password hashing function on DigestAuthenticate. If you are going to be combining digest authentication with
any other authentication strategies, its also recommended that you store the digest password in a separate
column, from the normal password hash:
namespace App\Model\Table;
use Cake\Auth\DigestAuthenticate;
use Cake\Event\Event;
use Cake\ORM\Table;
class UsersTable extends Table
{
public function beforeSave(Event $event)
{
$entity = $event->data['entity'];
// Make a password for digest auth.
$entity->digest_hash = DigestAuthenticate::password(
$entity->username,
$entity->plain_password,
env('SERVER_NAME')
);
return true;
}
}

Passwords for digest authentication need a bit more information than other password hashes, based on the
RFC for digest authentication.
Note:
The third parameter of DigestAuthenticate::password() must match the realm config value
defined when DigestAuthentication was configured in AuthComponent::$authenticate. This defaults to
env(SCRIPT_NAME). You may wish to use a static string if you want consistent hashes in multiple
environments.

Manually Logging Users In


AuthComponent::setUser(array $user)
Sometimes the need arises where you need to manually log a user in, such as just after they registered for
your application. You can do this by calling $this->Auth->setUser() with the user data you want
to login:
public function register()
{
$user = $this->Users->newEntity($this->request->data);
if ($this->Users->save($user)) {

470

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

$this->Auth->setUser($user->toArray());
return $this->redirect([
'controller' => 'Users',
'action' => 'home'
]);
}
}

Warning: Be sure to manually add the new User id to the array passed to the setUser() method.
Otherwise you wont have the user id available.

Accessing the Logged In User


AuthComponent::user($key = null)
Once a user is logged in, you will often need some particular information about the current user. You can
access the currently logged in user using AuthComponent::user():
// From inside a controller or other component.
$this->Auth->user('id');

If the current user is not logged in or the key doesnt exist, null will be returned.

Logging Users Out


AuthComponent::logout()
Eventually youll want a quick way to de-authenticate someone and redirect them to where they need to
go. This method is also useful if you want to provide a Log me out link inside a members area of your
application:
public function logout()
{
return $this->redirect($this->Auth->logout());
}

Logging out users that logged in with Digest or Basic auth is difficult to accomplish for all clients. Most
browsers will retain credentials for the duration they are still open. Some clients can be forced to logout
by sending a 401 status code. Changing the authentication realm is another solution that works for some
clients.

Authorization
Authorization is the process of ensuring that an identified/authenticated user is allowed to access the resources they are requesting. If enabled AuthComponent can automatically check authorization handlers
and ensure that logged in users are allowed to access the resources they are requesting. There are several
built-in authorization handlers and you can create custom ones for your application or as part of a plugin.

Authorization

471

CakePHP Cookbook Documentation, Release 3.x

ControllerAuthorize Calls isAuthorized() on the active controller, and uses the return
of that to authorize a user. This is often the most simple way to authorize users.
Note: The ActionsAuthorize & CrudAuthorize adapter available in CakePHP 2.x have now been
moved to a separate plugin cakephp/acl1 .

Configuring Authorization Handlers


You configure authorization handlers using the authorize config key. You can configure one or many
handlers for authorization. Using multiple handlers allows you to support different ways of checking authorization. When authorization handlers are checked, they will be called in the order they are declared.
Handlers should return false, if they are unable to check authorization, or the check has failed. Handlers should return true if they were able to check authorization successfully. Handlers will be called
in sequence until one passes. If all checks fail, the user will be redirected to the page they came from.
Additionally you can halt all authorization by throwing an exception. You will need to catch any thrown
exceptions and handle them.
You can configure authorization handlers in your controllers beforeFilter() or initialize()
methods. You can pass configuration information into each authorization object, using an array:
// Basic setup
$this->Auth->config('authorize', ['Controller']);
// Pass settings in
$this->Auth->config('authorize', [
'Actions' => ['actionPath' => 'controllers/'],
'Controller'
]);

Much like authenticate, authorize, helps you keep your code DRY, by using the all key. This
special key allows you to set settings that are passed to every attached object. The all key is also exposed
as AuthComponent::ALL:
// Pass settings in using 'all'
$this->Auth->config('authorize', [
AuthComponent::ALL => ['actionPath' => 'controllers/'],
'Actions',
'Controller'
]);

In the above example, both the Actions and Controller will get the settings defined for the all key.
Any settings passed to a specific authorization object will override the matching key in the all key.
If an authenticated user tries to go to a URL hes not authorized to access, hes redirected back to the
referrer. If you do not want such redirection (mostly needed when using stateless authentication adapter)
you can set config option unauthorizedRedirect to false. This causes AuthComponent to throw a
ForbiddenException instead of redirecting.
1

https://github.com/cakephp/acl

472

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

Creating Custom Authorize Objects


Because authorize objects are pluggable, you can create custom authorize objects in your application or
plugins. If for example you wanted to create an LDAP authorize object. In src/Auth/LdapAuthorize.php
you could put the following:
namespace App\Auth;
use Cake\Auth\BaseAuthorize;
use Cake\Network\Request;
class LdapAuthorize extends BaseAuthorize
{
public function authorize($user, Request $request)
{
// Do things for ldap here.
}
}

Authorize objects should return false if the user is denied access, or if the object is unable to perform a
check. If the object is able to verify the users access, true should be returned. Its not required that you
extend BaseAuthorize, only that your authorize object implements an authorize() method. The
BaseAuthorize class provides a number of helpful methods that are commonly used.
Using Custom Authorize Objects
Once youve created your custom authorize object, you can use them by including them in your AuthComponents authorize array:
$this->Auth->config('authorize', [
'Ldap', // app authorize object.
'AuthBag.Combo', // plugin authorize object.
]);

Using No Authorization
If youd like to not use any of the built-in authorization objects and want to handle things entirely outside
of AuthComponent, you can set $this->Auth->config(authorize, false);. By default
AuthComponent starts off with authorize set to false. If you dont use an authorization scheme, make
sure to check authorization yourself in your controllers beforeFilter or with another component.

Making Actions Public


AuthComponent::allow($actions = null)
There are often times controller actions that you wish to remain entirely public or that dont require users to
be logged in. AuthComponent is pessimistic and defaults to denying access. You can mark actions as public
actions by using AuthComponent::allow(). By marking actions as public, AuthComponent will not
check for a logged in user nor will authorize objects be checked:
Authorization

473

CakePHP Cookbook Documentation, Release 3.x

// Allow all actions


$this->Auth->allow();
// Allow only the index action.
$this->Auth->allow('index');
// Allow only the view and index actions.
$this->Auth->allow(['view', 'index']);

By calling it empty you allow all actions to be public. For a single action you can provide the action name
as string. Otherwise use an array.
Note: You should not add the login action of your UsersController to allow list. Doing so would
cause problems with normal functioning of AuthComponent.

Making Actions Require Authorization


AuthComponent::deny($actions = null)
By default all actions require authorization. However, after making actions public you want to revoke the
public access. You can do so using AuthComponent::deny():
// Deny all actions.
$this->Auth->deny();
// Deny one action
$this->Auth->deny('add');
// Deny a group of actions.
$this->Auth->deny(['add', 'edit']);

By calling it empty you deny all actions. For a single action you can provide the action name as string.
Otherwise use an array.

Using ControllerAuthorize
ControllerAuthorize allows you to handle authorization checks in a controller callback. This is ideal when
you have very simple authorization or you need to use a combination of models and components to do your
authorization and dont want to create a custom authorize object.
The callback is always called isAuthorized() and it should return a boolean as to whether or not the
user is allowed to access resources in the request. The callback is passed the active user so it can be checked:
class AppController extends Controller
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'authorize' => 'Controller',

474

Chapter 13. Authentication

CakePHP Cookbook Documentation, Release 3.x

]);
}
public function isAuthorized($user = null)
{
// Any registered user can access public functions
if (empty($this->request->params['prefix'])) {
return true;
}
// Only admins can access admin functions
if ($this->request->params['prefix'] === 'admin') {
return (bool)($user['role'] === 'admin');
}
// Default deny
return false;
}
}

The above callback would provide a very simple authorization system where only users with role = admin
could access actions that were in the admin prefix.

Configuration options
The following settings can all be defined either in your controllers initialize() method or using
$this->Auth->config() in your beforeFilter():
ajaxLogin The name of an optional view element to render when an AJAX request is made with an invalid
or expired session.
allowedActions Controller actions for which user validation is not required.
authenticate Set to an array of Authentication objects you want to use when logging users in. There are
several core authentication objects; see the section on Suggested Reading Before Continuing.
authError Error to display when user attempts to access an object or action to which they do not have
access.
You can suppress authError message from being displayed by setting this value to boolean false.
authorize Set to an array of Authorization objects you want to use when authorizing users on each request;
see the section on Authorization.
flash Settings to use when Auth needs to do a flash message with FlashComponent::set(). Available
keys are:
element - The element to use; defaults to default.
key - The key to use; defaults to auth.
params - The array of additional params to use; defaults to [].

Configuration options

475

CakePHP Cookbook Documentation, Release 3.x

loginAction A URL (defined as a string or array) to the controller action that handles logins. Defaults to
/users/login.
loginRedirect The URL (defined as a string or array) to the controller action users should be redirected
to after logging in. This value will be ignored if the user has an Auth.redirect value in their
session.
logoutRedirect The default action to redirect to after the user is logged out.
While AuthComponent does not handle post-logout redirection, a redirect URL will be returned from
AuthComponent::logout(). Defaults to loginAction.
unauthorizedRedirect Controls handling of unauthorized access. By default unauthorized user is redirected to the referrer URL or loginAction or /. If set to false, a ForbiddenException exception
is thrown instead of redirecting.

Testing Actions Protected By AuthComponent


See the Testing Actions That Require Authentication section for tips on how to test controller actions that
are protected by AuthComponent.

476

Chapter 13. Authentication

CHAPTER 14

Bake Console

CakePHPs bake console is another effort to get you up and running in CakePHP fast. The bake console can
create any of CakePHPs basic ingredients: models, behaviors, views, helpers, controllers, components, test
cases, fixtures and plugins. And we arent just talking skeleton classes: Bake can create a fully functional
application in just a few minutes. In fact, Bake is a natural step to take once an application has been
scaffolded.

Installation
Before trying to use or extend bake, make sure it is installed in your application. Bake is provided as a
plugin that you can install with Composer:
composer require --dev cakephp/bake:~1.0

The above will install bake as a development dependency. This means that it will not be installed when you
do production deployments. The following sections cover bake in more detail:

Code Generation with Bake


Depending on how your computer is configured, you may have to set execute rights on the cake bash script
to call it using bin/cake bake. The cake console is run using the PHP CLI (command line interface). If
you have problems running the script, ensure that you have the PHP CLI installed and that it has the proper
modules enabled (eg: MySQL, intl). Users also might have issues if the database host is localhost and
should try 127.0.0.1 instead, as localhost can cause issues with PHP CLI.
Before running bake you should make sure you have at least one database connection configured. See the
section on database configuration for more information.
When run with no arguments bin/cake bake will output a list of available tasks. You should see something like:

477

CakePHP Cookbook Documentation, Release 3.x

$ bin/cake bake
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : src
Path: /var/www/cakephp.dev/src/
--------------------------------------------------------------The following commands can be used to generate skeleton code for your application.
Available bake commands:
-

all
behavior
cell
component
controller
fixture
form
helper
model
plugin
shell
template
test

By using `cake bake [name]` you can invoke a specific bake task.

You can get more information on what each task does, and what options are available using the --help
option:
$ bin/cake bake controller --help
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : src
Path: /var/www/cakephp.dev/src/
--------------------------------------------------------------Bake a controller skeleton.
Usage:
cake bake controller [subcommand] [options] [<name>]
Subcommands:
all

Bake all controllers with CRUD methods.

To see help on a subcommand use `cake bake controller [subcommand] --help`


Options:
--help, -h
--verbose, -v
--quiet, -q

478

Display this help.


Enable verbose output.
Enable quiet output.

Chapter 14. Bake Console

CakePHP Cookbook Documentation, Release 3.x

--plugin, -p
--force, -f
--connection, -c
--theme, -t
--components
--helpers
--prefix
--no-test
--no-actions

Plugin to bake into.


Force overwriting existing files without prompting.
The datasource connection to get data from.
(default: default)
The theme to use when baking code.
The comma separated list of components to use.
The comma separated list of helpers to use.
The namespace/routing prefix to use.
Do not generate a test skeleton.
Do not generate basic CRUD action methods.

Arguments:
name Name of the controller to bake. Can use Plugin.name to bake
controllers into plugins. (optional)

Bake Themes
The theme option is common to all bake commands, and allows changing the bake template files used when
baking. To create your own templates, see the bake theme creation documentation.

Extending Bake
Bake features an extensible architecture that allows your application or plugins to easily modify or add-to
the base functionality. Bake makes use of a dedicated view class which does not use standard PHP syntax.
Bake Events
As a view class, BakeView emits the same events as any other view class, plus one extra initialize event.
However, whereas standard view classes use the event prefix View., BakeView uses the event prefix
Bake..
The initialize event can be used to make changes which apply to all baked output, for example to add another
helper to the bake view class this event can be used:
<?php
// config/bootstrap_cli.php
use Cake\Event\Event;
use Cake\Event\EventManager;
EventManager::instance()->on('Bake.initialize', function (Event $event) {
$view = $event->subject;
// In my bake templates, allow the use of the MySpecial helper
$view->loadHelper('MySpecial', ['some' => 'config']);
// And add an $author variable so it's always available
$view->set('author', 'Andy');

Installation

479

CakePHP Cookbook Documentation, Release 3.x

});

Bake events can also be useful for making small changes to existing templates. For example, to change
the variable names used when baking controller/template files one can use a function listening for
Bake.beforeRender to modify the variables used in the bake templates:
<?php
// config/bootstrap_cli.php
use Cake\Event\Event;
use Cake\Event\EventManager;
EventManager::instance()->on('Bake.beforeRender', function (Event $event) {
$view = $event->subject;
// Use $rows for the main data variable in indexes
if ($view->get('pluralName')) {
$view->set('pluralName', 'rows');
}
if ($view->get('pluralVar')) {
$view->set('pluralVar', 'rows');
}
// Use $theOne for the main data variable in view/edit
if ($view->get('singularName')) {
$view->set('singularName', 'theOne');
}
if ($view->get('singularVar')) {
$view->set('singularVar', 'theOne');
}
});

Bake Template Syntax


Bake template files use erb-style (<% %>) tags to denote template logic, and treat everything else including
php tags as plain text.
Note: Bake template files do not use, and are insensitive to, asp_tags php ini setting.
BakeView implements the following tags:
<% A Bake template php open tag
%> A Bake template php close tag
<%= A Bake template php short-echo tag
<%- A Bake template php open tag, stripping any leading whitespace before the tag
-%> A Bake template php close tag, stripping trailing whitespace after the tag

480

Chapter 14. Bake Console

CakePHP Cookbook Documentation, Release 3.x

One way to see/understand how bake templates works, especially when attempting to modify bake template
files, is to bake a class and compare the template used with the pre-processed template file which is left in
the applications tmp folder.
So, for example, when baking a shell like so:
bin/cake bake shell Foo

The template used (vendor/cakephp/bake/src/Template/Bake/Shell/shell.ctp) looks like this:


<?php
namespace <%= $namespace %>\Shell;
use Cake\Console\Shell;
/**
* <%= $name %> shell command.
*/
class <%= $name %>Shell extends Shell
{
/**
* main() method.
*
* @return bool|int Success or error code.
*/
public function main()
{
}
}

The pre-processed template file (tmp/Bake-Shell-shell-ctp.php), which is the file actually rendered, looks
like this:
<CakePHPBakeOpenTagphp
namespace <?= $namespace ?>\Shell;
use Cake\Console\Shell;
/**
* <?= $name ?> shell command.
*/
class <?= $name ?>Shell extends Shell
{
/**
* main() method.
*
* @return bool|int Success or error code.
*/
public function main()
{
}

Installation

481

CakePHP Cookbook Documentation, Release 3.x

And the resultant baked class (src/Shell/FooShell.php) looks like this:


<?php
namespace App\Shell;
use Cake\Console\Shell;
/**
* Foo shell command.
*/
class FooShell extends Shell
{
/**
* main() method.
*
* @return bool|int Success or error code.
*/
public function main()
{
}
}

Creating a Bake Theme


If you wish to modify the default output produced by the bake command, you can create your own bake
theme which allows you to replace some or all of the templates that bake uses. The best way to do this is:
1. Bake a new plugin. The name of the plugin is the bake theme name
2. Create a new directory plugins/[name]/src/Template/Bake/Template/.
3. Copy any templates you want to override from vendor/cakephp/bake/src/Template/Bake/Template
to matching files in your plugin.
4. When running bake use the --theme option to specify the bake-theme you want to use.
Creating New Bake Command Options
Its possible to add new bake command options, or override the ones provided by CakePHP by creating tasks
in your application or plugins. By extending Bake\Shell\Task\BakeTask, bake will find your new
task and include it as part of bake.
As an example, well make a task that creates an arbitrary foo class. First, create the task file
src/Shell/Task/FooTask.php. Well extend the SimpleBakeTask for now as our shell task will be simple. SimpleBakeTask is abstract and requires us to define 4 methods that tell bake what the task is called,
where the files it generates should go, and what template to use. Our FooTask.php file should look like:

482

Chapter 14. Bake Console

CakePHP Cookbook Documentation, Release 3.x

<?php
namespace App\Shell\Task;
use Bake\Shell\Task\SimpleBakeTask;
class FooTask extends SimpleBakeTask
{
public $pathFragment = 'Foo/';
public function name()
{
return 'shell';
}
public function fileName($name)
{
return $name . 'Foo.php';
}
public function template()
{
return 'foo';
}
}

Once this file has been created, we need to create a template that bake can use when generating code. Create
src/Template/Bake/foo.ctp. In this file well add the following content:
<?php
namespace <%= $namespace %>\Foo;
/**
* <%= $name %> foo
*/
class <%= $name %>Foo
{
// Add code.
}

You should now see your new task in the output of bin/cake bake. You can run your new task
by running bin/cake bake foo Example. This will generate a new ExampleFoo class in
src/Foo/ExampleFoo.php for your application to use.

Installation

483

CakePHP Cookbook Documentation, Release 3.x

484

Chapter 14. Bake Console

CHAPTER 15

Caching

class Cake\Cache\Cache
Caching is frequently used to reduce the time it takes to create or read from other resources. Caching is
often used to make reading from expensive resources less expensive. You can easily store the results of
expensive queries, or remote webservice access that doesnt frequently change in a cache. Once in the
cache, re-reading the stored resource from the cache is much cheaper than accessing the remote resource.
Caching in CakePHP is primarily facilitated by the Cache class. This class provides a set of static methods
that provide a uniform API to dealing with all different types of Caching implementations. CakePHP comes
with several cache engines built-in, and provides an easy system to implement your own caching systems.
The built-in caching engines are:
FileCache File cache is a simple cache that uses local files. It is the slowest cache engine, and
doesnt provide as many features for atomic operations. However, since disk storage is often quite
cheap, storing large objects, or elements that are infrequently written work well in files.
ApcCache APC cache uses the PHP APC1 extension. This extension uses shared memory on the
webserver to store objects. This makes it very fast, and able to provide atomic read/write features.
Wincache Wincache uses the Wincache2 extension. Wincache is similar to APC in features and
performance, but optimized for Windows and IIS.
XcacheEngine Xcache3 is a PHP extension that provides similar features to APC.
MemcachedEngine Uses the Memcached4 extension. It also interfaces with memcache but provides better performance.
RedisEngine Uses the phpredis5 extension. Redis provides a fast and persistent cache system
similar to memcached, also provides atomic operations.
1

http://php.net/apc
http://php.net/wincache
3
http://xcache.lighttpd.net/
4
http://php.net/memcached
5
https://github.com/nicolasff/phpredis
2

485

CakePHP Cookbook Documentation, Release 3.x

Regardless of the CacheEngine you choose to use, your application interacts with Cake\Cache\Cache
in a consistent manner. This means you can easily swap cache engines as your application grows.

Configuring Cache Class


static Cake\Cache\Cache::config($key, $config = null)
Configuring the Cache class can be done anywhere, but generally you will want to configure Cache during
bootstrapping. The config/app.php file is the conventional location to do this. You can configure as many
cache configurations as you need, and use any mixture of cache engines. CakePHP uses two cache configurations internally. _cake_core_ is used for storing file maps, and parsed results of Internationalization
& Localization files. _cake_model_, is used to store schema descriptions for your applications models.
If you are using APC or Memcached you should make sure to set unique keys for the core caches. This will
prevent multiple applications from overwriting each others cached data.
Using multiple configurations also lets you incrementally change the storage as needed. For example in
your config/app.php you could put the following:
// ...
'Cache' => [
'short' => [
'className' => 'File',
'duration' => '+1 hours',
'path' => CACHE,
'prefix' => 'cake_short_'
],
// Using a fully namespaced name.
'long' => [
'className' => 'Cake\Cache\Engine\FileEngine',
'duration' => '+1 week',
'probability' => 100,
'path' => CACHE . 'long' . DS,
]
]
// ...

Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Cache::config('short', [
'url' => 'memcached://user:password@cache-host/?timeout=3600&prefix=myapp_',
]);

When using a DSN string you can define any additional parameters/options as query string arguments.
You can also configure Cache engines at runtime:
// Using a short name
Cache::config('short', [
'className' => 'File',
'duration' => '+1 hours',
'path' => CACHE,

486

Chapter 15. Caching

CakePHP Cookbook Documentation, Release 3.x

'prefix' => 'cake_short_'


]);
// Using a fully namespaced name.
Cache::config('long', [
'className' => 'Cake\Cache\Engine\FileEngine',
'duration' => '+1 week',
'probability' => 100,
'path' => CACHE . 'long' . DS,
]);
// Using a constructed object.
$object = new FileEngine($config);
Cache::config('other', $object);

The name of these configurations short or long is used as the $config parameter for
Cake\Cache\Cache::write() and Cake\Cache\Cache::read(). When configuring Cache
engines you can refer to the class name using the following syntaxes:
Short classname without Engine or a namespace. This will infer that you want to use a Cache engine
in Cake\Cache\Engine or App\Cache\Engine.
Using plugin syntax which allows you to load engines from a specific plugin.
Using a fully qualified namespaced classname. This allows you to use classes located outside of the
conventional locations.
Using an object that extends the CacheEngine class.
Note: When using the FileEngine you might need to use the mask option to ensure cache files are made
with the correct permissions.

Removing Configured Cache Engines


static Cake\Cache\Cache::drop($key)
Once a configuration is created you cannot change it. Instead you should drop the configuration and recreate it using Cake\Cache\Cache::drop() and Cake\Cache\Cache::config(). Dropping a
cache engine will remove the config and destroy the adapter if it was constructed.

Writing to a Cache
static Cake\Cache\Cache::write($key, $value, $config = default)
Cache::write() will write a $value to the Cache. You can read or delete this value later by referring
to it by $key. You may specify an optional configuration to store the cache in as well. If no $config
is specified, default will be used. Cache::write() can store any type of object and is ideal for storing
results of model finds:

Writing to a Cache

487

CakePHP Cookbook Documentation, Release 3.x

if (($posts = Cache::read('posts')) === false) {


$posts = $someService->getAllPosts();
Cache::write('posts', $posts);
}

Using Cache::write() and Cache::read() to easily reduce the number of trips made to the
database to fetch posts.
Note: If you plan to cache the result of queries made with the CakePHP ORM, it is better to use the built-in
cache capabilities of the Query object as described in the Caching Loaded Results section

Writing Multiple Keys at Once


static Cake\Cache\Cache::writeMany($data, $config = default)
You may find yourself needing to write multiple cache keys at once. While you can use multiple calls
to write(), writeMany() allows CakePHP to use more efficient storage APIs where available. For
example using writeMany() save multiple network connections when using Memcached:
$result = Cache::writeMany([
'article-' . $slug => $article,
'article-' . $slug . '-comments' => $comments
]);
// $result will contain
['article-first-post' => true, 'article-first-post-comments' => true]

Read Through Caching


static Cake\Cache\Cache::remember($key, $callable, $config = default)
Cache makes it easy to do read-through caching. If the named cache key exists, it will be returned. If the
key does not exist, the callable will be invoked and the results stored in the cache at the provided key.
For example, you often want to cache remote service call results. You could use remember() to make this
simple:
class IssueService
{
public function allIssues($repo)
{
return Cache::remember($repo . '-issues', function () use ($repo) {
return $this->fetchAll($repo);
});
}
}

488

Chapter 15. Caching

CakePHP Cookbook Documentation, Release 3.x

Reading From a Cache


static Cake\Cache\Cache::read($key, $config = default)
Cache::read() is used to read the cached value stored under $key from the $config. If $config
is null the default config will be used. Cache::read() will return the cached value if it is a valid cache
or false if the cache has expired or doesnt exist. The contents of the cache might evaluate false, so make
sure you use the strict comparison operators: === or !==.
For example:
$cloud = Cache::read('cloud');
if ($cloud !== false) {
return $cloud;
}
// Generate cloud data
// ...
// Store data in cache
Cache::write('cloud', $cloud);
return $cloud;

Reading Multiple Keys at Once


static Cake\Cache\Cache::readMany($keys, $config = default)
After youve written multiple keys at once, youll probably want to read them as well. While you could
use multiple calls to read(), readMany() allows CakePHP to use more efficient storage APIs where
available. For example using readMany() save multiple network connections when using Memcached:
$result = Cache::readMany([
'article-' . $slug,
'article-' . $slug . '-comments'
]);
// $result will contain
['article-first-post' => '...', 'article-first-post-comments' => '...']

Deleting From a Cache


static Cake\Cache\Cache::delete($key, $config = default)
Cache::delete() will allow you to completely remove a cached object from the store:
// Remove a key
Cache::delete('my_key');

Reading From a Cache

489

CakePHP Cookbook Documentation, Release 3.x

Deleting Multiple Keys at Once


static Cake\Cache\Cache::deleteMany($keys, $config = default)
After youve written multiple keys at once, you may want to delete them. While you could use multiple calls
to delete(), deleteMany() allows CakePHP to use more efficient storage APIs where available. For
example using deleteMany() save multiple network connections when using Memcached:
$result = Cache::deleteMany([
'article-' . $slug,
'article-' . $slug . '-comments'
]);
// $result will contain
['article-first-post' => true, 'article-first-post-comments' => true]

Clearing Cached Data


static Cake\Cache\Cache::clear($check, $config = default)
Destroy all cached values for a cache configuration. In engines like: Apc, Memcached, and Wincache, the
cache configurations prefix is used to remove cache entries. Make sure that different cache configurations
have different prefixes:
// Will only clear expired keys.
Cache::clear(true);
// Will clear all keys.
Cache::clear(false);

static Cake\Cache\Cache::gc($config)
Garbage collects entries in the cache configuration. This is primarily used by FileEngine. It should be
implemented by any Cache engine that requires manual eviction of cached data.

Using Cache to Store Counters


static Cake\Cache\Cache::increment($key, $offset = 1, $config = default)
static Cake\Cache\Cache::decrement($key, $offset = 1, $config = default)
Counters for various things are easily stored in a cache. For example, a simple countdown for remaining
slots in a contest could be stored in Cache. The Cache class exposes atomic ways to increment/decrement
counter values in an easy way. Atomic operations are important for these values as it reduces the risk of
contention, and ability for two users to simultaneously lower the value by one, resulting in an incorrect
value.
After setting an integer value you can manipulate it using increment() and decrement():

490

Chapter 15. Caching

CakePHP Cookbook Documentation, Release 3.x

Cache::write('initial_count', 10);
// Later on
Cache::decrement('initial_count');
// Or
Cache::increment('initial_count');

Note: Incrementing and decrementing do not work with FileEngine. You should use APC, Wincache,
Redis or Memcached instead.

Using Cache to Store Common Query Results


You can greatly improve the performance of your application by putting results that infrequently change,
or that are subject to heavy reads into the cache. A perfect example of this are the results from
Cake\ORM\Table::find(). The Query object allows you to cache results using the cache()
method. See the Caching Loaded Results section for more information.

Using Groups
Sometimes you will want to mark multiple cache entries to belong to certain group or namespace. This is a
common requirement for mass-invalidating keys whenever some information changes that is shared among
all entries in the same group. This is possible by declaring the groups in cache configuration:
Cache::config('site_home', [
'className' => 'Redis',
'duration' => '+999 days',
'groups' => ['comment', 'article']
]);

Cake\Cache\Cache::clearGroup($group, $config = default)


Lets say you want to store the HTML generated for your homepage in cache, but would also want to
automatically invalidate this cache every time a comment or post is added to your database. By adding the
groups comment and article, we have effectively tagged any key stored into this cache configuration
with both group names.
For instance, whenever a new post is added, we could tell the Cache engine to remove all entries associated
to the article group:
// src/Model/Table/ArticlesTable.php
public function afterSave($entity, $options = [])
{
if ($entity->isNew()) {
Cache::clearGroup('article', 'site_home');
}
}

Using Cache to Store Common Query Results

491

CakePHP Cookbook Documentation, Release 3.x

static Cake\Cache\Cache::groupConfigs($group = null)


groupConfigs() can be used to retrieve mapping between group and configurations, i.e.: having the
same group:
// src/Model/Table/ArticlesTable.php
/**
* A variation of previous example that clears all Cache configurations
* having the same group
*/
public function afterSave($entity, $options = [])
{
if ($entity->isNew()) {
$configs = Cache::groupConfigs('article');
foreach ($configs['article'] as $config) {
Cache::clearGroup('article', $config);
}
}
}

Groups are shared across all cache configs using the same engine and same prefix. If you are using groups
and want to take advantage of group deletion, choose a common prefix for all your configs.

Globally Enable or Disable Cache


static Cake\Cache\Cache::disable
You may need to disable all Cache read & writes when trying to figure out cache expiration related issues.
You can do this using enable() and disable():
// Disable all cache reads, and cache writes.
Cache::disable();

Once disabled, all reads and writes will return null.


static Cake\Cache\Cache::enable
Once disabled, you can use enable() to re-enable caching:
// Re-enable all cache reads, and cache writes.
Cache::enable();

static Cake\Cache\Cache::enabled
If you need to check on the state of Cache, you can use enabled().

Creating a Storage Engine for Cache


You can provide custom Cache adapters in App\Cache\Engine as well as in plugins using
$plugin\Cache\Engine. src/plugin cache engines can also override the core engines. Cache

492

Chapter 15. Caching

CakePHP Cookbook Documentation, Release 3.x

adapters must be in a cache directory. If you had a cache engine named MyCustomCacheEngine
it would be placed in either src/Cache/Engine/MyCustomCacheEngine.php as an app/libs. Or in
$plugin/Cache/Engine/MyCustomCacheEngine.php as part of a plugin. Cache configs from
plugins need to use the plugin dot syntax.
Cache::config('custom', [
'className' => 'CachePack.MyCustomCache',
// ...
]);

Custom Cache engines must extend Cake\Cache\CacheEngine which defines a number of abstract
methods as well as provides a few initialization methods.
The required API for a CacheEngine is
class Cake\Cache\CacheEngine
The base class for all cache engines used with Cache.
Cake\Cache\CacheEngine::write($key, $value, $config = default)
Returns boolean for success.
Write value for a key into cache, optional string $config specifies configuration name to write to.
Cake\Cache\CacheEngine::read($key)
Returns The cached value or false for failure.
Read a key from the cache. Return false to indicate the entry has expired or does not exist.
Cake\Cache\CacheEngine::delete($key)
Returns Boolean true on success.
Delete a key from the cache. Return false to indicate that the entry did not exist or could not be
deleted.
Cake\Cache\CacheEngine::clear($check)
Returns Boolean true on success.
Delete all keys from the cache. If $check is true, you should validate that each value is actually
expired.
Cake\Cache\CacheEngine::clearGroup($group)
Returns Boolean true on success.
Delete all keys from the cache belonging to the same group.
Cake\Cache\CacheEngine::decrement($key, $offset = 1)
Returns Boolean true on success.
Decrement a number under the key and return decremented value
Cake\Cache\CacheEngine::increment($key, $offset = 1)
Returns Boolean true on success.

Creating a Storage Engine for Cache

493

CakePHP Cookbook Documentation, Release 3.x

Increment a number under the key and return incremented value


Cake\Cache\CacheEngine::gc()
Not required, but used to do clean up when resources expire. FileEngine uses this to delete files
containing expired content.

494

Chapter 15. Caching

CHAPTER 16

Console & Shells

CakePHP features not only a web framework but also a console framework for creating console applications. Console applications are ideal for handling a variety of background tasks such as maintenance, and
completing work outside of the request-response cycle. CakePHP console applications allow you to reuse
your application classes from the command line.
CakePHP comes with a number of console applications out of the box. Some of these applications are used
in concert with other CakePHP features (like i18n), and others are for general use to get you working faster.

The CakePHP Console


This section provides an introduction into CakePHP at the command-line. Console tools are ideal for use in
cron jobs, or command line based utilities that dont need to be accessible from a web browser.
PHP provides a CLI client that makes interfacing with your file system and applications much smoother.
The CakePHP console provides a framework for creating shell scripts. The Console uses a dispatcher-type
setup to load a shell or task, and provide its parameters.
Note: A command-line (CLI) build of PHP must be available on the system if you plan to use the Console.
Before we get into specifics, lets make sure you can run the CakePHP console. First, youll need to bring up
a system shell. The examples shown in this section will be in bash, but the CakePHP Console is Windowscompatible as well. This example assumes that the user is currently logged into a bash prompt and is
currently at the root of a CakePHP application.
CakePHP applications contain a Console directory that contains all the shells and tasks for an application.
It also comes with an executable:
$ cd /path/to/app
$ bin/cake

Note: For Windows, the command needs to be bin\cake (note the backslash).

495

CakePHP Cookbook Documentation, Release 3.x

Running the Console with no arguments produces this help message:


Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : App
Path: /Users/markstory/Sites/cakephp-app/src/
--------------------------------------------------------------Current Paths:
-app: src
-root: /Users/markstory/Sites/cakephp-app
-core: /Users/markstory/Sites/cakephp-app/vendor/cakephp/cakephp
Changing Paths:
Your working path should be the same as your application path. To change your path use the
Example: -app relative/path/to/myapp or -app /absolute/path/to/myapp
Available Shells:
[Bake] bake
[Migrations] migrations
[CORE] i18n, orm_cache, plugin, server
[app] behavior_time, console, orm
To run an app or core command, type cake shell_name [args]
To run a plugin command, type cake Plugin.shell_name [args]
To get help on a specific command, type cake shell_name --help

The first information printed relates to paths. This is helpful if youre running the console from different
parts of the filesystem.
You could then run the any of the listed shells by using its name:
# run server shell
bin/cake server
# run migrations shell
bin/cake migrations -h
# run bake (with plugin prefix)
bin/cake bake.bake -h

Plugin shells can be invoked without a plugin prefix if the shells name does not overlap with an application
or framework shell. In the case that two plugins provide a shell with the same name, the first loaded plugin
will get the short alias. You can always use the plugin.shell format to unambiguously reference a
shell.
class Cake\Console\Shell

496

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

Creating a Shell
Lets create a shell for use in the Console. For this example, well create a simple Hello world shell. In your
applications Shell directory create HelloShell.php. Put the following code inside it:
namespace App\Shell;
use Cake\Console\Shell;
class HelloShell extends Shell
{
public function main()
{
$this->out('Hello world.');
}
}

The conventions for shell classes are that the class name should match the file name, with the suffix of
Shell. In our shell we created a main() method. This method is called when a shell is called with no
additional commands. Well add some more commands in a bit, but for now lets just run our shell. From
your application directory, run:
bin/cake hello

You should see the following output:


Welcome to CakePHP Console
--------------------------------------------------------------App : app
Path: /Users/markstory/Sites/cake_dev/src/
--------------------------------------------------------------Hello world.

As mentioned before, the main() method in shells is a special method called whenever there are no other
commands or arguments given to a shell. Since our main method wasnt very interesting lets add another
command that does something:
namespace App\Shell;
use Cake\Console\Shell;
class HelloShell extends Shell
{
public function main()
{
$this->out('Hello world.');
}
public function heyThere($name = 'Anonymous')
{
$this->out('Hey there ' . $name);
}
}

Creating a Shell

497

CakePHP Cookbook Documentation, Release 3.x

After saving this file, you should be able to run the following command and see your name printed out:
bin/cake hello hey_there your-name

Any public method not prefixed by an _ is allowed to be called from the command line. As you can see,
methods invoked from the command line are transformed from the underscored shell argument to the correct
camel-cased method name in the class.
In our heyThere() method we can see that positional arguments are provided to our heyThere()
function. Positional arguments are also available in the args property. You can access switches or options
on shell applications, which are available at $this->params, but well cover that in a bit.
When using a main() method you wont be able to use the positional arguments. This is because the first
positional argument or option is interpreted as the command name. If you want to use arguments, you should
use method names other than main.

Using Models in Your Shells


Youll often need access to your applications business logic in shell utilities; CakePHP makes that super
easy. You can load models in shells, just as you would in a controller using loadModel(). The loaded
models are set as properties attached to your shell:
namespace App\Shell;
use Cake\Console\Shell;
class UserShell extends Shell
{
public function initialize()
{
parent::initialize();
$this->loadModel('Users');
}
public function show()
{
if (empty($this->args[0])) {
return $this->error('Please enter a username.');
}
$user = $this->Users->findByUsername($this->args[0]);
$this->out(print_r($user, true));
}
}

The above shell, will fetch a user by username and display the information stored in the database.

Shell Tasks
There will be times when building more advanced console applications, youll want to compose functionality
into re-usable classes that can be shared across many shells. Tasks allow you to extract commands into
498

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

classes. For example the bake is made almost entirely of tasks. You define a tasks for a shell using the
$tasks property:
class UserShell extends Shell
{
public $tasks = ['Template'];
}

You can use tasks from plugins using the standard plugin syntax. Tasks are stored in Shell/Task/
in files named after their classes. So if we were to create a new FileGenerator task, you would create
src/Shell/Task/FileGeneratorTask.php.
Each task must at least implement a main() method. The ShellDispatcher, will call this method when the
task is invoked. A task class looks like:
namespace App\Shell\Task;
use Cake\Console\Shell;
class FileGeneratorTask extends Shell
{
public function main()
{
}
}

A shell can also access its tasks as properties, which makes tasks great for making re-usable chunks of
functionality similar to Components:
// Found in src/Shell/SeaShell.php
class SeaShell extends Shell
{
// Found in src/Shell/Task/SoundTask.php
public $tasks = ['Sound'];
public function main()
{
$this->Sound->main();
}
}

You can also access tasks directly from the command line:
$ cake sea sound

Note: In order to access tasks directly from the command line, the task must be included in the shell class
$tasks property.
Also, the task name must be added as a sub command to the Shells OptionParser:
public function getOptionParser()
{

Shell Tasks

499

CakePHP Cookbook Documentation, Release 3.x

$parser = parent::getOptionParser();
$parser->addSubcommand('sound', [
'help' => 'Execute The Sound Task.'
]);
return $parser;
}

Loading Tasks On The Fly with TaskRegistry


You can load tasks on the fly using the Task registry object. You can load tasks that were not declared in
$tasks this way:
$project = $this->Tasks->load('Project');

Would load and return a ProjectTask instance. You can load tasks from plugins using:
$progressBar = $this->Tasks->load('ProgressBar.ProgressBar');

Invoking Other Shells from Your Shell


Cake\Console\Shell::dispatchShell($args)
There are still many cases where you will want to invoke one shell from another though.
Shell::dispatchShell() gives you the ability to call other shells by providing the argv for the
sub shell. You can provide arguments and options either as var args or as a string:
// As a string
$this->dispatchShell('schema create Blog --plugin Blog');
// As an array
$this->dispatchShell('schema', 'create', 'Blog', '--plugin', 'Blog');

The above shows how you can call the schema shell to create the schema for a plugin from inside your
plugins shell.

Getting User Input


Cake\Console\Shell::in($question, $choices = null, $defaut = null)
When building interactive console applications youll need to get user input. CakePHP provides an easy
way to do this:
// Get arbitrary text from the user.
$color = $this->in('What color do you like?');
// Get a choice from the user.
$selection = $this->in('Red or Green?', ['R', 'G'], 'R');

Selection validation is case-insensitive.


500

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

Creating Files
Cake\Console\Shell::createFile($path, $contents)
Many Shell applications help automate development or deployment tasks. Creating files is often important
in these use cases. CakePHP provides an easy way to create a file at a given path:
$this->createFile('bower.json', $stuff);

If the Shell is interactive, a warning will be generated, and the user asked if they want to overwrite the file
if it already exists. If the shells interactive property is false, no question will be asked and the file will
simply be overwritten.

Console Output
The Shell class provides a few methods for outputting content:
// Write to stdout
$this->out('Normal message');
// Write to stderr
$this->err('Error message');
// Write to stderr and stop the process
$this->error('Fatal error');

Shell also includes methods for clearing output, creating blank lines, or drawing a line of dashes:
// Output 2 newlines
$this->out($this->nl(2));
// Clear the user's screen
$this->clear();
// Draw a horizontal line
$this->hr();

Lastly, you can update the current line of text on the screen using _io->overwrite():
$this->out('Counting down');
$this->out('10', 0);
for ($i = 9; $i > 0; $i--) {
sleep(1);
$this->_io->overwrite($i, 0, 2);
}

It is important to remember, that you cannot overwrite text once a new line has been output.

Creating Files

501

CakePHP Cookbook Documentation, Release 3.x

Console Output Levels


Shells often need different levels of verbosity. When running as cron jobs, most output is un-necessary. And
there are times when you are not interested in everything that a shell has to say. You can use output levels
to flag output appropriately. The user of the shell, can then decide what level of detail they are interested in
by setting the correct flag when calling the shell. Cake\Console\Shell::out() supports 3 types of
output by default.
QUIET - Only absolutely important information should be marked for quiet output.
NORMAL - The default level, and normal usage.
VERBOSE - Mark messages that may be too noisy for everyday use, but helpful for debugging as
VERBOSE.
You can mark output as follows:
// Would appear at all levels.
$this->out('Quiet message', 1, Shell::QUIET);
$this->quiet('Quiet message');
// Would not appear when quiet output is toggled.
$this->out('normal message', 1, Shell::NORMAL);
$this->out('loud message', 1, Shell::VERBOSE);
$this->verbose('Verbose output');
// Would only appear when verbose output is enabled.
$this->out('extra message', 1, Shell::VERBOSE);
$this->verbose('Verbose output');

You can control the output level of shells, by using the --quiet and --verbose options. These options
are added by default, and allow you to consistently control output levels inside your CakePHP shells.

Styling Output
Styling output is done by including tags - just like HTML - in your output. ConsoleOutput will replace these
tags with the correct ansi code sequence, or remove the tags if you are on a console that doesnt support ansi
codes. There are several built-in styles, and you can create more. The built-in ones are
error Error messages. Red underlined text.
warning Warning messages. Yellow text.
info Informational messages. Cyan text.
comment Additional text. Blue text.
question Text that is a question, added automatically by shell.
You can create additional styles using $this->stdout->styles(). To declare a new output style you
could do:
$this->_io->styles('flashy', ['text' => 'magenta', 'blink' => true]);

502

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

This would then allow you to use a <flashy> tag in your shell output, and if ansi colours are enabled, the
following would be rendered as blinking magenta text $this->out(<flashy>Whoooa</flashy>
Something went wrong);. When defining styles you can use the following colours for the text
and background attributes:
black
red
green
yellow
blue
magenta
cyan
white
You can also use the following options as boolean switches, setting them to a truthy value enables them.
bold
underline
blink
reverse
Adding a style makes it available on all instances of ConsoleOutput as well, so you dont have to redeclare
styles for both stdout and stderr objects.

Turning Off Colouring


Although colouring is pretty awesome, there may be times when you want to turn it off, or force it on:
$this->_io->outputAs(ConsoleOutput::RAW);

The above will put the output object into raw output mode. In raw output mode, no styling is done at all.
There are three modes you can use.
ConsoleOutput::RAW - Raw output, no styling or formatting will be done. This is a good mode
to use if you are outputting XML or, want to debug why your styling isnt working.
ConsoleOutput::PLAIN - Plain text output, known style tags will be stripped from the output.
ConsoleOutput::COLOR - Output with color escape codes in place.
By default on *nix systems ConsoleOutput objects default to colour output. On Windows systems, plain
output is the default unless the ANSICON environment variable is present.

Console Output

503

CakePHP Cookbook Documentation, Release 3.x

Hook Methods
Cake\Console\Shell::initialize()
Initializes the Shell acts as constructor for subclasses allows configuration of tasks prior to shell
execution.
Cake\Console\Shell::startup()
Starts up the Shell and displays the welcome message. Allows for checking and configuring prior to
command or main execution.
Override this method if you want to remove the welcome information, or otherwise modify the precommand flow.

Configuring Options and Generating Help


class Cake\Console\ConsoleOptionParser
ConsoleOptionParser provides a command line option and argument parser.
OptionParsers allow you to accomplish two goals at the same time. First, they allow you to define the options
and arguments for your commands. This allows you to separate basic input validation and your console
commands. Secondly, it allows you to provide documentation, that is used to generate a well formatted help
file.
The console framework in CakePHP gets your shells option parser by calling
$this->getOptionParser(). Overriding this method allows you to configure the OptionParser to define the expected inputs of your shell. You can also configure subcommand option parsers,
which allow you to have different option parsers for subcommands and tasks. The ConsoleOptionParser
implements a fluent interface and includes methods for easily setting multiple options/arguments at once:
public function getOptionParser()
{
$parser = parent::getOptionParser();
// Configure parser
return $parser;
}

Configuring an Option Parser with the Fluent Interface


All of the methods that configure an option parser can be chained, allowing you to define an entire option
parser in one series of method calls:
public function getOptionParser()
{
$parser = parent::getOptionParser();
$parser->addArgument('type', [
'help' => 'Either a full path or type of class.'
])->addArgument('className', [
'help' => 'A CakePHP core class name (e.g: Component, HtmlHelper).'

504

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

])->addOption('method', [
'short' => 'm',
'help' => __('The specific method you want help on.')
])->description(__('Lookup doc block comments for classes in CakePHP.'));
return $parser;
}

The methods that allow chaining are:


description()
epilog()
command()
addArgument()
addArguments()
addOption()
addOptions()
addSubcommand()
addSubcommands()
Cake\Console\ConsoleOptionParser::description($text = null)
Gets or sets the description for the option parser. The description displays above the argument and option
information. By passing in either an array or a string, you can set the value of the description. Calling with
no arguments will return the current value:
// Set multiple lines at once
$parser->description(['line one', 'line two']);
// Read the current value
$parser->description();

Cake\Console\ConsoleOptionParser::epilog($text = null)
Gets or sets the epilog for the option parser. The epilog is displayed after the argument and option information. By passing in either an array or a string, you can set the value of the epilog. Calling with no arguments
will return the current value:
// Set multiple lines at once
$parser->epilog(['line one', 'line two']);
// Read the current value
$parser->epilog();

Adding Arguments
Cake\Console\ConsoleOptionParser::addArgument($name, $params =[])

Configuring Options and Generating Help

505

CakePHP Cookbook Documentation, Release 3.x

Positional arguments are frequently used in command line tools, and ConsoleOptionParser allows
you to define positional arguments as well as make them required. You can add arguments one at a time
with $parser->addArgument(); or multiple at once with $parser->addArguments();:
$parser->addArgument('model', ['help' => 'The model to bake']);

You can use the following options when creating an argument:


help The help text to display for this argument.
required Whether this parameter is required.
index The index for the arg, if left undefined the argument will be put onto the end of the arguments.
If you define the same index twice the first option will be overwritten.
choices An array of valid choices for this argument. If left empty all values are valid. An exception
will be raised when parse() encounters an invalid value.
Arguments that have been marked as required will throw an exception when parsing the command if they
have been omitted. So you dont have to handle that in your shell.
Cake\Console\ConsoleOptionParser::addArguments(array $args)
If you have an array with multiple arguments you can use $parser->addArguments() to add multiple
arguments at once.
$parser->addArguments([
'node' => ['help' => 'The node to create', 'required' => true],
'parent' => ['help' => 'The parent node', 'required' => true]
]);

As with all the builder methods on ConsoleOptionParser, addArguments can be used as part of a fluent
method chain.

Validating Arguments
When creating positional arguments, you can use the required flag, to indicate that an argument must be
present when a shell is called. Additionally you can use choices to force an argument to be from a list of
valid choices:
$parser->addArgument('type', [
'help' => 'The type of node to interact with.',
'required' => true,
'choices' => ['aro', 'aco']
]);

The above will create an argument that is required and has validation on the input. If the argument is either
missing, or has an incorrect value an exception will be raised and the shell will be stopped.

Adding Options
Cake\Console\ConsoleOptionParser::addOption($name, $options =[])

506

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

Options or flags are also frequently used in command line tools. ConsoleOptionParser supports
creating options with both verbose and short aliases, supplying defaults and creating boolean switches.
Options are created with either $parser->addOption() or $parser->addOptions().
$parser->addOption('connection', [
'short' => 'c',
'help' => 'connection',
'default' => 'default',
]);

The above would allow you to use either cake myshell --connection=other, cake myshell
--connection other, or cake myshell -c other when invoking the shell. You can also create
boolean switches, these switches do not consume values, and their presence just enables them in the parsed
parameters.
$parser->addOption('no-commit', ['boolean' => true]);

With this option, when calling a shell like cake myshell --no-commit something the no-commit
param would have a value of true, and something would be a treated as a positional argument. The builtin --help, --verbose, and --quiet options use this feature.
When creating options you can use the following options to define the behavior of the option:
short - The single letter variant for this option, leave undefined for none.
help - Help text for this option. Used when generating help for the option.
default - The default value for this option. If not defined the default will be true.
boolean - The option uses no value, its just a boolean switch. Defaults to false.
choices - An array of valid choices for this option. If left empty all values are valid. An exception
will be raised when parse() encounters an invalid value.
Cake\Console\ConsoleOptionParser::addOptions(array $options)
If you have an array with multiple options you can use $parser->addOptions() to add multiple
options at once.
$parser->addOptions([
'node' => ['short' => 'n', 'help' => 'The node to create'],
'parent' => ['short' => 'p', 'help' => 'The parent node']
]);

As with all the builder methods on ConsoleOptionParser, addOptions can be used as part of a fluent method
chain.

Validating Options
Options can be provided with a set of choices much like positional arguments can be. When an option has defined choices, those are the only valid choices for an option. All other values will raise an
InvalidArgumentException:

Configuring Options and Generating Help

507

CakePHP Cookbook Documentation, Release 3.x

$parser->addOption('accept', [
'help' => 'What version to accept.',
'choices' => ['working', 'theirs', 'mine']
]);

Using Boolean Options


Options can be defined as boolean options, which are useful when you need to create some flag options.
Like options with defaults, boolean options always include themselves into the parsed parameters. When
the flags are present they are set to true, when they are absent they are set ot false:
$parser->addOption('verbose', [
'help' => 'Enable verbose output.',
'boolean' => true
]);

The following option would result in $this->params[verbose] always being available. This lets
you omit empty() or isset() checks for boolean flags:
if ($this->params['verbose']) {
// Do something.
}

Since the boolean options are always defined as true or false you can omit additional check methods.

Adding Subcommands
Cake\Console\ConsoleOptionParser::addSubcommand($name, $options =[])
Console applications are often made of subcommands, and these subcommands may require special option
parsing and have their own help. A perfect example of this is bake. Bake is made of many separate tasks
that all have their own help and options. ConsoleOptionParser allows you to define subcommands
and provide command specific option parsers so the shell knows how to parse commands for its tasks:
$parser->addSubcommand('model', [
'help' => 'Bake a model',
'parser' => $this->Model->getOptionParser()
]);

The above is an example of how you could provide help and a specialized option parser for a shells task. By
calling the Tasks getOptionParser() we dont have to duplicate the option parser generation, or mix
concerns in our shell. Adding subcommands in this way has two advantages. First it lets your shell easily
document its subcommands in the generated help. It also gives easy access to the subcommand help. With
the above subcommand created you could call cake myshell --help and see the list of subcommands,
and also run cake myshell model --help to view the help for just the model task.
Note: Once your Shell defines subcommands, all subcommands must be explicitly defined.
When defining a subcommand you can use the following options:

508

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

help - Help text for the subcommand.


parser - A ConsoleOptionParser for the subcommand. This allows you to create method
specific option parsers. When help is generated for a subcommand, if a parser is present
it will be used.
You can also supply the parser as an array that is compatible with
Cake\Console\ConsoleOptionParser::buildFromArray()
Adding subcommands can be done as part of a fluent method chain.

Building a ConsoleOptionParser from an Array


Cake\Console\ConsoleOptionParser::buildFromArray($spec)
As previously mentioned, when creating subcommand option parsers, you can define the parser spec as an
array for that method. This can help make building subcommand parsers easier, as everything is an array:
$parser->addSubcommand('check', [
'help' => __('Check the permissions between an ACO and ARO.'),
'parser' => [
'description' => [
__("Use this command to grant ACL permissions. Once executed, the "),
__("ARO specified (and its children, if any) will have ALLOW access "),
__("to the specified ACO action (and the ACO's children, if any).")
],
'arguments' => [
'aro' => ['help' => __('ARO to check.'), 'required' => true],
'aco' => ['help' => __('ACO to check.'), 'required' => true],
'action' => ['help' => __('Action to check')]
]
]
]);

Inside the parser spec, you can define keys for arguments, options, description and epilog.
You cannot define subcommands inside an array style builder. The values for arguments, and options,
should follow the format that Cake\Console\ConsoleOptionParser::addArguments() and
Cake\Console\ConsoleOptionParser::addOptions() use. You can also use buildFromArray on its own, to build an option parser:
public function getOptionParser()
{
return ConsoleOptionParser::buildFromArray([
'description' => [
__("Use this command to grant ACL permissions. Once executed, the "),
__("ARO specified (and its children, if any) will have ALLOW access "),
__("to the specified ACO action (and the ACO's children, if any).")
],
'arguments' => [
'aro' => ['help' => __('ARO to check.'), 'required' => true],
'aco' => ['help' => __('ACO to check.'), 'required' => true],
'action' => ['help' => __('Action to check')]
]
]);
}

Configuring Options and Generating Help

509

CakePHP Cookbook Documentation, Release 3.x

Merging ConsoleOptionParsers
Cake\Console\ConsoleOptionParser::merge($spec)
When building a group command, you maybe want to combine several parsers for this:
$parser->merge($anotherParser);

Note that the order of arguments for each parser must be the same, and that options must also be compatible
for it work. So do not use keys for different things.

Getting Help from Shells


With the addition of ConsoleOptionParser getting help from shells is done in a consistent and uniform way.
By using the --help or -h option you can view the help for any core shell, and any shell that implements
a ConsoleOptionParser:
cake bake --help
cake bake -h

Would both generate the help for bake. If the shell supports subcommands you can get help for those in a
similar fashion:
cake bake model --help
cake bake model -h

This would get you the help specific to bakes model task.

Getting Help as XML


When building automated tools or development tools that need to interact with CakePHP shells, its nice to
have help available in a machine parse-able format. The ConsoleOptionParser can provide help in xml by
setting an additional argument:
cake bake --help xml
cake bake -h xml

The above would return an XML document with the generated help, options, arguments and subcommands
for the selected shell. A sample XML document would look like:
<?xml version="1.0"?>
<shell>
<command>bake fixture</command>
<description>Generate fixtures for use with the test suite. You can use
`bake fixture all` to bake all fixtures.</description>
<epilog>
Omitting all arguments and options will enter into an interactive
mode.
</epilog>
<subcommands/>
<options>

510

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

<option name="--help" short="-h" boolean="1">


<default/>
<choices/>
</option>
<option name="--verbose" short="-v" boolean="1">
<default/>
<choices/>
</option>
<option name="--quiet" short="-q" boolean="1">
<default/>
<choices/>
</option>
<option name="--count" short="-n" boolean="">
<default>10</default>
<choices/>
</option>
<option name="--connection" short="-c" boolean="">
<default>default</default>
<choices/>
</option>
<option name="--plugin" short="-p" boolean="">
<default/>
<choices/>
</option>
<option name="--records" short="-r" boolean="1">
<default/>
<choices/>
</option>
</options>
<arguments>
<argument name="name" help="Name of the fixture to bake.
Can use Plugin.name to bake plugin fixtures." required="">
<choices/>
</argument>
</arguments>
</shell>

Routing in Shells / CLI


In command-line interface (CLI), specifically your shells and tasks, env(HTTP_HOST) and other webbrowser specific environment variables are not set.
If you generate reports or send emails that make use of Router::url() those will contain the default host
http://localhost/ and thus resulting in invalid URLs. In this case you need to specify the domain
manually. You can do that using the Configure value App.fullBaseURL from your bootstrap or config,
for example.
For sending emails, you should provide Email class with the host you want to send the email with:
use Cake\Network\Email\Email;

Routing in Shells / CLI

511

CakePHP Cookbook Documentation, Release 3.x

$email = new Email();


$email->domain('www.example.org');

This asserts that the generated message IDs are valid and fit to the domain the emails are sent from.

More Topics
Interactive Console (REPL)
The CakePHP app skeleton comes with a built in REPL(Read Eval Print Loop) that makes it easy to explore
some CakePHP and your application in an interactive console. You can start the interactive console using:
$ bin/cake console

This will bootstrap your application and start an interactive console. At this point you can interact with your
application code and execute queries using your applications models:
$ bin/cake console
Welcome to CakePHP v3.0.0 Console
--------------------------------------------------------------App : App
Path: /Users/mark/projects/cakephp-app/src/
-------------------------------------------------------------->>> $articles = Cake\ORM\TableRegistry::get('Articles');
// object(Cake\ORM\Table)(
//
// )
>>> $articles->find();

Since your application has been bootstrapped you can also test routing using the REPL:
>>> Cake\Routing\Router::parse('/articles/view/1');
// [
//
'controller' => 'Articles',
//
'action' => 'view',
//
'pass' => [
//
0 => '1'
//
],
//
'plugin' => NULL
// ]

You can also test generating URLs:


>>> Cake\Routing\Router::url(['controller' => 'Articles', 'action' => 'edit', 99]);
// '/articles/edit/99'

To quit the REPL you can use CTRL-C or by typing exit.

512

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

Running Shells as Cron Jobs


A common thing to do with a shell is making it run as a cronjob to clean up the database once in a while or
send newsletters. This is trivial to setup, for example:
#
#
#
#
#
#
#
#

*/5 *
*
*
* cd /full/path/to/root && bin/cake myshell myparam
*
*
*
*
* command to execute
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\----- day of week (0 - 6) (0 to 6 are Sunday to Saturday,
|
|
|
|
or use names)
|
|
|
\---------- month (1 - 12)
|
|
\--------------- day of month (1 - 31)
|
\-------------------- hour (0 - 23)
\------------------------- min (0 - 59)

You can see more info here: http://en.wikipedia.org/wiki/Cron

I18N Shell
The i18n features of CakePHP use po files1 as their translation source. This makes them easily to integrate
with tools like poedit2 and other common translation tools.
The i18n shell provides a quick and easy way to generate po template files. These templates files can then
be given to translators so they can translate the strings in your application. Once you have translations done,
pot files can be merged with existing translations to help update your translations.
Generating POT Files
POT files can be generated for an existing application using the extract command. This command will
scan your entire application for __() style function calls, and extract the message string. Each unique string
in your application will be combined into a single POT file:
bin/cake i18n extract

The above will run the extraction shell. The result of this command will be the file src/Locale/default.pot.
You use the pot file as a template for creating po files. If you are manually creating po files from the pot file,
be sure to correctly set the Plural-Forms header line.
Generating POT Files for Plugins

You can generate a POT file for a specific plugin using:


bin/cake i18n extract --plugin <Plugin>

This will generate the required POT files used in the plugins.
1
2

http://en.wikipedia.org/wiki/GNU_gettext
http://www.poedit.net/

More Topics

513

CakePHP Cookbook Documentation, Release 3.x

Excluding Folders

You can pass a comma separated list of folders that you wish to be excluded. Any path containing a path
segment with the provided values will be ignored:
bin/cake i18n extract --exclude Test,Vendor

Skipping Overwrite Warnings for Existing POT Files

By adding overwrite, the shell script will no longer warn you if a POT file already exists and will overwrite
by default:
bin/cake i18n extract --overwrite

Extracting Messages from the CakePHP Core Libraries

By default, the extract shell script will ask you if you like to extract the messages used in the CakePHP core
libraries. Set extract-core to yes or no to set the default behavior:
bin/cake i18n extract --extract-core yes
// or
bin/cake i18n extract --extract-core no

Completion Shell
Working with the console gives the developer a lot of possibilities but having to completely know and write
those commands can be tedious. Especially when developing new shells where the commands differ per
minute iteration. The Completion Shells aids in this matter by providing an API to write completion scripts
for shells like bash, zsh, fish etc.
Sub Commands
The Completion Shell consists of a number of sub commands to assist the developer creating its completion
script. Each for a different step in the autocompletion process.
Commands

For the first step commands outputs the available Shell Commands, including plugin name when applicable.
(All returned possibilities, for this and the other sub commands, are separated by a space.) For example:
bin/cake Completion commands

Returns:

514

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

acl api bake command_list completion console i18n schema server test testsuite upgrade

Your completion script can select the relevant commands from that list to continue with. (For this and the
following sub commands.)
subCommands

Once the preferred command has been chosen subCommands comes in as the second step and outputs the
possible sub command for the given shell command. For example:
bin/cake Completion subcommands bake

Returns:
controller db_config fixture model plugin project test view

options

As the third and final options outputs options for the given (sub) command as set in getOptionParser. (Including the default options inherited from Shell.) For example:
bin/cake Completion options bake

Returns:
--help -h --verbose -v --quiet -q --connection -c --template -t

Bash Example
The following bash example comes from the original author:
# bash completion for CakePHP console
_cake()
{
local cur prev opts cake
COMPREPLY=()
cake="${COMP_WORDS[0]}"
cur="${COMP_WORDS[COMP_CWORD]}"
prev="${COMP_WORDS[COMP_CWORD-1]}"
if [[ "$cur" == -* ]] ; then
if [[ ${COMP_CWORD} = 1 ]] ; then
opts=$(${cake} Completion options)
elif [[ ${COMP_CWORD} = 2 ]] ; then
opts=$(${cake} Completion options "${COMP_WORDS[1]}")
else
opts=$(${cake} Completion options "${COMP_WORDS[1]}" "${COMP_WORDS[2]}")
fi

More Topics

515

CakePHP Cookbook Documentation, Release 3.x

COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )


return 0
fi
if [[ ${COMP_CWORD} = 1 ]] ; then
opts=$(${cake} Completion commands)
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
return 0
fi
if [[ ${COMP_CWORD} = 2 ]] ; then
opts=$(${cake} Completion subcommands $prev)
COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
if [[ $COMPREPLY = "" ]] ; then
COMPREPLY=( $(compgen -df -- ${cur}) )
return 0
fi
return 0
fi

opts=$(${cake} Completion fuzzy "${COMP_WORDS[@]:1}")


COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
if [[ $COMPREPLY = "" ]] ; then
COMPREPLY=( $(compgen -df -- ${cur}) )
return 0
fi
return 0;
}
complete -F _cake cake bin/cake

Upgrade Shell
The upgrade shell will do most of the work to upgrade your CakePHP application from 2.x to 3.x.
It is provided by a standalone Upgrade plugin3 . Please read the README file to get all information on how
to upgrade your application.

Plugin Shell
The plugin shell allows you to load and unload plugins via the command prompt. If you need help, run:
bin/cake plugin --help
3

https://github.com/cakephp/upgrade

516

Chapter 16. Console & Shells

CakePHP Cookbook Documentation, Release 3.x

Loading Plugins
Via the Load task you are able to load plugins in your config/bootstrap.php. You can do this by
running:
bin/cake plugin load MyPlugin

This will add the following to your config/bootstrap.php:


Plugin::load('MyPlugin', []);

By adding -r or -b to your command you can enable to bootstrap and routes value:
bin/cake plugin load -b MyPlugin
// will return
Plugin::load('MyPlugin', ['bootstrap' => true]);
bin/cake plugin load -r MyPlugin
// will return
Plugin::load('MyPlugin', ['routes' => true]);

Unloading Plugins
You can unload a plugin by specifying its name:
bin/cake plugin unload MyPlugin

This will remove the line Plugin::load(MyPlugin,... from your config/bootstrap.php.


Plugin Assets
CakePHP by default serves plugins assets using the AssetFilter dispatcher filter. While this is a good
convenience, it is recommended to symlink / copy the plugin assets under apps webroot so that they can be
directly served by the web server without invoking PHP. You can do this by running:
bin/cake plugin assets symlink

Running the above command will symlink all plugins assets under apps webroot. On Windows, which
doesnt support symlinks, the assets will be copied in respective folders instead of being symlinked.
You can symlink assets of one particular plugin by specifying its name:
bin/cake plugin assets symlink MyPlugin

More Topics

517

CakePHP Cookbook Documentation, Release 3.x

518

Chapter 16. Console & Shells

CHAPTER 17

Debugging

Debugging is an inevitable and necessary part of any development cycle. While CakePHP doesnt offer any
tools that directly connect with any IDE or editor, CakePHP does provide several tools to assist in debugging
and exposing what is running under the hood of your application.

Basic Debugging
debug(mixed $var, boolean $showHtml = null, $showFrom = true)
The debug() function is a globally available function that works similarly to the PHP function
print_r(). The debug() function allows you to show the contents of a variable in a number of different
ways. First, if youd like data to be shown in an HTML-friendly way, set the second parameter to true.
The function also prints out the line and file it is originating from by default.
Output from this function is only shown if the core $debug variable has been set to true.
The stackTrace() function is available globally, and allows you to output a stack trace wherever the
function is called.

Using the Debugger Class


class Cake\Error\Debugger
To use the debugger, first ensure that Configure::read(debug) is set to true.

Outputting Values
static Cake\Error\Debugger::dump($var, $depth = 3)
Dump prints out the contents of a variable. It will print out all properties and methods (if any) of the supplied
variable:

519

CakePHP Cookbook Documentation, Release 3.x

$foo = [1,2,3];
Debugger::dump($foo);
// Outputs
array(
1,
2,
3
)
// Simple object
$car = new Car();
Debugger::dump($car);
// Outputs
object(Car) {
color => 'red'
make => 'Toyota'
model => 'Camry'
mileage => (int)15000
}

Logging With Stack Traces


static Cake\Error\Debugger::log($var, $level = 7, $depth = 3)
Creates a detailed stack trace log at the time of invocation. The log() method prints out data similar to that
done by Debugger::dump(), but to the debug.log instead of the output buffer. Note your tmp directory
(and its contents) must be writable by the web server for log() to work correctly.

Generating Stack Traces


static Cake\Error\Debugger::trace($options)
Returns the current stack trace. Each line of the trace includes the calling method, including which file and
line the call originated from:
// In PostsController::index()
pr(Debugger::trace());
// Outputs
PostsController::index() - APP/Controller/DownloadsController.php, line 48
Dispatcher::_invoke() - CORE/src/Routing/Dispatcher.php, line 265
Dispatcher::dispatch() - CORE/src/Routing/Dispatcher.php, line 237
[main] - APP/webroot/index.php, line 84

520

Chapter 17. Debugging

CakePHP Cookbook Documentation, Release 3.x

Above is the stack trace generated by calling Debugger::trace() in a controller action. Reading the
stack trace bottom to top shows the order of currently running functions (stack frames).

Getting an Excerpt From a File


static Cake\Error\Debugger::excerpt($file, $line, $context)
Grab an excerpt from the file at $path (which is an absolute filepath), highlights line number $line with
$context number of lines around it.
pr(Debugger::excerpt(ROOT . DS . LIBS . 'debugger.php', 321, 2));
// Will
Array
(
[0]
[1]
[2]

output the following.

=> <code><span style="color: #000000"> * @access public</span></code>


=> <code><span style="color: #000000"> */</span></code>
=> <code><span style="color: #000000">
function excerpt($file, $line, $context =

[3] => <span class="code-highlight"><code><span style="color: #000000">


$data =
[4] => <code><span style="color: #000000">
$data = @explode("\n", file_get_conte
)

Although this method is used internally, it can be handy if youre creating your own error messages or log
entries for custom situations.
static Cake\Error\Debugger::getType($var)
Get the type of a variable. Objects will return their class name

Using Logging to Debug


Logging messages is another good way to debug applications, and you can use Cake\Log\Log to do
logging in your application. All objects that use LogTrait have an instance method log() which can be
used to log messages:
$this->log('Got here', 'debug');

The above would write Got here into the debug log. You can use log entries to help debug methods
that involve redirects or complicated loops. You can also use Cake\Log\Log::write() to write log
messages. This method can be called statically anywhere in your application one CakeLog has been loaded:
// At the top of the file you want to log in.
use Cake\Log\Log;
// Anywhere that Log has been imported.
Log::debug('Got here');

Getting an Excerpt From a File

521

CakePHP Cookbook Documentation, Release 3.x

Debug Kit
DebugKit is a plugin that provides a number of good debugging tools. It primarily provides a toolbar in the
rendered HTML, that provides a plethora of information about your application and the current request. See
the Debug Kit chapter for how to install and use DebugKit.

522

Chapter 17. Debugging

CHAPTER 18

Deployment

Once your application is complete, or even before that youll want to deploy it. There are a few things you
should do when deploying a CakePHP application.

Update config/app.php
Updating app.php, specifically the value of debug is extremely important. Turning debug = false disables
a number of development features that should never be exposed to the Internet at large. Disabling debug
changes the following types of things:
Debug messages, created with pr() and debug() are disabled.
Core CakePHP caches are by default flushed every year (about 365 days), instead of every 10 seconds
as in development.
Error views are less informative, and give generic error messages instead.
PHP Errors are not displayed.
Exception stack traces are disabled.
In addition to the above, many plugins and application extensions use debug to modify their behavior.
You can check against an environment variable to set the debug level dynamically between environments.
This will avoid deploying an application with debug true and also save yourself from having to change the
debug level each time before deploying to a production environment.
For example, you can set an environment variable in your Apache configuration:
SetEnv CAKEPHP_DEBUG 1

And then you can set the debug level dynamically in app.php:
$debug = (bool)getenv('CAKEPHP_DEBUG');
return [
'debug' => $debug,

523

CakePHP Cookbook Documentation, Release 3.x

.....
];

Check Your Security


If youre throwing your application out into the wild, its a good idea to make sure it doesnt have any
obvious leaks:
Ensure you are using the Cross Site Request Forgery.
You may want to enable Security. It can help prevent several types of form tampering and reduce the
possibility of mass-assignment issues.
Ensure your models have the correct Validation rules enabled.
Check that only your webroot directory is publicly visible, and that your secrets (such as your app
salt, and any security keys) are private and unique as well.

Set Document Root


Setting the document root correctly on your application is an important step to keeping your code secure
and your application safer. CakePHP applications should have the document root set to the applications
webroot. This makes the application and configuration files inaccessible through a URL. Setting the
document root is different for different webservers. See the URL Rewriting documentation for webserver
specific information.
In all cases you will want to set the virtual host/domains document to be webroot/. This removes the
possibility of files outside of the webroot directory being executed.

Improve Your Applications Performance


Class loading can easily take a big share of your applications processing time. In order to avoid this
problem, it is recommended that you run this command in your production server once the application is
deployed:
php composer.phar dumpautoload -o

Since handling static assets, such as images, JavaScript and CSS files of plugins, through the Dispatcher
is incredibly inefficient, it is strongly recommended to symlink them for production. This can be done easily
using the plugin shell:
bin/cake plugin assets symlink

The above command will symlink the webroot directory of all loaded plugins to appropriate path in the
apps webroot directory.
If your filesystem doesnt allow creating symlinks the directories will be copied instead of being symlinked.
You can also explicitly copy the directories using:
524

Chapter 18. Deployment

CakePHP Cookbook Documentation, Release 3.x

bin/cake plugin assets copy

Improve Your Applications Performance

525

CakePHP Cookbook Documentation, Release 3.x

526

Chapter 18. Deployment

CHAPTER 19

Email

class Cake\Network\Email\Email(mixed $profile = null)


Email is a new class to send email. With this class you can send email from any place inside of your
application.

Basic Usage
First of all, you should ensure the class is loaded:
use Cake\Network\Email\Email;

After youve loaded Email, you can send an email with the following:
$email = new Email('default');
$email->from(['[email protected]' => 'My Site'])
->to('[email protected]')
->subject('About')
->send('My message');

Since Emails setter methods return the instance of the class, you are able to set its properties with method
chaining.

Choosing the Sender


When sending email on behalf of other people, its often a good idea to define the original sender using the
Sender header. You can do so using sender():
$email = new Email();
$email->sender('[email protected]', 'MyApp emailer');

Note: Its also a good idea to set the envelope sender when sending mail on another persons behalf. This
prevents them from getting any messages about deliverability.

527

CakePHP Cookbook Documentation, Release 3.x

Configuration
Configuration for Email defaults is created using config() and configTransport(). You should
put your email presets in the config/app.php file. The config/app.php.default file is an example
of this file. It is not required to define email configuration in config/app.php. Email can be used without
it and use the respective methods to set all configurations separately or load an array of configs.
By defining profiles and transports, you can keep your application code free of configuration data, and avoid
duplication that makes maintenance and deployment less difficult.
To load a predefined configuration, you can use the profile() method or pass it to the constructor of
Email:
$email = new Email();
$email->profile('default');
// Or in constructor
$email = new Email('default');

Instead of passing a string which matches a preset configuration name, you can also just load an array of
options:
$email = new Email();
$email->profile(['from' => '[email protected]', 'transport' => 'my_custom']);
// Or in constructor
$email = new Email(['from' => '[email protected]', 'transport' => 'my_custom']);

Configuring Transports
static Cake\Network\Email\Email::configTransport($key, $config = null)
Email messages are delivered by transports. Different transports allow you to send messages via PHPs
mail() function, SMTP servers, or not at all which is useful for debugging. Configuring transports allows
you to keep configuration data out of your application code and makes deployment simpler as you can
simply change the configuration data. An example transport configuration looks like:
use Cake\Network\Email\Email;
// Sample Mail configuration
Email::configTransport('default', [
'className' => 'Mail'
]);
// Sample smtp configuration.
Email::configTransport('gmail', [
'host' => 'ssl://smtp.gmail.com',
'port' => 465,
'username' => '[email protected]',
'password' => 'secret',
'className' => 'Smtp'
]);

528

Chapter 19. Email

CakePHP Cookbook Documentation, Release 3.x

You can configure SSL SMTP servers, like Gmail. To do so, put the ssl:// prefix in the host and configure
the port value accordingly. You can also enable TLS SMTP using the tls option:
use Cake\Network\Email\Email;
Email::configTransport('gmail', [
'host' => 'smtp.gmail.com',
'port' => 587,
'username' => '[email protected]',
'password' => 'secret',
'className' => 'Smtp',
'tls' => true
]);

The above configuration would enable TLS communication for email messages.
Note: To use SSL + SMTP, you will need to have the SSL configured in your PHP install.
Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Email::configTransport('default', [
'url' => 'smtp://[email protected]:[email protected]:465?tls=true',
]);

When using a DSN string you can define any additional parameters/options as query string arguments.
static Cake\Network\Email\Email::dropTransport($key)
Once configured, transports cannot be modified. In order to modify a transport you must first drop it and
then reconfigure it.

Configuration Profiles
Defining delivery profiles allows you to consolidate common email settings into re-usable profiles. Your
application can have as many profiles as necessary. The following configuration keys are used:
from: Email or array of sender. See Email::from().
sender: Email or array of real sender. See Email::sender().
to: Email or array of destination. See Email::to().
cc: Email or array of carbon copy. See Email::cc().
bcc: Email or array of blind carbon copy. See Email::bcc().
replyTo: Email or array to reply the e-mail. See Email::replyTo().
readReceipt: Email address or an array of addresses to receive the receipt of read. See
Email::readReceipt().
returnPath: Email address or and array of addresses to return if have some error. See
Email::returnPath().

Configuration

529

CakePHP Cookbook Documentation, Release 3.x

messageId: Message ID of e-mail. See Email::messageId().


subject: Subject of the message. See Email::subject().
message: Content of message. Do not set this field if you are using rendered content.
headers: Headers to be included. See Email::setHeaders().
viewRender: If you are using rendered content, set the view classname.
Email::viewRender().

See

template:
If you are using rendered content,
Email::template().

See

set the template name.

theme: Theme used when rendering template. See Email::theme().


layout: If you are using rendered content, set the layout to render. If you want to render a
template without layout, set this field to null. See Email::template().
viewVars: If you are using rendered content, set the array with variables to be used in the view.
See Email::viewVars().
attachments: List of files to attach. See Email::attachments().
emailFormat: Format of email (html, text or both). See Email::emailFormat().
transport: Transport configuration name. See Network\Email\Email::configTransport().
log: Log level to log the email headers and message. true will use LOG_DEBUG. See also
CakeLog::write()
helpers: Array of helpers used in the email template.
All these configurations are optional, except from.
Note: The values of above keys using Email or array, like from, to, cc, etc will be passed as first parameter
of corresponding methods. The equivalent for: Email::from([email protected], My Site)
would be defined as from => [[email protected] => My Site] in your config

Setting Headers
In Email you are free to set whatever headers you want. When migrating to use Email, do not forget to put
the X- prefix in your headers.
See Email::setHeaders() and Email::addHeaders()

Sending Templated Emails


Emails are often much more than just a simple text message. In order to facilitate that, CakePHP provides a
way to send emails using CakePHPs view layer.

530

Chapter 19. Email

CakePHP Cookbook Documentation, Release 3.x

The templates for emails reside in a special folder in your applications Template directory called Email.
Email views can also use layouts and elements just like normal views:
$email = new Email();
$email->template('welcome', 'fancy')
->emailFormat('html')
->to('[email protected]')
->from('[email protected]')
->send();

The
above
would
use
src/Template/Email/html/welcome.ctp
for
the
view
and
src/Template/Layout/Email/html/fancy.ctp for the layout. You can send multipart templated email
messages as well:
$email = new Email();
$email->template('welcome', 'fancy')
->emailFormat('both')
->to('[email protected]')
->from('[email protected]')
->send();

This would use the following template files:


src/Template/Email/text/welcome.ctp
src/Template/Layout/Email/text/fancy.ctp
src/Template/Email/html/welcome.ctp
src/Template/Layout/Email/html/fancy.ctp
When sending templated emails you have the option of sending either text, html or both.
You can set view variables with Email::viewVars():
$email = new Email('templated');
$email->viewVars(['value' => 12345]);

In your email templates you can use these with:


<p>Here is your value: <b><?= $value ?></b></p>

You can use helpers in emails as well, much like you can in normal template files. By default only the
HtmlHelper is loaded. You can load additional helpers using the helpers() method:
$email->helpers(['Html', 'Custom', 'Text']);

When setting helpers be sure to include Html or it will be removed from the helpers loaded in your email
template.
If you want to send email using templates in a plugin you can use the familiar plugin syntax to do so:
$email = new Email();
$email->template('Blog.new_comment', 'Blog.auto_message');

The above would use templates from the Blog plugin as an example.

Sending Templated Emails

531

CakePHP Cookbook Documentation, Release 3.x

In some cases, you might need to override the default template provided by plugins. You can do this using
themes by telling Email to use appropriate theme using Email::theme() method:
$email = new Email();
$email->template('Blog.new_comment', 'Blog.auto_message');
$email->theme('TestTheme');

This allows you to override the new_comment template in your theme without modifying the Blog plugin.
The template file needs to be created in the following path:
src/Template/Plugin/TestTheme/Blog/Email/text/new_comment.ctp.

Sending Attachments
Cake\Network\Email\Email::attachments($attachments = null)
You can attach files to email messages as well. There are a few different formats depending on what kind of
files you have, and how you want the filenames to appear in the recipients mail client:
1. String: $email->attachments(/full/file/path/file.png) will attach this file
with the name file.png.
2. Array: $email->attachments([/full/file/path/file.png]) will have the same
behavior as using a string.
3. Array
with
key:
$email->attachments([photo.png =>
/full/some_hash.png]) will attach some_hash.png with the name photo.png. The
recipient will see photo.png, not some_hash.png.
4. Nested arrays:
$email->attachments([
'photo.png' => [
'file' => '/full/some_hash.png',
'mimetype' => 'image/png',
'contentId' => 'my-unique-id'
]
]);

The above will attach the file with different mimetype and with custom Content ID (when set the
content ID the attachment is transformed to inline). The mimetype and contentId are optional in this
form.
4.1. When you are using the contentId, you can use the file in the HTML body like <img
src="cid:my-content-id">.
4.2. You can use the contentDisposition option to disable the Content-Disposition
header for an attachment. This is useful when sending ical invites to clients using outlook.
4.3 Instead of the file option you can provide the file contents as a string using the data option.
This allows you to attach files without needing file paths to them.

532

Chapter 19. Email

CakePHP Cookbook Documentation, Release 3.x

Using Transports
Transports are classes designed to send the e-mail over some protocol or method. CakePHP supports the
Mail (default), Debug and SMTP transports.
To configure your method, you must use the Cake\Network\Email\Email::transport() method
or have the transport in your configuration:
$email = new Email();
// Use a named transport already configured using Email::configTransport()
$email->transport('gmail');
// Use a constructed object.
$transport = new DebugTransport();
$email->transport($transport);

Creating Custom Transports


You are able to create your custom transports to integrate with others email systems (like SwiftMailer). To
create your transport, first create the file src/Network/Email/ExampleTransport.php (where Example is
the name of your transport). To start off your file should look like:
use Cake\Network\Email\AbstractTransport;
use Cake\Network\Email\Email;
class ExampleTransport extends AbstractTransport
{
public function send(Email $email)
{
// Magic inside!
}
}

You must implement the method send(Email $email) with your custom logic. Optionally, you can
implement the config($config) method. config() is called before send() and allows you to accept
user configurations. By default, this method puts the configuration in protected attribute $_config.
If you need to call additional methods on the transport before send, you can use
Cake\Network\Email\Email::transportClass() to get an instance of the transport.
Example:
$yourInstance = $email->transport('your')->transportClass();
$yourInstance->myCustomMethod();
$email->send();

Relaxing Address Validation Rules


Cake\Network\Email\Email::emailPattern($pattern = null)

Using Transports

533

CakePHP Cookbook Documentation, Release 3.x

If you are having validation issues when sending to non-compliant addresses, you can relax the pattern used
to validate email addresses. This is sometimes necessary when dealing with some Japanese ISPs:
$email = new Email('default');
// Relax the email pattern, so you can send
// to non-conformant addresses.
$email->emailPattern($newPattern);

Sending Messages Quickly


Sometimes you need a quick way to fire off an email, and you dont necessarily want do setup a bunch
of configuration ahead of time. Cake\Network\Email\Email::deliver() is intended for that
purpose.
You can create your configuration using Cake\Network\Email\Email::config(), or use an array
with all options that you need and use the static method Email::deliver(). Example:
Email::deliver('[email protected]', 'Subject', 'Message', ['from' => '[email protected]']);

This method will send an email to [email protected] , from [email protected] with subject Subject and content Message.
The return of deliver() is a Cake\Email\Email instance with all configurations set. If you do not
want to send the email right away, and wish to configure a few things before sending, you can pass the 5th
parameter as false.
The 3rd parameter is the content of message or an array with variables (when using rendered content).
The 4th parameter can be an array with the configurations or a string with the name of configuration in
Configure.
If you want, you can pass the to, subject and message as null and do all configurations in the 4th parameter
(as array or using Configure). Check the list of configurations to see all accepted configs.

Sending Emails from CLI


When sending emails within a CLI script (Shells, Tasks, ...) you should manually set the domain name for
CakeEmail to use. It will serve as the host name for the message id (since there is no host name in a CLI
environment):
$email->domain('www.example.org');
// Results in message ids like ``<[email protected]>`` (valid)
// Instead of `<UUID@>`` (invalid)

A valid message id can help to prevent emails ending up in spam folders.

1
2

[email protected]
[email protected]

534

Chapter 19. Email

CHAPTER 20

Error & Exception Handling

Many of PHPs internal methods use errors to communicate failures. These errors will need to be trapped
and dealt with. CakePHP comes with default error trapping that prints and or logs errors as they occur. This
same error handler is used to catch uncaught exceptions from controllers and other parts of your application.

Error & Exception Configuration


Error configuration is done inside your applications config/app.php file. By default CakePHP uses the
ErrorHandler or ConsoleErrorHandler class to trap errors and print/log the errors. You can
replace this behavior by changing out the default error handler. The default error handler also handles
uncaught exceptions.
Error handling accepts a few options that allow you to tailor error handling for your application:
errorLevel - int - The level of errors you are interested in capturing. Use the built-in php error
constants, and bitmasks to select the level of error you are interested in.
trace - boolean - Include stack traces for errors in log files. Stack traces will be included in the log
after each error. This is helpful for finding where/when errors are being raised.
exceptionRenderer - string - The class responsible for rendering uncaught exceptions. If you
choose a custom class you should place the file for that class in src/Error. This class needs to
implement a render() method.
log - boolean - When true, exceptions + their stack traces will be logged to Cake\Log\Log.
skipLog - array - An array of exception classnames that should not be logged. This is useful to
remove NotFoundExceptions or other common, but uninteresting logs messages.
ErrorHandler by default, displays errors when debug is true, and logs errors when debug is false.
The type of errors captured in both cases is controlled by errorLevel. The fatal error handler will be
called independent of debug level or errorLevel configuration, but the result will be different based on
debug level. The default behavior for fatal errors is show a page to internal server error (debug disabled)
or a page with the message, file and line (debug enabled).

535

CakePHP Cookbook Documentation, Release 3.x

Note: If you use a custom error handler, the supported options will depend on your handler.

Creating your Own Error Handler


You can create an error handler out of any callback type. For example you could use a class called
AppError to handle your errors. By extending the BaseErrorHandler you can supply custom logic
for handling errors. An example would be:
// In config/bootstrap.php
use App\Error\AppError;
$errorHandler = new AppError();
$errorHandler->register();
// In src/Error/AppError.php
namespace App\Error;
use Cake\Error\BaseErrorHandler;
class AppError extends BaseErrorHandler
{
public function _displayError($error, $debug)
{
return 'There has been an error!';
}
public function _displayException($exception)
{
return 'There has been an exception!';
}
}

The BaseErrorHandler defines two abstract methods. _displayError() is used when errors are
triggered. The _displayException() method is called when there is an uncaught exception.

Changing Fatal Error Behavior


The default error handlers convert fatal errors into exceptions and re-use the exception handling logic to
render an error page. If you do not want to show the standard error page, you can override it like:
// In config/bootstrap.php
use App\Error\AppError;
$errorHandler = new AppError();
$errorHandler->register();
// In src/Error/AppError.php
namespace App\Error;
use Cake\Error\BaseErrorHandler;

536

Chapter 20. Error & Exception Handling

CakePHP Cookbook Documentation, Release 3.x

class AppError extends BaseErrorHandler


{
// Other methods.
public function handleFatalError($code, $description, $file, $line)
{
return 'A fatal error has happened';
}
}

Exception Classes
There are a number of exception classes in CakePHP. The built in exception handling will capture any
uncaught exceptions and render a useful page. Exceptions that do not specifically use a 400 range code, will
be treated as an Internal Server Error.

Built in Exceptions for CakePHP


There are several built-in exceptions inside CakePHP, outside of the internal framework exceptions, there
are several exceptions for HTTP methods
exception Cake\Network\Exception\BadRequestException
Used for doing 400 Bad Request error.
exception Cake\Network\Exception\UnauthorizedException
Used for doing a 401 Unauthorized error.
exception Cake\Network\Exception\ForbiddenException
Used for doing a 403 Forbidden error.
exception Cake\Network\Exception\NotFoundException
Used for doing a 404 Not found error.
exception Cake\Network\Exception\MethodNotAllowedException
Used for doing a 405 Method Not Allowed error.
exception Cake\Network\Exception\InternalErrorException
Used for doing a 500 Internal Server Error.
exception Cake\Network\Exception\NotImplementedException
Used for doing a 501 Not Implemented Errors.
You can throw these exceptions from you controllers to indicate failure states, or HTTP errors. An example
use of the HTTP exceptions could be rendering 404 pages for items that have not been found:
public function view($id)
{
$post = $this->Post->findById($id);
if (!$post) {
throw new NotFoundException('Could not find that post');

Exception Classes

537

CakePHP Cookbook Documentation, Release 3.x

}
$this->set('post', $post);
}

By using exceptions for HTTP errors, you can keep your code both clean, and give RESTful responses to
client applications and users.
In addition, the following framework layer exceptions are available, and will be thrown from a number of
CakePHP core components:
exception Cake\View\Exception\MissingViewException
The chosen view class could not be found.
exception Cake\View\Exception\MissingTemplateException
The chosen template file could not be found.
exception Cake\View\Exception\MissingLayoutException
The chosen layout could not be found.
exception Cake\View\Exception\MissingHelperException
The chosen helper could not be found.
exception Cake\View\Exception\MissingElementException
The chosen element file could not be found.
exception Cake\View\Exception\MissingCellException
The chosen cell class could not be found.
exception Cake\View\Exception\MissingCellViewException
The chosen cell view file could not be found.
exception Cake\Controller\Exception\MissingComponentException
A configured component could not be found.
exception Cake\Controller\Exception\MissingActionException
The requested controller action could not be found.
exception Cake\Controller\Exception\PrivateActionException
Accessing private/protected/_ prefixed actions.
exception Cake\Console\Exception\ConsoleException
A console library class encounter an error.
exception Cake\Console\Exception\MissingTaskException
A configured task could not found.
exception Cake\Console\Exception\MissingShellException
The shell class could not be found.
exception Cake\Console\Exception\MissingShellMethodException
The chosen shell class has no method of that name.
exception Cake\Database\Exception\MissingConnectionException
A models connection is missing.

538

Chapter 20. Error & Exception Handling

CakePHP Cookbook Documentation, Release 3.x

exception Cake\Database\Exception\MissingDriverException
A database driver could not be found.
exception Cake\Database\Exception\MissingExtensionException
A PHP extension is missing for the database driver.
exception Cake\ORM\Exception\MissingTableException
A models table could not be found.
exception Cake\ORM\Exception\MissingEntityException
A models entity could not be found.
exception Cake\ORM\Exception\MissingBehaviorException
A models behavior could not be found.
exception Cake\ORM\Exception\RecordNotFoundException
The requested record could not be found.
exception Cake\Routing\Exception\MissingControllerException
The requested controller could not be found.
exception Cake\Routing\Exception\MissingRouteException
The requested URL cannot be reverse routed or cannot be parsed.
exception Cake\Routing\Exception\MissingDispatcherFilterException
The dispatcher filter could not be found.
exception Cake\Core\Exception\Exception
Base exception class in CakePHP. All framework layer exceptions thrown by CakePHP will extend
this class.
These exception classes all extend Exception. By extending Exception, you can create your own framework errors. All of the standard Exceptions that CakePHP will throw also extend Exception.
Cake\Core\Exception\Exception::responseHeader($header = null, $value = null)
See Cake\Network\Request::header()
All Http and Cake exceptions extend the Exception class, which has a method to add headers to the response.
For instance when throwing a 405 MethodNotAllowedException the rfc2616 says:
"The response MUST include an Allow header containing a list of valid
methods for the requested resource."

Using HTTP Exceptions in your Controllers


You can throw any of the HTTP related exceptions from your controller actions to indicate failure states.
For example:
public function view($id)
{
$post = $this->Post->findById($id)->first();
if (!$post) {
throw new NotFoundException();

Using HTTP Exceptions in your Controllers

539

CakePHP Cookbook Documentation, Release 3.x

}
$this->set(compact('post'));
}

The above would cause the configured exception handler to catch and process the NotFoundException.
By default this will create an error page, and log the exception.

Exception Renderer
class Cake\Core\Exception\ExceptionRenderer(Exception $exception)
The ExceptionRenderer class with the help of ErrorController takes care of rendering the error pages
for all the exceptions thrown by you application.
The error page views are located at src/Template/Error/. For all 4xx and 5xx errors the template files
error400.ctp and error500.ctp are used respectively. You can customize them as per your needs. By
default your src/Template/Layout/default.ctp is used for error pages too. If for example, you want to use
another layout src/Template/Layout/my_error.ctp for your error pages, simply edit the error views and
add the statement $this->layout = my_error; to the error400.ctp and error500.ctp.
Each framework layer exception has its own view file located in the core templates but you really dont need
to bother customizing them as they are used only during development. With debug turned off all framework
layer exceptions are converted to InternalErrorException.

Creating your own Application Exceptions


You can create your own application exceptions using any of the built in SPL exceptions1 , Exception
itself, or Cake\Core\Exception\Exception. If your application contained the following exception:
use Cake\Core\Exception\Exception;
class MissingWidgetException extends Exception
{};

You could provide nice development errors, by creating src/Template/Error/missing_widget.ctp.


When in production mode, the above error would be treated as a 500 error. The constructor for
Cake\Core\Exception\Exception has been extended, allowing you to pass in hashes of data.
These hashes are interpolated into the the messageTemplate, as well as into the view that is used to represent the error in development mode. This allows you to create data rich exceptions, by providing more
context for your errors. You can also provide a message template which allows the native __toString()
methods to work as normal:
use Cake\Core\Exception\Exception;
class MissingWidgetException extends Exception
{
protected $_messageTemplate = 'Seems that %s is missing.';
1

http://php.net/manual/en/spl.exceptions.php

540

Chapter 20. Error & Exception Handling

CakePHP Cookbook Documentation, Release 3.x

}
throw new MissingWidgetException(['widget' => 'Pointy']);

When caught by the built in exception handler, you would get a $widget variable in your error view
template. In addition if you cast the exception as a string or use its getMessage() method you will
get Seems that Pointy is missing.. This allows you easily and quickly create your own rich
development errors, just like CakePHP uses internally.

Creating Custom Status Codes


You can create custom HTTP status codes by changing the code used when creating an exception:
throw new MissingWidgetHelperException('Its not here', 501);

Will create a 501 response code, you can use any HTTP status code you want. In development, if your
exception doesnt have a specific template, and you use a code equal to or greater than 500 you will see the
error500.ctp template. For any other error code youll get the error400.ctp template. If you have defined
an error template for your custom exception, that template will be used in development mode. If youd like
your own exception handling logic even in production, see the next section.

Extending and Implementing your own Exception Handlers


You can implement application specific exception handling in one of a few ways. Each approach gives you
different amounts of control over the exception handling process.
Create and register your own custom error handlers.
Extend the BaseErrorHandler provided by CakePHP.
Set the exceptionRenderer option on the default error handler.
In the next few sections, we will detail the various approaches and the benefits each has.

Create and Register your own Exception Handler


Creating your own exception handler gives you full control over the exception handling process. You will
have to call set_exception_handler yourself in this situation.

Extend the BaseErrorHandler


The Error & Exception Configuration section has an example of this.

Extending and Implementing your own Exception Handlers

541

CakePHP Cookbook Documentation, Release 3.x

Using the exceptionRenderer Option of the Default Handler


If you dont want to take control of the exception handling, but want to change how exceptions are rendered you can use the exceptionRenderer option in config/app.php to choose a class that will render
exception pages. By default Cake\Core\Exception\ExceptionRenderer is used. Your custom
exception renderer class should be placed in src/Error. In a custom exception rendering class you can
provide specialized handling for application specific errors:
// In src/Error/AppExceptionRenderer.php
namespace App\Error;
use Cake\Error\ExceptionRenderer;
class AppExceptionRenderer extends ExceptionRenderer
{
public function missingWidget($error)
{
return 'Oops that widget is missing!';
}
}

// In config/app.php
'Error' => [
'exceptionRenderer' => 'App\Error\AppExceptionRenderer',
// ...
],
// ...

The above would handle any exceptions of the type MissingWidgetException, and allow you to
provide custom display/handling logic for those application exceptions. Exception handling methods get
the exception being handled as their argument. Your custom exception rendering can return either a string
or a Response object. Returning a Response will give you full control over the response.
Note: Your custom renderer should expect an exception in its constructor, and implement a render method.
Failing to do so will cause additional errors.
If you are using a custom exception handling, configuring the renderer will have no effect. Unless you
reference it inside your implementation.

Creating a Custom Controller to Handle Exceptions


By convention CakePHP will use App\Controller\ErrorController if it exists. Implementing
this class can give you a configuration free way of customizing error page output.
If you are using custom exception renderer, you can use the _getController() method to return a
customize the controller. By implementing _getController() in your exception renderer you can use
any controller you want:

542

Chapter 20. Error & Exception Handling

CakePHP Cookbook Documentation, Release 3.x

// in src/Error/AppExceptionRenderer
namespace App\Error;
use App\Controller\SuperCustomErrorController;
use Cake\Error\ExceptionRenderer;
class AppExceptionRenderer extends ExceptionRenderer
{
protected function _getController($exception)
{
return new SuperCustomErrorController();
}
}
// in config/app.php
'Error' => [
'exceptionRenderer' => 'App\Error\AppExceptionRenderer',
// ...
],
// ...

The error controller, whether custom or conventional, is used to render the error page view and receives all
the standard request life-cycle events.

Logging Exceptions
Using the built-in exception handling, you can log all the exceptions that are dealt with by ErrorHandler
by setting the log option to true in your config/app.php. Enabling this will log every exception to
Cake\Log\Log and the configured loggers.
Note: If you are using a custom exception handler this setting will have no effect. Unless you reference it
inside your implementation.

Extending and Implementing your own Exception Handlers

543

CakePHP Cookbook Documentation, Release 3.x

544

Chapter 20. Error & Exception Handling

CHAPTER 21

Events System

Creating maintainable applications is both a science and an art. It is well-known that a key for having good
quality code is making your objects loosely coupled and strongly cohesive at the same time. Cohesion
means that all methods and properties for a class are strongly related to the class itself and it is not trying
to do the job other objects should be doing, while loosely coupling is the measure of how little a class is
wired to external objects, and how much that class is depending on them.
There are certain cases where you need to cleanly communicate with other parts of an application, without
having to hard code dependencies, thus losing cohesion and increasing class coupling. Using the Observer
pattern, which allows objects to notify other objects and anonymous listeners about changes is a useful
pattern to achieve this goal.
Listeners in the observer pattern can subscribe to events and choose to act upon them if they are relevant. If
you have used JavaScript, there is a good chance that you are already familiar with event driven programming.
CakePHP emulates several aspects of how events are triggered and managed in popular JavaScript libraries
such as jQuery. In the CakePHP implementation, an event object is dispatched to all listeners. The event
object holds information about the event, and provides the ability to stop event propagation at any point.
Listeners can register themselves or can delegate this task to other objects and have the chance to alter the
state and the event itself for the rest of the callbacks.
The event subsystem is at the heart of Model, Behavior, Controller, View and Helper callbacks. If youve
ever used any of them, you are already somewhat familiar with events in CakePHP.

Example Event Usage


Lets suppose you are building a Cart plugin, and youd like to focus on just handling order logic. You dont
really want to include shipping logic, emailing the user or decrementing the item from the stock, but these
are important tasks to the people using your plugin. If you were not using events, you may try to implement
this by attaching behaviors to models, or adding components to your controllers. Doing so represents a
challenge most of the time, since you would have to come up with the code for externally loading those
behaviors or attaching hooks to your plugin controllers.

545

CakePHP Cookbook Documentation, Release 3.x

Instead, you can use events to allow you to cleanly separate the concerns of your code and allow additional
concerns to hook into your plugin using events. For example, in your Cart plugin you have an Orders model
that deals with creating orders. Youd like to notify the rest of the application that an order has been created.
To keep your Orders model clean you could use events:
// Cart/Model/Table/OrdersTable.php
namespace Cart\Model\Table;
use Cake\Event\Event;
use Cake\ORM\Table;
class OrdersTable extends Table
{
public function place($order)
{
if ($this->save($order)) {
$this->Cart->remove($order);
$event = new Event('Model.Order.afterPlace', $this, [
'order' => $order
]);
$this->eventManager()->dispatch($event);
return true;
}
return false;
}
}

The above code allows you to easily notify the other parts of the application that an order has been created.
You can then do tasks like send email notifications, update stock, log relevant statistics and other tasks in
separate objects that focus on those concerns.

Accessing Event Managers


In CakePHP events are triggered against event managers. Event managers are available in every Table, View
and Controller using eventManager():
$events = $this->eventManager();

Each model has a separate event manager, while the View and Controller share one. This allows model
events to be self contained, and allow components or controllers to act upon events created in the view if
necessary.

Global Event Manager


In addition to instance level event managers, CakePHP provides a global event manager that allows
you to listen to any event fired in an application. This is useful when attaching listeners to a specific instance might be cumbersome or difficult. The global manager is a singleton instance of
Cake\Event\EventManager. Listeners attached to the global dispatcher will be fired before instance
listeners at the same priority. You can access the global manager using a static method:
546

Chapter 21. Events System

CakePHP Cookbook Documentation, Release 3.x

// In any configuration file or piece of code that executes before the event
use Cake\Event\EventManager;
EventManager::instance()->on(
'Model.Order.afterPlace',
$aCallback
);

One important thing you should consider is that there are events that will be triggered having the same name
but different subjects, so checking it in the event object is usually required in any function that gets attached
globally in order to prevent some bugs. Remember that with the flexibility of using the global manager,
some additional complexity is incurred.
Cake\Event\EventManager::dispatch() method accepts the event object as an argument and
notifies all listener and callbacks passing this object along. The listeners will handle all the extra logic
around the afterPlace event, you can log the time, send emails, update user statistics possibly in separate
objects and even delegating it to offline tasks if you have the need.

Registering Listeners
Listeners are the preferred way to register callbacks for an event. This is done by implementing the
Cake\Event\EventListenerInterface interface in any class you wish to register some callbacks.
Classes implementing it need to provide the implementedEvents() method. This method must return
an associative array with all event names that the class will handle.
To continue our previous example, lets imagine we have a UserStatistic class responsible for calculating
a users purchasing history, and compiling into global site statistics. This is a great place to use a listener
class. Doing so allows you concentrate the statistics logic in one place and react to events as necessary. Our
UserStatistics listener might start out like:
use Cake\Event\EventListenerInterface;
class UserStatistic implements EventListenerInterface
{
public function implementedEvents()
{
return [
'Model.Order.afterPlace' => 'updateBuyStatistic',
];
}
public function updateBuyStatistic($event)
{
// Code to update statistics
}
}
// Attach the UserStatistic object to the Order's event manager
$statistics = new UserStatistic();

Registering Listeners

547

CakePHP Cookbook Documentation, Release 3.x

$this->Orders->eventManager()->on($statistics);

As you can see in the above code, the on() function will accept instances of the EventListener interface. Internally, the event manager will use implementedEvents() to attach the correct callbacks.

Registering Anonymous Listeners


While event listener objects are generally a better way to implement listeners, you can also bind any
callable as an event listener. For example if we wanted to put any orders into the log files, we could use
a simple anonymous function to do so:
use Cake\Log\Log;
$this->Orders->eventManager()->on('Model.Order.afterPlace', function ($event) {
Log::write(
'info',
'A new order was placed with id: ' . $event->subject()->id
);
});

In addition to anonymous functions you can use any other callable type that PHP supports:
$events = [
'email-sending' => 'EmailSender::sendBuyEmail',
'inventory' => [$this->InventoryManager, 'decrement'],
];
foreach ($events as $callable) {
$eventManager->on('Model.Order.afterPlace', $callable);
}

Establishing Priorities
In some cases you might want to control the order that listeners are invoked. For instance, if we go back to
our user statistics example. It would ideal if this listener was called at the end of the stack. By calling it at
the end of the listener stack, we can ensure that the event was not canceled, and that no other listeners raised
exceptions. We can also get the final state of the objects in the case that other listeners have modified the
subject or event object.
Priorities are defined as an integer when adding a listener. The higher the number, the later the method will
be fired. The default priority for all listeners is 10. If you need your method to be run earlier, using any
value below this default will work. On the other hand if you desire to run the callback after the others, using
a number above 10 will do.
If two callbacks happen to have the same priority value, they will be executed with a the order they
were attached. You set priorities using the attach() method for callbacks, and declaring it in the
implementedEvents() function for event listeners:
// Setting priority for a callback
$callback = [$this, 'doSomething'];
$this->eventManager()->on(

548

Chapter 21. Events System

CakePHP Cookbook Documentation, Release 3.x

'Model.Order.afterPlace',
['priority' => 2],
$callback
);
// Setting priority for a listener
class UserStatistic implements EventListenerInterface
{
public function implementedEvents()
{
return [
'Model.Order.afterPlace' => [
'callable' => 'updateBuyStatistic',
'priority' => 100
],
];
}
}

As you see, the main difference for EventListener objects is that you need to use an array for specifying
the callable method and the priority preference. The callable key is an special array entry that the
manager will read to know what function in the class it should be calling.

Getting Event Data as Function Parameters


When events have data provided in their constructor, the provided data is converted into arguments for the
listeners. An example from the View layer is the afterRender callback:
$this->eventManager()
->dispatch(new Event('View.afterRender', $this, ['view' => $viewFileName]));

The listeners of the View.afterRender callback should have the following signature:
function (Event $event, $viewFileName)

Each value provided to the Event constructor will be converted into function parameters in the order they
appear in the data array. If you use an associative array, the result of array_values will determine the
function argument order.
Note: Unlike in 2.x, converting event data to listener arguments is the default behavior and cannot be
disabled.

Dispatching Events
Once you have obtained an instance of an event manager you can dispatch events using
Event\EventManager::dispatch(). This method takes an instance of the Cake\Event\Event
class. Lets look at dispatching an event:

Dispatching Events

549

CakePHP Cookbook Documentation, Release 3.x

// An event listener has to be instantiated before dispatching an event.


// Create a new event and dispatch it.
$event = new Event('Model.Order.afterPlace', $this, [
'order' => $order
]);
$this->eventManager()->dispatch($event);

Cake\Event\Event accepts 3 arguments in its constructor. The first one is the event name, you should
try to keep this name as unique as possible, while making it readable. We suggest a convention as follows: Layer.eventName for general events happening at a layer level (e.g. Controller.startup,
View.beforeRender) and Layer.Class.eventName for events happening in specific classes on a
layer, for example Model.User.afterRegister or Controller.Courses.invalidAccess.
The second argument is the subject, meaning the object associated to the event, usually when it is the
same class triggering events about itself, using $this will be the most common case. Although a Component could trigger controller events too. The subject class is important because listeners will get immediate
access to the object properties and have the chance to inspect or change them on the fly.
Finally, the third argument is any additional event data.This can be any data you consider useful to pass
around so listeners can act upon it. While this can be an argument of any type, we recommend passing an
associative array.
The Event\EventManager::dispatch() method accepts an event object as an argument and notifies all subscribed listeners.

Stopping Events
Much like DOM events, you may want to stop an event to prevent additional listeners from being notified.
You can see this in action during model callbacks (e.g. beforeSave) in which it is possible to stop the saving
operation if the code detects it cannot proceed any further.
In order to stop events you can either return false in your callbacks or call the stopPropagation()
method on the event object:
public function doSomething($event)
{
// ...
return false; // Stops the event
}
public function updateBuyStatistic($event)
{
// ...
$event->stopPropagation();
}

Stopping an event will prevent any additional callbacks from being called. Additionally the code triggering
the event may behave differently based on the event being stopped or not. Generally it does not make
sense to stop after events, but stopping before events is often used to prevent the entire operation from
occurring.
To check if an event was stopped, you call the isStopped() method in the event object:
550

Chapter 21. Events System

CakePHP Cookbook Documentation, Release 3.x

public function place($order)


{
$event = new Event('Model.Order.beforePlace', $this, ['order' => $order]);
$this->eventManager()->dispatch($event);
if ($event->isStopped()) {
return false;
}
if ($this->Orders->save($order)) {
// ...
}
// ...
}

In the previous example the order would not get saved if the event is stopped during the beforePlace
process.

Getting Event Results


Every time a callback returns a value, it gets stored in the $result property of the event object. This is
useful when you want to allow callbacks to modify the event execution. Lets take again our beforePlace
example and let callbacks modify the $order data.
Event results can be altered either using the event object result property directly or returning the value in the
callback itself:
// A listener callback
public function doSomething($event)
{
// ...
$alteredData = $event->data['order'] + $moreData;
return $alteredData;
}
// Another listener callback
public function doSomethingElse($event)
{
// ...
$event->result['order'] = $alteredData;
}
// Using the event result
public function place($order)
{
$event = new Event('Model.Order.beforePlace', $this, ['order' => $order]);
$this->eventManager()->dispatch($event);
if (!empty($event->result['order'])) {
$order = $event->result['order'];
}
if ($this->Orders->save($order)) {
// ...
}

Dispatching Events

551

CakePHP Cookbook Documentation, Release 3.x

// ...
}

It is possible to alter any event object property and have the new data passed to the next callback. In most of
the cases, providing objects as event data or result and directly altering the object is the best solution as the
reference is kept the same and modifications are shared across all callback calls.

Removing Callbacks and Listeners


If for any reason you want to remove any callback from the event manager just call the
Cake\Event\EventManager::off() method using as arguments the first two params you used for
attaching it:
// Attaching a function
$this->eventManager()->on('My.event', [$this, 'doSomething']);
// Detaching the function
$this->eventManager()->off('My.event', [$this, 'doSomething']);
// Attaching an anonymous function.
$myFunction = function ($event) { ... };
$this->eventManager()->on('My.event', $myFunction);
// Detaching the anonymous function
$this->eventManager()->off('My.event', $myFunction);
// Adding a EventListener
$listener = new MyEventLister();
$this->eventManager()->on($listener);
// Detaching a single event key from a listener
$this->eventManager()->off('My.event', $listener);
// Detaching all callbacks implemented by a listener
$this->eventManager()->off($listener);

Conclusion
Events are a great way of separating concerns in your application and make classes both cohesive and decoupled from each other. Events can be utilized to de-couple application code and make extensible plugins.
Keep in mind that with great power comes great responsibility. Using too many events can make debugging
harder and require additional integration testing.

Additional Reading
Behaviors

552

Chapter 21. Events System

CakePHP Cookbook Documentation, Release 3.x

Components
Helpers

Additional Reading

553

CakePHP Cookbook Documentation, Release 3.x

554

Chapter 21. Events System

CHAPTER 22

Internationalization & Localization

One of the best ways for your applications to reach a larger audience is to cater for multiple languages.
This can often prove to be a daunting task, but the internationalization and localization features in CakePHP
make it much easier.
First, its important to understand some terminology. Internationalization refers to the ability of an application to be localized. The term localization refers to the adaptation of an application to meet specific language
(or culture) requirements (i.e. a locale). Internationalization and localization are often abbreviated as i18n
and l10n respectively; 18 and 10 are the number of characters between the first and last character.

Setting Up Translations
There are only a few steps to go from a single-language application to a multi-lingual application, the first
of which is to make use of the __() function in your code. Below is an example of some code for a
single-language application:
<h2>Popular Articles</h2>

To internationalize your code, all you need to do is to wrap strings in __() like so:
<h2><?= __('Popular Articles') ?></h2>

If you do nothing further, these two code examples are functionally identical - they will both send the same
content to the browser. The __() function will translate the passed string if a translation is available, or
return it unmodified.

Language Files
Translations can be made available by using language files stored in your application. The default format
for CakePHP translation files is the Gettext1 format. Files need to be placed under src/Locale/ and within
this directory, there should be a subfolder for each language the application needs to support:
1

http://en.wikipedia.org/wiki/Gettext

555

CakePHP Cookbook Documentation, Release 3.x

/src
/Locale
/en_US
default.po
/en_GB
default.po
validation.po
/es
default.po

The default domain is default, therefore your locale folder should at least contain the default.po file
as shown above. A domain refers to any arbitrary grouping of translation messages. When no group is used,
then the default group is selected.
Plugins can also contain translation files, the convention is to use the under_scored version of the plugin
name as the domain for the translation messages:
MyPlugin
/src
/Locale
/fr
my_plugin.po
/de
my_plugin.po

Translation folders can either be the two letter ISO code of the language or the full locale name such as
fr_FR, es_AR, da_DK which contains both the language and the country where it is spoken.
An example translation file could look like this:
msgid "My name is {0}"
msgstr "Je m'appelle {0}"
msgid "I'm {0,number} years old"
msgstr "J'ai {0,number} ans"

Extract Pot Files with I18n Shell


To create the pot files from __() and other internationalized types of messages that can be found in your
code, you can use the i18n shell. Please read the following chapter to learn more.

Setting the Default Locale


The default locale can be set in your config/bootstrap.php folder by using the following line:
ini_set('intl.default_locale', 'fr_FR');

This will control several aspects of your application, including the default translations language, the date
format, number format and currency whenever any of those is displayed using the localization libraries that
CakePHP provides.

556

Chapter 22. Internationalization & Localization

CakePHP Cookbook Documentation, Release 3.x

Changing the Locale at Runtime


To change the language for translated strings you can call this method:
use Cake\I18n\I18n;
I18n::locale('de_DE');

This will also change how numbers and dates are formatted when using one of the localization tools.

Using Translation Functions


CakePHP provides several functions that will help you internationalize your application. The most frequently used one is __(). This function is used to retrieve a single translation message or return the same
string if no translation was found:
echo __('Popular Articles');

If you need to group your messages, for example, translations inside a plugin, you can use the __d()
function to fetch messages from another domain:
echo __d('my_plugin', 'Trending right now');

Sometimes translations strings can be ambiguous for people translating them. This can happen if two strings
are identical but refer to different things. For example, letter has multiple meanings in english. To solve
that problem, you can use the __x() function:
echo __x('written communication', 'He read the first letter');
echo __x('alphabet learning', 'He read the first letter');

The first argument is the context of the message and the second is the message to be translated.

Using Variables in Translation Messages


Translation functions allow you to interpolate variables into the messages using special markers defined in
the message itself or in the translated string:
echo __("Hello, my name is {0}, I'm {1} years old", ['Sara', 12]);

Markers are numeric, and correspond to the keys in the passed array. You can also pass variables as independent arguments to the function:
echo __("Small step for {0}, Big leap for {1}", 'Man', 'Humanity');

All translation functions support placeholder replacements:


__d('validation', 'The field {0} cannot be left empty', 'Name');
__x('alphabet', 'He read the letter {0}', 'Z');

Using Translation Functions

557

CakePHP Cookbook Documentation, Release 3.x

The (single quote) character acts as an escape code in translation messages. Any variables between single
quotes will not be replaced and is treated as literal text. For example:
__("This variable '{0}' be replaced.", 'will not');

By using two adjacent quotes your variables will be replaced properly:


__("This variable ''{0}'' be replaced.", 'will');

These functions take advantage of the ICU MessageFormatter2 so you can translate messages and localize
dates, numbers and currency at the same time:
echo __(
'Hi {0,string}, your balance on the {1,date} is {2,number,currency}',
['Charles', '2014-01-13 11:12:00', 1354.37]
);
// Returns
Hi Charles, your balance on the Jan 13, 2014, 11:12 AM is $ 1,354.37

Numbers in placeholders can be formatted as well with fine grain control of the output:
echo __(
'You have traveled {0,number,decimal} kilometers in {1,number,integer} weeks',
[5423.344, 5.1]
);
// Returns
You have traveled 5,423.34 kilometers in 5 weeks
echo __('There are {0,number,#,###} people on earth', 6.1 * pow(10, 8));
// Returns
There are 6,100,000,000 people on earth

This is the list of formatter specifiers you can put after the word number:
integer: Removes the decimal part
decimal: Formats the number as a float
currency: Puts the locale currency symbol and rounds decimals
percent: Formats the number as a percentage
Dates can also be formatted by using the word date after the placeholder number. A list of extra options
follows:
short
medium
long
full
2

http://php.net/manual/en/messageformatter.format.php

558

Chapter 22. Internationalization & Localization

CakePHP Cookbook Documentation, Release 3.x

The word time after the placeholder number is also accepted and it understands the same options as date.
Note: If you are using PHP 5.5+, you can use also named placeholders like {name} {age}, etc. And pass
the variables in an array having the corresponding key names like [name => Sara, age =>
12]. This feature is not available in PHP 5.4.
If you are planning on making use of the internationalization features it is a good idea to ensure you are
running PHP5.5, and have a version of ICU above 48.x.y. Older versions of PHP and ICU have a number of
problems.

Plurals
One crucial part of internationalizing your application is getting your messages pluralized correctly depending on the language they are shown. CakePHP provides a couple ways to correctly select plurals in your
messages.
Using ICU Plural Selection
The first one is taking advantage of the ICU message format that comes by default in the translation functions. In the translations file you could have the following strings
msgid "{0,plural,=0{No records found} =1{Found 1 record} other{Found # records}}"
msgstr "{0,plural,=0{Ningn resultado} =1{1 resultado} other{# resultados}}"

msgid "{placeholder,plural,=0{No records found} =1{Found 1 record} other{Found {1} records}


msgstr "{placeholder,plural,=0{Ningn resultado} =1{1 resultado} other{{1} resultados}}"

And in your application use the following code to output either of the translations for such string:
__('{0,plural,=0{No records found }=1{Found 1 record} other{Found # records}}', [0]);
// Returns "Ningn resultado" as the argument {0} is 0
__('{0,plural,=0{No records found} =1{Found 1 record} other{Found # records}}', [1]);
// Returns "1 resultado" because the argument {0} is 1

__('{placeholder,plural,=0{No records found} =1{Found 1 record} other{Found {1} records}}',


// Returns "many resultados" because the argument {placeholder} is 2 and
// argument {1} is 'many'

A closer look to the format we just used will make it evident how messages are built:
{ [count placeholder],plural, case1{message} case2{message} case3{...} ... }

The [count placeholder] can be the array key number of any of the variables you pass to the translation function. It will be used for selecting the correct plural form.
Note that to reference [count placeholder] within {message} you have to use #.

Using Translation Functions

559

CakePHP Cookbook Documentation, Release 3.x

You can of course use simpler message ids if you dont want to type the full plural selection sequence in
your code
msgid "search.results"
msgstr "{0,plural,=0{Ningn resultado} =1{1 resultado} other{{1} resultados}}"

Then use the new string in your code:


__('search.results', [2, 2]);
// Returns: "2 resultados"

The latter version has the downside that you will need to have a translation messages file even for the default
language, but has the advantage that it makes the code more readable and leaves the complicated plural
selection strings in the translation files.
Sometimes using direct number matching in plurals is impractical. For example, languages like Arabic
require a different plural when you refer to few things and other plural form for many things. In those cases
you can use the ICU matching aliases. Instead of writing:
=0{No results} =1{...} other{...}

You can do:


zero{No Results} one{One result} few{...} many{...} other{...}

Make sure you read the Language Plural Rules Guide3 to get a complete overview of the aliases you can use
for each language.
Using Gettext Plural Selection
The second plural selection format accepted is using the built-in capabilities of Gettext. In this case, plurals
will be stored in the .po file by creating a separate message translation line per plural form
msgid "One file removed" # One message identifier for singular
msgid_plural "{0} files removed" # Another one for plural
msgstr[0] "Un fichero eliminado" # Translation in singular
msgstr[1] "{0} ficheros eliminados" # Translation in plural

When using this other format, you are required to use another translation function:
// Returns: "10 ficheros eliminados"
$count = 10;
__n('One file removed', '{0} files removed', $count, $count);
// It is also possible to use it inside a domain
__dn('my_plugin', 'One file removed', '{0} files removed', $count, $count);

The number inside msgstr[] is the number assigned by Gettext for the plural form of the language. Some
languages have more than two plural forms, for example Croatian:
3

http://www.unicode.org/cldr/charts/latest/supplemental/language_plural_rules.html

560

Chapter 22. Internationalization & Localization

CakePHP Cookbook Documentation, Release 3.x

msgid "One file removed"


msgid_plural "{0} files removed"
msgstr[0] "jednom datotekom je uklonjen"
msgstr[1] "{0} datoteke uklonjenih"
msgstr[2] "{0} slika uklonjenih"

Please visit the Launchpad languages page4 for a detailed explanation of the plural form numbers for each
language.

Creating Your Own Translators


If you need to diverge from CakePHP conventions regarding where and how translation messages are stored,
you can create your own translation message loader. The easiest way to create your own translator is by
defining a loader for a single domain and locale:
use Aura\Intl\Package;
I18n::translator('animals', 'fr_FR', function () {
$package = new Package(
'default', // The formatting strategy (ICU)
'default' // The fallback domain
);
$package->setMessages([
'Dog' => 'Chien',
'Cat' => 'Chat',
'Bird' => 'Oiseau'
...
]);
return $package;
});

The above code can be added to your config/bootstrap.php so that translations can be found before any
translation function is used. The absolute minimum that is required for creating a translator is that the
loader function should return a Aura\Intl\Package object. Once the code is in place you can use the
translation functions as usual:
I18n::locale('fr_FR');
__d('animals', 'Dog'); // Returns "Chien"

As you see, Package objects take translation messages as an array. You can pass the setMessages()
method however you like: with inline code, including another file, calling another function, etc. CakePHP
provides a few loader functions you can reuse if you just need to change where messages are loaded. For
example, you can still use .po files, but loaded from another location:
use Cake\I18n\MessagesFileLoader as Loader;
// Load messages from src/Locale/folder/sub_folder/filename.po
4

https://translations.launchpad.net/+languages

Creating Your Own Translators

561

CakePHP Cookbook Documentation, Release 3.x

I18n::translator(
'animals',
'fr_FR',
new Loader('filename', 'folder/sub_folder', 'po')
);

Creating Message Parsers


It is possible to continue using the same conventions CakePHP uses, but use a message parser other than
PoFileParser. For example, if you wanted to load translation messages using YAML, you will first need
to created the parser class:
namespace App\I18n\Parser;
class YamlFileParser
{
public function parse($file)
{
return yaml_parse_file($file);
}
}

The file should be created in the src/I18n/Parser directory of your application. Next, create the translations
file under src/Locale/fr_FR/animals.yaml
Dog: Chien
Cat: Chat
Bird: Oiseau

And finally, configure the translation loader for the domain and locale:
use Cake\I18n\MessagesFileLoader as Loader;
I18n::translator(
'animals',
'fr_FR',
new Loader('animals', 'fr_FR', 'yaml')
);

Creating Generic Translators


Configuring translators by calling I18n::translator() for each domain and locale you need to support can be tedious, specially if you need to support more than a few different locales. To avoid this problem,
CakePHP lets you define generic translator loaders for each domain.
Imagine that you wanted to load all translations for the default domain and for any language from an external
service:

562

Chapter 22. Internationalization & Localization

CakePHP Cookbook Documentation, Release 3.x

use Aura\Intl\Package;
I18n::config('default', function ($domain, $locale) {
$locale = Locale::parseLocale($locale);
$language = $locale['language'];
$messages = file_get_contents("http://example.com/translations/$lang.json");
return new Package(
'default', // Formatter
null, // Fallback (none for default domain)
json_decode($messages, true)
)
});

The above example calls an example external service to load a JSON file with the translations and then just
build a Package object for any locale that is requested in the application.

Plurals and Context in Custom Translators


The arrays used for setMessages() can be crafted to instruct the translator to store messages under
different domains or to trigger Gettext-style plural selection. The following is an example of storing translations for the same key in different contexts:
[
'He reads the letter {0}' => [
'alphabet' => 'l lee la letra {0}',
'written communication' => 'l lee la carta {0}'
]
]

Similarly, you can express Gettext-style plurals using the messages array by having a nested array key per
plural form:
[
'I have read one book' => 'He ledo un libro',
'I have read {0} books' => [
'He ledo un libro',
'He ledo {0} libros'
]
]

Using Different Formatters


In previous examples we have seen that Packages are built using default as first argument, and it was
indicated with a comment that it corresponded to the formatter to be used. Formatters are classes responsible
for interpolating variables in translation messages and selecting the correct plural form.
If youre dealing with a legacy application, or you dont need the power offered by the ICU message formatting, CakePHP also provides the sprintf formatter:

Creating Your Own Translators

563

CakePHP Cookbook Documentation, Release 3.x

return Package('sprintf', 'fallback_domain', $messages);

The messages to be translated will be passed to the sprintf() function for interpolating the variables:
__('Hello, my name is %s and I am %d years old', 'Jos', 29);

It is possible to set the default formatter for all translators created by CakePHP before they are used for the
first time. This does not include manually created translators using the translator() and config()
methods:
I18n::defaultFormatter('sprintf');

Localizing Dates and Numbers


When outputting Dates and Numbers in your application, you will often need that they are formatted according to the preferred format for the country or region that you wish your page to be displayed.
In order to change how dates and numbers are displayed you just need to change the current locale setting
and use the right classes:
use Cake\I18n\I18n;
use Cake\I18n\Time;
use Cake\I18n\Number;
I18n::locale('fr-FR');
$date = new Time('2015-04-05 23:00:00');
echo $date; // Displays 05/04/2015 23:00
echo Number::format(524.23); // Displays 524,23

Make sure you read the Time and Number sections to learn more about formatting options.
By default dates returned for the ORM results use the Cake\I18n\Time class, so displaying them directly
in you application will be affected by changing the current locale.

Parsing Localized Datetime Data


When accepting localized data from the request, it is nice to accept datetime information in a users localized
format. In a controller, or Dispatcher Filters you can configure the Date, Time, and DateTime types to parse
localized formats:
use Cake\Database\Type;
// Enable default locale format parsing.
Type::build('datetime')->useLocaleParser();
// Configure a custom datetime format parser format.
Type::build('datetime')->useLocaleParser()->setLocaleFormat('dd-M-y');

564

Chapter 22. Internationalization & Localization

CakePHP Cookbook Documentation, Release 3.x

// You can also use IntlDateFormatter constants.


Type::build('datetime')->useLocaleParser()
->setLocaleFormat([IntlDateFormatter::SHORT, -1]);

The default parsing format is the same as the default string format.

Automatically Choosing the Locale Based on Request Data


By using the LocaleSelectorFilter in your application, CakePHP will automatically set the locale
based on the current user:
// in config/bootstrap.php
DispatcherFactory::add('LocaleSelector');
// Restrict the locales to only en-US, fr-FR
DispatcherFactory::add('LocaleSelector', ['locales' => ['en-US', 'fr-FR']]);

The LocaleSelectorFilter will use the Accept-Language header to automatically set the users
preferred locale. You can use the locale list option to restrict which locales will automatically be used.

Automatically Choosing the Locale Based on Request Data

565

CakePHP Cookbook Documentation, Release 3.x

566

Chapter 22. Internationalization & Localization

CHAPTER 23

Logging

While CakePHP core Configure Class settings can really help you see whats happening under the hood,
there are certain times that youll need to log data to the disk in order to find out whats going on. With
technologies like SOAP, AJAX, and REST APIs, debugging can be rather difficult.
Logging can also be a way to find out whats been going on in your application over time. What search
terms are being used? What sorts of errors are my users being shown? How often is a particular query being
executed?
Logging data in CakePHP is easy - the log() function is provided by the LogTrait, which is the common
ancestor for almost all CakePHP classes. If the context is a CakePHP class (Model, Controller, Component...
almost anything), you can log your data. You can also use Log::write() directly. See Writing to Logs.

Logging Configuration
Configuring Log should be done during your applications bootstrap phase. The config/app.php file is
intended for just this. You can define as many or as few loggers as your application needs. Loggers should
be configured using Cake\Core\Log. An example would be:
use Cake\Log\Log;
// Short classname
Log::config('debug', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => ['notice', 'info', 'debug'],
'file' => 'debug',
]);
// Fully namespaced name.
Log::config('error', [
'className' => 'Cake\Log\Engine\FileLog',
'path' => LOGS,
'levels' => ['warning', 'error', 'critical', 'alert', 'emergency'],

567

CakePHP Cookbook Documentation, Release 3.x

'file' => 'error',


]);

The above creates two loggers. One named debug the other named error. Each is configured to handle
different levels of messages. They also store their log messages in separate files, so its easy to separate
debug/notice/info logs from more serious errors. See the section on Using Levels for more information on
the different levels and what they mean.
Once a configuration is created you cannot change it. Instead you should drop the configuration and re-create
it using Cake\Log\Log::drop() and Cake\Log\Log::config().
It is also possible to create loggers by providing a closure. This is useful when you need full control over
how the logger object is built. The closure has to return the constructed logger instance. For example:
Log::config('special', function () {
return new \Cake\Log\Engine\FileLog(['path' => LOGS, 'file' => 'log']);
});

Configuration options can also be provided as a DSN string. This is useful when working with environment
variables or PaaS providers:
Log::config('error', [
'url' => 'file:///?levels[]=warning&levels[]=error&file=error',
]);

Note: Loggers are required to implement the Psr\Log\LoggerInterface interface.

Creating Log Adapters


Log adapters can be part of your application, or part of plugins.
If for example you
had a database logger called DatabaseLog.
As part of your application it would be
placed in src/Log/Engine/DatabaseLog.php.
As part of a plugin it would be placed in plugins/LoggingPack/src/Log/Engine/DatabaseLog.php.
To configure log adapters you should use
Cake\Log\Log::config(). For example configuring our DatabaseLog would look like:
// For src/Log
Log::config('otherFile', [
'className' => 'DatabaseLog',
'model' => 'LogEntry',
// ...
]);
// For plugin called LoggingPack
Log::config('otherFile', [
'className' => 'LoggingPack.DatabaseLog',
'model' => 'LogEntry',
// ...
]);

When configuring a log adapter the className parameter is used to locate and load the log handler. All
of the other configuration properties are passed to the log adapters constructor as an array.
568

Chapter 23. Logging

CakePHP Cookbook Documentation, Release 3.x

namespace App\Log\Engine;
use Cake\Log\Engine\BaseLog;
class DatabaseLog extends BaseLog
{
public function __construct($options = [])
{
// ...
}
public function log($level, $message, array $context = [])
{
// Write to the database.
}
}

CakePHP requires that all logging adapters implement Psr\Log\LoggerInterface. The class
CakeLogEngineBaseLog is an easy way to satisfy the interface as it only requires you to implement the
log() method. FileLog engine takes the following options:
size Used to implement basic log file rotation. If log file size reaches specified size the existing
file is renamed by appending timestamp to filename and new log file is created. Can be integer bytes
value or human reabable string values like 10MB, 100KB etc. Defaults to 10MB.
rotate Log files are rotated specified times before being removed. If value is 0, old versions are
removed rather then rotated. Defaults to 10.
mask Set the file permissions for created files. If left empty the default permissions are used.
Warning: Engines have the suffix Log. You should avoid class names like SomeLogLog which
include the suffix twice at the end.
Note: You should configure loggers during bootstrapping. config/app.php is the conventional place to
configure log adapters.
In debug mode missing directories will be automatically created to avoid unnecessary errors thrown when
using the FileEngine.

Error and Exception Logging


Errors and Exceptions can also be logged. By configuring the co-responding values in your app.php file.
Errors will be displayed when debug > 0 and logged when debug is false. To log uncaught exceptions,
set the log option to true. See Configuration for more information.

Error and Exception Logging

569

CakePHP Cookbook Documentation, Release 3.x

Interacting with Log Streams


You can introspect the configured streams with Cake\Log\Log::configured(). The return of
configured() is an array of all the currently configured streams. You can remove streams using
Cake\Log\Log::drop(). Once a log stream has been dropped it will no longer receive messages.

Using the FileLog Adapter


As its name implies FileLog writes log messages to files. The level of log message being written determines
the name of the file the message is stored in. If a level is not supplied, LOG_ERROR is used which writes to
the error log. The default log location is logs/$level.log:
// Executing this inside a CakePHP class
$this->log("Something didn't work!");
// Results in this being appended to logs/error.log
// 2007-11-02 10:22:02 Error: Something didn't work!

The configured directory must be writable by the web server user in order for logging to work correctly.
You can configure additional/alternate FileLog locations when configuring a logger.FileLog accepts a path
which allows for custom paths to be used:
Log::config('custom_path', [
'className' => 'File',
'path' => '/path/to/custom/place/'
]);

Warning: If you do not configure a logging adapter, log messages will not be stored.

Logging to Syslog
In production environments it is highly recommended that you setup your system to use syslog instead of
the files logger. This will perform much better as any writes will be done in a (almost) non-blocking fashion
and your operating system logger can be configured separately to rotate files, pre-process writes or use a
completely different storage for your logs.
Using syslog is pretty much like using the default FileLog engine, you just need to specify Syslog as
the engine to be used for logging. The following configuration snippet will replace the default logger with
syslog, this should be done in the bootstrap.php file:
Log::config('default', [
'engine' => 'Syslog'
]);

The configuration array accepted for the Syslog logging engine understands the following keys:

570

Chapter 23. Logging

CakePHP Cookbook Documentation, Release 3.x

format: An sprintf template strings with two placeholders, the first one for the error level, and the
second for the message itself. This key is useful to add additional information about the server or
process in the logged message. For example: %s - Web Server 1 - %s will look like error
- Web Server 1 - An error occurred in this request after replacing the placeholders.
prefix: An string that will be prefixed to every logged message.
flag: An integer flag to be used for opening the connection to the logger, by default LOG_ODELAY
will be used. See openlog documentation for more options
facility: The logging slot to use in syslog. By default LOG_USER is used. See syslog documentation for more options

Writing to Logs
Writing to the log files can be done in 2 different ways.
Cake\Log\Log::write() method:

The first is to use the static

Log::write('debug', 'Something did not work');

The second is to use the log() shortcut function available on any using the LogTrait Calling log() will
internally call Log::write():
// Executing this inside a class using LogTrait
$this->log("Something did not work!", 'debug');

All configured log streams are written to sequentially each time Cake\Log\Log::write() is called.
If you have not configured any logging adapters log() will return false and no log messages will be
written.

Using Levels
CakePHP supports the standard POSIX set of logging levels. Each level represents an increasing level of
severity:
Emergency: system is unusable
Alert: action must be taken immediately
Critical: critical conditions
Error: error conditions
Warning: warning conditions
Notice: normal but significant condition
Info: informational messages
Debug: debug-level messages

Writing to Logs

571

CakePHP Cookbook Documentation, Release 3.x

You can refer to these levels by name when configuring loggers, and when writing log messages. Alternatively, you can use convenience methods like Cake\Log\Log::error() to clearly and easily indicate
the logging level. Using a level that is not in the above levels will result in an exception.

Logging Scopes
Often times youll want to configure different logging behavior for different subsystems or parts of your
application. Take for example an e-commerce shop. Youll probably want to handle logging for orders and
payments differently than you do other less critical logs.
CakePHP exposes this concept as logging scopes. When log messages are written you can include a scope
name. If there is a configured logger for that scope, the log messages will be directed to those loggers. If a
log message is written to an unknown scope, loggers that handle that level of message will log the message.
For example:
// Configure logs/shops.log to receive all levels, but only
// those with `orders` and `payments` scope.
Log::config('shops', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => [],
'scopes' => ['orders', 'payments'],
'file' => 'shops.log',
]);
// Configure logs/payments.log to receive all levels, but only
// those with `payments` scope.
Log::config('payments', [
'className' => 'FileLog',
'path' => LOGS,
'levels' => [],
'scopes' => ['payments'],
'file' => 'payments.log',
]);

Log::warning('this gets written only to shops.log', ['scope' => ['orders']]);


Log::warning('this gets written to both shops.log and payments.log', ['scope' => ['payments
Log::warning('this gets written to both shops.log and payments.log', ['scope' => ['unknown'

Scopes can also be passed as a single string or a numerically indexed array. Note that using this form will
limit the ability to pass more data as context:
Log::warning('This is a warning', ['orders']);
Log::warning('This is a warning', 'payments');

Log API
class Cake\Log\Log
A simple class for writing to logs.

572

Chapter 23. Logging

CakePHP Cookbook Documentation, Release 3.x

static Cake\Log\Log::config($key, $config)


Parameters
$name (string) Name for the logger being connected, used to drop a logger later
on.
$config (array) Array of configuration information and constructor arguments
for the logger.
Get or set the configuration for a Logger. See Logging Configuration for more information.
static Cake\Log\Log::configured
Returns An array of configured loggers.
Get the names of the configured loggers.
static Cake\Log\Log::drop($name)
Parameters
$name (string) Name of the logger you wish to no longer receive messages.
static Cake\Log\Log::write($level, $message, $scope =[])
Write a message into all the configured loggers. $level indicates the level of log message being
created. $message is the message of the log entry being written to. $scope is the scope(s) a log
message is being created in.
static Cake\Log\Log::levels
Call this method without arguments, eg: Log::levels() to obtain current level configuration.

Convenience Methods
The following convenience methods were added to log $message with the appropriate log level.
static Cake\Log\Log::emergency($message, $scope =[])
static Cake\Log\Log::alert($message, $scope =[])
static Cake\Log\Log::critical($message, $scope =[])
static Cake\Log\Log::error($message, $scope =[])
static Cake\Log\Log::warning($message, $scope =[])
static Cake\Log\Log::notice($message, $scope =[])
static Cake\Log\Log::debug($message, $scope =[])
static Cake\Log\Log::info($message, $scope =[])

Log API

573

CakePHP Cookbook Documentation, Release 3.x

Logging Trait
trait Cake\Log\LogTrait
A trait that provides shortcut methods for logging
Cake\Log\LogTrait::log($msg, $level = LOG_ERR)
Log a message to the logs. By default messages are logged as ERROR messages. If $msg isnt isnt
a string it will be converted with print_r before being logged.

Using Monolog
Monolog is a popular logger for PHP. Since it implements the same interfaces as the CakePHP loggers, it is
easy to use in your application as the default logger.
After installing Monolog using composer, configure the logger using the Log::config() method:
// config/bootstrap.php
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
Log::config('default', function () {
$log = new Logger('app');
$log->pushHandler(new StreamHandler('path/to/your/combined.log'));
return $log;
});
// Optionally stop using the now redundant default loggers
Log::drop('debug');
Log::drop('error');

Use similar methods if you want to configure a different logger for your console:
// config/bootstrap_cli.php
use Monolog\Logger;
use Monolog\Handler\StreamHandler;
Log::config('default', function () {
$log = new Logger('cli');
$log->pushHandler(new StreamHandler('path/to/your/combined-cli.log'));
return $log;
});
// Optionally stop using the now redundant default CLI loggers
Configure::delete('Log.debug');
Configure::delete('Log.error');

Note: When using a console specific logger, make sure to conditionally configure your application logger.
This will prevent duplicate log entries.

574

Chapter 23. Logging

CHAPTER 24

Modelless Forms

class Cake\Form\Form
Most of the time you will have forms backed by ORM entities and ORM tables or other peristent stores, but
there are times when youll need to validate user input and then perform an action if the data is valid. The
most common example of this is a contact form.

Creating a Form
Generally when using the Form class youll want to use a subclass to define your form. This makes testing
easier, and lets you re-use your form. Forms are put into src/Form and usually have Form as a class suffix.
For example, a simple contact form would look like:
// in src/Form/ContactForm.php
namespace App\Form;
use Cake\Form\Form;
use Cake\Form\Schema;
use Cake\Validation\Validator;
class ContactForm extends Form
{
protected function _buildSchema(Schema $schema)
{
return $schema->addField('name', 'string')
->addField('email', ['type' => 'string'])
->addField('body', ['type' => 'text']);
}
protected function _buildValidator(Validator $validator)
{
return $validator->add('name', 'length', [
'rule' => ['minLength', 10],
'message' => 'A name is required'

575

CakePHP Cookbook Documentation, Release 3.x

])->add('email', 'format', [
'rule' => 'email',
'message' => 'A valid email address is required',
]);
}
protected function _execute(array $data)
{
// Send an email.
return true;
}
}

In the above example we see the 3 hook methods that forms provide:
_buildSchema is used to define the schema data that is used by FormHelper to create an HTML
form. You can define field type, length, and precision.
_buildValidator Gets a Cake\Validation\Validator instance that you can attach validators to.
_execute lets you define the behavior you want to happen when execute() is called and the data
is valid.
You can always define additional public methods as you need as well.

Processing Request Data


Once youve defined your form, you can use it in your controller to process and validate request data:
// In a controller
namespace App\Controller;
use App\Controller\AppController;
use App\Form\ContactForm;
class ContactController extends AppController
{
public function index()
{
$contact = new ContactForm();
if ($this->request->is('post')) {
if ($contact->execute($this->request->data)) {
$this->Flash->success('We will get back to you soon.');
} else {
$this->Flash->error('There was a problem submitting your form.');
}
}
$this->set('contact', $contact);
}
}

576

Chapter 24. Modelless Forms

CakePHP Cookbook Documentation, Release 3.x

In the above example, we use the execute() method to run our forms _execute() method only when
the data is valid, and set flash messages accordingly. We could have also used the validate() method to
only validate the request data:
$isValid = $form->validate($this->request->data);

Setting Form Values


In order to set the values for the fields of a modelless form, one can define the values using
$this->request->data, like in all other forms created by the FormHelper:
// In a controller
namespace App\Controller;
use App\Controller\AppController;
use App\Form\ContactForm;
class ContactController extends AppController
{
public function index()
{
$contact = new ContactForm();
if ($this->request->is('post')) {
if ($contact->execute($this->request->data)) {
$this->Flash->success('We will get back to you soon.');
} else {
$this->Flash->error('There was a problem submitting your form.');
}
}
if ($this->request->is('get')) {
//Values from the User Model e.g.
$this->request->data['name'] = 'John Doe';
$this->request->data['email'] = '[email protected]';
}
$this->set('contact', $contact);
}
}

Values should only be defined if the request method is GET, otherwise you will overwrite your previous
POST Data which might have been incorrect and not been saved.

Getting Form Errors


Once a form has been validated you can retreive the errors from it:
$errors = $form->errors();
/* $errors contains

Setting Form Values

577

CakePHP Cookbook Documentation, Release 3.x

[
'email' => ['A valid email address is required']
]
*/

Invalidating Individual Form Fields from Controller


It is possible to invalidate individual fields from the controller without the use of the Validator class. The
most common use case for this is when the validation is done on a remote server. In such case, you must
manually invalidate the fields accordingly to the feedback from the remote server:
// in src/Form/ContactForm.php
public function setErrors($errors)
{
$this->_errors = $errors;
}

According to how the validator class would have returned the errors, $errors must be in this format:
["fieldName" => ["validatorName" => "The error message to display"]]

Now you will be able to invalidate form fields by setting the fieldName, then set the error messages:
// In a controller
$contact = new ContactForm();
$contact->setErrors(["email" => ["_required" => "Your email is required"]]);

Proceed to Creating HTML with FormHelper to see the results.

Creating HTML with FormHelper


Once youve created a Form class, youll likely want to create an HTML form for it. FormHelper understands Form objects just like ORM entities:
echo
echo
echo
echo
echo
echo

$this->Form->create($contact);
$this->Form->input('name');
$this->Form->input('email');
$this->Form->input('body');
$this->Form->button('Submit');
$this->Form->end();

The above would create an HTML form for the ContactForm we defined earlier. HTML forms created with FormHelper will use the defined schema and validator to determine field types, maxlengths, and
validation errors.

578

Chapter 24. Modelless Forms

CHAPTER 25

Pagination

class Cake\Controller\Component\PaginatorComponent
One of the main obstacles of creating flexible and user-friendly web applications is designing an intuitive
user interface. Many applications tend to grow in size and complexity quickly, and designers and programmers alike find they are unable to cope with displaying hundreds or thousands of records. Refactoring takes
time, and performance and user satisfaction can suffer.
Displaying a reasonable number of records per page has always been a critical part of every application and
used to cause many headaches for developers. CakePHP eases the burden on the developer by providing a
quick, easy way to paginate data.
Pagination in CakePHP is offered by a Component in the controller, to make building paginated queries
easier. In the View View\Helper\PaginatorHelper is used to make the generation of pagination
links & buttons simple.

Using Controller::paginate()
In the controller, we start by defining the default query conditions pagination will use in the $paginate
controller variable. These conditions, serve as the basis for your pagination queries. They are augmented by
the sort, direction limit, and page parameters passed in from the URL. It is important to note that the order
key must be defined in an array structure like below:
class ArticlesController extends AppController
{
public $paginate = [
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()

579

CakePHP Cookbook Documentation, Release 3.x

{
parent::initialize();
$this->loadComponent('Paginator');
}
}

You can also include any of the options supported by ORM\Table::find(), such as fields:
class ArticlesController extends AppController
{
public $paginate = [
'fields' => ['Articles.id', 'Articles.created'],
'limit' => 25,
'order' => [
'Articles.title' => 'asc'
]
];
public function initialize()
{
parent::initialize();
$this->loadComponent('Paginator');
}
}

While you can pass most of the query options from the paginate property it is often cleaner and simpler to
bundle up your pagination options into a Custom Finder Methods. You can define the finder pagination uses
by setting the finder option:
class ArticlesController extends AppController
{
public $paginate = [
'finder' => 'published',
];
}

Because custom finder methods can also take in options, this is how you pass in options into a custom finder
method within the paginate property:
class ArticlesController extends AppController
{
// find articles by tag
public function tags()
{
$tags = $this->request->params['pass'];
$customFinderOptions = [
'tags' => $tags
];
// the custom finder method is called findTagged inside ArticlesTable.php
// it should look like this:

580

Chapter 25. Pagination

CakePHP Cookbook Documentation, Release 3.x

// public function findTagged(Query $query, array $options) {


// hence you use tagged as the key
$this->paginate = [
'finder' => [
'tagged' => $customFinderOptions
]
];
$articles = $this->paginate($this->Articles);
$this->set(compact('articles', 'tags'));
}
}

In addition to defining general pagination values, you can define more than one set of pagination defaults in
the controller, you just name the keys of the array after the model you wish to configure:
class ArticlesController extends AppController
{
public $paginate = [
'Articles' => [],
'Authors' => [],
];
}

The values of the Articles and Authors keys could contain all the properties that a model/key less
$paginate array could.
Once
the
$paginate
property
has
been
defined,
we
can
use
the
Controller\Controller::paginate() method to create the pagination data, and add the
PaginatorHelper if it hasnt already been added. The controllers paginate method will return
the result set of the paginated query, and set pagination metadata to the request. You can access the
pagination metadata at $this->request->params[paging]. A more complete example of using
paginate() would be:
class ArticlesController extends AppController
{
public function index()
{
$this->set('articles', $this->paginate());
}
}

By default the paginate() method will use the default model for a controller. You can also pass the
resulting query of a find method:
public function index()
{
$query = $this->Articles->find('popular')->where(['author_id' => 1]);
$this->set('articles', $this->paginate($query));
}

Using Controller::paginate()

581

CakePHP Cookbook Documentation, Release 3.x

If you want to paginate a different model you can provide a query for it, the table object itself, or its name:
// Using a query
$comments = $this->paginate($commentsTable->find());
// Using the model name.
$comments = $this->paginate('Comments');
// Using a table object.
$comments = $this->paginate($commentTable);

Using the Paginator Directly


If you need to paginate data from another component you may want to use the PaginatorComponent directly.
It features a similar API to the controller method:
$articles = $this->Paginator->paginate($articleTable->find(), $config);
// Or
$articles = $this->Paginator->paginate($articleTable, $config);

The first parameter should be the query object from a find on table object you wish to paginate results from.
Optionally, you can pass the table object and let the query be constructed for you. The second parameter
should be the array of settings to use for pagination. This array should have the same structure as the
$paginate property on a controller.

Control which Fields Used for Ordering


By default sorting can be done on any non-virtual column a table has. This is sometimes undesirable as it
allows users to sort on un-indexed columns that can be expensive to order by. You can set the whitelist of
fields that can be sorted using the sortWhitelist option. This option is required when you want to sort
on any associated data, or computed fields that may be part of your pagination query:
public $paginate = [
'sortWhitelist' => [
'id', 'title', 'Users.username', 'created'
]
];

Any requests that attempt to sort on fields not in the whitelist will be ignored.

Limit the Maximum Number of Rows that can be Fetched


The number of results that are fetched is exposed to the user as the limit parameter. It is generally
undesirable to allow users to fetch all rows in a paginated set. By default CakePHP limits the maximum
number of rows that can be fetched to 100. If this default is not appropriate for your application, you can
adjust it as part of the pagination options:
582

Chapter 25. Pagination

CakePHP Cookbook Documentation, Release 3.x

public $paginate = [
// Other keys here.
'maxLimit' => 10
];

If the requests limit param is greater than this value, it will be reduced to the maxLimit value.

Joining Additional Associations


Additional associations can be loaded to the paginated table by using the contain parameter:
public function index()
{
$this->paginate = [
'contain' => ['Authors', 'Comments']
];
$this->set('articles', $this->paginate($this->Articles));
}

Out of Range Page Requests


The PaginatorComponent will throw a NotFoundException when trying to access a non-existent page,
i.e. page number requested is greater than total page count.
So you could either let the normal error page be rendered or use a try catch block and take appropriate action
when a NotFoundException is caught:
use Cake\Network\Exception\NotFoundException;
public function index()
{
try {
$this->paginate();
} catch (NotFoundException $e) {
// Do something here like redirecting to first or last page.
// $this->request->params['paging'] will give you required info.
}
}

Pagination in the View


Check the View\Helper\PaginatorHelper documentation for how to create links for pagination
navigation.

Joining Additional Associations

583

CakePHP Cookbook Documentation, Release 3.x

584

Chapter 25. Pagination

CHAPTER 26

Plugins

CakePHP allows you to set up a combination of controllers, models, and views and release them as a packaged application plugin that others can use in their CakePHP applications. Have a great user management
module, simple blog, or web services module in one of your applications? Package it as a CakePHP plugin
so you can reuse it in other applications and share with the community.
The main tie between a plugin and the application it has been installed into is the applications configuration
(database connection, etc.). Otherwise it operates in its own space, behaving much like it would if it were
an application on its own.
In CakePHP 3.0 each plugin defines its own top-level namespace. For example: DebugKit. By convention,
plugins use their package name as their namespace. If youd like to use a different namespace, you can
configure the plugin namespace, when plugins are loaded.

Installing a Plugin With Composer


Many plugins are available on Packagist1 and can be installed with Composer. To install DebugKit, you
would do the following:
php composer.phar require cakephp/debug_kit

This would install the latest version of DebugKit and update your composer.json, composer.lock
file, update vendor/cakephp-plugins.php, and update your autoloader.
If the plugin you want to install is not available on packagist.org, you can clone or copy the plugin code
into your plugins directory. Assuming you want to install a plugin named ContactManager, you should
have a folder in plugins named ContactManager. In this directory are the plugins src, tests and any
other directories.
1

http://packagist.org

585

CakePHP Cookbook Documentation, Release 3.x

Plugin Map File


When installing plugins via Composer, you may notice that vendor/cakephp-plugins.php is created. This configuration file contains a map of plugin names and their paths on the filesystem. It makes
it possible for plugins to be installed into the standard vendor directory which is outside of the normal search paths. The Plugin class will use this file to locate plugins when they are loaded with
load() or loadAll(). You generally wont need to edit this file by hand, as Composer and the
plugin-installer package will manage it for you.

Loading a Plugin
After installing a plugin and setting up the autoloader, you may need to load the plugin. You can load plugins
one by one, or all of them with a single method:
// In config/bootstrap.php
// Loads a single plugin
Plugin::load('ContactManager');
// Loads a plugin with a vendor namespace at top level.
Plugin::load('AcmeCorp/ContactManager');
// Loads all plugins at once
Plugin::loadAll();

loadAll() loads all plugins available, while allowing you to set certain settings for specific plugins.
load() works similarly, but only loads the plugins you explicitly specify.
Note:
Plugin::loadAll() wont load vendor namespaced plugins that are not defined in
vendor/cakephp-plugins.php.

Autoloading Plugin Classes


When using bake for creating a plugin or when installing a plugin using Composer, you dont typically
need to make any changes to your application in order to make CakePHP recognize the classes that live
inside it.
In any other cases you may need to modify your applications composer.json file to contain the following
information:
"psr-4": {
(...)
"MyPlugin\\": "./plugins/MyPlugin/src",
"MyPlugin\\Test\\": "./plugins/MyPlugin/tests"
}

If you are using vendor namespaces for your plugins, the namespace to path mapping should resemble the
following:

586

Chapter 26. Plugins

CakePHP Cookbook Documentation, Release 3.x

"psr-4": {
(...)
"AcmeCorp\\Users\\": "./plugins/AcmeCorp/Users/src",
"AcmeCorp\\Users\\Test\\": "./plugins/AcmeCorp/Users/tests"
}

Additionally, you will need to tell Composer to refresh its autoloading cache:
$ php composer.phar dumpautoload

If you are unable to use Composer for any reason, you can also use a fallback autoloading for your plugin:
Plugin::load('ContactManager', ['autoload' => true]);

Plugin Configuration
There is a lot you can do with the load() and loadAll() methods to help with plugin configuration and
routing. Perhaps you want to load all plugins automatically while specifying custom routes and bootstrap
files for certain plugins:
Plugin::loadAll([
'Blog' => ['routes' => true],
'ContactManager' => ['bootstrap' => true],
'WebmasterTools' => ['bootstrap' => true, 'routes' => true],
]);

With this style of configuration you no longer need to manually include() or require() a plugins
configuration or routes file it happens automatically at the right time and place. The exact same parameters
could have also been supplied to the load() method, which would have loaded only those three plugins
and not the rest.
Finally, you can also specify a set of defaults for loadAll() which will apply to every plugin that doesnt
have a more specific configuration.
Load the bootstrap file from all plugins, and additionally the routes from the Blog plugin:
Plugin::loadAll([
['bootstrap' => true],
'Blog' => ['routes' => true]
]);

Note that all files specified should actually exist in the configured plugin(s) or PHP will give warnings for
each file it cannot load. You can avoid potential warnings by using the ignoreMissing option:
Plugin::loadAll([
['ignoreMissing' => true, 'bootstrap' => true],
'Blog' => ['routes' => true]
]);

When loading plugins, the plugin name used should match the namespace. For example, if you have a plugin
with top level namespace Users you would load it using:

Plugin Configuration

587

CakePHP Cookbook Documentation, Release 3.x

Plugin::load('User');

If you prefer to have your vendor name as top level and have a namespace like AcmeCorp/Users, then
you would load the plugin as:
Plugin::load('AcmeCorp/Users');

This will ensure that classnames are resolved properly when using plugin syntax.
Most plugins will indicate the proper procedure for configuring them and setting up the database in their
documentation. Some plugins will require more setup than others.

Using Plugins
You can reference a plugins controllers, models, components, behaviors, and helpers by prefixing the name
of the plugin before the class name.
For example, say you wanted to use the ContactManager plugins ContactInfoHelper to output some pretty
contact information in one of your views. In your controller, your $helpers array could look like this:
public $helpers = ['ContactManager.ContactInfo'];

You would then be able to access the ContactInfoHelper just like any other helper in your view, such as:
echo $this->ContactInfo->address($contact);

Creating Your Own Plugins


As a working example, lets begin to create the ContactManager plugin referenced above. To start out, well
set up our plugins basic directory structure. It should look like this:
/src
/plugins
/ContactManager
/config
/src
/Controller
/Component
/Model
/Table
/Entity
/Behavior
/View
/Helper
/Template
/Layout
/tests
/TestCase
/Fixture
/webroot

588

Chapter 26. Plugins

CakePHP Cookbook Documentation, Release 3.x

Note the name of the plugin folder, ContactManager. It is important that this folder has the same name
as the plugin.
Inside the plugin folder, youll notice it looks a lot like a CakePHP application, and thats basically what
it is. You dont have to include any of the folders you are not using. Some plugins might only define a
Component and a Behavior, and in that case they can completely omit the Template directory.
A plugin can also have basically any of the other directories that your application can, such as Config,
Console, webroot, etc.

Creating a Plugin Using Bake


The process of creating plugins can be greatly simplified by using the bake shell.
In order to bake a plugin, use the following command:
$ bin/cake bake plugin ContactManager

Now you can bake using the same conventions which apply to the rest of your app. For example - baking
controllers:
$ bin/cake bake controller --plugin ContactManager Contacts

Please refer to the chapter Code Generation with Bake if you have any problems with using the command
line. Be sure to re-generate your autoloader once youve created your plugin:
$ php composer.phar dumpautoload

Plugin Controllers
Controllers for our ContactManager plugin will be stored in plugins/ContactManager/src/Controller/.
Since the main thing well be doing is managing contacts, well need a ContactsController for this plugin.
So, we place our new ContactsController in plugins/ContactManager/src/Controller and it looks like so:
// plugins/ContactManager/src/Controller/ContactsController.php
namespace ContactManager\Controller;
use ContactManager\Controller\AppController;
class ContactsController extends AppController
{
public function index()
{
//...
}
}

Also make the AppController if you dont have one already:


Plugin Controllers

589

CakePHP Cookbook Documentation, Release 3.x

// plugins/ContactManager/src/Controller/AppController.php
namespace ContactManager\Controller;
use App\Controller\AppController as BaseController;
class AppController extends BaseController
{
}

A plugins AppController can hold controller logic common to all controllers in a plugin but is not
required if you dont want to use one.
Before you can access your controllers, youll need to ensure the plugin is loaded and connect some routes.
In your config/bootstrap.php add the following:
Plugin::load('ContactManager', ['routes' => true]);

Then create the ContactManager plugin


ins/ContactManager/config/routes.php:

routes.

Put

the

following

into

plug-

<?php
use Cake\Routing\Router;
Router::plugin('ContactManager', function ($routes) {
$routes->fallbacks('InflectedRoute');
});

The above will connect default routes for you plugin. You can customize this file with more specific routes
later on.
If you want to access what weve got going thus far, visit /contact_manager/contacts. You should
get a Missing Model error because we dont have a Contact model defined yet.
If your application includes the default routing CakePHP provides you will be able to access your plugin
controllers using URLs like:
// Access the index route of a plugin controller.
/contact_manager/contacts
// Any action on a plugin controller.
/contact_manager/contacts/view/1

If your application defines routing prefixes, CakePHPs default routing will also connect routes that use the
following pattern:
/:prefix/:plugin/:controller
/:prefix/:plugin/:controller/:action

See the section on Plugin Configuration for information on how to load plugin specific route files.
For plugins you did not create with bake, you will also need to edit the composer.json file to add your
plugin to the autoload classes, this can be done as per the documentation Autoloading Plugin Classes.

590

Chapter 26. Plugins

CakePHP Cookbook Documentation, Release 3.x

Plugin Models
Models for the plugin are stored in plugins/ContactManager/src/Model. Weve already defined a ContactsController for this plugin, so lets create the table and entity for that controller:
// plugins/ContactManager/src/Model/Entity/Contact.php:
namespace ContactManager\Model\Entity;
use Cake\ORM\Entity;
class Contact extends Entity
{
}
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
}

If you need to reference a model within your plugin when building associations or defining entitiy classes,
you need to include the plugin name with the class name, separated with a dot. For example:
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('ContactManager.AltName');
}
}

If you would prefer that the array keys for the association not have the plugin prefix on them, use the
alternative syntax:
// plugins/ContactManager/src/Model/Table/ContactsTable.php:
namespace ContactManager\Model\Table;
use Cake\ORM\Table;
class ContactsTable extends Table
{
public function initialize(array $config)
{
$this->hasMany('AltName', [
'className' => 'ContactManager.AltName',

Plugin Models

591

CakePHP Cookbook Documentation, Release 3.x

]);
}
}

You can use TableRegistry to load your plugin tables using the familiar plugin syntax:
use Cake\ORM\TableRegistry;
$contacts = TableRegistry::get('ContactManager.Contacts');

Plugin Views
Views behave exactly as they do in normal applications. Just place them in the right folder inside of the
plugins/[PluginName]/src/Template/ folder. For our ContactManager plugin, well need a
view for our ContactsController::index() action, so lets include that as well:
// plugins/ContactManager/src/Template/Contacts/index.ctp:
<h1>Contacts</h1>
<p>Following is a sortable list of your contacts</p>
<!-- A sortable list of contacts would go here....-->

Plugins can provide their own layouts. To add plugin layouts, place your template files inside
plugins/[PluginName]/src/Template/Layout. To use a plugin layout in your controller you
can do the following:
public $layout = 'ContactManager.admin';

If the plugin prefix is omitted, the layout/view file will be located normally.
Note: For information on how to use elements from a plugin, look up Elements

Overriding Plugin Templates from Inside Your Application


You can override any plugin views from inside your app using special paths.
If you
have a plugin called ContactManager you can override the template files of the plugin with application specific view logic by creating files using the following template
src/Template/Plugin/[Plugin]/[Controller]/[view].ctp.
For the Contacts controller you could make the following file:
src/Template/Plugin/ContactManager/Contacts/index.ctp

Creating this file would allow you to override plugins/ContactManager/src/Template/Contacts/index.ctp.

Plugin Assets
A plugins web assets (but not PHP files) can be served through the plugins webroot directory, just like
the main applications assets:
592

Chapter 26. Plugins

CakePHP Cookbook Documentation, Release 3.x

/plugins/ContactManager/webroot/
css/
js/
img/
flash/
pdf/

You may put any type of file in any directory, just like a regular webroot.
Warning: Handling static assets (such as images, JavaScript and CSS files) through the Dispatcher is
very inefficient. See Improve Your Applications Performance for more information.

Linking to Assets in Plugins


You can use the plugin syntax when linking to plugin assets using the View\Helper\HtmlHelpers
script, image, or css methods:
// Generates a URL of /contact_manager/css/styles.css
echo $this->Html->css('ContactManager.styles');
// Generates a URL of /contact_manager/js/widget.js
echo $this->Html->script('ContactManager.widget');
// Generates a URL of /contact_manager/img/logo.js
echo $this->Html->image('ContactManager.logo');

Plugin assets are served using the AssetFilter dispatcher filter by default. This is only recommended
for development. In production you should symlink plugin assets to improve performance.
If you are not using the helpers, you can prepend /plugin_name/ to the beginning of the URL for an asset
within that plugin to serve it. Linking to /contact_manager/js/some_file.js would serve the asset plugins/ContactManager/webroot/js/some_file.js.

Components, Helpers and Behaviors


A plugin can have Components, Helpers and Behaviors just like a regular CakePHP application. You can
even create plugins that consist only of Components, Helpers or Behaviors which can be a great way to build
reusable components that can easily be dropped into any project.
Building these components is exactly the same as building it within a regular application, with no special
naming convention.
Referring to your component from inside or outside of your plugin requires only that you prefix the plugin
name before the name of the component. For example:
// Component defined in 'ContactManager' plugin
namespace ContactManager\Controller\Component;
use Cake\Controller\Component;

Components, Helpers and Behaviors

593

CakePHP Cookbook Documentation, Release 3.x

class ExampleComponent extends Component


{
}
// Within your controllers
public function initialize()
{
parent::initialize();
$this->loadComponent('ContactManager.Example');
}

The same technique applies to Helpers and Behaviors.

Expand Your Plugin


This example created a good start for a plugin, but there is a lot more that you can do. As a general rule,
anything you can do with your application you can do inside of a plugin as well.
Go ahead - include some third-party libraries in Vendor, add some new shells to the cake console, and
dont forget to create test cases so your plugin users can automatically test your plugins functionality!
In our ContactManager example we might create add/remove/edit/delete actions in the ContactsController,
implement validation in the Contact model, and implement the functionality one might expect when managing their contacts. Its up to you to decide what to implement in your plugins. Just dont forget to share
your code with the community so that everyone can benefit from your awesome, reusable components!

594

Chapter 26. Plugins

CHAPTER 27

REST

Many newer application programmers are realizing the need to open their core functionality to a greater
audience. Providing easy, unfettered access to your core API can help get your platform accepted, and
allows for mashups and easy integration with other systems.
While other solutions exist, REST is a great way to provide easy access to the logic youve created in your
application. Its simple, usually XML-based (were talking simple XML, nothing like a SOAP envelope),
and depends on HTTP headers for direction. Exposing an API via REST in CakePHP is simple.

The Simple Setup


The fastest way to get up and running with REST is to add a few lines to setup resource routes in your
config/routes.php file.
Once the router has been set up to map REST requests to certain controller actions, we can move on to
creating the logic in our controller actions. A basic controller might look something like this:
// src/Controller/RecipesController.php
class RecipesController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function index()
{
$recipes = $this->Recipes->find('all');
$this->set([
'recipes' => $recipes,
'_serialize' => ['recipes']
]);
}

595

CakePHP Cookbook Documentation, Release 3.x

public function view($id)


{
$recipe = $this->Recipes->get($id);
$this->set([
'recipe' => $recipe,
'_serialize' => ['recipe']
]);
}
public function add()
{
$recipe = $this->Recipes->newEntity($this->request->data);
if ($this->Recipes->save($recipe)) {
$message = 'Saved';
} else {
$message = 'Error';
}
$this->set([
'message' => $message,
'recipe' => $recipe,
'_serialize' => ['message', 'recipe']
]);
}
public function edit($id)
{
$recipe = $this->Recipes->get($id);
if ($this->request->is(['post', 'put'])) {
$recipe = $this->Recipes->patchEntity($recipe, $this->request->data);
if ($this->Recipes->save($recipe)) {
$message = 'Saved';
} else {
$message = 'Error';
}
}
$this->set([
'message' => $message,
'_serialize' => ['message']
]);
}
public function delete($id)
{
$recipe = $this->Recipes->get($id);
$message = 'Deleted';
if (!$this->Recipes->delete($recipe)) {
$message = 'Error';
}
$this->set([
'message' => $message,
'_serialize' => ['message']
]);
}

596

Chapter 27. REST

CakePHP Cookbook Documentation, Release 3.x

RESTful controllers often use parsed extensions to serve up different views based on different kinds of
requests. Since were dealing with REST requests, well be making XML views. You can also easily make
JSON views using CakePHPs built-in JSON and XML views. By using the built in XmlView we can define
a _serialize view variable. This special view variable is used to define which view variables XmlView
should serialize into XML.
If we wanted to modify the data before it is converted into XML we should not define the _serialize
view variable, and instead use template files. We place the REST views for our RecipesController inside
src/Template/Recipes/xml. We can also use the Xml for quick-and-easy XML output in those views. Heres
what our index view might look like:
// src/Template/Recipes/xml/index.ctp
// Do some formatting and manipulation on
// the $recipes array.
$xml = Xml::fromArray(['response' => $recipes]);
echo $xml->asXML();

When serving up a specific content type using Cake\Routing\Router::extensions(), CakePHP


automatically looks for a view helper that matches the type. Since were using XML as the content type,
there is no built-in helper, however if you were to create one it would automatically be loaded for our use in
those views.
The rendered XML will end up looking something like this:
<recipes>
<recipe>
<id>234</id>
<created>2008-06-13</created>
<modified>2008-06-14</modified>
<author>
<id>23423</id>
<first_name>Billy</first_name>
<last_name>Bob</last_name>
</author>
<comment>
<id>245</id>
<body>Yummy yummmy</body>
</comment>
</recipe>
...
</recipes>

Creating the logic for the edit action is a bit trickier, but not by much. Since youre providing an API that outputs XML, its a natural choice to receive XML as input. Not to worry, the
Cake\Controller\Component\RequestHandler and Cake\Routing\Router classes make
things much easier. If a POST or PUT request has an XML content-type, then the input is run through
CakePHPs Xml class, and the array representation of the data is assigned to $this->request->data.
Because of this feature, handling XML and POST data in parallel is seamless: no changes are required to
the controller or model code. Everything you need should end up in $this->request->data.

The Simple Setup

597

CakePHP Cookbook Documentation, Release 3.x

Accepting Input in Other Formats


Typically REST applications not only output content in alternate data formats, but also accept data in different formats. In CakePHP, the RequestHandlerComponent helps facilitate this. By default, it will
decode any incoming JSON/XML input data for POST/PUT requests and supply the array version of that
data in $this->request->data. You can also wire in additional deserializers for alternate formats if
you need them, using RequestHandler::addInputType().

RESTful Routing
CakePHPs Router makes connecting RESTful resource routes easy. See the section on Creating RESTful
Routes for more information.

598

Chapter 27. REST

CHAPTER 28

Security

CakePHP provides you some tools to secure your application. The following sections cover those tools:

Security
class Cake\Utility\Security
The security library1 handles basic security measures such as providing methods for hashing and encrypting
data.

Encrypting and Decrypting Data


static Cake\Utility\Security::encrypt($text, $key, $hmacSalt = null)
static Cake\Utility\Security::decrypt($cipher, $key, $hmacSalt = null)
Encrypt $text using AES-256. The $key should be a value with a lots of variance in the data much like
a good password. The returned result will be the encrypted value with an HMAC checksum.
This method will use either openssl2 or mcrypt3 based on what is available on your system. Data encrypted
in one implementation is portable to the other.
This method should never be used to store passwords. Instead you should use the one way hashing methods
provided by Utility\Security::hash(). An example use would be:
// Assuming key is stored somewhere it can be re-used for
// decryption later.
$key = 'wt1U5MACWJFTXGenFoZoiLwQGrLgdbHA';
$result = Security::encrypt($value, $key);
1

http://api.cakephp.org/3.0/class-Cake.Utility.Security.html
http://php.net/openssl
3
http://php.net/mcrypt
2

599

CakePHP Cookbook Documentation, Release 3.x

If you do not supply an HMAC salt, the Security.salt value will be used. Encrypted values can be
decrypted using Cake\Utility\Security::decrypt().
Decrypt a previously encrypted value. The $key and $hmacSalt parameters must match the values used
to encrypt or decryption will fail. An example use would be:
// Assuming the key is stored somewhere it can be re-used for
// Decryption later.
$key = 'wt1U5MACWJFTXGenFoZoiLwQGrLgdbHA';
$cipher = $user->secrets;
$result = Security::decrypt($cipher, $key);

If the value cannot be decrypted due to changes in the key or HMAC salt false will be returned.
Choosing a Specific Crypto Implementation
If you are upgrading an application from CakePHP 2.x, data encrypted in 2.x is not compatible with openssl.
This is because the encrypted data is not fully AES compliant. If you dont want to go through the trouble
of re-encrypting your data, you can force CakePHP to use mcrypt using the engine() method:
// In config/bootstrap.php
use Cake\Utility\Crypto\Mcrypt;
Security::engine(new Mcrypt());

The above will allow you to seamlessly read data from older versions of CakePHP, and encrypt new data to
be compatible with OpenSSL.

Hashing Data
static Cake\Utility\Security::hash($string, $type = NULL, $salt = false)
Create a hash from string using given method. Fallback on next available method. If $salt is set to true,
the applications salt value will be used:
// Using the application's salt value
$sha1 = Security::hash('CakePHP Framework', 'sha1', true);
// Using a custom salt value
$sha1 = Security::hash('CakePHP Framework', 'sha1', 'my-salt');
// Using the default hash algorithm
$hash = Security::hash('CakePHP Framework');

The hash() method supports the following hashing strategies:


md5
sha1
sha256

600

Chapter 28. Security

CakePHP Cookbook Documentation, Release 3.x

And any other hash algorithmn that PHPs hash() function supports.
Warning: You should not be using hash() for passwords in new applications. Instead you should use
the DefaultPasswordHasher class which uses bcrypt by default.

Cross Site Request Forgery


By enabling the CSRF Component you get protection against attacks. CSRF4 or Cross Site Request Forgery
is a common vulnerability in web applications. It allows an attacker to capture and replay a previous request,
and sometimes submit data requests using image tags or resources on other domains.
The CsrfComponent works by setting a cookie to the users browser. When forms are created with the
Cake\View\Helper\FormHelper, a hidden field is added containing the CSRF token. During the
Controller.startup event, if the request is a POST, PUT, DELETE, PATCH request the component
will compare the request data & cookie value. If either is missing or the two values mismatch the component
will throw a Cake\Network\Exception\ForbiddenException.

Using the CsrfComponent


Simply by adding the CsrfComponent to your components array, you can benefit from the CSRF protection it provides:
public function initialize()
{
parent::initialize();
$this->loadComponent('Csrf');
}

Settings can be passed into the component through your components settings. The available configuration
options are:
cookieName The name of the cookie to send. Defaults to csrfToken.
expiry How long the CSRF token should last. Defaults to browser session.
secure Whether or not the cookie will be set with the Secure flag. That is, the cookie will only be
set on a HTTPS connection and any attempt over normal HTTP will fail. Defaults to false.
field The form field to check. Defaults to _csrfToken. Changing this will also require configuring FormHelper.
When enabled, you can access the current CSRF token on the request object:
$token = $this->request->param('_csrfToken');
4

http://en.wikipedia.org/wiki/Cross-site_request_forgery

Cross Site Request Forgery

601

CakePHP Cookbook Documentation, Release 3.x

Integration with FormHelper


The CsrfComponent integrates seamlessly with FormHelper. Each time you create a form with
FormHelper, it will insert a hidden field containing the CSRF token.
Note: When using the CsrfComponent you should always start your forms with the FormHelper. If you do
not, you will need to manually create hidden inputs in each of your forms.

CSRF Protection and AJAX Requests


In addition to request data parameters, CSRF tokens can be submitted through a special X-CSRF-Token
header. Using a header often makes it easier to integrate a CSRF token with JavaScript heavy applications,
or XML/JSON based API endpoints.

Disabling the CSRF Component for Specific Actions


While not recommended, you may want to disable the CsrfComponent on certain requests. You can do this
using the controllers event dispatcher, during the beforeFilter() method:
public function beforeFilter(Event $event)
{
$this->eventManager()->off($this->Csrf);
}

Security
class SecurityComponent(ComponentCollection $collection, array $config =[])
The Security Component creates an easy way to integrate tighter security in your application. It provides
methods for various tasks like:
Restricting which HTTP methods your application accepts.
Form tampering protection
Requiring that SSL be used.
Limiting cross controller communication.
Like all components it is configured through several configurable parameters. All of these properties can be
set directly or through setter methods of the same name in your controllers beforeFilter.
By using the Security Component you automatically get form tampering protection. Hidden token fields
will automatically be inserted into forms and checked by the Security component.
If you are using Security components form protection features and other components that process form
data in their startup() callbacks, be sure to place Security Component before those components in your
initialize() method.

602

Chapter 28. Security

CakePHP Cookbook Documentation, Release 3.x

Note: When using the Security Component you must use the FormHelper to create your forms. In
addition, you must not override any of the fields name attributes. The Security Component looks
for certain indicators that are created and managed by the FormHelper (especially those created in
View\Helper\FormHelper::create() and View\Helper\FormHelper::end()). Dynamically altering the fields that are submitted in a POST request (e.g. disabling, deleting or creating new fields
via JavaScript) is likely to cause the request to be send to the blackhole callback. See the $validatePost
or $disabledFields configuration parameters.

Handling Blackhole Callbacks


SecurityComponent::blackHole(object $controller, string $error)
If an action is restricted by the Security Component it is black-holed as an invalid request which will
result in a 400 error by default. You can configure this behavior by setting the blackHoleCallback
configuration option to a callback function in the controller.
By configuring a callback method you can customize how the blackhole process works:
public function beforeFilter(Event $event)
{
$this->Security->config('blackHoleCallback', 'blackhole');
}
public function blackhole($type)
{
// Handle errors.
}

The $type parameter can have the following values:


auth Indicates a form validation error, or a controller/action mismatch error.
secure Indicates an SSL method restriction failure.

Restrict Actions to SSL


SecurityComponent::requireSecure()
Sets the actions that require a SSL-secured request. Takes any number of arguments. Can be called
with no arguments to force all actions to require a SSL-secured.
SecurityComponent::requireAuth()
Sets the actions that require a valid Security Component generated token. Takes any number of
arguments. Can be called with no arguments to force all actions to require a valid authentication.

Restricting Cross Controller Communication


property SecurityComponent::$allowedControllers
A list of controllers which can send requests to this controller. This can be used to control cross
controller requests.
Security

603

CakePHP Cookbook Documentation, Release 3.x

property SecurityComponent::$allowedActions
A list of actions which are allowed to send requests to this controllers actions. This can be used to
control cross controller requests.
These configuration options allow you to restrict cross controller communication. Set them with the
config() method.

Form Tampering Prevention


By default the SecurityComponent prevents users from tampering with forms in specific ways. The
SecurityComponent will prevent the following things:
Unknown fields cannot be added to the form.
Fields cannot be removed from the form.
Values in hidden inputs cannot be modified.
Preventing these types of tampering is accomplished by working with the FormHelper and tracking which
fields are in a form. The values for hidden fields are tracked as well. All of this data is combined and turned
into a hash. When a form is submitted, the SecurityComponent will use the POST data to build the
same structure and compare the hash.
Note: The SecurityComponent will not prevent select options from being added/changed. Nor will it
prevent radio options from being added/changed.
property SecurityComponent::$unlockedFields
Set to a list of form fields to exclude from POST validation. Fields can be unlocked either in the
Component, or with FormHelper::unlockField(). Fields that have been unlocked are not
required to be part of the POST and hidden unlocked fields do not have their values checked.
property SecurityComponent::$validatePost
Set to false to completely skip the validation of POST requests, essentially turning off form validation.

Usage
Using the security component is generally done in the controllers beforeFilter(). You would specify
the security restrictions you want and the Security Component will enforce them on its startup:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();

604

Chapter 28. Security

CakePHP Cookbook Documentation, Release 3.x

$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
if (isset($this->request->params['admin'])) {
$this->Security->requireSecure();
}
}
}

The above example would force all actions that had admin routing to require secure SSL requests:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetsController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security', ['blackHoleCallback' => 'forceSSL']);
}
public function beforeFilter(Event $event)
{
if (isset($this->params['admin'])) {
$this->Security->requireSecure();
}
}
public function forceSSL()
{
return $this->redirect('https://' . env('SERVER_NAME') . $this->request->here);
}
}

This example would force all actions that had admin routing to require secure SSL requests. When the
request is black holed, it will call the nominated forceSSL() callback which will redirect non-secure
requests to secure requests automatically.

CSRF Protection
CSRF or Cross Site Request Forgery is a common vulnerability in web applications. It allows an attacker to
capture and replay a previous request, and sometimes submit data requests using image tags or resources on
other domains. To enable CSRF protection features use the Cross Site Request Forgery.

Security

605

CakePHP Cookbook Documentation, Release 3.x

Disabling Security Component for Specific Actions


There may be cases where you want to disable all security checks for an action (ex. AJAX requests). You may unlock these actions by listing them in $this->Security->unlockedActions
in your beforeFilter(). The unlockedActions property will not affect other features of
SecurityComponent:
namespace App\Controller;
use App\Controller\AppController;
use Cake\Event\Event;
class WidgetController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Security');
}
public function beforeFilter(Event $event)
{
$this->Security->config('unlockedActions', ['edit']);
}
}

This example would disable all security checks for the edit action.

606

Chapter 28. Security

CHAPTER 29

Sessions

CakePHP provides a wrapper and suite of utility features on top of PHPs native session extension.
Sessions allow you to identify unique users across the requests and store persistent data for specific users.
Unlike Cookies, session data is not available on the client side. Usage of $_SESSION is generally avoided
in CakePHP, and instead usage of the Session classes is preferred.

Session Configuration
Session configuration is stored in Configure under the top level Session key, and a number of options
are available:
Session.timeout - The number of minutes before CakePHPs session handler expires the session.
Session.defaults - Allows you to use one the built-in default session configurations as a base
for your session configuration. See below for the built-in defaults.
Session.handler - Allows you to define a custom session handler. The core database and cache
session handlers use this. See below for additional information on Session handlers.
Session.ini - Allows you to set additional session ini settings for your config. This combined
with Session.handler replace the custom session handling features of previous versions
CakePHPs defaults session.cookie_secure to true, when your application is on an SSL protocol. If your application serves from both SSL and non-SSL protocols, then you might have problems with
sessions being lost. If you need access to the session on both SSL and non-SSL domains you will want to
disable this:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_secure' => false
]
]);

607

CakePHP Cookbook Documentation, Release 3.x

The session cookie path defaults to apps base path.


To change this you can use the
session.cookie_path ini value. For e.g. if you want your session to persist across all subdomains
you can do:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_path' => '/',
'session.cookie_domain' => '.yourdomain.com'
]
]);

By default PHP sets the session cookie to expire as soon as the browser is closed, regardless of the configured
Session.timeout value. The cookie timeout is controlled by the session.cookie_lifetime ini
value and can be configured using:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
// Invalidate the cookie after 30 minutes without visiting
// any page on the site.
'session.cookie_lifetime' => 1800
]
]);

The difference between Session.timeout and the session.cookie_lifetime value is that the
latter relies on the client telling the truth about the cookie. If you require stricter timeout checking, without
relying on what the client reports, you should use Session.timeout.
Please note that Session.timeout corresponds to the total time of inactivity for a user (i.e. the time
without visiting any page where the session is used), and does not limit the total amount of minutes a user
can stay on the site.

Built-in Session Handlers & Configuration


CakePHP comes with several built-in session configurations. You can either use these as the basis for your
session configuration, or you can create a fully custom solution. To use defaults, simply set the defaults
key to the name of the default you want to use. You can then override any sub setting by declaring it in your
Session config:
Configure::write('Session', [
'defaults' => 'php'
]);

The above will use the built-in php session configuration. You could augment part or all of it by doing the
following:
Configure::write('Session', [
'defaults' => 'php',
'cookie' => 'my_app',

608

Chapter 29. Sessions

CakePHP Cookbook Documentation, Release 3.x

'timeout' => 4320 // 3 days


]);

The above overrides the timeout and cookie name for the php session configuration. The built-in configurations are:
php - Saves sessions with the standard settings in your php.ini file.
cake - Saves sessions as files inside app/tmp/sessions. This is a good option when on hosts
that dont allow you to write outside your own home dir.
database - Use the built-in database sessions. See below for more information.
cache - Use the built-in cache sessions. See below for more information.
The accepted values are:
defaults - either php, database, cache or cake as explained above.
handler - An array containing the handler configuration
ini - A list of php.ini directives to set before the session starts.
timeout - The time in minutes the session should stay active

Session Handlers
Session handlers can also be defined in the session config array. By defining the handler.engine config key,
you can name the class name, or provide a handler instance. The class/object must implement the native
PHP SessionHandlerInterface. Implementing this interface will allow Session to automatically
map the methods for the handler. Both the core Cache and Database session handlers use this method for
saving sessions. Additional settings for the handler should be placed inside the handler array. You can then
read those values out from inside your handler:
'Session' => [
'handler' => [
'engine' => 'Database',
'model' => 'CustomSessions'
]
]

The above shows how you could setup the Database session handler with an application model.
When using class names as your handler.engine, CakePHP will expect to find your class in
the Network\Session namespace. For example, if you had a AppSessionHandler class,
the file should be src/Network/Session/AppSessionHandler.php, and the class name should be
App\\Network\\Session\\AppSessionHandler. You can also use session handlers from inside
plugins. By setting the engine to MyPlugin.PluginSessionHandler.

Database Sessions
If you you need to use a database to store your session data, configure as follows:

Built-in Session Handlers & Configuration

609

CakePHP Cookbook Documentation, Release 3.x

'Session' => [
'defaults' => 'database'
]

This configuration will require a database table to be added with at least these fields:
CREATE TABLE `sessions` (
`id` varchar(255) NOT NULL DEFAULT '',
`data` VARBINARY, -- or BYTEA for postgres
`expires` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
);

You can find a copy of the schema for the sessions table in the application skeleton.
You can also use your own Table class to handle the saving of the sessions:
'Session' => [
'defaults' => 'database',
'handler' => [
'engine' => 'Database',
'model' => 'CustomSessions'
]
]

The above will tell Session to use the built-in database defaults, and specify that a Table called
CustomSessions will be the delegate for saving session information to the database.

Cache Sessions
The Cache class can be used to store sessions as well. This allows you to store sessions in a cache like APC,
memcache, or Xcache. There are some caveats to using cache sessions, in that if you exhaust the cache
space, sessions will start to expire as records are evicted.
To use Cache based sessions you can configure you Session config like:
Configure::write('Session', [
'defaults' => 'cache',
'handler' => [
'config' => 'session'
]
]);

This will configure Session to use the CacheSession class as the delegate for saving the sessions. You
can use the config key which cache configuration to use. The default cache configuration is default.

Setting ini directives


The built-in defaults attempt to provide a common base for session configuration. You may need to tweak
specific ini flags as well. CakePHP exposes the ability to customize the ini settings for both default con-

610

Chapter 29. Sessions

CakePHP Cookbook Documentation, Release 3.x

figurations, as well as custom ones. The ini key in the session settings, allows you to specify individual
configuration values. For example you can use it to control settings like session.gc_divisor:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_name' => 'MyCookie',
'session.cookie_lifetime' => 1800, // Valid for 30 minutes
'session.gc_divisor' => 1000,
'session.cookie_httponly' => true
]
]);

Creating a Custom Session Handler


Creating a custom session handler is straightforward in CakePHP. In this example well create a session
handler that stores sessions both in the Cache (apc) and the database. This gives us the best of fast IO of
apc, without having to worry about sessions evaporating when the cache fills up.
First well need to create our custom class and put it in src/Network/Session/ComboSession.php. The
class should look something like:
namespace App\Network\Session;
use Cake\Cache\Cache;
use Cake\Core\Configure;
use Cake\Network\Session\DatabaseSession;
class ComboSession extends DatabaseSession
{
public $cacheKey;
public function __construct()
{
$this->cacheKey = Configure::read('Session.handler.cache');
parent::__construct();
}
// Read data from the session.
public function read($id)
{
$result = Cache::read($id, $this->cacheKey);
if ($result) {
return $result;
}
return parent::read($id);
}
// Write data into the session.
public function write($id, $data)
{
Cache::write($id, $data, $this->cacheKey);

Creating a Custom Session Handler

611

CakePHP Cookbook Documentation, Release 3.x

return parent::write($id, $data);


}
// Destroy a session.
public function destroy($id)
{
Cache::delete($id, $this->cacheKey);
return parent::destroy($id);
}
// Removes expired sessions.
public function gc($expires = null)
{
return Cache::gc($this->cacheKey) && parent::gc($expires);
}
}

Our class extends the built-in DatabaseSession so we dont have to duplicate all of its logic and behavior. We wrap each operation with a Cake\Cache\Cache operation. This lets us fetch sessions from the
fast cache, and not have to worry about what happens when we fill the cache. Using this session handler is
also easy. In your app.php make the session block look like the following:
'Session' => [
'defaults' => 'database',
'handler' => [
'engine' => 'ComboSession',
'model' => 'Session',
'cache' => 'apc'
]
],
// Make sure to add a apc cache config
'Cache' => [
'apc' => ['engine' => 'Apc']
]

Now our application will start using our custom session handler for reading & writing session data.
class Session

Accessing the Session Object


You can access the session data any place you have access to a request object. This means the session is
easily accessible from:
Controllers
Views
Helpers
Cells
Components
612

Chapter 29. Sessions

CakePHP Cookbook Documentation, Release 3.x

In addition to the basic session object, you can also use the Cake\View\Helper\SessionHelper to
interact with the session in your views. A basic example of session usage would be:
$name = $this->request->session()->read('User.name');
// If you are accessing the session multiple times,
// you will probably want a local variable.
$session = $this->request->session();
$name = $session->read('User.name');

Reading & Writing Session Data


Session::read($key)
You can read values from the session using Hash::extract() compatible syntax:
$session->read('Config.language');

Session::write($key, $value)
$key should be the dot separated path you wish to write $value to:
$session->write('Config.language', 'eng');

Session::delete($key)
When you need to delete data from the session, you can use delete():
$session->delete('Some.value');

static Session::consume($key)
When you need to read and delete data from the session, you can use consume():
$session->consume('Some.value');

Session::check($key)
If you want to see if data exists in the session, you can use check():
if ($session->check('Config.language')) {
// Config.language exists and is not null.
}

Destroying the Session


Session::destroy()
Destroying the session is useful when users log out. To destroy a session, use the destroy() method:
$session->destroy();

Destroying a session will remove all serverside data in the session, but will not remove the session cookie.
Reading & Writing Session Data

613

CakePHP Cookbook Documentation, Release 3.x

Rotating Session Identifiers


Session::renew()
While AuthComponent automatically renews the session id when users login and out, you may need to
rotate the session ids manually. To do this use the renew() method:
$session->renew();

Flash Messages
Flash messages are small messages displayed to end users once. They are often used to present error messages, or confirm that actions took place successfully.
To set and display flash messages you should use Flash and Flash

614

Chapter 29. Sessions

CHAPTER 30

Testing

CakePHP comes with comprehensive testing support built-in. CakePHP comes with integration for PHPUnit1 . In addition to the features offered by PHPUnit, CakePHP offers some additional features to make
testing easier. This section will cover installing PHPUnit, and getting started with Unit Testing, and how
you can use the extensions that CakePHP offers.

Installing PHPUnit
CakePHP uses PHPUnit as its underlying test framework. PHPUnit is the de-facto standard for unit testing
in PHP. It offers a deep and powerful set of features for making sure your code does what you think it does.
PHPUnit can be installed through using either a PHAR package2 or Composer3 .

Install PHPUnit with Composer


To install PHPUnit with Composer, add the following to you applications require section in its
composer.json:
"phpunit/phpunit": "*",

After updating your composer.json, run Composer again inside your application directory:
$ php composer.phar install

You can now run PHPUnit using:


$ vendor/bin/phpunit
1

http://phpunit.de
http://phpunit.de/#download
3
http://getcomposer.org
2

615

CakePHP Cookbook Documentation, Release 3.x

Using the PHAR File


After you have downloaded the phpunit.phar file, you can use it to run your tests:
php phpunit.phar

Test Database Setup


Remember to have debug enabled in your config/app.php file before running any tests. Before running any
tests you should be sure to add a test datasource configuration to config/app.php. This configuration is
used by CakePHP for fixture tables and data:
'Datasources' => [
'test' => [
'datasource' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'dbhost',
'username' => 'dblogin',
'password' => 'dbpassword',
'database' => 'test_database'
],
],

Note: Its a good idea to make the test database and your actual database different databases. This will
prevent embarrassing mistakes later.

Checking the Test Setup


After installing PHPUnit and setting up your test datasource configuration you can make sure youre ready
to write and run your own tests by running your applications tests:
// For phpunit.phar
$ php phpunit.phar
// For Composer installed phpunit
$ vendor/bin/phpunit

The above should run any tests you have, or let you know that no tests were run. To run a specific test
you can supply the path to the test as a parameter to PHPUnit. For example, if you had a test case for
ArticlesTable class you could run it with:
$ vendor/bin/phpunit tests/TestCase/Model/Table/ArticlesTableTest

You should see a green bar with some additional information about the tests run, and number passed.
Note: If you are on a Windows system you probably wont see any colours.

616

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

Test Case Conventions


Like most things in CakePHP, test cases have some conventions. Concerning tests:
1. PHP files containing tests should be in your tests/TestCase/[Type] directories.
2. The filenames of these files should end in Test.php instead of just .php.
3. The
classes
containing
tests
should
extend
Cake\TestSuite\TestCase,
Cake\TestSuite\IntegrationTestCase or \PHPUnit_Framework_TestCase.
4. Like other classnames, the test case classnames should match the filename. RouterTest.php
should contain class RouterTest extends TestCase.
5. The name of any method containing a test (i.e. containing an assertion) should begin with test, as
in testPublished(). You can also use the @test annotation to mark methods as test methods.

Creating Your First Test Case


In the following example, well create a test case for a very simple helper method. The helper were going
to test will be formatting progress bar HTML. Our helper looks like:
namespace App\View\Helper;
use Cake\View\Helper;
class ProgressHelper extends Helper
{
public function bar($value)
{
$width = round($value / 100, 2) * 100;
return sprintf(
'<div class="progress-container">
<div class="progress-bar" style="width: %s%%"></div>
</div>', $width);
}
}

This is a very simple example, but it will be useful to show how you can create a simple test case.
After creating and saving our helper, well create the test case file in
tests/TestCase/View/Helper/ProgressHelperTest.php. In that file well start with the following:
namespace App\Test\TestCase\View\Helper;
use App\View\Helper\ProgressHelper;
use Cake\TestSuite\TestCase;
use Cake\View\View;
class ProgressHelperTest extends TestCase
{
public function setUp()
{

Test Case Conventions

617

CakePHP Cookbook Documentation, Release 3.x

}
public function testBar()
{
}
}

Well flesh out this skeleton in a minute. Weve added two methods to start with. First is setUp(). This
method is called before every test method in a test case class. Setup methods should initialize the objects
needed for the test, and do any configuration needed. In our setup method well add the following:
public function setUp()
{
parent::setUp();
$View = new View();
$this->Progress = new ProgressHelper($View);
}

Calling the parent method is important in test cases, as TestCase::setUp() does a number things like backing
up the values in Core\Configure and, storing the paths in Core\App.
Next, well fill out the test method. Well use some assertions to ensure that our code creates the output we
expect:
public function testBar()
{
$result = $this->Progress->bar(90);
$this->assertContains('width: 90%', $result);
$this->assertContains('progress-bar', $result);
$result = $this->Progress->bar(33.3333333);
$this->assertContains('width: 33%', $result);
}

The above test is a simple one but shows the potential benefit of using test cases. We use
assertContains() to ensure that our helper is returning a string that contains the content we expect.
If the result did not contain the expected content the test would fail, and we would know that our code is
incorrect.
By using test cases you can easily describe the relationship between a set of known inputs and their expected
output. This helps you be more confident of the code youre writing as you can easily check that the code
you wrote fulfills the expectations and assertions your tests make. Additionally because tests are code, they
are easy to re-run whenever you make a change. This helps prevent the creation of new bugs.

Running Tests
Once you have PHPUnit installed and some test cases written, youll want to run the test cases very frequently. Its a good idea to run tests before committing any changes to help ensure you havent broken
anything.

618

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

By using phpunit you can run your application tests. To run your applications tests you can simply run:
// composer installs
$ vendor/bin/phpunit
// phar file
php phpunit.phar

From your applications root directory. To run tests for a plugin that is part of your application source, first
cd into the plugin directory, then use phpunit command that matches how you installed phpunit:
cd plugins
// Using composer installed phpunit
../vendor/bin/phpunit
// Using phar file
php ../phpunit.phar

To run tests on a standalone plugin, you should first install the project in a separate directory and install its
dependencies:
git clone git://github.com/cakephp/debug_kit.git
cd debug_kit
php ~/composer.phar install
php ~/phpunit.phar

Filtering Test Cases


When you have larger test cases, you will often want to run a subset of the test methods when you are trying
to work on a single failing case. With the CLI runner you can use an option to filter test methods:
$ phpunit --filter testSave tests/TestCase/Model/Table/ArticlesTableTest

The filter parameter is used as a case-sensitive regular expression for filtering which test methods to run.

Generating Code Coverage


You can generate code coverage reports from the command line using PHPUnits built-in code coverage
tools. PHPUnit will generate a set of static HTML files containing the coverage results. You can generate
coverage for a test case by doing the following:
$ phpunit --coverage-html webroot/coverage tests/TestCase/Model/Table/ArticlesTableTest

This will put the coverage results in your applications webroot directory. You should be able to view the
results by going to http://localhost/your_app/coverage.

Running Tests

619

CakePHP Cookbook Documentation, Release 3.x

Combining Test Suites for Plugins


Often times your application will be composed of several plugins. In these situations it can be pretty tedious
to run tests for each plugin. You can make running tests for each of the plugins that compose your application
by adding additional <testsuite> sections to your applications phpunit.xml file:
<testsuites>
<testsuite name="App Test Suite">
<directory>./tests/TestCase</directory>
</testsuite>
<!-- Add your plugin suites -->
<testsuite name="Forum plugin">
<directory>./plugins/Forum/tests/TestCase</directory>
</testsuite>
</testsuites>

Any additional test suites added to the <testsuites> element will automatically be run when you use
phpunit.

Test Case Lifecycle Callbacks


Test cases have a number of lifecycle callbacks you can use when doing testing:
setUp is called before every test method. Should be used to create the objects that are going to be
tested, and initialize any data for the test. Always remember to call parent::setUp()
tearDown is called after every test method. Should be used to cleanup after the test is complete.
Always remember to call parent::tearDown().
setupBeforeClass is called once before test methods in a case are started. This method must be
static.
tearDownAfterClass is called once after test methods in a case are started. This method must
be static.

Fixtures
When testing code that depends on models and the database, one can use fixtures as a way to generate
temporary data tables loaded with sample data that can be used by the test. The benefit of using fixtures is
that your test has no chance of disrupting live application data. In addition, you can begin testing your code
prior to actually developing live content for an application.
CakePHP uses the connection named test in your config/datasources.php configuration file. If this connection is not usable, an exception will be raised and you will not be able to use database fixtures.
CakePHP performs the following during the course of a fixture based test case:
1. Creates tables for each of the fixtures needed.
2. Populates tables with data, if data is provided in fixture.
620

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

3. Runs test methods.


4. Empties the fixture tables.
5. Removes fixture tables from database.

Test Connections
By default CakePHP will alias each connection in your application. Each connection defined in your applications bootstrap that does not start with test_ will have a test_ prefixed alias created. Aliasing
connections ensures, you dont accidentally use the wrong connection in test cases. Connection aliasing is
transparent to the rest of your application. For example if you use the default connection, instead you will
get the test connection in test cases. If you use the replica connection, the test suite will attempt to use
test_replica.

Creating Fixtures
When creating a fixture you will mainly define two things: how the table is created (which fields are part of
the table), and which records will be initially populated to the table. Lets create our first fixture, that will be
used to test our own Article model. Create a file named ArticlesFixture.php in your tests/Fixture
directory, with the following content:
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class ArticlesFixture extends TestFixture
{
// Optional. Set this property to load fixtures to a different test datasource
public $connection = 'test';
public $fields = [
'id' => ['type' => 'integer'],
'title' => ['type' => 'string', 'length' => 255, 'null' => false],
'body' => 'text',
'published' => ['type' => 'integer', 'default' => '0', 'null' => false],
'created' => 'datetime',
'modified' => 'datetime',
'_constraints' => [
'primary' => ['type' => 'primary', 'columns' => ['id']]
]
];
public $records = [
[
'id' => 1,
'title' => 'First Article',
'body' => 'First Article Body',
'published' => '1',
'created' => '2007-03-18 10:39:23',
'modified' => '2007-03-18 10:41:31'

Fixtures

621

CakePHP Cookbook Documentation, Release 3.x

],
[
'id' => 2,
'title' => 'Second Article',
'body' => 'Second Article Body',
'published' => '1',
'created' => '2007-03-18 10:41:23',
'modified' => '2007-03-18 10:43:31'
],
[
'id' => 3,
'title' => 'Third Article',
'body' => 'Third Article Body',
'published' => '1',
'created' => '2007-03-18 10:43:23',
'modified' => '2007-03-18 10:45:31'
]
];
}

The $connection property defines the datasource of which the fixture will use. If your application
uses multiple datasources, you should make the fixtures match the models datasources but prefixed with
test_. For example if your model uses the mydb datasource, your fixture should use the test_mydb
datasource. If the test_mydb connection doesnt exist, your models will use the default test datasource.
Fixture datasources must be prefixed with test to reduce the possibility of accidentally truncating all your
applications data when running tests.
We use $fields to specify which fields will be part of this table, and how they are defined. The format
used to define these fields is the same used with Cake\Database\Schema\Table. The keys available
for table definition are:
type CakePHP internal data type. Currently supported:
string: maps to VARCHAR or CHAR
uuid: maps to UUID
text: maps to TEXT
integer: maps to INT
biginteger: maps to BIGINTEGER
decimal: maps to DECIMAL
float: maps to FLOAT
datetime: maps to DATETIME
timestamp: maps to TIMESTAMP
time: maps to TIME
date: maps to DATE
binary: maps to BLOB

622

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

fixed Used with string types to create CHAR columns in platforms that support them.
length Set to the specific length the field should take.
precision Set the number of decimal places used on float & decimal fields.
null Set to either true (to allow NULLs) or false (to disallow NULLs).
default Default value the field takes.
We can define a set of records that will be populated after the fixture table is created. The format is fairly
straight forward, $records is an array of records. Each item in $records should be a single row. Inside
each row, should be an associative array of the columns and values for the row. Just keep in mind that each
record in the $records array must have a key for every field specified in the $fields array. If a field for a
particular record needs to have a null value, just specify the value of that key as null.

Dynamic Data and Fixtures


Since records for a fixture are declared as a class property, you cannot easily use functions or other dynamic
data to define fixtures. To solve this problem, you can define $records in the init() function of your
fixture. For example if you wanted all the created and modified timestamps to reflect todays date you could
do the following:
namespace App\Test\Fixture;
use Cake\TestSuite\Fixture\TestFixture;
class ArticlesFixture extends TestFixture
{
public $fields = [
'id' => ['type' => 'integer'],
'title' => ['type' => 'string', 'length' => 255, 'null' => false],
'body' => 'text',
'published' => ['type' => 'integer', 'default' => '0', 'null' => false],
'created' => 'datetime',
'modified' => 'datetime',
'_constraints' => [
'primary' => ['type' => 'primary', 'columns' => ['id']],
]
];
public function init()
{
$this->records = [
[
'id' => 1,
'title' => 'First Article',
'body' => 'First Article Body',
'published' => '1',
'created' => date('Y-m-d H:i:s'),
'modified' => date('Y-m-d H:i:s'),
],

Fixtures

623

CakePHP Cookbook Documentation, Release 3.x

];
parent::init();
}
}

When overriding init() remember to always call parent::init().

Importing Table Information


Defining the schema in fixture files can be really handy when creating plugins or libraries or if you are
creating an application that needs to easily be portable. Redefining the schema in fixtures can become
difficult to maintain in larger applications. Because of this CakePHP provides the ability to import the
schema from an existing connection and use the reflected table definition to create the table definition used
in the test suite.
Lets start with an example. Assuming you have a table named articles available in your application, change
the example fixture given in the previous section (tests/Fixture/ArticlesFixture.php) to:
class ArticlesFixture extends TestFixture
{
public $import = ['table' => 'articles']
}

If you want to use a different connection use:


class ArticlesFixture extends TestFixture
{
public $import = ['table' => 'articles', 'connection' => 'other'];
}

You can naturally import your table definition from an existing model/table, but have your records defined
directly on the fixture as it was shown on previous section. For example:
class ArticlesFixture extends TestFixture
{
public $import = ['table' => 'articles'];
public $records = [
[
'id' => 1,
'title' => 'First Article',
'body' => 'First Article Body',
'published' => '1',
'created' => '2007-03-18 10:39:23',
'modified' => '2007-03-18 10:41:31'
],
[
'id' => 2,
'title' => 'Second Article',
'body' => 'Second Article Body',
'published' => '1',
'created' => '2007-03-18 10:41:23',
'modified' => '2007-03-18 10:43:31'

624

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

],
[
'id' => 3,
'title' => 'Third Article',
'body' => 'Third Article Body',
'published' => '1',
'created' => '2007-03-18 10:43:23',
'modified' => '2007-03-18 10:45:31'
]
];
}

Finally, you can not load/create any schema in a fixture. This is useful if you already have a test database
setup with all the empty tables created. By defining neither $fields or $import a fixture will only insert
its records and truncate the records on each test method.

Loading Fixtures in your Test Cases


After youve created your fixtures, youll want to use them in your test cases. In each test case you should
load the fixtures you will need. You should load a fixture for every model that will have a query run against
it. To load fixtures you define the $fixtures property in your model:
class ArticlesTest extends TestCase
{
public $fixtures = ['app.articles', 'app.comments'];
}

The above will load the Article and Comment fixtures from the applications Fixture directory. You can also
load fixtures from CakePHP core, or plugins:
class ArticlesTest extends TestCase
{
public $fixtures = ['plugin.debug_kit.articles', 'core.comments'];
}

Using the core prefix will load fixtures from CakePHP, and using a plugin name as the prefix, will load the
fixture from the named plugin.
You can control when your fixtures are loaded by setting Cake\TestSuite\TestCase::$autoFixtures
to false and later load them using Cake\TestSuite\TestCase::loadFixtures():
class ArticlesTest extends TestCase
{
public $fixtures = ['app.articles', 'app.comments'];
public $autoFixtures = false;
public function testMyFunction()
{
$this->loadFixtures('Article', 'Comment');
}
}

Fixtures

625

CakePHP Cookbook Documentation, Release 3.x

You can load fixtures in subdirectories. Using multiple directories can make it easier to organize your
fixtures if you have a larger application. To load fixtures in subdirectories, simply include the subdirectory
name in the fixture name:
class ArticlesTest extends CakeTestCase
{
public $fixtures = ['app.blog/articles', 'app.blog/comments'];
}

In the above example, both fixtures would be loaded from tests/Fixture/blog/.

Testing Table Classes


Lets say we already have our Articles Table class defined in src/Model/Table/ArticlesTable.php, and it
looks like:
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
class ArticlesTable extends Table
{
public function findPublished(Query $query, array $options)
{
$query->where([
$this->alias() . '.published' => 1
]);
return $query;
}
}

We now want to set up a test that will test this table class. Lets now create a file named
ArticlesTableTest.php in your tests/TestCase/Model/Table directory, with the following contents:
namespace App\Test\TestCase\Model\Table;
use App\Model\Table\ArticlesTable;
use Cake\ORM\TableRegistry;
use Cake\TestSuite\TestCase;
class ArticlesTableTest extends TestCase
{
public $fixtures = ['app.articles'];
}

In our test cases variable $fixtures we define the set of fixtures that well use. You should remember to
include all the fixtures that will have queries run against them.

626

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

Creating a Test Method


Lets now add a method to test the function published() in the Article model.
tests/TestCase/Model/Table/ArticlesTableTest.php so it now looks like this:

Edit the file

namespace App\Test\TestCase\Model\Table;
use App\Model\Table\ArticlesTable;
use Cake\ORM\TableRegistry;
use Cake\TestSuite\TestCase;
class ArticlesTableTest extends TestCase
{
public $fixtures = ['app.articles'];
public function setUp()
{
parent::setUp();
$this->Articles = TableRegistry::get('Articles');
}
public function testFindPublished()
{
$query = $this->Articles->find('published');
$this->assertInstanceOf('Cake\ORM\Query', $query);
$result = $query->hydrate(false)->toArray();
$expected = [
['id' => 1, 'title' => 'First Article'],
['id' => 2, 'title' => 'Second Article'],
['id' => 3, 'title' => 'Third Article']
];
$this->assertEquals($expected, $result);
}
}

You can see we have added a method called testPublished(). We start by creating an instance of our
ArticlesTable class, and then run our find(published) method. In $expected we set what
we expect should be the proper result (that we know since we have defined which records are initially populated to the article table.) We test that the result equals our expectation by using the assertEquals()
method. See the Running Tests section for more information on how to run your test case.

Mocking Model Methods


There will be times youll want to mock methods on models when testing them. You should use
getMockForModel to create testing mocks of table classes. It avoids issues with reflected properties
that normal mocks have:
public function testSendingEmails()
{
$model = $this->getMockForModel('EmailVerification', ['send']);
$model->expects($this->once())

Testing Table Classes

627

CakePHP Cookbook Documentation, Release 3.x

->method('send')
->will($this->returnValue(true));
$model->verifyEmail('[email protected]');
}

In your tearDown() method be sure to remove the mock with:


TableRegistry::clear();

Controller Integration Testing


While you can test controller classes in a similar fashion to Helpers, Models, and Components, CakePHP
offers a specialized IntegrationTestCase class. Using this class as the base class for your controller
test cases allows you to more easily do integration testing with your controllers.
If you are unfamiliar with integration testing, it is a testing approach that makes it easy to test multiple units
in concert. The integration testing features in CakePHP simulate an HTTP request being handled by your
application. For example, testing your controller will also exercise any components, models and helpers that
would be involved in handling a given request. This gives you a more high level test of your application and
all its working parts.
Say you have a typical Articles controller, and its corresponding model. The controller code looks like:
namespace App\Controller;
use App\Controller\AppController;
class ArticlesController extends AppController
{
public $helpers = ['Form', 'Html'];
public function index($short = null)
{
if ($this->request->is('post')) {
$article = $this->Articles->newEntity($this->request->data);
if ($this->Articles->save($article)) {
// Redirect as per PRG pattern
return $this->redirect(['action' => 'index']);
}
}
if (!empty($short)) {
$result = $this->Article->find('all', [
'fields' => ['id', 'title']
]);
} else {
$result = $this->Article->find();
}
$this->set([
'title' => 'Articles',

628

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

'articles' => $result


]);
}
}

Create a file named ArticlesControllerTest.php in your tests/TestCase/Controller directory and


put the following inside:
namespace App\Test\TestCase\Controller;
use Cake\ORM\TableRegistry;
use Cake\TestSuite\IntegrationTestCase;
class ArticlesControllerTest extends IntegrationTestCase
{
public $fixtures = ['app.articles'];
public function testIndex()
{
$this->get('/articles?page=1');
$this->assertResponseOk();
// More asserts.
}
public function testIndexQueryData()
{
$this->get('/articles?page=1');
$this->assertResponseOk();
// More asserts.
}
public function testIndexShort()
{
$this->get('/articles/index/short');
$this->assertResponseOk();
$this->assertResponseContains('Articles');
// More asserts.
}
public function testIndexPostData()
{
$data = [
'user_id' => 1,
'published' => 1,
'slug' => 'new-article',
'title' => 'New Article',
'body' => 'New Body'
];
$this->post('/articles', $data);

Controller Integration Testing

629

CakePHP Cookbook Documentation, Release 3.x

$this->assertResponseSuccess();
$articles = TableRegistry::get('Articles');
$query = $articles->find()->where(['title' => $data['title']]);
$this->assertEquals(1, $query->count());
}
}

This example shows a few of the request sending methods and a few of the assertions that
IntegrationTestCase provides. Before you can do any assertions youll need to dispatch a request.
You can use one of the following methods to send a request:
get() Sends a GET request.
post() Sends a POST request.
put() Sends a PUT request.
delete() Sends a DELETE request.
patch() Sends a PATCH request.
All of the methods except get() and delete() accept a second parameter that allows you to
send a request body. After dispatching a request you can use the various assertions provided by
IntegrationTestCase or by PHPUnit to ensure your request had the correct side-effects.

Setting up the Request


The IntegrationTestCase class comes with a number of helpers to make it easy to configure the
requests you will send to your application under test:
// Set cookies
$this->cookie('name', 'Uncle Bob');
// Set session data
$this->session(['Auth.User.id' => 1]);
// Configure headers
$this->configRequest([
'headers' => ['Accept' => 'application/json']
]);

The state set by these helper methods is reset in the tearDown() method.

Testing Actions That Require Authentication


If you are using AuthComponent you will need to stub out the session data that AuthComponent uses
to validate a users identity. You can use helper methods in IntegrationTestCase to do this. Assuming you had an ArticlesController that contained an add method, and that add method required
authentication, you could write the following tests:

630

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

public function testAddUnauthenticatedFails()


{
// No session data set.
$this->get('/articles/add');
$this->assertRedirect(['controller' => 'Users', 'action' => 'login']);
}
public function testAddAuthenticated()
{
// Set session data
$this->session([
'Auth' => [
'User' => [
'id' => 1,
'username' => 'testing',
// other keys.
]
]
]);
$this->get('/articles/add');
$this->assertResponseOk();
// Other assertions.
}

Assertion methods
The IntegrationTestCase class provides a number of assertion methods that make testing responses
much simpler. Some examples are:
// Check for a 2xx response code
$this->assertResponseOk();
// Check for a 2xx/3xx response code
$this->assertResponseSuccess();
// Check for a 4xx response code
$this->assertResponseError();
// Check for a 5xx response code
$this->assertResponseFailure();
// Check for a specific response code, e.g. 200
$this->assertResponseCode(200);
// Check the Location header
$this->assertRedirect(['controller' => 'Articles', 'action' => 'index']);
// Check that no Location header has been set
$this->assertNoRedirect();

Controller Integration Testing

631

CakePHP Cookbook Documentation, Release 3.x

// Check a part of the Location header


$this->assertRedirectContains('/articles/edit/');
// Assert not empty response content
$this->assertResponseNotEmpty();
// Assert empty response content
$this->assertResponseEmpty();
// Assert response content
$this->assertResponseEquals('Yeah!');
// Assert partial response content
$this->assertResponseContains('You won!');
$this->assertResponseNotContains('You lost!');
// Assert layout
$this->assertLayout('default');
// Assert which template was rendered (if any)
$this->assertTemplate('index');
// Assert data in the session
$this->assertSession(1, 'Auth.User.id');
// Assert response header.
$this->assertHeader('Content-Type', 'application/json');
// Assert view variables
$this->assertEquals('jose', $this->viewVariable('user.username'));
// Assert cookies in the response
$this->assertCookie('1', 'thingid');
// Check the content type
$this->assertContentType('application/json');

In addition to the above assertion methods, you can also use all of the assertions in TestSuite4 and those
found in PHPUnit5

Testing a JSON Responding Controller


JSON is a friendly and common format to use when building a web service. Testing the endpoints of your
web service is very simple with CakePHP. Let us begin with a simple example controller that responds in
JSON:
class MarkersController extends AppController
{
public function initialize()
4
5

http://api.cakephp.org/3.0/class-Cake.TestSuite.TestCase.html
https://phpunit.de/manual/current/en/appendixes.assertions.html

632

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

{
parent::initialize();
$this->loadComponent('RequestHandler');
}
public function view($id)
{
$marker = $this->Markers->get($id);
$this->set([
'_serialize' => ['marker'],
'marker' => $marker,
]);
}
}

Now we create the file tests/TestCase/Controller/MarkersControllerTest.php and make sure our web
service is returning the proper response:
class MarkersControllerTest extends IntegrationTestCase
{
public function testGet()
{
$this->configRequest([
'headers' => ['Accept' => 'application/json']
]);
$result = $this->get('/markers/view/1.json');
// Check that the response was a 200
$this->assertResponseOk();
$expected = [
['id' => 1, 'lng' => 66, 'lat' => 45],
];
$expected = json_encode($expected, JSON_PRETTY_PRINT);
$this->assertEquals($expected, $this->_response->body());
}
}

We use the JSON_PRETTY_PRINT option as CakePHPs built in JsonView will use that option when
debug is enabled.

Testing Views
Generally most applications will not directly test their HTML code. Doing so is often results in fragile, difficult to maintain test suites that are prone to breaking. When writing functional tests using
IntegrationTestCase you can inspect the rendered view content by setting the return option to
view. While it is possible to test view content using IntegrationTestCase, a more robust and maintainable
integration/view testing can be accomplished using tools like Selenium webdriver6 .
6

http://seleniumhq.org

Testing Views

633

CakePHP Cookbook Documentation, Release 3.x

Testing Components
Lets pretend we have a component called PagematronComponent in our application. This component helps
us set the pagination limit value across all the controllers that use it. Here is our example component located
in src/Controller/Component/PagematronComponent.php:
class PagematronComponent extends Component
{
public $controller = null;
public function setController($controller)
{
$this->controller = $controller;
// Make sure the controller is using pagination
if (!isset($this->controller->paginate)) {
$this->controller->paginate = [];
}
}
public function startup(Event $event)
{
$this->setController($event->subject());
}
public function adjust($length = 'short')
{
switch ($length) {
case 'long':
$this->controller->paginate['limit'] = 100;
break;
case 'medium':
$this->controller->paginate['limit'] = 50;
break;
default:
$this->controller->paginate['limit'] = 20;
break;
}
}
}

Now we can write tests to ensure our paginate limit parameter is being
correctly by the adjust() method in our component.
We create the
tests/TestCase/Controller/Component/PagematronComponentTest.php:

set
file

namespace App\Test\TestCase\Controller\Component;
use
use
use
use
use
use

634

App\Controller\Component\PagematronComponent;
Cake\Controller\Controller;
Cake\Controller\ComponentRegistry;
Cake\Network\Request;
Cake\Network\Response;
Cake\TestSuite\TestCase;

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

class PagematronComponentTest extends TestCase


{
public $component = null;
public $controller = null;
public function setUp()
{
parent::setUp();
// Setup our component and fake test controller
$request = new Request();
$response = new Response();
$this->controller = $this->getMock(
'Cake\Controller\Controller',
[],
[$request, $response]
);
$registry = new ComponentRegistry($this->controller);
$this->component = new PagematronComponent($registry);
}
public function testAdjust()
{
// Test our adjust method with different parameter settings
$this->component->adjust();
$this->assertEquals(20, $this->controller->paginate['limit']);
$this->component->adjust('medium');
$this->assertEquals(50, $this->controller->paginate['limit']);
$this->component->adjust('long');
$this->assertEquals(100, $this->controller->paginate['limit']);
}
public function tearDown()
{
parent::tearDown();
// Clean up after we're done
unset($this->component, $this->controller);
}
}

Testing Helpers
Since a decent amount of logic resides in Helper classes, its important to make sure those classes are covered
by test cases.
First we create an example helper to test. The CurrencyRendererHelper will help us display currencies in our views and for simplicity only has one method usd():

Testing Helpers

635

CakePHP Cookbook Documentation, Release 3.x

// src/View/Helper/CurrencyRendererHelper.php
namespace App\View\Helper;
use Cake\View\Helper;
class CurrencyRendererHelper extends Helper
{
public function usd($amount)
{
return 'USD ' . number_format($amount, 2, '.', ',');
}
}

Here we set the decimal places to 2, decimal separator to dot, thousands separator to comma, and prefix the
formatted number with USD string.
Now we create our tests:
// tests/TestCase/View/Helper/CurrencyRendererHelperTest.php
namespace App\Test\TestCase\View\Helper;
use App\View\Helper\CurrencyRendererHelper;
use Cake\TestSuite\TestCase;
use Cake\View\View;
class CurrencyRendererHelperTest extends TestCase
{
public $helper = null;
// Here we instantiate our helper
public function setUp()
{
parent::setUp();
$View = new View();
$this->helper = new CurrencyRendererHelper($View);
}
// Testing the usd() function
public function testUsd()
{
$this->assertEquals('USD 5.30', $this->helper->usd(5.30));
// We should always have 2 decimal digits
$this->assertEquals('USD 1.00', $this->helper->usd(1));
$this->assertEquals('USD 2.05', $this->helper->usd(2.05));
// Testing the thousands separator
$this->assertEquals(
'USD 12,000.70',
$this->helper->usd(12000.70)
);
}

636

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

Here, we call usd() with different parameters and tell the test suite to check if the returned values are equal
to what is expected.
Save this and execute the test. You should see a green bar and messaging indicating 1 pass and 4 assertions.
When you are testing a Helper which uses other helpers, be sure to mock the View clases loadHelpers
method.

Creating Test Suites


If you want several of your tests to run at the same time, you can create a test suite. A test suite is composed
of several test cases. You can either create test suites in your applications phpunit.xml file, or by
creating suite classes using CakeTestSuite. Using phpunit.xml is good when you only need simple
include/exclude rules to define your test suite. A simple example would be
<testsuites>
<testsuite name="Models">
<directory>src/Model</directory>
<file>src/Service/UserServiceTest.php</file>
<exclude>src/Model/Cloud/ImagesTest.php</exclude>
</testsuite>
</testsuites>

CakeTestSuite offers several methods for easily creating test suites based on the file system. It allows
you to run any code you want to prepare your test suite. If we wanted to create a test suite for all our model
tests we could would create tests/TestCase/AllModelTest.php. Put the following in it:
class AllModelTest extends TestSuite
{
public static function suite() {
$suite = new CakeTestSuite('All model tests');
$suite->addTestDirectory(TESTS . 'Case/Model');
return $suite;
}
}

The code above will group all test cases found in the tests/TestCase/Model/ folder. To add an individual file,
use $suite->addTestFile($filename);. You can recursively add a directory for all tests using:
$suite->addTestDirectoryRecursive(TESTS . 'TestCase');

Would recursively add all test cases in the tests/TestCase/ directory.

Creating Tests for Plugins


Tests for plugins are created in their own directory inside the plugins folder.

Creating Test Suites

637

CakePHP Cookbook Documentation, Release 3.x

/src
/plugins
/Blog
/tests
/TestCase
/Fixture

They work just like normal tests but you have to remember to use the naming conventions for plugins when
importing classes. This is an example of a testcase for the BlogPost model from the plugins chapter of
this manual. A difference from other tests is in the first line where Blog.BlogPost is imported. You also
need to prefix your plugin fixtures with plugin.blog.blog_posts:
namespace Blog\Test\TestCase\Model\Table;
use Blog\Model\Table\BlogPostsTable;
use Cake\TestSuite\TestCase;
class BlogPostsTableTest extends TestCase
{
// Plugin fixtures located in /plugins/Blog/tests/Fixture/
public $fixtures = ['plugin.blog.blog_posts'];
public function testSomething()
{
// Test something.
}
}

If you want to use plugin fixtures in the app tests you can
plugin.pluginName.fixtureName syntax in the $fixtures array.

reference

them

using

Before you can use fixtures you should double check that your phpunit.xml contains the fixture listener:
<!-- Setup a listener for fixtures -->
<listeners>
<listener
class="\Cake\TestSuite\Fixture\FixtureInjector"
file="./vendor/cakephp/cakephp/src/TestSuite/Fixture/FixtureInjector.php">
<arguments>
<object class="\Cake\TestSuite\Fixture\FixtureManager" />
</arguments>
</listener>
</listeners>

You should also ensure that your fixtures are loadable.


composer.json file:

Ensure the following is present in your

"autoload-dev": {
"psr-4": {
"MyPlugin\\Test\\": "./plugins/MyPlugin/tests"
}
}

638

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

Note: Remember to run composer.phar dumpautoload when adding new autoload mappings.

Generating Tests with Bake


If you use bake to generate scaffolding, it will also generate test stubs. If you need to re-generate test case
skeletons, or if you want to generate test skeletons for code you wrote, you can use bake:
bin/cake bake test <type> <name>

<type> should be one of:


1. Entity
2. Table
3. Controller
4. Component
5. Behavior
6. Helper
7. Shell
8. Cell
While <name> should be the name of the object you want to bake a test skeleton for.

Integration with Jenkins


Jenkins7 is a continuous integration server, that can help you automate the running of your test cases. This
helps ensure that all your tests stay passing and your application is always ready.
Integrating a CakePHP application with Jenkins is fairly straightforward. The following assumes youve
already installed Jenkins on *nix system, and are able to administer it. You also know how to create jobs,
and run builds. If you are unsure of any of these, refer to the Jenkins documentation8 .

Create a Job
Start off by creating a job for your application, and connect your repository so that jenkins can access your
code.
7
8

http://jenkins-ci.org
http://jenkins-ci.org/

Generating Tests with Bake

639

CakePHP Cookbook Documentation, Release 3.x

Add Test Database Config


Using a separate database just for Jenkins is generally a good idea, as it stops bleed through and avoids a
number of basic problems. Once youve created a new database in a database server that jenkins can access
(usually localhost). Add a shell script step to the build that contains the following:
cat > config/app_local.php <<'CONFIG'
<?php
return [
'Datasources' => [
'test' => [
'datasource' => 'Database/Mysql',
'host'
=> 'localhost',
'database'
=> 'jenkins_test',
'username'
=> 'jenkins',
'password'
=> 'cakephp_jenkins',
'encoding'
=> 'utf8'
]
]
];
CONFIG

Then uncomment the following line in your config/bootstrap.php file:


//Configure::load('app_local', 'default');

By creating an app_local.php file, you have an easy way to define configuration specific to Jenkins.
You can use this same configuration file to override any other configuration files you need on Jenkins.
Its often a good idea to drop and re-create the database before each build as well. This insulates you from
chained failures, where one broken build causes others to fail. Add another shell script step to the build that
contains the following:

mysql -u jenkins -pcakephp_jenkins -e 'DROP DATABASE IF EXISTS jenkins_test; CREATE DATABAS

Add your Tests


Add another shell script step to your build. In this step install your dependencies and run the tests for your
application. Creating a junit log file, or clover coverage is often a nice bonus, as it gives you a nice graphical
view of your testing results:
# Download Composer if it is missing.
test -f 'composer.phar' || curl -sS https://getcomposer.org/installer| php
# Install dependencies
php composer.phar install
vendor/bin/phpunit --log-junit junit.xml --coverage-clover clover.xml

If you use clover coverage, or the junit results, make sure to configure those in Jenkins as well. Failing to
configure those steps will mean you wont see the results.

640

Chapter 30. Testing

CakePHP Cookbook Documentation, Release 3.x

Run a Build
You should be able to run a build now. Check the console output and make any necessary changes to get a
passing build.

Integration with Jenkins

641

CakePHP Cookbook Documentation, Release 3.x

642

Chapter 30. Testing

CHAPTER 31

Validation

The validation package in CakePHP provides features to build validators that can validate arbitrary arrays
of data with ease.

Creating Validators
class Cake\Validation\Validator
Validator objects define the rules that apply to a set of fields. Validator objects contain a mapping between
fields and validation sets. In turn, the validation sets contain a collection of rules that apply to the field they
are attached to. Creating a validator is simple:
use Cake\Validation\Validator;
$validator = new Validator();

Once created, you can start defining sets of rules for the fields you want to validate:
$validator
->requirePresence('title')
->notEmpty('title', 'Please fill this field')
->add('title', [
'length' => [
'rule' => ['minLength', 10],
'message' => 'Titles need to be at least 10 characters long',
]
])
->allowEmpty('published')
->add('published', 'boolean', [
'rule' => 'boolean'
])
->requirePresence('body')
->add('body', 'length', [
'rule' => ['minLength', 50],

643

CakePHP Cookbook Documentation, Release 3.x

'message' => 'Articles must have a substantial body.'


]);

As seen in the example above, validators are built with a fluent interface that allows you to define rules for
each field you want to validate.
There were a few methods called in the example above, so lets go over the various features. The add()
method allows you to add new rules to a validator. You can either add rules individually or in groups as seen
above.

Requiring Field Presence


The requirePresence() method requires the field to be present in any validated array. If the field is
absent, validation will fail. The requirePresence() method has 4 modes:
true The fields presence is always required.
false The fields presence is not required.
create The fields presence is required when validating a create operation.
update The fields presence is required when validating an update operation.
By default, true is used. Key presence is checked by using array_key_exists() so that null values
will count as present. You can set the mode using the second parameter:
$validator->requirePresence('author_id', 'create');

Allowing Empty Fields


The allowEmpty() and notEmpty() methods allow you to control which fields are allowed to be
empty. By using the notEmpty() method, the given field will be marked invalid when it is empty. You
can use allowEmpty() to allow a field to be empty. Both allowEmpty() and notEmpty() support
a mode parameter that allows you to control when a field can or cannot be empty:
false The field is not allowed to be empty.
create The field is required when validating a create operation.
update The field is required when validating an update operation.
The values , null and [] (empty array) will cause validation errors when fields are not allowed to be
empty. When fields are allowed to be empty, the values , null, false, [], 0, 0 are accepted.
An example of these methods in action is:
$validator->allowEmpty('published')
->notEmpty('title', 'A title is required')
->notEmpty('body', 'A body is required', 'create')
->allowEmpty('header_image', 'update');

Notice that these examples take a provider key. Adding Validator providers is further explained in
the following sections.
644

Chapter 31. Validation

CakePHP Cookbook Documentation, Release 3.x

Marking Rules as the Last to Run


When fields have multiple rules, each validation rule will be run even if the previous one has failed. This
allows you to collect as many validation errors as you can in a single pass. However, if you want to stop
execution after a specific rule has failed, you can set the last option to true:
$validator = new Validator();
$validator
->add('body', [
'minLength' => [
'rule' => ['minLength', 10],
'last' => true,
'message' => 'Comments must have a substantial body.'
],
'maxLength' => [
'rule' => ['maxLength', 250],
'message' => 'Comments cannot be too long.'
]
]);

If the minLength rule fails in the example above, the maxLength rule will not be run.

Adding Validation Providers


The Validator, ValidationSet and ValidationRule classes do not provide any validation methods themselves. Validation rules come from providers. You can bind any number of providers to a Validator object. Validator instances come with a default provider setup automatically. The default provider is
mapped to the Validation\Validation class. This makes it simple to use the methods on that class
as validation rules. When using Validators and the ORM together, additional providers are configured for
the table and entity objects. You can use the provider() method to add any additional providers your
application needs:
$validator = new Validator();
// Use an object instance.
$validator->provider('custom', $myObject);
// Use a class name. Methods must be static.
$validator->provider('custom', 'App\Model\Validation');

Validation providers can be objects, or class names. If a class name is used the methods must be static. To
use a provider other than default, be sure to set the provider key in your rule:
// Use a rule from the table provider
$validator->add('title', 'unique', [
'rule' => 'uniqueTitle',
'provider' => 'table'
]);

Creating Validators

645

CakePHP Cookbook Documentation, Release 3.x

Custom Validation Rules


In addition to using methods coming from providers, you can also use any callable, including anonymous
functions, as validation rules:
// Use a global function
$validator->add('title', 'custom', [
'rule' => 'validate_title'
]);
// Use an array callable that is not in a provider
$validator->add('title', 'custom', [
'rule' => [$this, 'method']
]);
// Use a closure
$extra = 'Some additional value needed inside the closure';
$validator->add('title', 'custom', [
'rule' => function ($value, $context) use ($extra) {
// Custom logic that returns true/false
}
]);
// Use a rule from a custom provider
$validator->add('title', 'unique', [
'rule' => 'uniqueTitle',
'provider' => 'custom'
]);

Closures or callable methods will receive 2 arguments when called. The first will be the value for the field
being validated. The second is a context array containing data related to the validation process:
data: The original data passed to the validation method, useful if you plan to create rules comparing
values.
providers: The complete list of rule provider objects, useful if you need to create complex rules by
calling multiple providers.
newRecord: Whether the validation call is for a new record or a pre-existent one.

Conditional Validation
When defining validation rules, you can use the on key to define when a validation rule should be applied.
If left undefined, the rule will always be applied. Other valid values are create and update. Using one
of these values will make the rule apply to only create or update operations.
Additionally, you can provide a callable function that will determine whether or not a particular rule should
be applied:
$validator->add('picture', 'file', [
'rule' => ['mimeType', ['image/jpeg', 'image/png']],
'on' => function ($context) {
return !empty($context['data']['show_profile_picture']);

646

Chapter 31. Validation

CakePHP Cookbook Documentation, Release 3.x

}
]);

You can access the other submitted fields values using the $context[data] array. The above example
will make the rule for picture optional depending on whether the value for show_profile_picture
is empty. You could also use the uploadedFile validation rule to create optional file upload inputs:
$validator->add('picture', 'file', [
'rule' => ['uploadedFile', ['optional' => true]],
]);

The allowEmpty() and notEmpty() methods will also accept a callback function as their last argument. If present, the callback determines whether or not the rule should be applied. For example, a field can
be sometimes allowed to be empty:
$validator->allowEmpty('tax', function ($context) {
return !$context['data']['is_taxable'];
});

Likewise, a field can be required to be populated when certain conditions are met:
$validator->notEmpty('email_frequency', 'This field is required', function ($context) {
return !empty($context['data']['wants_newsletter']);
});

In the above example, the email_frequency field cannot be left empty if the the user wants to receive
the newsletter.

Nesting Validators
New in version 3.0.5.
When validating Modelless Forms with nested data, or when working with models that contain array data
types, it is necessary to validate the nested data you have. CakePHP makes it simple to add validators to
specific attributes. For example, assume you are working with a non-relational database and need to store
an article and its comments:
$data = [
'title' => 'Best article',
'comments' => [
['comment' => '']
]
];

To validate the comments you would use a nested validator:


$validator = new Validator();
$validator->add('title', 'not-blank', ['rule' => 'notBlank']);
$commentValidator = new Validator();
$commentValidator->add('comment', 'not-blank', ['rule' => 'notBlank']);

Creating Validators

647

CakePHP Cookbook Documentation, Release 3.x

// Connect the nested validators.


$validator->addNestedMany('comments', $commentValidator);
// Get all errors including those from nested validators.
$validator->errors($data);

You can create 1:1 relationships with addNested() and 1:N relationships with addNestedMany().
With both methods, the nested validators errors will contribute to the parent validators errors and influence
the final result.

Creating Reusable Validators


While defining validators inline where they are used makes for good example code, it doesnt lead to easily
maintainable applications. Instead, you should create Validator sub-classes for your reusable validation
logic:
// In src/Model/Validation/ContactValidator.php
namespace App\Model\Validation;
use Cake\Validation\Validator;
class ContactValidator extends Validator
{
public function __construct()
{
parent::__construct();
// Add validation rules here.
}
}

Validating Data
Now that youve created a validator and added the rules you want to it, you can start using it to validate data.
Validators are able to validate array based data. For example, if you wanted to validate a contact form before
creating and sending an email you could do the following:
use Cake\Validation\Validator;
$validator = new Validator();
$validator
->requirePresence('email')
->add('email', 'validFormat', [
'rule' => 'email',
'message' => 'E-mail must be valid'
])
->requirePresence('name')
->notEmpty('name', 'We need your name.')
->requirePresence('comment')
->notEmpty('comment', 'You need to give a comment.');

648

Chapter 31. Validation

CakePHP Cookbook Documentation, Release 3.x

$errors = $validator->errors($this->request->data());
if (!empty($errors)) {
// Send an email.
}

The errors() method will return a non-empty array when there are validation failures. The returned array
of errors will be structured like:
$errors = [
'email' => ['E-mail must be valid']
];

If you have multiple errors on a single field, an array of error messages will be returned per field. By default
the errors() method applies rules for the create mode. If youd like to apply update rules you can do
the following:
$errors = $validator->errors($this->request->data(), false);
if (!empty($errors)) {
// Send an email.
}

Note:
If
you
need
to
validate
entities
you
should
use
methods
like
ORM\Table::newEntity(),
ORM\Table::newEntities(),
ORM\Table::patchEntity(), ORM\Table::patchEntities() or ORM\Table::save()
as they are designed for that.

Validating Entities
While entities are validated as they are saved, you may also want to validate entities before attempting to
do any saving. Validating entities before saving is done automatically when using the newEntity(),
newEntities(), patchEntity() or patchEntities():
// In the ArticlesController class
$article = $this->Articles->newEntity($this->request->data());
if ($article->errors()) {
// Do work to show error messages.
}

Similarly, when you need to pre-validate multiple entities at a time, you can use the newEntities()
method:
// In the ArticlesController class
$entities = $this->Articles->newEntities($this->request->data());
foreach ($entities as $entity) {
if (!$entity->errors()) {
$this->Articles->save($entity);
}
}

Validating Entities

649

CakePHP Cookbook Documentation, Release 3.x

The newEntity(), patchEntity() and newEntities() methods allow you to specify which associations are validated, and which validation sets to apply using the options parameter:
$valid = $this->Articles->newEntity($article, [
'associated' => [
'Comments' => [
'associated' => ['User'],
'validate' => 'special',
]
]
]);

Validation is commonly used for user-facing forms or interfaces, and thus it is not limited to only validating
columns in the table schema. However, maintaining integrity of data regardless where it came from is
important. To solve this problem CakePHP offers a second level of validation which is called application
rules. You can read more about them in the Applying Application Rules section.

Core Validation Rules


CakePHP provides a basic suite of validation methods in the Validation class. The Validation class
contains a variety of static methods that provide validators for a several common validation situations.
The API documentation1 for the Validation class provides a good list of the validation rules that are
available, and their basic usage.
Some of the validation methods accept additional parameters to define boundary conditions or valid options.
You can provide these boundary conditions & options as follows:
$validator = new Validator();
$validator
->add('title', 'minLength', [
'rule' => ['minLength', 10]
])
->add('rating', 'validValue', [
'rule' => ['range', 1, 5]
]);

Core rules that take additional parameters should have an array for the rule key that contains the rule as
the first element, and the additional parameters as the remaining parameters.

http://api.cakephp.org/3.0/class-Cake.Validation.Validation.html

650

Chapter 31. Validation

CHAPTER 32

App Class

class Cake\Core\App
The App class is responsible for resource location and path management.

Finding Classes
static Cake\Core\App::classname($name, $type = , $suffix = )
This method is used to resolve classnames throughout CakePHP. It resolves the short form names CakePHP
uses and returns the fully resolved classname:
// Resolve a short classname with the namespace + suffix.
App::classname('Auth', 'Controller/Component', 'Component');
// Returns Cake\Controller\Component\AuthComponent
// Resolve a plugin name.
App::classname('DebugKit.Toolbar', 'Controller/Component', 'Component');
// Returns DebugKit\Controller\Component\ToolbarComponent
// Names with \ in them will be returned unaltered.
App::classname('App\Cache\ComboCache');
// Returns App\Cache\ComboCache

When resolving classes, the App namespace will be tried, and if the class does not exist the Cake namespace
will be attempted. If both classnames do not exist, false will be returned.

Finding Paths to Namespaces


static Cake\Core\App::path(string $package, string $plugin = null)
Used to get locations for paths based on conventions:

651

CakePHP Cookbook Documentation, Release 3.x

// Get the path to Controller/ in your application


App::path('Controller');

This can be done for all namespaces that are part of your application. You can also fetch paths for a plugin:
// Returns the component paths in DebugKit
App::path('Component', 'DebugKit');

App::path() will only return the default path, and will not be able to provide any information about
additional paths the autoloader is configured for.
static Cake\Core\App::core(string $package)
Used for finding the path to a package inside CakePHP:
// Get the path to Cache engines.
App::core('Cache/Engine');

Locating Plugins
static Cake\Core\Plugin::path(string $plugin)
Plugins can be located with Plugin. Using Plugin::path(DebugKit); for example, will give you
the full path to the DebugKit plugin:
$path = Plugin::path('DebugKit');

Locating Themes
Since themes are plugins, you can use the methods above to get the path to a theme.

Loading Vendor Files


Ideally vendor files should be autoloaded with Composer, if you have vendor files that cannot be autoloaded or installed with Composer you will need to use require to load them.
If you cannot install a library with Composer, it is best to install each library in a directory following
Composers convention of vendor/$author/$package. If you had a library called AcmeLib, you
could install it into vendor/Acme/AcmeLib. Assuming it did not use PSR-0 compatible classnames
you could autoload the classes within it using classmap in your applications composer.json:
"autoload": {
"psr-4": {
"App\\": "App",
"App\\Test\\": "Test",
"": "./Plugin"
},
"classmap": [

652

Chapter 32. App Class

CakePHP Cookbook Documentation, Release 3.x

"vendor/Acme/AcmeLib"
]
}

If your vendor library does not use classes, and instead provides functions, you can configure Composer to
load these files at the beginning of each request using the files autoloading strategy:
"autoload": {
"psr-4": {
"App\\": "App",
"App\\Test\\": "Test",
"": "./Plugin"
},
"files": [
"vendor/Acme/AcmeLib/functions.php"
]
}

After configuring the vendor libraries you will need to regenerate your applications autoloader using:
$ php composer.phar dump-autoload

If you happen to not be using Composer in your application, you will need to manually load all vendor
libraries yourself.

Loading Vendor Files

653

CakePHP Cookbook Documentation, Release 3.x

654

Chapter 32. App Class

CHAPTER 33

Collections

class Cake\Collection\Collection
The collection classes provide a set of tools to manipulate arrays or Traversable objects. If you have
ever used underscore.js, you have an idea of what you can expect from the collection classes.
Collection instances are immutable; modifying a collection will instead generate a new collection. This
makes working with collection objects more predictable as operations are side-effect free.

Quick Example
Collections can be created using an array or Traversable object. Youll also interact with collections
every time you interact with the ORM in CakePHP. A simple use of a Collection would be:
use Cake\Collection\Collection;
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
// Create a new collection containing elements
// with a value greater than one.
$overOne = $collection->filter(function ($value, $key, $iterator) {
return $value > 1;
});

The Collection\CollectionTrait allows you to integrate collection-like features into any


Traversable object you have in your application as well.

List of Methods
append
buffered

655

CakePHP Cookbook Documentation, Release 3.x

combine
compile
contains
countBy
each
every
extract
filter
first
groupBy
indexBy
insert
isEmpty
last
listNested
map
match
max
min
nest
reduce
reject
sample
shuffle
skip
some
sortBy
stopWhen
take
through
unfold
zip
656

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

Iterating
Cake\Collection\Collection::each(callable $c)
Collections can be iterated and/or transformed into new collections with the each() and map() methods.
The each() method will not create a new collection, but will allow you to modify any objects within the
collection:
$collection = new Collection($items);
$collection = $collection->each(function ($value, $key) {
echo "Element $key: $value";
});

The return of each() will be the collection object. Each will iterate the collection immediately applying
the callback to each value in the collection.
Cake\Collection\Collection::map(callable $c)
The map() method will create a new collection based on the output of the callback being applied to each
object in the original collection:
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
$new = $collection->map(function ($value, $key) {
return $value * 2;
});
// $result contains ['a' => 2, 'b' => 4, 'c' => 6];
$result = $new->toArray();

The map() method will create a new iterator which lazily creates the resulting items when iterated.
Cake\Collection\Collection::extract($matcher)
One of the most common uses for a map() function is to extract a single column from a collection. If
you are looking to build a list of elements containing the values for a particular property, you can use the
extract() method:
$collection = new Collection($people);
$names = $collection->extract('name');
// $result contains ['mark', 'jose', 'barbara'];
$result = $names->toArray();

As with many other functions in the collection class, you are allowed to specify a dot-separated path for
extracting columns. This example will return a collection containing the author names from a list of articles:
$collection = new Collection($articles);
$names = $collection->extract('author.name');
// $result contains ['Maria', 'Stacy', 'Larry'];
$result = $names->toArray();

Iterating

657

CakePHP Cookbook Documentation, Release 3.x

Finally, if the property you are looking after cannot be expressed as a path, you can use a callback function
to return it:
$collection = new Collection($articles);
$names = $collection->extract(function ($article) {
return $article->author->name . ', ' . $article->author->last_name;
});

Often, the properties you need to extract a common key present in multiple arrays or objects that are deeply
nested inside other structures. For those cases you can use the {*} matcher in the path key:
$data = [
[
'name' => 'James',
'phone_numbers' => [
['number' => 'number-1'],
['number' => 'number-2'],
['number' => 'number-3'],
]
],
[
'name' => 'James',
'phone_numbers' => [
['number' => 'number-4'],
['number' => 'number-5'],
]
]
];
$numbers = (new Collection($data))->extract('phone_numbers.{*}.number');
$numbers->toList();
// Returns ['number-1', 'number-2', 'number-3', 'number-4', 'number-5']

Cake\Collection\Collection::combine($keyPath, $valuePath, $groupPath = null)


Collections allow you to create a new collection made from keys and values in an existing collection. Both
the key and value paths can be specified with dot notation paths:
$items = [
['id' => 1, 'name' => 'foo', 'parent' => 'a'],
['id' => 2, 'name' => 'bar', 'parent' => 'b'],
['id' => 3, 'name' => 'baz', 'parent' => 'a'],
];
$combined = (new Collection($items))->combine('id', 'name');
// Result will look like this when converted to array
[
1 => 'foo',
2 => 'bar',
3 => 'baz',
];

You can also optionally use a groupPath to group results based on a path:

658

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

$combined = (new Collection($items))->combine('id', 'name', 'parent');


// Result will look like this when converted to array
[
'a' => [1 => 'foo', 3 => 'baz'],
'b' => [2 => 'bar']
];

Finally you can use closures to build keys/values/groups paths dynamically, for example when working with
entities and dates (converted to Cake/Time instances by the ORM) you may want to group results by date:
$combined = (new Collection($entities))->combine(
'id',
function ($entity) { return $entity; },
function ($entity) { return $entity->date->toDateString(); }
);

// Result will look like this when converted to array


[
'date string like 2015-05-01' => ['entity1->id' => entity1, 'entity2->id' => entity2, .
'date string like 2015-06-01' => ['entity1->id' => entity1, 'entity2->id' => entity2, .
]

Cake\Collection\Collection::stopWhen(callable $c)
You can stop the iteration at any point using the stopWhen() method. Calling it in a collection will create
a new one that will stop yielding results if the passed callable returns false for one of the elements:
$items = [10, 20, 50, 1, 2];
$collection = new Collection($items);
$new = $collection->stopWhen(function ($value, $key) {
// Stop on the first value bigger than 30
return $value > 30;
});
// $result contains [10, 20];
$result = $new->toArray();

Cake\Collection\Collection::unfold(callable $c)
Sometimes the internal items of a collection will contain arrays or iterators with more items. If you wish
to flatten the internal structure to iterate once over all elements you can use the unfold() method. It will
create a new collection that will yield every single element nested in the collection:
$items = [[1, 2, 3], [4, 5]];
$collection = new Collection($items);
$new = $collection->unfold();
// $result contains [1, 2, 3, 4, 5];
$result = $new->toList();

When passing a callable to unfold() you can control what elements will be unfolded from each item in
the original collection. This is useful for returning data from paginated services:
Iterating

659

CakePHP Cookbook Documentation, Release 3.x

$pages = [1, 2, 3, 4];


$collection = new Collection($pages);
$items = $collection->unfold(function ($page, $key) {
// An imaginary web service that returns a page of results
return MyService::fetchPage($page)->toArray();
});
$allPagesItems = $items->toList();

If you are using PHP 5.5+, you can use the yield keyword inside unfold() to return as many elements
for each item in the collection as you may need:
$oddNumbers = [1, 3, 5, 7];
$collection = new Collection($oddNumbers);
$new = $collection->unfold(function ($oddNumber) {
yield $oddNumber;
yield $oddNumber + 1;
});
// $result contains [1, 2, 3, 4, 5, 6, 7, 8];
$result = $new->toList();

Filtering
Cake\Collection\Collection::filter(callable $c)
Collections make it easy to filter and create new collections based on the result of callback functions. You
can use filter() to create a new collection of elements matching a criteria callback:
$collection = new Collection($people);
$ladies = $collection->filter(function ($person, $key) {
return $person->gender === 'female';
});
$guys = $collection->filter(function ($person, $key) {
return $person->gender === 'male';
});

Cake\Collection\Collection::reject(callable $c)
The inverse of filter() is reject(). This method does a negative filter, removing elements that match
the filter function:
$collection = new Collection($people);
$ladies = $collection->reject(function ($person, $key) {
return $person->gender === 'male';
});

Cake\Collection\Collection::every(callable $c)
You can do truth tests with filter functions. To see if every element in a collection matches a test you can
use every():

660

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

$collection = new Collection($people);


$allYoungPeople = $collection->every(function ($person) {
return $person->age < 21;
});

Cake\Collection\Collection::some(callable $c)
You can see if the collection contains at least one element matching a filter function using the some()
method:
$collection = new Collection($people);
$hasYoungPeople = $collection->some(function ($person) {
return $person->age < 21;
});

Cake\Collection\Collection::match(array $conditions)
If you need to extract a new collection containing only the elements that contain a given set of properties,
you should use the match() method:
$collection = new Collection($comments);
$commentsFromMark = $collection->match(['user.name' => 'Mark']);

Cake\Collection\Collection::firstMatch(array $conditions)
The property name can be a dot-separated path. You can traverse into nested entities and match the
values they contain. When you only need the first matching element from a collection, you can use
firstMatch():
$collection = new Collection($comments);
$comment = $collection->firstMatch([
'user.name' => 'Mark',
'active' => true
]);

As you can see from the above, both match() and firstMatch() allow you to provide multiple conditions to match on. In addition, the conditions can be for different paths, allowing you to express complex
conditions to match against.

Aggregation
Cake\Collection\Collection::reduce(callable $c)
The counterpart of a map() operation is usually a reduce. This function will help you build a single result
out of all the elements in a collection:
$totalPrice = $collection->reduce(function ($accumulated, $orderLine) {
return $accumulated + $orderLine->price;
}, 0);

In the above example, $totalPrice will be the sum of all single prices contained in the collection. Note
the second argument for the reduce() function takes the initial value for the reduce operation you are

Aggregation

661

CakePHP Cookbook Documentation, Release 3.x

performing:
$allTags = $collection->reduce(function ($accumulated, $article) {
return array_merge($accumulated, $article->tags);
}, []);

Cake\Collection\Collection::min(string|callable
$callback,
SORT_NUMERIC)

$type

To extract the minimum value for a collection based on a property, just use the min() function. This will
return the full element from the collection and not just the smallest value found:
$collection = new Collection($people);
$youngest = $collection->min('age');
echo $youngest->name;

You are also able to express the property to compare by providing a path or a callback function:
$collection = new Collection($people);
$personYoungestChild = $collection->min(function ($person) {
return $person->child->age;
});
$personWithYoungestDad = $collection->min('dad.age');

Cake\Collection\Collection::max(string|callable
$callback,
SORT_NUMERIC)

$type

The same can be applied to the max() function, which will return a single element from the collection
having the highest property value:
$collection = new Collection($people);
$oldest = $collection->max('age');
$personOldestChild = $collection->max(function ($person) {
return $person->child->age;
});
$personWithOldestDad = $collection->min('dad.age');

Cake\Collection\Collection::sumOf(string|callable $callback)
Finally, the sumOf() method will return the sum of a property of all elements:
$collection = new Collection($people);
$sumOfAges = $collection->sumOf('age');
$sumOfChildrenAges = $collection->sumOf(function ($person) {
return $person->child->age;
});
$sumOfDadAges = $collection->sumOf('dad.age');

662

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

Grouping and Counting


Cake\Collection\Collection::groupBy($callback)
Collection values can be grouped by different keys in a new collection when they share the same value for a
property:
$students = [
['name' => 'Mark', 'grade' => 9],
['name' => 'Andrew', 'grade' => 10],
['name' => 'Stacy', 'grade' => 10],
['name' => 'Barbara', 'grade' => 9]
];
$collection = new Collection($students);
$studentsByGrade = $collection->groupBy('grade');
// Result will
[
10 => [
['name' =>
['name' =>
],
9 => [
['name' =>
['name' =>
]
]

look like this when converted to array:

'Andrew', 'grade' => 10],


'Stacy', 'grade' => 10]

'Mark', 'grade' => 9],


'Barbara', 'grade' => 9]

As usual, it is possible to provide either a dot-separated path for nested properties or your own callback
function to generate the groups dynamically:
$commentsByUserId = $comments->groupBy('user.id');
$classResults = $students->groupBy(function ($student) {
return $student->grade > 6 ? 'approved' : 'denied';
});

Cake\Collection\Collection::countBy($callback)
If you only wish to know the number of occurrences per group, you can do so by using the countBy()
method. It takes the same arguments as groupBy so it should be already familiar to you:
$classResults = $students->countBy(function ($student) {
return $student->grade > 6 ? 'approved' : 'denied';
});
// Result could look like this when converted to array:
['approved' => 70, 'denied' => 20]

Cake\Collection\Collection::indexBy($callback)
There will be certain cases where you know an element is unique for the property you want to group by. If
you wish a single result per group, you can use the function indexBy():

Aggregation

663

CakePHP Cookbook Documentation, Release 3.x

$usersById = $users->indexBy('id');
// When converted to array result could look like
[
1 => 'markstory',
3 => 'jose_zap',
4 => 'jrbasso'
]

As with the groupBy() function you can also use a property path or a callback:
$articlesByAuthorId = $articles->indexBy('author.id');
$filesByHash = $files->indexBy(function ($file) {
return md5($file);
});

Cake\Collection\Collection::zip($elements)
The elements of different collections can be grouped together using the zip() method. It will return a
new collection containing an array grouping the elements from each collection that are placed at the same
position:
$odds = new Collection([1, 3, 5]);
$pairs = new Collection([2, 4, 6]);
$combined = $odds->zip($pairs)->toList(); // [[1, 2], [3, 4], [5, 6]]

You can also zip multiple collections at once:


$years = new Collection([2013, 2014, 2015, 2016]);
$salaries = [1000, 1500, 2000, 2300];
$increments = [0, 500, 500, 300];
$rows = $years->zip($salaries, $increments)->toList();
// Returns:
[
[2013, 1000, 0],
[2014, 1500, 500],
[2015, 2000, 500],
[2016, 2300, 300]
]

As you can already see, the zip() method is very useful for transposing multidimensional arrays:
$data = [
2014 => ['jan' => 100, 'feb' => 200],
2015 => ['jan' => 300, 'feb' => 500],
2016 => ['jan' => 400, 'feb' => 600],
]
// Getting jan and feb data together
$firstYear = new Collection(array_shift($data));
$firstYear->zip($data[0], $data[1])->toList();

664

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

// Or $firstYear->zip(...$data) in PHP >= 5.6


// Returns
[
[100, 300, 400],
[200, 500, 600]
]

Sorting
Cake\Collection\Collection::sortBy($callback)
Collection values can be sorted in ascending or descending order based on a column or custom function. To
create a new sorted collection out of the values of another one, you can use sortBy:
$collection = new Collection($people);
$sorted = $collection->sortBy('age');

As seen above, you can sort by passing the name of a column or property that is present in the collection
values. You are also able to specify a property path instead using the dot notation. The next example will
sort articles by their authors name:
$collection = new Collection($articles);
$sorted = $collection->sortBy('author.name');

The sortBy() method is flexible enough to let you specify an extractor function that will let you dynamically select the value to use for comparing two different values in the collection:
$collection = new Collection($articles);
$sorted = $collection->sortBy(function ($article) {
return $article->author->name . '-' . $article->title;
});

In order to specify in which direction the collection should be sorted, you need to provide either SORT_ASC
or SORT_DESC as the second parameter for sorting in ascending or descending direction respectively. By
default, collections are sorted in ascending direction:
$collection = new Collection($people);
$sorted = $collection->sortBy('age', SORT_ASC);

Sometimes you will need to specify which type of data you are trying to compare so that you get consistent
results. For this purpose, you should supply a third argument in the sortBy() function with one of the
following constants:
SORT_NUMERIC: For comparing numbers
SORT_STRING: For comparing string values
SORT_NATURAL: For sorting string containing numbers and youd like those numbers to be order
in a natural way. For example: showing 10 after 2.
SORT_LOCALE_STRING: For comparing strings based on the current locale.
Sorting

665

CakePHP Cookbook Documentation, Release 3.x

By default, SORT_NUMERIC is used:


$collection = new Collection($articles);
$sorted = $collection->sortBy('title', SORT_ASC, SORT_NATURAL);

Warning: If is often expensive to iterate sorted collections more than once. If you plan to do so,
consider converting the collection to an array or simply use the compile() method on it.

Working with Tree Data


Cake\Collection\Collection::nest($idPath, $parentPath)
Not all data is meant to be represented in a linear way. Collections make it easier to construct and flatten hierarchical or nested structures. Creating a nested structure where children are grouped by a parent identifier
property is easy with the nest() method.
Two parameters are required for this function. The first one is the property representing the item identifier.
The second parameter is the name of the property representing the identifier for the parent item:
$collection = new Collection([
['id' => 1, 'parent_id' =>
['id' => 2, 'parent_id' =>
['id' => 3, 'parent_id' =>
['id' => 4, 'parent_id' =>
['id' => 5, 'parent_id' =>
['id' => 6, 'parent_id' =>
]);

null, 'name'
1, 'name' =>
1, 'name' =>
1, 'name' =>
6, 'name' =>
null, 'name'

=> 'Birds'],
'Land Birds'],
'Eagle'],
'Seagull'],
'Clown Fish'],
=> 'Fish'],

$collection->nest('id', 'parent_id')->toArray();
// Returns
[
[
'id' => 1,
'parent_id' => null,
'name' => 'Birds',
'children' => [
['id' => 2, 'parent_id' => 1, 'name'
['id' => 3, 'parent_id' => 1, 'name'
['id' => 4, 'parent_id' => 1, 'name'
]
],
[
'id' => 6,
'parent_id' => null,
'name' => 'Fish',
'children' => [
['id' => 5, 'parent_id' => 6, 'name'
]
]
];

666

=> 'Land Birds', 'children' => []],


=> 'Eagle', 'children' => []],
=> 'Seagull', 'children' => []],

=> 'Clown Fish', 'children' => []],

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

Children elements are nested inside the children property inside each of the items in the collection. This
type of data representation is helpful for rendering menus or traversing elements up to certain level in the
tree.
Cake\Collection\Collection::listNested($dir = desc, $nestingKey = children)
The inverse of nest() is listNested(). This method allows you to flatten a tree structure back into a
linear structure. It takes two parameters; the first one is the traversing mode (asc, desc or leaves), and the
second one is the name of the property containing the children for each element in the collection.
Taking the input the nested collection built in the previous example, we can flatten it:
$nested->listNested()->toArray();
// Returns
[
['id' =>
['id' =>
['id' =>
['id' =>
['id' =>
['id' =>
]

1,
2,
3,
4,
6,
5,

'parent_id'
'parent_id'
'parent_id'
'parent_id'
'parent_id'
'parent_id'

=>
=>
=>
=>
=>
=>

null, 'name'
1, 'name' =>
1, 'name' =>
1, 'name' =>
null, 'name'
6, 'name' =>

=> 'Birds'],
'Land Birds'],
'Eagle'],
'Seagull'],
=> 'Fish'],
'Clown Fish']

By default, the tree is traversed from the root to the leaves. You can also instruct it to only return the leaf
elements in the tree:
$nested->listNested()->toArray();
// Returns
[
['id' => 3, 'parent_id' => 1, 'name' => 'Eagle'],
['id' => 4, 'parent_id' => 1, 'name' => 'Seagull'],
['id' => 5, 'parent_id' => 6, 'name' => 'Clown Fish']
]

Once you have converted a tree into a nested list, you can use the printer() method to configure how
the list output should be formatted:
$nested->listNested()->printer('name', 'id', '--')->toArray();
// Returns
[
3 => 'Eagle',
4 => 'Seagull',
5 -> '--Clown Fish',
]

The printer() method also lets you use a callback to generate the keys and or values:
$nested->listNested()->printer(
function ($el) {
return $el->name;
},
function ($el) {

Working with Tree Data

667

CakePHP Cookbook Documentation, Release 3.x

return $el->id;
}
);

Other Methods
Cake\Collection\Collection::isEmpty()
Allows you to see if a collection contains any elements:
$collection = new Collection([]);
// Returns true
$collection->isEmpty();
$collection = new Collection([1]);
// Returns false
$collection->isEmpty();

Cake\Collection\Collection::contains($value)
Collections allow you to quickly check if they contain one particular value: by using the contains()
method:
$items = ['a' => 1, 'b' => 2, 'c' => 3];
$collection = new Collection($items);
$hasThree = $collection->contains(3);

Comparisons are performed using the === operator. If you wish to do looser comparison types you can use
the some() method.
Cake\Collection\Collection::shuffle()
Sometimes you may wish to show a collection of values in a random order. In order to create a new collection
that will return each value in a randomized position, use the shuffle:
$collection = new Collection(['a' => 1, 'b' => 2, 'c' => 3]);
// This could return [2, 3, 1]
$collection->shuffle()->toArray();

Withdrawing Elements
Cake\Collection\Collection::sample(int $size)
Shuffling a collection is often useful when doing quick statistical analysis. Another common operation
when doing this sort of task is withdrawing a few random values out of a collection so that more tests can
be performed on those. For example, if you wanted to select 5 random users to which youd like to apply
some A/B tests to, you can use the sample() function:

668

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

$collection = new Collection($people);


// Withdraw maximum 20 random users from this collection
$testSubjects = $collection->sample(20);

sample() will take at most the number of values you specify in the first argument. If there are not enough
elements in the collection to satisfy the sample, the full collection in a random order is returned.
Cake\Collection\Collection::take(int $size, int $from)
Whenever you want to take a slice of a collection use the take() function, it will create a new collection
with at most the number of values you specify in the first argument, starting from the position passed in the
second argument:
$topFive = $collection->sortBy('age')->take(5);
// Take 5 people from the collection starting from position 4
$nextTopFive = $collection->sortBy('age')->take(5, 4);

Positions are zero-based, therefore the first position number is 0.


Cake\Collection\Collection::skip(int $positions)
While the second argument of take() can help you skip some elements before getting them from the
collection, you can also use skip() for the same purpose as a way to take the rest of the elements after a
certain position:
$collection = new Collection([1, 2, 3, 4]);
$allExceptFirstTwo = $collection->skip(2)->toList(); // [3, 4]

Cake\Collection\Collection::first()
One of the most common uses of take() is getting the first element in the collection. A shortcut method
for achieving the same goal is using the first() method:
$collection = new Collection([5, 4, 3, 2]);
$collection->first(); // Returns 5

Cake\Collection\Collection::last()
Similarly, you can get the last element of a collection using the last() method:
$collection = new Collection([5, 4, 3, 2]);
$collection->last(); // Returns 2

Expanding Collections
Cake\Collection\Collection::append(array|Traversable $items)
You can compose multiple collections into a single one. This enables you to gather data from various
sources, concatenate it, and apply other collection functions to it very smoothly. The append() method
will return a new collection containing the values from both sources:

Other Methods

669

CakePHP Cookbook Documentation, Release 3.x

$cakephpTweets = new Collection($tweets);


$myTimeline = $cakephpTweets->append($phpTweets);
// Tweets containing cakefest from both sources
$myTimeline->filter(function ($tweet) {
return strpos($tweet, 'cakefest');
});

Warning: When appending from different sources, you can expect some keys from both collections
to be the same. For example, when appending two simple arrays. This can present a problem when
converting a collection to an array using toArray(). If you do not want values from one collection to
override others in the previous one based on their key, make sure that you call toList() in order to
drop the keys and preserve all values.

Modifiying Elements
Cake\Collection\Collection::insert(string $path, array|Traversable $items)
At times, you may have two separate sets of data that you would like to insert the elements of one set into
each of the elements of the other set. This is a very common case when you fetch data from a data source
that does not support data-merging or joins natively.
Collections offer an insert() method that will allow you to insert each of the elements in one collection
into a property inside each of the elements of another collection:
$users = [
['username' => 'mark'],
['username' => 'juan'],
['username' => 'jose']
];
$languages = [
['PHP', 'Python', 'Ruby'],
['Bash', 'PHP', 'Javascript'],
['Javascript', 'Prolog']
];
$merged = (new Collection($users))->insert('skills', $languages);

When converted to an array, the $merged collection will look like this:
[
['username' => 'mark', 'skills' => ['PHP', 'Python', 'Ruby']],
['username' => 'juan', 'skills' => ['Bash', 'PHP', 'Javascript']],
['username' => 'jose', 'skills' => ['Javascript', 'Prolog']]
];

The first parameter for the insert() method is a dot-separated path of properties to follow so that the
elements can be inserted at that position. The second argument is anything that can be converted to a
collection object.

670

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

Please observe that elements are inserted by the position they are found, thus, the first element of the second
collection is merged into the first element of the first collection.
If there are not enough elements in the second collection to insert into the first one, then the target property
will be filled with null values:
$languages = [
['PHP', 'Python', 'Ruby'],
['Bash', 'PHP', 'Javascript']
];
$merged = (new Collection($users))->insert('skills', $languages);
// Will yield
[
['username' => 'mark', 'skills' => ['PHP', 'Python', 'Ruby']],
['username' => 'juan', 'skills' => ['Bash', 'PHP', 'Javascript']],
['username' => 'jose', 'skills' => null]
];

The insert() method can operate array elements or objects implementing the ArrayAccess interface.

Making Collection Methods Reusable


Using closures for collection methods is great when the work to be done is small and focused, but it can get
messy very quickly. This becomes more obvious when a lot of different methods need to be called or when
the length of the closure methods is more than just a few lines.
There are also cases when the logic used for the collection methods can be reused in multiple parts of your
application. It is recommended that you consider extracting complex collection logic to separate classes.
For example, imagine a lengthy closure like this one:
$collection
->map(function ($row, $key) {
if (!empty($row['items'])) {
$row['total'] = collection($row['items'])->sumOf('price');
}
if (!empty($row['total'])) {
$row['tax_amount'] = $row['total'] * 0.25;
}
// More code here...
return $modifiedRow;
});

This can be refactored by creating another class:


class TotalOrderCalculator
{
public function __invoke($row, $key)

Other Methods

671

CakePHP Cookbook Documentation, Release 3.x

{
if (!empty($row['items'])) {
$row['total'] = collection($row['items'])->sumOf('price');
}
if (!empty($row['total'])) {
$row['tax_amount'] = $row['total'] * 0.25;
}
// More code here...
return $modifiedRow;
}
}
// Use the logic in your map() call
$collection->map(new TotalOrderCalculator)

Cake\Collection\Collection::through(callable $c)
Sometimes a chain of collection method calls can become reusable in other parts of your application, but
only if they are called in that specific order. In those cases you can use through() in combination with a
class implementing __invoke to distribute your handy data processing calls:
$collection
->map(new ShippingCostCalculator)
->map(new TotalOrderCalculator)
->map(new GiftCardPriceReducer)
->buffered()
...

The above method calls can be extracted into a new class so they dont need to be repeated every time:
class FinalCheckOutRowProcessor
{
public function __invoke($collection)
{
return $collection
->map(new ShippingCostCalculator)
->map(new TotalOrderCalculator)
->map(new GiftCardPriceReducer)
->buffered()
...
}
}

// Now you can use the through() method to call all methods at once
$collection->through(new FinalCheckOutRowProcessor);

672

Chapter 33. Collections

CakePHP Cookbook Documentation, Release 3.x

Optimizing Collections
Cake\Collection\Collection::buffered()
Collections often perform most operations that you create using its functions in a lazy way. This means
that even though you can call a function, it does not mean it is executed right away. This is true for a great
deal of functions in this class. Lazy evaluation allows you to save resources in situations where you dont
use all the values in a collection. You might not use all the values when iteration stops early, or when an
exception/failure case is reached early.
Additionally, lazy evaluation helps speed up some operations. Consider the following example:
$collection = new Collection($oneMillionItems);
$collection->map(function ($item) {
return $item * 2;
});
$itemsToShow = $collection->take(30);

Had the collections not been lazy, we would have executed one million operations, even though we only
wanted to show 30 elements out of it. Instead, our map operation was only applied to the 30 elements we
used. We can also derive benefits from this lazy evaluation for smaller collections when we do more than
one operation on them. For example: calling map() twice and then filter().
Lazy evaluation comes with its downside too. You could be doing the same operations more than once if
you optimize a collection prematurely. Consider this example:
$ages = $collection->extract('age');
$youngerThan30 = $ages->filter(function ($item) {
return $item < 30;
});
$olderThan30 = $ages->filter(function ($item) {
return $item > 30;
});

If we iterate both youngerThan30 and olderThan30, the collection would unfortunately execute the
extract() operation twice. This is because collections are immutable and the lazy-extracting operation
would be done for both filters.
Luckily we can overcome this issue with a single function. If you plan to reuse the values from certain
operations more than once, you can compile the results into another collection using the buffered()
function:
$ages = $collection->extract('age')->buffered();
$youngerThan30 = ...
$olderThan30 = ...

Now, when both collections are iterated, they will only call the extracting operation once.

Other Methods

673

CakePHP Cookbook Documentation, Release 3.x

Making Collections Rewindable


The buffered() method is also useful for converting non-rewindable iterators into collections that can
be iterated more than once:
// In PHP 5.5+
public function results()
{
...
foreach ($transientElements as $e) {
yield $e;
}
}
$rewindable = (new Collection(results()))->buffered();

Cloning Collections
Cake\Collection\Collection::compile(bool $preserveKeys = true)
Sometimes you need to get a clone of the elements from another collection. This is useful when you need to
iterate the same set from different places at the same time. In order to clone a collection out of another use
the compile() method:
$ages = $collection->extract('age')->compile();
foreach ($ages as $age) {
foreach ($collection as $element) {
echo h($element->name) . ' - ' . $age;
}
}

674

Chapter 33. Collections

CHAPTER 34

Folder & File

The Folder and File utilities are convenience classes to help you read from and write/append to files; list
files within a folder and other common directory related tasks.

Basic Usage
Ensure the classes are loaded:
use Cake\Filesystem\Folder;
use Cake\Filesystem\File;

Then we can setup a new folder instance:


$dir = new Folder('/path/to/folder');

and search for all .ctp files within that folder using regex:
$files = $dir->find('.*\.ctp');

Now we can loop through the files and read from or write/append to the contents or simply delete the file:
foreach ($files as $file) {
$file = new File($dir->pwd() . DS . $file);
$contents = $file->read();
// $file->write('I am overwriting the contents of this file');
// $file->append('I am adding to the bottom of this file.');
// $file->delete(); // I am deleting this file
$file->close(); // Be sure to close the file when you're done
}

Folder API
class Cake\Filesystem\Folder(string $path = false, boolean $create = false, string|boolean
$mode = false)
675

CakePHP Cookbook Documentation, Release 3.x

// Create a new folder with 0755 permissions


$dir = new Folder('/path/to/folder', true, 0755);

property Cake\Filesystem\Folder::$path
Path of the current folder. Folder::pwd() will return the same information.
property Cake\Filesystem\Folder::$sort
Whether or not the list results should be sorted by name.
property Cake\Filesystem\Folder::$mode
Mode to be used when creating folders. Defaults to 0755. Does nothing on Windows machines.
static Cake\Filesystem\Folder::addPathElement(string $path, string $element)
Returns $path with $element added, with correct slash in-between:
$path = Folder::addPathElement('/a/path/for', 'testing');
// $path equals /a/path/for/testing

$element can also be an array:


$path = Folder::addPathElement('/a/path/for', ['testing', 'another']);
// $path equals /a/path/for/testing/another

Cake\Filesystem\Folder::cd($path)
Change directory to $path. Returns false on failure:
$folder = new Folder('/foo');
echo $folder->path; // Prints /foo
$folder->cd('/bar');
echo $folder->path; // Prints /bar
$false = $folder->cd('/non-existent-folder');

Cake\Filesystem\Folder::chmod(string $path, integer $mode = false, boolean $recursive


= true, array $exceptions =[])
Change the mode on a directory structure recursively. This includes changing the mode on files as
well:
$dir = new Folder();
$dir->chmod('/path/to/folder', 0755, true, ['skip_me.php']);

Cake\Filesystem\Folder::copy(array|string $options =[])


Recursively copy a directory. The only parameter $options can either be a path into copy to or an
array of options:
$folder1 = new Folder('/path/to/folder1');
$folder1->copy('/path/to/folder2');
// Will put folder1 and all its contents into folder2
$folder = new Folder('/path/to/folder');
$folder->copy([
'to' => '/path/to/new/folder',
'from' => '/path/to/copy/from', // Will cause a cd() to occur
'mode' => 0755,
'skip' => ['skip-me.php', '.git'],

676

Chapter 34. Folder & File

CakePHP Cookbook Documentation, Release 3.x

'scheme' => Folder::SKIP

// Skip directories/files that already exist.

]);

There are 3 supported schemes:


Folder::SKIP skip copying/moving files & directories that exist in the destination directory.
Folder::MERGE merge the source/destination directories. Files in the source directory will
replace files in the target directory. Directory contents will be merged.
Folder::OVERWRITE overwrite existing files & directories in the target directory with those
in the source directory. If both the target and destination contain the same subdirectory, the
target directorys contents will be removed and replaced with the sources.
static Cake\Filesystem\Folder::correctSlashFor(string $path)
Returns a correct set of slashes for given $path (\ for Windows paths and / for other paths).
Cake\Filesystem\Folder::create(string $pathname, integer $mode = false)
Create a directory structure recursively. Can be used to create deep path structures like
/foo/bar/baz/shoe/horn:
$folder = new Folder();
if ($folder->create('foo' . DS . 'bar' . DS . 'baz' . DS . 'shoe' . DS . 'horn')) {
// Successfully created the nested folders
}

Cake\Filesystem\Folder::delete(string $path = null)


Recursively remove directories if the system allows:
$folder = new Folder('foo');
if ($folder->delete()) {
// Successfully deleted foo and its nested folders
}

Cake\Filesystem\Folder::dirsize()
Returns the size in bytes of this Folder and its contents.
Cake\Filesystem\Folder::errors()
Get the error from latest method.
Cake\Filesystem\Folder::find(string $regexpPattern = .*, boolean $sort = false)
Returns an array of all matching files in the current directory:
// Find all .png in your webroot/img/ folder and sort the results
$dir = new Folder(WWW_ROOT . 'img');
$files = $dir->find('.*\.png', true);
/*
Array
(
[0] => cake.icon.png
[1] => test-error-icon.png
[2] => test-fail-icon.png
[3] => test-pass-icon.png
[4] => test-skip-icon.png

Folder API

677

CakePHP Cookbook Documentation, Release 3.x

)
*/

Note: The folder find and findRecursive methods will only find files. If you would like to get folders and
files see Folder::read() or Folder::tree()
Cake\Filesystem\Folder::findRecursive(string $pattern = .*, boolean $sort =
false)
Returns an array of all matching files in and below the current directory:
// Recursively find files beginning with test or index
$dir = new Folder(WWW_ROOT);
$files = $dir->findRecursive('(test|index).*');
/*
Array
(
[0] => /var/www/cake/webroot/index.php
[1] => /var/www/cake/webroot/test.php
[2] => /var/www/cake/webroot/img/test-skip-icon.png
[3] => /var/www/cake/webroot/img/test-fail-icon.png
[4] => /var/www/cake/webroot/img/test-error-icon.png
[5] => /var/www/cake/webroot/img/test-pass-icon.png
)
*/

Cake\Filesystem\Folder::inCakePath(string $path = )
Returns true if the file is in a given CakePath.
Cake\Filesystem\Folder::inPath(string $path = , boolean $reverse = false)
Returns true if the file is in the given path:
$Folder = new Folder(WWW_ROOT);
$result = $Folder->inPath(APP);
// $result = true, /var/www/example/app/ is in /var/www/example/app/webroot/

$result = $Folder->inPath(WWW_ROOT . 'img' . DS, true);


// $result = true, /var/www/example/app/webroot/ is in /var/www/example/app/webroot/im

static Cake\Filesystem\Folder::isAbsolute(string $path)


Returns true if the given $path is an absolute path.
static Cake\Filesystem\Folder::isSlashTerm(string $path)
Returns true if given $path ends in a slash (i.e. is slash-terminated):
$result = Folder::isSlashTerm('/my/test/path');
// $result = false
$result = Folder::isSlashTerm('/my/test/path/');
// $result = true

static Cake\Filesystem\Folder::isWindowsPath(string $path)


Returns true if the given $path is a Windows path.
Cake\Filesystem\Folder::messages()

678

Chapter 34. Folder & File

CakePHP Cookbook Documentation, Release 3.x

Get the messages from the latest method.


Cake\Filesystem\Folder::move(array $options)
Recursive directory move.
static Cake\Filesystem\Folder::normalizePath(string $path)
Returns a correct set of slashes for given $path (\ for Windows paths and / for other paths).
Cake\Filesystem\Folder::pwd()
Return current path.
Cake\Filesystem\Folder::read(boolean $sort = true, array|boolean $exceptions = false,
boolean $fullPath = false)
Returns an array of the contents of the current directory. The returned array holds two sub arrays:
One of directories and one of files:
$dir = new Folder(WWW_ROOT);
$files = $dir->read(true, ['files', 'index.php']);
/*
Array
(
[0] => Array // Folders
(
[0] => css
[1] => img
[2] => js
)
[1] => Array // Files
(
[0] => .htaccess
[1] => favicon.ico
[2] => test.php
)
)
*/

Cake\Filesystem\Folder::realpath(string $path)
Get the real path (taking .. and such into account).
static Cake\Filesystem\Folder::slashTerm(string $path)
Returns $path with added terminating slash (corrected for Windows or other OS).
Cake\Filesystem\Folder::tree(null|string $path = null, array|boolean $exceptions =
true, null|string $type = null)
Returns an array of nested directories and files in each directory.

File API
class Cake\Filesystem\File(string $path, boolean $create = false, integer $mode = 755)
// Create a new file with 0644 permissions
$file = new File('/path/to/file.php', true, 0644);

File API

679

CakePHP Cookbook Documentation, Release 3.x

property Cake\Filesystem\File::$Folder
The Folder object of the file.
property Cake\Filesystem\File::$name
The name of the file with the extension. Differs from File::name() which returns the name
without the extension.
property Cake\Filesystem\File::$info
An array of file info. Use File::info() instead.
property Cake\Filesystem\File::$handle
Holds the file handler resource if the file is opened.
property Cake\Filesystem\File::$lock
Enable locking for file reading and writing.
property Cake\Filesystem\File::$path
The current files absolute path.
Cake\Filesystem\File::append(string $data, boolean $force = false)
Append the given data string to the current file.
Cake\Filesystem\File::close()
Closes the current file if it is opened.
Cake\Filesystem\File::copy(string $dest, boolean $overwrite = true)
Copy the file to $dest.
Cake\Filesystem\File::create()
Creates the file.
Cake\Filesystem\File::delete()
Deletes the file.
Cake\Filesystem\File::executable()
Returns true if the file is executable.
Cake\Filesystem\File::exists()
Returns true if the file exists.
Cake\Filesystem\File::ext()
Returns the file extension.
Cake\Filesystem\File::Folder()
Returns the current folder.
Cake\Filesystem\File::group()
Returns the files group, or false in case of an error.
Cake\Filesystem\File::info()
Returns the file info.
Cake\Filesystem\File::lastAccess()
Returns last access time.
Cake\Filesystem\File::lastChange()
Returns last modified time, or false in case of an error.
680

Chapter 34. Folder & File

CakePHP Cookbook Documentation, Release 3.x

Cake\Filesystem\File::md5(integer|boolean $maxsize = 5)
Get the MD5 Checksum of file with previous check of filesize, or false in case of an error.
Cake\Filesystem\File::name()
Returns the file name without extension.
Cake\Filesystem\File::offset(integer|boolean $offset = false, integer $seek = 0)
Sets or gets the offset for the currently opened file.
Cake\Filesystem\File::open(string $mode = r, boolean $force = false)
Opens the current file with the given $mode.
Cake\Filesystem\File::owner()
Returns the files owner.
Cake\Filesystem\File::perms()
Returns the chmod (permissions) of the file.
static Cake\Filesystem\File::prepare(string $data, boolean $forceWindows = false)
Prepares a ascii string for writing. Converts line endings to the correct terminator for the current
platform. For Windows rn will be used, n for all other platforms.
Cake\Filesystem\File::pwd()
Returns the full path of the file.
Cake\Filesystem\File::read(string $bytes = false, string $mode = rb, boolean $force =
false)
Return the contents of the current file as a string or return false on failure.
Cake\Filesystem\File::readable()
Returns true if the file is readable.
Cake\Filesystem\File::safe(string $name = null, string $ext = null)
Makes filename safe for saving.
Cake\Filesystem\File::size()
Returns the filesize.
Cake\Filesystem\File::writable()
Returns true if the file is writable.
Cake\Filesystem\File::write(string $data, string $mode = w, boolean$force = false)
Write given data to the current file.
Cake\Filesystem\File::mime()
Get the files mimetype, returns false on failure.
Cake\Filesystem\File::replaceText($search, $replace)
Replaces text in a file. Returns false on failure and true on success.

File API

681

CakePHP Cookbook Documentation, Release 3.x

682

Chapter 34. Folder & File

CHAPTER 35

Hash

class Cake\Utility\Hash
Array management, if done right, can be a very powerful and useful tool for building smarter, more optimized code. CakePHP offers a very useful set of static utilities in the Hash class that allow you to do just
that.
CakePHPs Hash class can be called from any model or controller in the same way Inflector is called.
Example: Hash::combine().

Hash Path Syntax


The path syntax described below is used by all the methods in Hash. Not all parts of the path syntax are
available in all methods. A path expression is made of any number of tokens. Tokens are composed of two
groups. Expressions, are used to traverse the array data, while matchers are used to qualify elements. You
apply matchers to expression elements.

Expression Types
Expression
{n}
{s}
Foo

Definition
Represents a numeric key. Will match any string or numeric key.
Represents a string. Will match any string value including numeric string values.
Matches keys with the exact same value.

All expression elements are supported by all methods. In addition to expression elements, you can use
attribute matching with certain methods. They are extract(), combine(), format(), check(),
map(), reduce(), apply(), sort(), insert(), remove() and nest().

683

CakePHP Cookbook Documentation, Release 3.x

Attribute Matching Types


Matcher
[id]
[id=2]
[id!=2]
[id>2]
[id>=2]
[id<2]
[id<=2]
[text=/.../]

Definition
Match elements with a given array key.
Match elements with id equal to 2.
Match elements with id not equal to 2.
Match elements with id greater than 2.
Match elements with id greater than or equal to 2.
Match elements with id less than 2
Match elements with id less than or equal to 2.
Match elements that have values matching the regular expression inside ....

static Cake\Utility\Hash::get(array $data, $path)


get() is a simplified version of extract(), it only supports direct path expressions. Paths with
{n}, {s} or matchers are not supported. Use get() when you want exactly one value out of an
array.
static Cake\Utility\Hash::extract(array $data, $path)
Hash::extract() supports all expression, and matcher components of Hash Path Syntax. You
can use extract to retrieve data from arrays, along arbitrary paths quickly without having to loop
through the data structures. Instead you use path expressions to qualify which elements you want
returned
// Common Usage:
$users = [
['id' => 1, 'name' => 'mark'],
['id' => 2, 'name' => 'jane'],
['id' => 3, 'name' => 'sally'],
['id' => 4, 'name' => 'jose'],
];
$results = Hash::extract($users, '{n}.id');
// $results equals:
// [1,2,3,4];

static Cake\Utility\Hash::insert(array $data, $path, $values = null)


Inserts $data into an array as defined by $path:
$a = [
'pages' => ['name' => 'page']
];
$result = Hash::insert($a, 'files', ['name' => 'files']);
// $result now looks like:
[
[pages] => [
[name] => page
]
[files] => [
[name] => files
]
]

You can use paths using {n} and {s} to insert data into multiple points:

684

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

$users = Hash::insert($users, '{n}.new', 'value');

static Cake\Utility\Hash::remove(array $data, $path = null)


Removes all elements from an array that match $path.
$a = [
'pages' => ['name' => 'page'],
'files' => ['name' => 'files']
];
$result = Hash::remove($a, 'files');
/* $result now looks like:
[
[pages] => [
[name] => page
]
]
*/

Using {n} and {s} will allow you to remove multiple values at once.
static Cake\Utility\Hash::combine(array $data, $keyPath = null, $valuePath = null,
$groupPath = null)
Creates an associative array using a $keyPath as the path to build its keys, and optionally $valuePath
as path to get the values. If $valuePath is not specified, or doesnt match anything, values will be
initialized to null. You can optionally group the values by what is obtained when following the path
specified in $groupPath.
$a = [
[
'User' => [
'id' => 2,
'group_id' => 1,
'Data' => [
'user' => 'mariano.iglesias',
'name' => 'Mariano Iglesias'
]
]
],
[
'User' => [
'id' => 14,
'group_id' => 2,
'Data' => [
'user' => 'phpnut',
'name' => 'Larry E. Masters'
]
]
],
];
$result = Hash::combine($a, '{n}.User.id');
/* $result now looks like:

Hash Path Syntax

685

CakePHP Cookbook Documentation, Release 3.x

[
[2] =>
[14] =>
]
*/
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data');
/* $result now looks like:
[
[2] => [
[user] => mariano.iglesias
[name] => Mariano Iglesias
]
[14] => [
[user] => phpnut
[name] => Larry E. Masters
]
]
/
*
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data.name');
/* $result now looks like:
[
[2] => Mariano Iglesias
[14] => Larry E. Masters
]
*/
$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data', '{n}.User.group_id');
/* $result now looks like:
[
[1] => [
[2] => [
[user] => mariano.iglesias
[name] => Mariano Iglesias
]
]
[2] => [
[14] => [
[user] => phpnut
[name] => Larry E. Masters
]
]
]
*/

$result = Hash::combine($a, '{n}.User.id', '{n}.User.Data.name', '{n}.User.group_id');


/* $result now looks like:
[
[1] => [
[2] => Mariano Iglesias
]
[2] => [

686

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

[14] => Larry E. Masters


]
]
*/

You can provide arrays for both $keyPath and $valuePath. If you do this, the first value will be used
as a format string, for values extracted by the other paths:
$result = Hash::combine(
$a,
'{n}.User.id',
['%s: %s', '{n}.User.Data.user', '{n}.User.Data.name'],
'{n}.User.group_id'
);
/* $result now looks like:
[
[1] => [
[2] => mariano.iglesias: Mariano Iglesias
]
[2] => [
[14] => phpnut: Larry E. Masters
]
]
*/
$result = Hash::combine(
$a,
['%s: %s', '{n}.User.Data.user', '{n}.User.Data.name'],
'{n}.User.id'
);
/* $result now looks like:
[
[mariano.iglesias: Mariano Iglesias] => 2
[phpnut: Larry E. Masters] => 14
]
*/

static Cake\Utility\Hash::format(array $data, array $paths, $format)


Returns a series of values extracted from an array, formatted with a format string:
$data = [
[
'Person' => [
'first_name' => 'Nate',
'last_name' => 'Abele',
'city' => 'Boston',
'state' => 'MA',
'something' => '42'
]
],
[
'Person' => [
'first_name' => 'Larry',

Hash Path Syntax

687

CakePHP Cookbook Documentation, Release 3.x

'last_name' => 'Masters',


'city' => 'Boondock',
'state' => 'TN',
'something' => '{0}'
]
],
[
'Person' => [
'first_name' => 'Garrett',
'last_name' => 'Woodworth',
'city' => 'Venice Beach',
'state' => 'CA',
'something' => '{1}'
]
]
];

$res = Hash::format($data, ['{n}.Person.first_name', '{n}.Person.something'], '%2$d, %


/*
[
[0] => 42, Nate
[1] => 0, Larry
[2] => 0, Garrett
]
*/

$res = Hash::format($data, ['{n}.Person.first_name', '{n}.Person.something'], '%1$s, %


/*
[
[0] => Nate, 42
[1] => Larry, 0
[2] => Garrett, 0
]
*/

static Cake\Utility\Hash::contains(array $data, array $needle)


Determines if one Hash or array contains the exact keys and values of another:
$a = [
0 => ['name'
1 => ['name'
];
$b = [
0 => ['name'
1 => ['name'
2 => ['name'
'a' => 'b'
];

=> 'main'],
=> 'about']

=> 'main'],
=> 'about'],
=> 'contact'],

$result = Hash::contains($a, $a);


// true
$result = Hash::contains($a, $b);
// false

688

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

$result = Hash::contains($b, $a);


// true

static Cake\Utility\Hash::check(array $data, string $path = null)


Checks if a particular path is set in an array:
$set = [
'My Index 1' => ['First' => 'The first item']
];
$result = Hash::check($set, 'My Index 1.First');
// $result == true
$result = Hash::check($set, 'My Index 1');
// $result == true
$set = [
'My Index 1' => [
'First' => [
'Second' => [
'Third' => [
'Fourth' => 'Heavy. Nesting.'
]
]
]
]
];
$result = Hash::check($set, 'My Index 1.First.Second');
// $result == true
$result = Hash::check($set, 'My Index 1.First.Second.Third');
// $result == true
$result = Hash::check($set, 'My Index 1.First.Second.Third.Fourth');
// $result == true
$result = Hash::check($set, 'My Index 1.First.Seconds.Third.Fourth');
// $result == false

static Cake\Utility\Hash::filter(array $data, $callback =[, Hash, filter ])


Filters empty elements out of array, excluding 0. You can also supply a custom $callback to filter
the array elements. You callback should return false to remove elements from the resulting array:
$data = [
'0',
false,
true,
0,
['one thing', 'I can tell you', 'is you got to be', false]
];
$res = Hash::filter($data);
/* $data now looks like:
[

Hash Path Syntax

689

CakePHP Cookbook Documentation, Release 3.x

[0]
[2]
[3]
[4]

=>
=>
=>
=>

0
true
0
[
[0] => one thing
[1] => I can tell you
[2] => is you got to be

]
]
*/

static Cake\Utility\Hash::flatten(array $data, string $separator = .)


Collapses a multi-dimensional array into a single dimension:
$arr = [
[
'Post' => ['id' => '1', 'title' => 'First Post'],
'Author' => ['id' => '1', 'user' => 'Kyle'],
],
[
'Post' => ['id' => '2', 'title' => 'Second Post'],
'Author' => ['id' => '3', 'user' => 'Crystal'],
],
];
$res = Hash::flatten($arr);
/* $res now looks like:
[
[0.Post.id] => 1
[0.Post.title] => First Post
[0.Author.id] => 1
[0.Author.user] => Kyle
[1.Post.id] => 2
[1.Post.title] => Second Post
[1.Author.id] => 3
[1.Author.user] => Crystal
]
*/

static Cake\Utility\Hash::expand(array $data, string $separator = .)


Expands an array that was previously flattened with Hash::flatten():
$data = [
'0.Post.id' => 1,
'0.Post.title' => First Post,
'0.Author.id' => 1,
'0.Author.user' => Kyle,
'1.Post.id' => 2,
'1.Post.title' => Second Post,
'1.Author.id' => 3,
'1.Author.user' => Crystal,
];
$res = Hash::expand($data);
/* $res now looks like:

690

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

[
[
'Post' => ['id' => '1', 'title' => 'First Post'],
'Author' => ['id' => '1', 'user' => 'Kyle'],
],
[
'Post' => ['id' => '2', 'title' => 'Second Post'],
'Author' => ['id' => '3', 'user' => 'Crystal'],
],
];
*/

static Cake\Utility\Hash::merge(array $data, array $merge[, array $n ])


This function can be thought of as a hybrid between PHPs array_merge and
array_merge_recursive. The difference to the two is that if an array key contains another array then the function behaves recursive (unlike array_merge) but does not do if for keys
containing strings (unlike array_merge_recursive).
Note: This function will work with an unlimited amount of arguments and typecasts non-array
parameters into arrays.
$array = [
[
'id' => '48c2570e-dfa8-4c32-a35e-0d71cbdd56cb',
'name' => 'mysql raleigh-workshop-08 < 2008-09-05.sql ',
'description' => 'Importing an sql dump'
],
[
'id' => '48c257a8-cf7c-4af2-ac2f-114ecbdd56cb',
'name' => 'pbpaste | grep -i Unpaid | pbcopy',
'description' => 'Remove all lines that say "Unpaid".',
]
];
$arrayB = 4;
$arrayC = [0 => "test array", "cats" => "dogs", "people" => 1267];
$arrayD = ["cats" => "felines", "dog" => "angry"];
$res = Hash::merge($array, $arrayB, $arrayC, $arrayD);
/* $res now looks like:
[
[0] => [
[id] => 48c2570e-dfa8-4c32-a35e-0d71cbdd56cb
[name] => mysql raleigh-workshop-08 < 2008-09-05.sql
[description] => Importing an sql dump
]
[1] => [
[id] => 48c257a8-cf7c-4af2-ac2f-114ecbdd56cb
[name] => pbpaste | grep -i Unpaid | pbcopy
[description] => Remove all lines that say "Unpaid".
]
[2] => 4
[3] => test array

Hash Path Syntax

691

CakePHP Cookbook Documentation, Release 3.x

[cats] => felines


[people] => 1267
[dog] => angry
]
*/

static Cake\Utility\Hash::numeric(array $data)


Checks to see if all the values in the array are numeric:
$data = ['one'];
$res = Hash::numeric(array_keys($data));
// $res is true
$data = [1 => 'one'];
$res = Hash::numeric($data);
// $res is false

static Cake\Utility\Hash::dimensions(array $data)


Counts the dimensions of an array. This method will only consider the dimension of the first element
in the array:
$data = ['one', '2', 'three'];
$result = Hash::dimensions($data);
// $result == 1
$data = ['1' => '1.1', '2', '3'];
$result = Hash::dimensions($data);
// $result == 1
$data = ['1' => ['1.1' => '1.1.1'], '2', '3' => ['3.1' => '3.1.1']];
$result = Hash::dimensions($data);
// $result == 2
$data = ['1' => '1.1', '2', '3' => ['3.1' => '3.1.1']];
$result = Hash::dimensions($data);
// $result == 1
$data = ['1' => ['1.1' => '1.1.1'], '2', '3' => ['3.1' => ['3.1.1' => '3.1.1.1']]];
$result = Hash::dimensions($data);
// $result == 2

static Cake\Utility\Hash::maxDimensions(array $data)


Similar to dimensions(), however this method returns, the deepest number of dimensions of any
element in the array:
$data = ['1' => '1.1', '2', '3' => ['3.1' => '3.1.1']];
$result = Hash::maxDimensions($data);
// $result == 2
$data = ['1' => ['1.1' => '1.1.1'], '2', '3' => ['3.1' => ['3.1.1' => '3.1.1.1']]];
$result = Hash::maxDimensions($data);
// $result == 3

static Cake\Utility\Hash::map(array $data, $path, $function)


692

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

Creates a new array, by extracting $path, and mapping $function across the results. You can use both
expression and matching elements with this method:
// Call the noop function $this->noop() on every element of $data
$result = Hash::map($data, "{n}", [$this, 'noop']);
public function noop(array $array)
{
// Do stuff to array and return the result
return $array;
}

static Cake\Utility\Hash::reduce(array $data, $path, $function)


Creates a single value, by extracting $path, and reducing the extracted results with $function. You can
use both expression and matching elements with this method.
static Cake\Utility\Hash::apply(array $data, $path, $function)
Apply a callback to a set of extracted values using $function. The function will get the extracted
values as the first argument.
static Cake\Utility\Hash::sort(array $data, $path, $dir, $type = regular)
Sorts an array by any value, determined by a Hash Path Syntax Only expression elements are supported by this method:
$a = [
0 => ['Person' => ['name' => 'Jeff']],
1 => ['Shirt' => ['color' => 'black']]
];
$result = Hash::sort($a, '{n}.Person.name', 'asc');
/* $result now looks like:
[
[0] => [
[Shirt] => [
[color] => black
]
]
[1] => [
[Person] => [
[name] => Jeff
]
]
]
*/

$dir can be either asc or desc. $type can be one of the following values:
regular for regular sorting.
numeric for sorting values as their numeric equivalents.
string for sorting values as their string value.
natural for sorting values in a human friendly way. Will sort foo10 below foo2 as an
example. Natural sorting requires PHP 5.4 or greater.

Hash Path Syntax

693

CakePHP Cookbook Documentation, Release 3.x

static Cake\Utility\Hash::diff(array $data, array $compare)


Computes the difference between two arrays:
$a = [
0 =>
1 =>
];
$b = [
0 =>
1 =>
2 =>
];

['name' => 'main'],


['name' => 'about']

['name' => 'main'],


['name' => 'about'],
['name' => 'contact']

$result = Hash::diff($a, $b);


/* $result now looks like:
[
[2] => [
[name] => contact
]
]
*/

static Cake\Utility\Hash::mergeDiff(array $data, array $compare)


This function merges two arrays and pushes the differences in data to the bottom of the resultant array.
Example 1

$array1 = ['ModelOne' => ['id' => 1001, 'field_one' => 'a1.m1.f1', 'field_two' => 'a1.
$array2 = ['ModelOne' => ['id' => 1003, 'field_one' => 'a3.m1.f1', 'field_two' => 'a3.
$res = Hash::mergeDiff($array1, $array2);
/* $res now looks like:
[
[ModelOne] => [
[id] => 1001
[field_one] => a1.m1.f1
[field_two] => a1.m1.f2
[field_three] => a3.m1.f3
]
]
*/

Example 2
$array1 = ["a" => "b", 1 => 20938, "c" => "string"];
$array2 = ["b" => "b", 3 => 238, "c" => "string", ["extra_field"]];
$res = Hash::mergeDiff($array1, $array2);
/* $res now looks like:
[
[a] => b
[1] => 20938
[c] => string
[b] => b
[3] => 238

694

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

[4] => [
[0] => extra_field
]
]
*/

static Cake\Utility\Hash::normalize(array $data, $assoc = true)


Normalizes an array. If $assoc is true, the resulting array will be normalized to be an associative
array. Numeric keys with values, will be converted to string keys with null values. Normalizing an
array, makes using the results with Hash::merge() easier:
$a = ['Tree', 'CounterCache',
'Upload' => [
'folder' => 'products',
'fields' => ['image_1_id', 'image_2_id']
]
];
$result = Hash::normalize($a);
/* $result now looks like:
[
[Tree] => null
[CounterCache] => null
[Upload] => [
[folder] => products
[fields] => [
[0] => image_1_id
[1] => image_2_id
]
]
]
*/
$b = [
'Cacheable' => ['enabled' => false],
'Limit',
'Bindable',
'Validator',
'Transactional'
];
$result = Hash::normalize($b);
/* $result now looks like:
[
[Cacheable] => [
[enabled] => false
]
[Limit] => null
[Bindable] => null
[Validator] => null
[Transactional] => null
]
*/

Hash Path Syntax

695

CakePHP Cookbook Documentation, Release 3.x

static Cake\Utility\Hash::nest(array $data, array $options =[])


Takes a flat array set, and creates a nested, or threaded data structure.
Options:
children The key name to use in the result set for children. Defaults to children.
idPath The path to a key that identifies each entry.
Hash::extract(). Defaults to {n}.$alias.id

Should be compatible with

parentPath The path to a key that identifies the parent of each entry. Should be compatible
with Hash::extract(). Defaults to {n}.$alias.parent_id
root The id of the desired top-most result.
For example, if you had the following array of data:
$data = [
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
['ThreadPost'
];

=>
=>
=>
=>
=>
=>
=>
=>
=>
=>

['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'
['id'

=>
=>
=>
=>
=>
=>
=>
=>
=>
=>

1, 'parent_id' => null]],


2, 'parent_id' => 1]],
3, 'parent_id' => 1]],
4, 'parent_id' => 1]],
5, 'parent_id' => 1]],
6, 'parent_id' => null]],
7, 'parent_id' => 6]],
8, 'parent_id' => 6]],
9, 'parent_id' => 6]],
10, 'parent_id' => 6]]

$result = Hash::nest($data, ['root' => 6]);


/* $result now looks like:
[
(int) 0 => [
'ThreadPost' => [
'id' => (int) 6,
'parent_id' => null
],
'children' => [
(int) 0 => [
'ThreadPost' => [
'id' => (int) 7,
'parent_id' => (int) 6
],
'children' => []
],
(int) 1 => [
'ThreadPost' => [
'id' => (int) 8,
'parent_id' => (int) 6
],
'children' => []
],
(int) 2 => [
'ThreadPost' => [

696

Chapter 35. Hash

CakePHP Cookbook Documentation, Release 3.x

'id' => (int) 9,


'parent_id' => (int) 6
],
'children' => []
],
(int) 3 => [
'ThreadPost' => [
'id' => (int) 10,
'parent_id' => (int) 6
],
'children' => []
]
]
]
]
*/

Hash Path Syntax

697

CakePHP Cookbook Documentation, Release 3.x

698

Chapter 35. Hash

CHAPTER 36

Http Client

class Cake\Network\Http\Client(mixed $config =[])


CakePHP includes a basic but powerful HTTP client which can be easily used for making requests. It is a
great way to communicate with webservices, and remote APIs.

Doing Requests
Doing requests is simple and straight forward. Doing a get request looks like:
use Cake\Network\Http\Client;
$http = new Client();
// Simple get
$response = $http->get('http://example.com/test.html');
// Simple get with querystring
$response = $http->get('http://example.com/search', ['q' => 'widget']);
// Simple get with querystring & additional headers
$response = $http->get('http://example.com/search', ['q' => 'widget'], [
'headers' => ['X-Requested-With' => 'XMLHttpRequest']
]);

Doing post and put requests is equally simple:


// Send a POST request with application/x-www-form-urlencoded encoded data
$http = new Client();
$response = $http->post('http://example.com/posts/add', [
'title' => 'testing',
'body' => 'content in the post'
]);
// Send a PUT request with application/x-www-form-urlencoded encoded data

699

CakePHP Cookbook Documentation, Release 3.x

$response = $http->put('http://example.com/posts/add', [
'title' => 'testing',
'body' => 'content in the post'
]);
// Other methods as well.
$http->delete(...);
$http->head(...);
$http->patch(...);

Creating Multipart Requests with Files


You can include files in request bodies by including a filehandle in the array:
$http = new Client();
$response = $http->post('http://example.com/api', [
'image' => fopen('/path/to/a/file', 'r'),
]);

The filehandle will be read until its end; it will not be rewound before being read.
Warning: For compatibility reasons, strings beginning with @ will be evaluated as local or remote file
paths.
This functionality is deprecated as of CakePHP 3.0.5 and will be removed in a future version. Until that
happens, user data being passed to the Http Client must be sanitized as follows:
$response = $http->post('http://example.com/api', [
'search' => ltrim($this->request->data('search'), '@'),
]);

If it is necessary to preserve leading @ characters in query strings, you can pass a pre-encoded query string
from http_build_query():
$response = $http->post('http://example.com/api', http_build_query([
'search' => $this->request->data('search'),
]));

Building Multipart Request Bodies by Hand


There may be times when you need to build a request body in a very specific way. In these situations you
can often use Cake\Network\Http\FormData to craft the specific multipart HTTP request you want:
use Cake\Network\Http\FormData;
$data = new FormData();
// Create an XML part
$xml = $data->newPart('xml', $xmlString);

700

Chapter 36. Http Client

CakePHP Cookbook Documentation, Release 3.x

// Set the content type.


$xml->type('application/xml');
$data->add($xml);
// Create a file upload with addFile()
// This will append the file to the form data as well.
$file = $data->addFile('upload', fopen('/some/file.txt', 'r'));
$file->contentId('abc123');
$file->disposition('attachment');
// Send the request.
$response = $http->post(
'http://example.com/api',
(string)$data,
['headers' => ['Content-Type' => 'multipart/related']]
);

Sending Request Bodies


When dealing with REST APIs you often need to send request bodies that are not form encoded. Http\Client
exposes this through the type option:
// Send a JSON request body.
$http = new Client();
$response = $http->post(
'http://example.com/tasks',
json_encode($data),
['type' => 'json']
);

The type key can either be a one of json, xml or a full mime type. When using the type option, you
should provide the data as a string. If youre doing a GET request that needs both querystring parameters
and a request body you can do the following:
// Send a JSON body in a GET request with query string parameters.
$http = new Client();
$response = $http->get(
'http://example.com/tasks',
['q' => 'test', '_content' => json_encode($data)],
['type' => 'json']
);

Request Method Options


Each HTTP method takes an $options parameter which is used to provide addition request information.
The following keys can be used in $options:
headers - Array of additional headers

Sending Request Bodies

701

CakePHP Cookbook Documentation, Release 3.x

cookie - Array of cookies to use.


proxy - Array of proxy information.
auth - Array of authentication data, the type key is used to delegate to an authentication strategy.
By default Basic auth is used.
ssl_verify_peer - defaults to true. Set to false to disable SSL certification verification (not
advised)
ssl_verify_depth - defaults to 5. Depth to traverse in the CA chain.
ssl_verify_host - defaults to true. Validate the SSL certificate against the host name.
ssl_cafile - defaults to built in cafile. Overwrite to use custom CA bundles.
timeout - Duration to wait before timing out.
type - Send a request body in a custom content type. Requires $data to either be a string, or the
_content option to be set when doing GET requests.
The options parameter is always the 3rd parameter in each of the HTTP methods. They can also be use
when constructing Client to create scoped clients.

Authentication
Http\Client supports a few different authentication systems. Different authentication strategies can be added
by developers. Auth strategies are called before the request is sent, and allow headers to be added to the
request context.

Using Basic Authentication


An example of basic authentication:
$http = new Client();
$response = $http->get('http://example.com/profile/1', [], [
'auth' => ['username' => 'mark', 'password' => 'secret']
]);

By default Http\Client will use basic authentication if there is no type key in the auth option.

Using Digest Authentication


An example of basic authentication:
$http = new Client();
$response = $http->get('http://example.com/profile/1', [], [
'auth' => [
'type' => 'digest',
'username' => 'mark',
'password' => 'secret',

702

Chapter 36. Http Client

CakePHP Cookbook Documentation, Release 3.x

'realm' => 'myrealm',


'nonce' => 'onetimevalue',
'qop' => 1,
'opaque' => 'someval'
]
]);

By setting the type key to digest, you tell the authentication subsystem to use digest authentication.

OAuth 1 Authentication
Many modern web-services require OAuth authentication to access their APIs. The included OAuth authentication assumes that you already have your consumer key and consumer secret:
$http = new Client();
$response = $http->get('http://example.com/profile/1', [], [
'auth' => [
'type' => 'oauth',
'consumerKey' => 'bigkey',
'consumerSecret' => 'secret',
'token' => '...',
'tokenSecret' => '...',
'realm' => 'tickets',
]
]);

OAuth 2 Authentication
Because OAuth2 is often just a simple header, there is not a specialized authentication adapter. Instead you
can create a client with the access token:
$http = new Client([
'headers' => ['Authorization' => 'Bearer ' . $accessToken]
]);
$response = $http->get('https://example.com/api/profile/1');

Proxy Authentication
Some proxies require authentication to use them. Generally this authentication is Basic, but it can be implemented by any authentication adapter. By default Http\Client will assume Basic authentication, unless the
type key is set:
$http = new Client();
$response = $http->get('http://example.com/test.php', [], [
'proxy' => [
'username' => 'mark',
'password' => 'testing',
'port' => 12345,

Authentication

703

CakePHP Cookbook Documentation, Release 3.x

]
]);

Creating Scoped Clients


Having to re-type the domain name, authentication and proxy settings can become tedious & error prone.
To reduce the change for mistake and relieve some of the tedium, you can create scoped clients:
// Create a scoped client.
$http = new Client([
'host' => 'api.example.com',
'scheme' => 'https',
'auth' => ['username' => 'mark', 'password' => 'testing']
]);
// Do a request to api.example.com
$response = $http->get('/test.php');

The following information can be used when creating a scoped client:


host
scheme
proxy
auth
port
cookies
timeout
ssl_verify_peer
ssl_verify_depth
ssl_verify_host
Any of these options can be overridden by specifying them when doing requests. host, scheme, proxy, port
are overridden in the request URL:
// Using the scoped client we created earlier.
$response = $http->get('http://foo.com/test.php');

The above will replace the domain, scheme, and port. However, this request will continue using all the other
options defined when the scoped client was created. See Request Method Options for more information on
the options supported.

704

Chapter 36. Http Client

CakePHP Cookbook Documentation, Release 3.x

Setting and Managing Cookies


Http\Client can also accept cookies when making requests. In addition to accepting cookies, it will also
automatically store valid cookies set in responses. Any response with cookies, will have them stored in the
originating instance of Http\Client. The cookies stored in a Client instance are automatically included in
future requests to domain + path combinations that match:
$http = new Client([
'host' => 'cakephp.org'
]);
// Do a request that sets some cookies
$response = $http->get('/');
// Cookies from the first request will be included
// by default.
$response2 = $http->get('/changelogs');

You can always override the auto-included cookies by setting them in the requests $options parameters:
// Replace a stored cookie with a custom value.
$response = $http->get('/changelogs', [], [
'cookies' => ['sessionid' => '123abc']
]);

Response Objects
class Cake\Network\Http\Response
Response objects have a number of methods for inspecting the response data.
Cake\Network\Http\Response::body($parser = null)
Get the response body. Pass in an optional parser, to decode the response body. For example.
json_decode could be used for decoding response data.
Cake\Network\Http\Response::header($name)
Get a header with $name. $name is case-insensitive.
Cake\Network\Http\Response::headers()
Get all the headers.
Cake\Network\Http\Response::isOk()
Check if the response was ok. Any valid 20x response code will be treated as OK.
Cake\Network\Http\Response::isRedirect()
Check if the response was a redirect.
Cake\Network\Http\Response::cookies()
Get the cookies from the response. Cookies will be returned as an array with all the properties that
were defined in the response header. To access the raw cookie data you can use header()

Setting and Managing Cookies

705

CakePHP Cookbook Documentation, Release 3.x

Cake\Network\Http\Response::cookie($name = null, $all = false)


Get a single cookie from the response. By default only the value of a cookie is returned. If you set the
second parameter to true, all the properties set in the response will be returned.
Cake\Network\Http\Response::statusCode()
Get the status code.
Cake\Network\Http\Response::encoding()
Get the encoding of the response. Will return null if the response headers did not contain an encoding.
In addition to the above methods you can also use object accessors to read data from the following properties:
cookies
headers
body
code
json
xml
$http = new Client(['host' => 'example.com']);
$response = $http->get('/test');
// Use object accessors to read data.
debug($response->body);
debug($response->code);
debug($response->headers);

Reading JSON and XML Response Bodies


Since JSON and XML responses are commonly used, response objects provide easy to use accessors to read decoded data. JSON data is decoded into an array, while XML data is decoded into a
SimpleXMLElement tree:
// Get some XML
$http = new Client();
$response = $http->get('http://example.com/test.xml');
$xml = $response->xml;
// Get some JSON
$http = new Client();
$response = $http->get('http://example.com/test.json');
$json = $response->json;

The decoded response data is stored in the response object, so accessing it multiple times has no additional
cost.

706

Chapter 36. Http Client

CHAPTER 37

Inflector

class Cake\Utility\Inflector
The Inflector class takes a string and can manipulate it to handle word variations such as pluralizations
or camelizing and is normally accessed statically. Example: Inflector::pluralize(example)
returns examples.
You can try out the inflections online at inflector.cakephp.org1 .

Creating Plural & Singular Forms


static Cake\Utility\Inflector::singularize($singular)
static Cake\Utility\Inflector::pluralize($singular)
Both pluralize and singularize() work on most English nouns. If you need to support other
languages, you can use Inflection Configuration to customize the rules used:
// Apples
echo Inflector::pluralize('Apple');

Note: pluralize() may not always correctly convert a noun that is already in its plural form.
// Person
echo Inflector::singularize('People');

Note: singularize() may not always correctly convert a noun that is already in its singular form.
1

http://inflector.cakephp.org/

707

CakePHP Cookbook Documentation, Release 3.x

Creating CamelCase and under_scored Forms


static Cake\Utility\Inflector::camelize($underscored)
static Cake\Utility\Inflector::underscore($camelCase)
These methods are useful when creating class names, or property names:
// ApplePie
Inflector::camelize('Apple_pie')
// apple_pie
Inflector::undescore('ApplePie');

It should be noted that underscore will only convert camelCase formatted words. Words that contains spaces
will be lower-cased, but will not contain an underscore.

Creating Human Readable Forms


static Cake\Utility\Inflector::humanize($underscored)
This method is useful when converting underscored forms into Title Case forms for human readable
values:
// Apple Pie
Inflector::humanize('apple_pie');

Creating Table and Class Name Forms


static Cake\Utility\Inflector::tableize($camelCase)
static Cake\Utility\Inflector::classify($underscored)
When generating code, or using CakePHPs conventions you may need to inflect table names or class names:
// UserProfileSetting
Inflector::classify('user_profile_settings');
// user_profile_settings
Inflector::tableize('UserProfileSetting');

Creating Variable Names


static Cake\Utility\Inflector::variable($underscored)
Variable names are often useful when doing meta-programming tasks that involve generating code or doing
work based on conventions:

708

Chapter 37. Inflector

CakePHP Cookbook Documentation, Release 3.x

// applePie
Inflector::variable('apple_pie');

Creating URL Safe Strings


static Cake\Utility\Inflector::slug($word, $replacement = -)
Slug converts special characters into latin versions and converting unmatched characters and spaces to
dashes. The slug method expects UTF-8 encoding:
// apple-puree
Inflector::slug('apple pure');

Inflection Configuration
CakePHPs naming conventions can be really nice - you can name your database table big\_boxes,
your model BigBoxes, your controller BigBoxesController, and everything just works together
automatically. The way CakePHP knows how to tie things together is by inflecting the words between their
singular and plural forms.
There are occasions (especially for our non-English speaking friends) where you may run into situations
where CakePHPs inflector (the class that pluralizes, singularizes, camelCases, and under_scores) might not
work as youd like. If CakePHP wont recognize your Foci or Fish, you can tell CakePHP about your special
cases.

Loading Custom Inflections


static Cake\Utility\Inflector::rules($type, $rules, $reset = false)
Define new inflection and transliteration rules for Inflector to use. Often, this method is used in your config/bootstrap.php:

Inflector::rules('singular', ['/^(bil)er$/i' => '\1', '/^(inflec|contribu)tors$/i' => '\1ta


Inflector::rules('uninflected', ['singulars']);
Inflector::rules('irregular', ['phylum' => 'phyla']); // The key is singular form, value is

The supplied rules will be merged into the respective inflection sets defined in
Cake/Utility/Inflector, with the added rules taking precedence over the core rules. You
can use Inflector::reset() to clear rules and restore the original Inflector state.

Creating URL Safe Strings

709

CakePHP Cookbook Documentation, Release 3.x

710

Chapter 37. Inflector

CHAPTER 38

Number

class Cake\I18n\Number
If you need NumberHelper functionalities outside of a View, use the Number class:
namespace App\Controller;
use Cake\I18n\Number;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth');
}

public function afterLogin()


{
$storageUsed = $this->Auth->user('storage_used');
if ($storageUsed > 5000000) {
// Notify users of quota
$this->Flash->success(__('You are using {0} storage', Number::toReadableSize($s
}
}
}

All of these functions return the formatted number; they do not automatically echo the output into the view.

Formatting Currency Values


Cake\I18n\Number::currency(mixed $value, string $currency = null, array $options =[])

711

CakePHP Cookbook Documentation, Release 3.x

This method is used to display a number in common currency formats (EUR, GBP, USD). Usage in a view
looks like:
// Called as NumberHelper
echo $this->Number->currency($value, $currency);
// Called as Number
echo Number::currency($value, $currency);

The first parameter, $value, should be a floating point number that represents the amount of money you
are expressing. The second parameter is a string used to choose a predefined currency formatting scheme:
$currency
EUR
GBP
USD

1234.56, formatted by currency type


C1.234,56
1,234.56
$1,234.56

The third parameter is an array of options for further defining the output. The following options are available:
Option
before
after
zero
places
precision
locale
fractionSymbol
fractionPosition
pattern
useIntlCode

Description
Text to display before the rendered number.
Text to display before the rendered number.
The text to use for zero values; can be a string or a number. ie. 0, Free!.
Number of decimal places to use, ie. 2
Maximal number of decimal places to use, ie. 2
The locale name to use for formating number, ie. fr_FR.
String to use for fraction numbers, ie. cents.
Either before or after to place the fraction symbol.
An ICU number pattern to use for formatting the number ie. #,###.00
Set to true to replace the currency symbol with the international currency code.

If
$currency
value
is
null,
the
default
Cake\I18n\Number::defaultCurrency()

currency

will

be

retrieved

from

Setting the Default Currency


Cake\I18n\Number::defaultCurrency($currency)
Setter/getter for the default currency.
This removes the need to always pass the currency to
Cake\I18n\Number::currency() and change all currency outputs by setting other default. If
$currency is set to false, it will clear the currently stored value. By default, it will retrieve the
intl.default_locale if set and en_US if not.

Formatting Floating Point Numbers


Cake\I18n\Number::precision(float $value, int $precision = 3, array $options =[])
This method displays a number with the specified amount of precision (decimal places). It will round in
order to maintain the level of precision defined.
712

Chapter 38. Number

CakePHP Cookbook Documentation, Release 3.x

// Called as NumberHelper
echo $this->Number->precision(456.91873645, 2);
// Outputs
456.92
// Called as Number
echo Number::precision(456.91873645, 2);

Formatting Percentages
Cake\I18n\Number::toPercentage(mixed $value, int $precision = 2, array $options =[])
Option
multiply

Description
Boolean to indicate whether the value has to be multiplied by 100. Useful for decimal
percentages.

Like Cake\I18n\Number::precision(), this method formats a number according to the supplied


precision (where numbers are rounded to meet the given precision). This method also expresses the number
as a percentage and prepends the output with a percent sign.
// Called as NumberHelper. Output: 45.69%
echo $this->Number->toPercentage(45.691873645);
// Called as Number. Output: 45.69%
echo Number::toPercentage(45.691873645);
// Called with multiply. Output: 45.7%
echo Number::toPercentage(0.45691, 1, [
'multiply' => true
]);

Interacting with Human Readable Values


Cake\I18n\Number::toReadableSize(string $size)
This method formats data sizes in human readable forms. It provides a shortcut way to convert bytes to
KB, MB, GB, and TB. The size is displayed with a two-digit precision level, according to the size of data
supplied (i.e. higher sizes are expressed in larger terms):
// Called as NumberHelper
echo $this->Number->toReadableSize(0); // 0 Byte
echo $this->Number->toReadableSize(1024); // 1 KB
echo $this->Number->toReadableSize(1321205.76); // 1.26 MB
echo $this->Number->toReadableSize(5368709120); // 5 GB
// Called as Number
echo Number::toReadableSize(0); // 0 Byte
echo Number::toReadableSize(1024); // 1 KB

Formatting Percentages

713

CakePHP Cookbook Documentation, Release 3.x

echo Number::toReadableSize(1321205.76); // 1.26 MB


echo Number::toReadableSize(5368709120); // 5 GB

Formatting Numbers
Cake\I18n\Number::format(mixed $value, array $options =[])
This method gives you much more control over the formatting of numbers for use in your views (and is used
as the main method by most of the other NumberHelper methods). Using this method might looks like:
// Called as NumberHelper
$this->Number->format($value, $options);
// Called as Number
Number::format($value, $options);

The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter is where the real magic for this method resides.
If you pass an integer then this becomes the amount of precision or places for the function.
If you pass an associated array, you can use the following keys:
Option
places
precision
pattern
locale
before
after

Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
An ICU number pattern to use for formatting the number ie. #,###.00
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.

Example:
// Called as NumberHelper
echo $this->Number->format('123456.7890', [
'places' => 2,
'before' => ' ',
'after' => ' !'
]);
// Output ' 123,456.79 !'
echo $this->Number->format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'
// Called as Number
echo Number::format('123456.7890', [
'places' => 2,
'before' => ' ',

714

Chapter 38. Number

CakePHP Cookbook Documentation, Release 3.x

'after' => ' !'


]);
// Output ' 123,456.79 !'
echo Number::format('123456.7890', [
'locale' => 'fr_FR'
]);
// Output '123 456,79 !'

Format Differences
Cake\I18n\Number::formatDelta(mixed $value, array $options =[])
This method displays differences in value as a signed number:
// Called as NumberHelper
$this->Number->formatDelta($value, $options);
// Called as Number
Number::formatDelta($value, $options);

The $value parameter is the number that you are planning on formatting for output. With no $options
supplied, the number 1236.334 would output as 1,236. Note that the default precision is zero decimal places.
The $options parameter takes the same keys as Number::format() itself:
Option
places
precision
locale
before
after

Description
Number of decimal places to use, ie. 2
Maximum number of decimal places to use, ie. 2
The locale name to use for formatting number, ie. fr_FR.
Text to display before the rendered number.
Text to display after the rendered number.

Example:
// Called as NumberHelper
echo $this->Number->formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'
// Called as Number
echo Number::formatDelta('123456.7890', [
'places' => 2,
'before' => '[',
'after' => ']'
]);
// Output '[+123,456.79]'

Format Differences

715

CakePHP Cookbook Documentation, Release 3.x

716

Chapter 38. Number

CHAPTER 39

Registry Objects

The registry classes provide a simple way to create and retrieve loaded instances of a given object type.
There are registry classes for Components, Helpers, Tasks, and Behaviors.
While the examples below will use Components, the same behavior can be expected for Helpers, Behaviors,
and Tasks in addition to Components.

Loading Objects
Objects can be loaded on-the-fly using add<registry-object>() Example:
$this->loadComponent('Acl.Acl');
$this->addHelper('Flash')

This will result in the Toolbar property and Flash helper being loaded. Configuration can also be set
on-the-fly. Example:
$this->loadComponent('Cookie', ['name' => 'sweet']);

Any keys and values provided will be passed to the Components constructor. The one exception to this
rule is className. Classname is a special key that is used to alias objects in a registry. This allows you
to have component names that do not reflect the classnames, which can be helpful when extending core
components:
$this->Auth = $this->loadComponent('Auth', ['className' => 'MyCustomAuth']);
$this->Auth->user(); // Actually using MyCustomAuth::user();

Triggering Callbacks
Callbacks are not provided by registry objects.
events/callbacks for your application.

You should use the events system to dispatch any

717

CakePHP Cookbook Documentation, Release 3.x

Disabling Callbacks
In previous versions, collection objects provided a disable() method to disable objects from receiving
callbacks. You should use the features in the events system to accomplish this now. For example, you could
disable component callbacks in the following way:
// Remove Auth from callbacks.
$this->eventManager()->off($this->Auth);
// Re-enable Auth for callbacks.
$this->eventManager()->on($this->Auth);

718

Chapter 39. Registry Objects

CHAPTER 40

Text

class Cake\Utility\Text
The Text class includes convenience methods for creating and manipulating strings and is normally accessed
statically. Example: Text::uuid().
If you need Cake\View\Helper\TextHelper functionalities outside of a View, use the Text class:
namespace App\Controller;
use Cake\Utility\Text;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth')
};
public function afterLogin()
{
$message = $this->Users->find('new_message');
if (!empty($message)) {
// Notify user of new message
$this->Flash->success(__(
'You have a new message: {0}',
Text::truncate($message['Message']['body'], 255, ['html' => true])
));
}
}
}

719

CakePHP Cookbook Documentation, Release 3.x

Generating UUIDs
static Cake\Utility\Text::uuid
The UUID method is used to generate unique identifiers as per RFC 41221 . The UUID is a 128-bit string
in the format of 485fc381-e790-47a3-9794-1337c0a8fe68.
Text::uuid(); // 485fc381-e790-47a3-9794-1337c0a8fe68

Simple String Parsing


static Cake\Utility\Text::tokenize($data, $separator = , , $leftBound = (, $rightBound = ))
Tokenizes a string using $separator, ignoring any instance of $separator that appears between
$leftBound and $rightBound.
This method can be useful when splitting up data that has regular formatting such as tag lists:
$data = "cakephp 'great framework' php";
$result = Text::tokenize($data, ' ', "'", "'");
// Result contains
['cakephp', "'great framework'", 'php'];

Cake\Utility\Text::parseFileSize(string $size, $default)


This method unformats a number from a human-readable byte size to an integer number of bytes:
$int = Text::parseFileSize('2GB');

Formatting Strings
static Cake\Utility\Text::insert($string, $data, $options =[])
The insert method is used to create string templates and to allow for key/value replacements:
Text::insert(
'My name is :name and I am :age years old.',
['name' => 'Bob', 'age' => '65']
);
// Returns: "My name is Bob and I am 65 years old."

static Cake\Utility\Text::cleanInsert($string, $options =[])


Cleans up a Text::insert formatted string with given $options depending on the clean key in
$options. The default method used is text but html is also available. The goal of this function is to replace
all whitespace and unneeded markup around placeholders that did not get replaced by Text::insert.
You can use the following options in the options array:
1

http://tools.ietf.org/html/rfc4122.html

720

Chapter 40. Text

CakePHP Cookbook Documentation, Release 3.x

$options = [
'clean' => [
'method' => 'text', // or html
],
'before' => '',
'after' => ''
];

Wrapping Text
static Cake\Utility\Text::wrap($text, $options =[])
Wraps a block of text to a set width and indents blocks as well. Can intelligently wrap text so words are not
sliced across lines:
$text = 'This is the song that never ends.';
$result = Text::wrap($text, 22);
// Returns
This is the song that
never ends.

You can provide an array of options that control how wrapping is done. The supported options are:
width The width to wrap to. Defaults to 72.
wordWrap Whether or not to wrap whole words. Defaults to true.
indent The character to indent lines with. Defaults to .
indentAt The line number to start indenting text. Defaults to 0.
static Cake\Utility\Text::wrapBlock($text, $options =[])
If you need to ensure that the total width of the generated block wont exceed a certain length even with
internal identation, you need to use wrapBlock() instead of wrap(). This is particulary useful to
generate text for the console for example. It accepts the same options than wrap():
$text = 'This is the song that never ends. This is the song that never ends.';
$result = Text::wrapBlock($text, [
'width' => 22,
'indent' => ' ',
'indentAt' => 1
]);
// Returns
This is the song that
never ends. This
is the song that
never ends.

Wrapping Text

721

CakePHP Cookbook Documentation, Release 3.x

Highlighting Substrings
Cake\Utility\Text::highlight(string $haystack, string $needle, array $options =[])
Highlights $needle in $haystack using the $options[format] string specified or a default
string.
Options:
format string - The piece of HTML with the phrase that will be highlighted
html bool - If true, will ignore any HTML tags, ensuring that only the correct text is highlighted
Example:
// Called as TextHelper
echo $this->Text->highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);
// Called as Text
use Cake\Utility\Text;
echo Text::highlight(
$lastSentence,
'using',
['format' => '<span class="highlight">\1</span>']
);

Output:
Highlights $needle in $haystack <span class="highlight">using</span>
the $options['format'] string specified or a default string.

Removing Links
Cake\Utility\Text::stripLinks($text)
Strips the supplied $text of any HTML links.

Truncating Text
Cake\Utility\Text::truncate(string $text, int $length = 100, array $options)
If $text is longer than $length, this method truncates it at $length and adds a prefix consisting of
ellipsis, if defined. If exact is passed as false, the truncation will occur at the first whitespace
after the point at which $length is exceeded. If html is passed as true, HTML tags will be respected
and will not be cut off.

722

Chapter 40. Text

CakePHP Cookbook Documentation, Release 3.x

$options is used to pass all extra parameters, and has the following possible keys by default, all of which
are optional:
If ``$text`` is longer than ``$length`` characters, this method truncates it
at ``$length`` and adds a prefix consisting of ``'ellipsis'``, if defined.
If ``'exact'`` is passed as ``false``, the truncation will occur at the
first whitespace after the point at which ``$length`` is exceeded. If
``'html'`` is passed as ``true``, HTML tags will be respected and will not
be cut off.

Example:
// Called as TextHelper
echo $this->Text->truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::truncate(
'The killer crept forward and tripped on the rug.',
22,
[
'ellipsis' => '...',
'exact' => false
]
);

Output:
The killer crept...

Truncating the Tail of a String


Cake\Utility\Text::tail(string $text, int $length = 100, array $options)
If $text is longer than $length, this method removes an initial substring with length consisting of the
difference and prepends a suffix consisting of ellipsis, if defined. If exact is passed as false,
the truncation will occur at the first whitespace prior to the point at which truncation would otherwise take
place.
$options is used to pass all extra parameters, and has the following possible keys by default, all of which
are optional:
[
'ellipsis' => '...',

Truncating the Tail of a String

723

CakePHP Cookbook Documentation, Release 3.x

'exact' => true


]

Example:
$sampleText = 'I packed my bag and in it I put a PSP, a PS3, a TV, ' .
'a C# program that can divide by zero, death metal t-shirts'
// Called as TextHelper
echo $this->Text->tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);
// Called as Text
use Cake\Utility\Text;
echo Text::tail(
$sampleText,
70,
[
'ellipsis' => '...',
'exact' => false
]
);

Output:
...a TV, a C# program that can divide by zero, death metal t-shirts

Extracting an Excerpt
Cake\Utility\Text::excerpt(string $haystack, string $needle, integer $radius=100, string
$ellipsis=...)
Extracts an excerpt from $haystack surrounding the $needle with a number of characters on each side
determined by $radius, and prefix/suffix with $ellipsis. This method is especially handy for search
results. The query string or keywords can be shown within the resulting document.
// Called as TextHelper
echo $this->Text->excerpt($lastParagraph, 'method', 50, '...');
// Called as Text
use Cake\Utility\Text;
echo Text::excerpt($lastParagraph, 'method', 50, '...');

Output:
724

Chapter 40. Text

CakePHP Cookbook Documentation, Release 3.x

... by $radius, and prefix/suffix with $ellipsis. This method is


especially handy for search results. The query...

Converting an Array to Sentence Form


Cake\Utility\Text::toList(array $list, $and=and)
Creates a comma-separated list where the last two items are joined with and.
// Called as TextHelper
echo $this->Text->toList($colors);
// Called as Text
use Cake\Utility\Text;
echo Text::toList($colors);

Output:
red, orange, yellow, green, blue, indigo and violet

Converting an Array to Sentence Form

725

CakePHP Cookbook Documentation, Release 3.x

726

Chapter 40. Text

CHAPTER 41

Time

class Cake\I18n\Time
If you need TimeHelper functionalities outside of a View, use the Time class:
use Cake\I18n\Time;
class UsersController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth');
}
public function afterLogin()
{
$time = new Time($this->Auth->user('date_of_birth'));
if ($time->isToday()) {
// Greet user with a happy birthday message
$this->Flash->success(__('Happy birthday to you...'));
}
}
}

Under the hood, CakePHP uses Carbon1 to power its Time utility. Anything you can do with Carbon and
DateTime, you can do with Time.
For details on Carbon please see their documentation2 .
1
2

https://github.com/briannesbitt/Carbon
http://carbon.nesbot.com/docs/

727

CakePHP Cookbook Documentation, Release 3.x

Creating Time Instances


There are a few ways to create Time instances:
use Cake\I18n\Time;
// Create from a string datetime.
$time = Time::createFromFormat(
'Y-m-d H:i:s',
$datetime,
'America/New_York'
);
// Create from a timestamp
$time = Time::createFromTimestamp($ts);
// Get the current time.
$time = Time::now();
// Or just use 'new'
$time = new Time('2014-01-10 11:11', 'America/New_York');
$time = new Time('2 hours ago');

The Time class constructor can take any parameter that the internal DateTime PHP class can. When
passing a number or numeric string, it will be interpreted as a UNIX timestamp.
In test cases you can easily mock out now() using setTestNow():
// Fixate time.
$now = new Time('2014-04-12 12:22:30');
Time::setTestNow($now);
// Returns '2014-04-12 12:22:30'
$now = Time::now();
// Returns '2014-04-12 12:22:30'
$now = Time::parse('now');

Manipulation
Once created, you can manipulate Time instances using setter methods:
$now = Time::now();
$now->year(2013)
->month(10)
->day(31);

You can also use the methods provided by PHPs built-in DateTime class:

728

Chapter 41. Time

CakePHP Cookbook Documentation, Release 3.x

$now->setDate(2013, 10, 31);

Dates can be modified through subtraction and addition of their components:


$now = Time::now();
$now->subDays(5);
$now->addMonth(1);
// Using strtotime strings.
$now->modify('+5 days');

You can get the internal components of a date by accessing its properties:
$now
echo
echo
echo
echo

= Time::now();
$now->year; // 2014
$now->month; // 5
$now->day; // 10
$now->timezone; // America/New_York

It is also allowed to directly assign those properties to modify the date:


$time->year = 2015;
$time->timezone = 'Europe/Paris';

Formatting
Cake\I18n\Time::i18nFormat($format = null, $timezone = null, $locale = null)
A very common thing to do with Time instances is to print out formatted dates. CakePHP makes this a
snap:
$now = Time::parse('2014-10-31');
// Prints a localized datetime stamp.
echo $now;
// Outputs '4/20/14, 10:10 PM' for the en-US locale
$now->i18nFormat();
// Use the full date and time format
$now->i18nFormat(\IntlDateFormatter::FULL);
// Use full date but short time format
$now->i18nFormat([\IntlDateFormatter::FULL, \IntlDateFormatter::SHORT]);
// Outputs '2014-04-20 22:10'
$now->i18nFormat('YYYY-MM-dd HH:mm:ss');

It is possible to specify the desired format for the string to be displayed. You can either pass IntlDateFormatter constants3 as the first argument of this function, or pass a full ICU date formatting string as specified
3

http://www.php.net/manual/en/class.intldateformatter.php

Formatting

729

CakePHP Cookbook Documentation, Release 3.x

in the following resource: http://www.icu-project.org/apiref/icu4c/classSimpleDateFormat.html#details.


Cake\I18n\Time::nice()
Print out a predefined nice format:
$now = Time::parse('2014-10-31');
// Outputs 'Oct 31, 2014 12:32pm' in en-US
echo $now->nice();

You can alter the timezone in which the date is displayed without altering the Time object itself. This is
useful when you store dates in one timezone, but want to display them in a users own timezone:
$now->i18nFormat(\IntlDateFormatter::FULL, 'Europe/Paris');

Leaving the first parameter as null will use the default formatting string:
$now->i18nFormat(null, 'Europe/Paris');

Finally, it is possible to use a different locale for displaying a date:


echo $now->i18nFormat(\IntlDateFormatter::FULL, 'Europe/Paris', 'fr-FR');
echo $now->nice('Europe/Paris', 'fr-FR');

Setting the Default Locale and Format String


The default locale in which dates are displayed when using nice i18nFormat is taken from the directive
intl.default_locale4 . You can, however, modify this default at runtime:
Time::$defaultLocale = 'es-ES';

From now on, dates will be displayed in the Spanish preferred format unless a different locale is specified
directly in the formatting method.
Likewise, it is possible to alter the default formatting string to be used for i18nFormat:
Time::setToStringFormat(\IntlDateFormatter::SHORT);
Time::setToStringFormat([\IntlDateFormatter::FULL, \IntlDateFormatter::SHORT]);
Time::setToStringFormat('YYYY-MM-dd HH:mm:ss');

It is recommended to always use the constants instead of directly passing a date format string.

Formatting Relative Times


Cake\I18n\Time::timeAgoInWords(array $options =[])
Often it is useful to print times relative to the present:
4

http://www.php.net/manual/en/intl.configuration.php#ini.intl.default-locale

730

Chapter 41. Time

CakePHP Cookbook Documentation, Release 3.x

$now = new Time('Aug 22, 2011');


echo $now->timeAgoInWords(
['format' => 'MMM d, YYY', 'end' => '+1 year']
);
// On Nov 10th, 2011 this would display: 2 months, 2 weeks, 6 days ago

The end option lets you define at which point after which relative times should be formatted using the
format option. The accuracy option lets us control what level of detail should be used for each interval
range:
// If $timestamp is 1 month, 1 week, 5 days and 6 hours ago
echo $timestamp->timeAgoInWords([
'accuracy' => ['month' => 'month'],
'end' => '1 year'
]);
// Outputs '1 month ago'

By setting accuracy to a string, you can specify what is the maximum level of detail you want output:
$time = new Time('+23 hours');
// Outputs 'in about a day'
$result = $time->timeAgoInWords([
'accuracy' => 'day'
]);

Conversion
Cake\I18n\Time::toQuarter()
Once created, you can convert Time instances into timestamps or quarter values:
$time = new Time('2014-06-15');
$time->toQuarter();
$time->toUnixString();

Comparing With the Present


Cake\I18n\Time::isYesterday()
Cake\I18n\Time::isThisWeek()
Cake\I18n\Time::isThisMonth()
Cake\I18n\Time::isThisYear()
You can compare a Time instance with the present in a variety of ways:
$time = new Time('2014-06-15');
echo $time->isYesterday();

Conversion

731

CakePHP Cookbook Documentation, Release 3.x

echo $time->isThisWeek();
echo $time->isThisMonth();
echo $time->isThisYear();

Each of the above methods will return true/false based on whether or not the Time instance matches
the present.

Comparing With Intervals


Cake\I18n\Time::isWithinNext($interval)
You can see if a Time instance falls within a given range using wasWithinLast() and
isWithinNext():
$time = new Time('2014-06-15');
// Within 2 days.
echo $time->isWithinNext(2);
// Within 2 next weeks.
echo $time->isWithinNext('2 weeks');

Cake\I18n\Time::wasWithinLast($interval)
You can also compare a Time instance within a range in the past:
// Within past 2 days.
echo $time->wasWithinLast(2);
// Within past 2 weeks.
echo $time->wasWithinLast('2 weeks');

Accepting Localized Request Data


When creating text inputs that manipulate dates, youll probably want to accept and parse localized datetime
strings. See the Parsing Localized Datetime Data.

732

Chapter 41. Time

CHAPTER 42

Xml

class Cake\Utility\Xml
The Xml class allows you to easily transform arrays into SimpleXMLElement or DOMDocument objects,
and back into arrays again.

Importing Data to Xml Class


static Cake\Utility\Xml::build($input, array $options =[])
You can load XML-ish data using Xml::build(). Depending on your $options parameter,
this method will return a SimpleXMLElement (default) or DOMDocument object. You can use
Xml::build() to build XML objects from a variety of sources. For example, you can load XML from
strings:
$text = '<?xml version="1.0" encoding="utf-8"?>
<post>
<id>1</id>
<title>Best post</title>
<body> ... </body>
</post>';
$xml = Xml::build($text);

You can also build Xml objects from local files:


// Local file
$xml = Xml::build('/home/awesome/unicorns.xml');

You can also build Xml objects using an array:


$data = [
'post' => [
'id' => 1,
'title' => 'Best post',
'body' => ' ... '

733

CakePHP Cookbook Documentation, Release 3.x

]
];
$xml = Xml::build($data);

If your input is invalid, the Xml class will throw an exception:


$xmlString = 'What is XML?'
try {
$xmlObject = Xml::build($xmlString); // Here will throw an exception
} catch (\Cake\Utility\Exception\XmlException $e) {
throw new InternalErrorException();
}

Note: DOMDocument1 and SimpleXML2 implement different APIs. Be sure to use the correct methods
on the object you request from Xml.

Transforming a XML String in Array


toArray($obj);
Converting XML strings into arrays is simple with the Xml class as well. By default youll get a SimpleXml
object back:
$xmlString = '<?xml version="1.0"?><root><child>value</child></root>';
$xmlArray = Xml::toArray(Xml::build($xmlString));

If your XML is invalid a Cake\Utility\Exception\XmlException will be raised.

Transforming an Array into a String of XML


$xmlArray = ['root' => ['child' => 'value']];
// You can use Xml::build() too.
$xmlObject = Xml::fromArray($xmlArray, ['format' => 'tags']);
$xmlString = $xmlObject->asXML();

Your array must have only one element in the top level and it can not be numeric. If the array is not in this
format, Xml will throw an exception. Examples of invalid arrays:
// Top level with numeric key
[
['key' => 'value']
];
// Multiple keys in top level
[
'key1' => 'first value',
1
2

http://php.net/domdocument
http://php.net/simplexml

734

Chapter 42. Xml

CakePHP Cookbook Documentation, Release 3.x

'key2' => 'other value'


];

By default array values will be output as XML tags. If you want to define attributes or text values you can
prefix the keys that are supposed to be attributes with @. For value text, use @ as the key:
$xmlArray = [
'project' => [
'@id' => 1,
'name' => 'Name of project, as tag',
'@' => 'Value of project'
]
];
$xmlObject = Xml::fromArray($xmlArray);
$xmlString = $xmlObject->asXML();

The content of $xmlString will be:


<?xml version="1.0"?>
<project id="1">Value of project<name>Name of project, as tag</name></project>

Using Namespaces
To use XML Namespaces, create a key in your array with the name xmlns: in a generic namespace or
input the prefix xmlns: in a custom namespace. See the samples:
$xmlArray = [
'root' => [
'xmlns:' => 'http://cakephp.org',
'child' => 'value'
]
];
$xml1 = Xml::fromArray($xmlArray);
$xmlArray(
'root' => [
'tag' => [
'xmlns:pref' => 'http://cakephp.org',
'pref:item' => [
'item 1',
'item 2'
]
]
]
);
$xml2 = Xml::fromArray($xmlArray);

The value of $xml1 and $xml2 will be, respectively:


<?xml version="1.0"?>
<root xmlns="http://cakephp.org"><child>value</child>

Transforming an Array into a String of XML

735

CakePHP Cookbook Documentation, Release 3.x

<?xml version="1.0"?>
<root><tag xmlns:pref="http://cakephp.org"><pref:item>item 1</pref:item><pref:item>item 2</

Creating a Child
After you have created your XML document, you just use the native interfaces for your document type to
add, remove, or manipulate child nodes:
// Using SimpleXML
$myXmlOriginal = '<?xml version="1.0"?><root><child>value</child></root>';
$xml = Xml::build($myXmlOriginal);
$xml->root->addChild('young', 'new value');
// Using DOMDocument
$myXmlOriginal = '<?xml version="1.0"?><root><child>value</child></root>';
$xml = Xml::build($myXmlOriginal, ['return' => 'domdocument']);
$child = $xml->createElement('young', 'new value');
$xml->firstChild->appendChild($child);

Tip:
After manipulating your XML using SimpleXMLElement or DomDocument you can use
Xml::toArray() without a problem.

736

Chapter 42. Xml

CHAPTER 43

Constants & Functions

While most of your day-to-day work in CakePHP will be utilizing core classes and methods, CakePHP
features a number of global convenience functions that may come in handy. Many of these functions are
for use with CakePHP classes (loading model or component classes), but many others make working with
arrays or strings a little easier.
Well also cover some of the constants available in CakePHP applications. Using these constants will help
make upgrades more smooth, but are also convenient ways to point to certain files or directories in your
CakePHP application.

Global Functions
Here are CakePHPs globally available functions. Most of them are just convenience wrappers for other
CakePHP functionality, such as debugging and translating content.
__(string $string_id[, $formatArgs ])
This function handles localization in CakePHP applications. The $string_id identifies the ID for
a translation. Strings used for translations are treated as format strings for sprintf(). You can
supply additional arguments to replace placeholders in your string:
__('You have {0} unread messages', $number);

Note: Check out the Internationalization & Localization section for more information.
__d(string $domain, string $msg, mixed $args = null)
Allows you to override the current domain for a single message lookup.
Useful when internationalizing a plugin:
plugin);

echo __d(PluginName, This is my

__dn(string $domain, string $singular, string $plural, integer $count, mixed $args = null)
Allows you to override the current domain for a single plural message lookup. Returns correct

737

CakePHP Cookbook Documentation, Release 3.x

plural form of message identified by $singular and $plural for count $count from domain
$domain.
__dx(string $domain, string $context, string $msg, mixed $args = null)
Allows you to override the current domain for a single message lookup. It also allows you to specify
a context.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__dxn(string $domain, string $context, string $singular, string $plural, integer $count, mixed $args
= null)
Allows you to override the current domain for a single plural message lookup. It also allows you to
specify a context. Returns correct plural form of message identified by $singular and $plural
for count $count from domain $domain. Some languages have more than one form for plural
messages dependent on the count.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__n(string $singular, string $plural, integer $count, mixed $args = null)
Returns correct plural form of message identified by $singular and $plural for count $count.
Some languages have more than one form for plural messages dependent on the count.
__x(string $context, string $msg, mixed $args = null)
The context is a unique identifier for the translations string that makes it unique within the same
domain.
__xn(string $context, string $singular, string $plural, integer $count, mixed $args = null)
Returns correct plural form of message identified by $singular and $plural for count $count
from domain $domain. It also allows you to specify a context. Some languages have more than one
form for plural messages dependent on the count.
The context is a unique identifier for the translations string that makes it unique within the same
domain.
collection(mixed $items)
Convenience wrapper for instantiating a new CakeCollectionCollection object, wrapping
the passed argument. The $items parameter takes either a Traversable object or an array.
debug(mixed $var, boolean $showHtml = null, $showFrom = true)
If the core $debug variable is true, $var is printed out. If $showHTML is true or left as null,
the data is rendered to be browser-friendly. If $showFrom is not set to false, the debug output will
start with the line from which it was called. Also see Debugging
env(string $key)
Gets an environment variable from available sources. Used as a backup if $_SERVER or $_ENV are
disabled.
This function also emulates PHP_SELF and DOCUMENT_ROOT on unsupporting servers. In fact, its
a good idea to always use env() instead of $_SERVER or getenv() (especially if you plan to
distribute the code), since its a full emulation wrapper.

738

Chapter 43. Constants & Functions

CakePHP Cookbook Documentation, Release 3.x

h(string $text, boolean $double = true, string $charset = null)


Convenience wrapper for htmlspecialchars().
pluginSplit(string $name, boolean $dotAppend = false, string $plugin = null)
Splits a dot syntax plugin name into its plugin and class name. If $name does not have a dot, then
index 0 will be null.
Commonly used like list($plugin, $name) = pluginSplit(Users.User);
namespaceSplit(string $class)
Split the namespace from the classname.
Commonly
used
like
namespaceSplit(Cake\Core\App);

list($namespace, $className) =

pr(mixed $var)
Convenience wrapper for print_r(), with the addition of wrapping <pre> tags around the output.
pj(mixed $var)
JSON pretty print convenience function, with the addition of wrapping <pre> tags around the output.
It is meant for debugging the JSON representation of objects and arrays.

Core Definition Constants


Most of the following constants refer to paths in your application.
constant APP
Absolute path to your application directory, including a trailing slash.
constant APP_DIR
Equals app or the name of your application directory.
constant CACHE
Path to the cache files directory. It can be shared between hosts in a multi-server setup.
constant CAKE
Path to the cake directory.
constant CAKE_CORE_INCLUDE_PATH
Path to the root lib directory.
constant CORE_PATH
Path to the root directory with ending directory slash.
constant DS
Short for PHPs DIRECTORY_SEPARATOR, which is / on Linux and \\ on Windows.
constant LOGS
Path to the logs directory.
constant ROOT
Path to the root directory.

Core Definition Constants

739

CakePHP Cookbook Documentation, Release 3.x

constant TESTS
Path to the tests directory.
constant TMP
Path to the temporary files directory.
constant WWW_ROOT
Full path to the webroot.

Timing Definition Constants


constant TIME_START
Unix timestamp in microseconds as a float from when the application started.
constant SECOND
Equals 1
constant MINUTE
Equals 60
constant HOUR
Equals 3600
constant DAY
Equals 86400
constant WEEK
Equals 604800
constant MONTH
Equals 2592000
constant YEAR
Equals 31536000

740

Chapter 43. Constants & Functions

CHAPTER 44

Debug Kit

DebugKit is a plugin supported by the core team that provides a toolbar to help make debugging CakePHP
applications easier.

Installation
By default DebugKit is installed with the default application skeleton. If youve removed it and want to
re-install it, you can do so by running the following from your applications ROOT directory (where composer.json file is located):
php composer.phar require --dev cakephp/debug_kit "~3.0"

DebugKit Storage
By default, DebugKit uses a small SQLite database in your applications /tmp directory to store the panel
data. If youd like DebugKit to store its data elsewhere, you should define a debug_kit connection.

Database Configuration
By default DebugKit will store panel data into a SQLite database in your applications tmp directory. If you
cannot install pdo_sqlite, you can configure DebugKit to use a different database by defining a debug_kit
connection in your config/app.php file.

Toolbar Usage
The DebugKit Toolbar is comprised of several panels, which are shown by clicking the CakePHP icon in
the bottom right-hand corner of your browser window. Once the toolbar is open, you should see a series of
buttons. Each of these buttons expands into a panel of related information.

741

CakePHP Cookbook Documentation, Release 3.x

Each panel lets you look at a different aspect of your application:


Cache See cache usage during a request and clear caches.
Environment Display environment variables related to PHP + CakePHP.
History Displays a list of previous requests, and allows you to load and view toolbar data from
previous requests.
Include View the included files grouped by type.
Log Display any entries made to the log files this request.
Request Displays information about the current request, GET, POST, Cake Parameters, Current Route
information and Cookies.
Session Display the information currently in the Session.
Sql Logs Displays SQL logs for each database connection.
Timer Display any timers that were set during the request with DebugKit\DebugTimer, and
memory usage collected with DebugKit\DebugMemory.
Variables Display View variables set in controller.
Typically, a panel handles the collection and display of a single type of information such as Logs or Request
information. You can choose to view panels from the toolbar or add your own custom panels.

Using the History Panel


The history panel is one of the most frequently misunderstood features of DebugKit. It provides a way to
view toolbar data from previous requests, including errors and redirects.
As you can see, the panel contains a list of requests. On the left you can see a dot marking the active request.
Clicking any request data will load the panel data for that request. When historical data is loaded the panel
titles will transition to indicate that alternative data has been loaded.

Developing Your Own Panels


You can create your own custom panels for DebugKit to help in debugging your applications.

Creating a Panel Class


Panel Classes simply need to be placed in the src/Panel directory. The filename should match the classname,
so the class MyCustomPanel would be expected to have a filename of src/Panel/MyCustomPanel.php:
namespace App\Panel;
use DebugKit\DebugPanel;
/**

742

Chapter 44. Debug Kit

CakePHP Cookbook Documentation, Release 3.x

* My Custom Panel
*/
class MyCustomPanel extends DebugPanel
{
...
}

Notice that custom panels are required to extend the DebugPanel class.

Callbacks
By default Panel objects have two callbacks, allowing them to hook into the current request. Panels subscribe to the Controller.initialize and Controller.shutdown events. If your panel needs
to subscribe to additional events, you can use the implementedEvents() method to define all of the
events your panel is interested in.
You should refer to the built-in panels for some examples on how you can build panels.

Panel Elements
Each Panel is expected to have a view element that renders the content from the panel. The element name
must be the underscored inflection of the class name. For example SessionPanel has an element named
session_panel.ctp, and SqllogPanel has an element named sqllog_panel.ctp. These elements
should be located in the root of your src/Template/Element directory.

Developing Your Own Panels

743

CakePHP Cookbook Documentation, Release 3.x

Custom Titles and Elements


Panels should pick up their title and element name by convention. However, if you need to choose a custom
element name or title, you can define methods to customize your panels behavior:
title() - Configure the title that is displayed in the toolbar.
elementName() - Configure which element should be used for a given panel.

Panel Hook Methods


You can also implement the following hook methods to customize how your panel behaves and appears:
shutdown(Event $event) This method typically collects and prepares the data for the panel.
Data is generally stored in $this->_data.
summary() Can return a string of summary data to be displayed in the toolbar even when a panel is
collapsed. Often this is a counter, or short summary information.
data() Returns the panels data to be used as element context. This hook method lets you further
manipulate the data collected in the shutdown() method. This method must return data that can
be serialized.

Panels in Other Plugins


Panels provided by Plugins work almost entirely the same as other plugins, with one minor difference: You
must set public $plugin to be the name of the plugin directory, so that the panels Elements can be
located at render time:
namespace MyPlugin\Panel;
use DebugKit\DebugPanel;
class MyCustomPanel extends DebugPanel
{
public $plugin = 'MyPlugin';
...
}

To use a plugin or app panel, update your applications DebugKit configuration to include the panel:
// in config/bootstrap.php
Configure::write('DebugKit.panels', ['App', 'MyPlugin.MyCustom']);
Plugin::load('DebugKit', ['bootstrap' => true]);

The above would load all the default panels as well as the AppPanel, and MyCustomPanel panel from
MyPlugin.

744

Chapter 44. Debug Kit

CHAPTER 45

Migrations

Migrations is another plugin supported by the core team that helps you do schema changes in your database
by writing PHP files that can be tracked using your version control system.
It allows you to evolve your database tables over time. Instead of writing schema modifications in SQL, this
plugin allows you to use an intuitive set of methods to implement your database changes.
This plugin is a wrapper for the database migrations library Phinx1

Installation
By default Migrations is installed with the default application skeleton. If youve removed it and want
to re-install it, you can do so by running the following from your applications ROOT directory (where
composer.json file is located):
php composer.phar require cakephp/migrations "@stable"

You will need to add the following line to your applications bootstrap.php file:
Plugin::load('Migrations');

Additionally, you will need to configure the default database configuration in your config/app.php file as
explained in the Database Configuration section.

Overview
A migration is basically a single PHP file that describes a new version of the database. A migration file
can create tables, add or remove columns, create indexes and even insert data into the database.
Heres an example of a migration:
1

https://phinx.org/

745

CakePHP Cookbook Documentation, Release 3.x

class CreateProductsTable extends AbstractMigration


{
/**
* This method gets executed when applying the changes to
* the database.
*
* Changes to the database can also be reverted without any
* additional code for non-destructive operations.
*/
public function change()
{
// create the table
$table = $this->table('products');
$table->addColumn('name', 'string')
->addColumn('description', 'text')
->addColumn('created', 'datetime')
->create();
}

This migration adds a table called products with a string column called name, a text description column
and a column called created with a datetime type. A primary key column called id will also be added
implicitly.
Note that this file describes how the database should look like after applying the change, at this point no
products table exist, but we have created a file that is both able to create the table with the right column
as well as to drop it if we rollback the migration.
Once the file has been created in the config/Migrations folder, you will be able to execute the following
command to create the table in your database:
bin/cake migrations migrate

Creating Migrations
Migration files are stored in the config/Migration directory of your application. The name of the migration files are prefixed with the date in which they were created, in the format YYYYMMDDHHMMSS_my_new_migration.php.
The easiest way of creating a migrations file is by using the command line. Lets imagine that youd like to
add a new products table:
bin/cake bake migration CreateProducts name:string description:text created modified

The above line will create a migration file looking like this:
class CreateProductsTable extends AbstractMigration
{
public function change()
{
$table = $this->table('products');
$table->addColumn('name', 'string')

746

Chapter 45. Migrations

CakePHP Cookbook Documentation, Release 3.x

->addColumn('description', 'text')
->addColumn('created', 'datetime')
->addColumn('modified', 'datetime')
->create();
}

If the migration name in the command line is of the form AddXXXToYYY or RemoveXXXFromYYY
and is followed by a list of column names and types then a migration file containing the code for creating or
dropping the columns will be generated:
bin/cake bake migration AddPriceToProducts price:decimal

Executing the command line above will generate:


class AddPriceToProducts extends AbstractMigration
{
public function change()
{
$table = $this->table('products');
$table->addColumn('price', 'decimal')
->update();
}

It is also possible to add indexes to columns:


bin/cake bake migration AddNameIndexToProducts name:string:index

will generate:
class AddNameIndexToProducts extends AbstractMigration
{
public function change()
{
$table = $this->table('products');
$table->addColumn('name', 'string')
->addIndex(['name'])
->update();
}

When using fields in the command line it may be handy to remember that they follow the following pattern:
field:fieldType:indexType:indexName

For instance, the following are all valid ways of specifying an email field:
email:string:unique
email:string:unique:EMAIL_INDEX
Fields named created and modified will automatically be set to the type datetime.
In the same way, you can generate a migration to remove a column by using the command line:
bin/cake bake migration RemovePriceFromProducts price

creates the file:


Creating Migrations

747

CakePHP Cookbook Documentation, Release 3.x

class RemovePriceFromProducts extends AbstractMigration


{
public function change()
{
$table = $this->table('products');
$table->removeColumn('price');
}

Migration Names can follow any of the following patterns:


Create a table: (/^(Create)(.*)/) Creates the specified table.
Drop a table: (/^(Drop)(.*)/) Drops the specified table. Ignores specified field arguments.
Add a field: (/^(Add).*(?:To)(.*)/) Adds fields to the specified table.
Remove a field: (/^(Remove).*(?:From)(.*)/) Removes fields from the specified table.
Alter a table: (/^(Alter)(.*)/) Alters the specified table. An alias for CreateTable and AddField.
Field types a those generically made available by the Phinx library. Those can be:
string
text
integer
biginteger
float
decimal
datetime
timestamp
time
date
binary
boolean
uuid
Additionally you can create an empty migrations file if you want full control over what needs to be executed:
bin/cake migrations create MyCustomMigration

Please make sure you read the official Phinx documentation2 in order to know the complete list of methods
you can use for writing migration files.
2

http://docs.phinx.org/en/latest/migrations.html

748

Chapter 45. Migrations

CakePHP Cookbook Documentation, Release 3.x

Generating Migrations From Existing Databases


If you are dealing with a pre-existing database and want to start using migrations, or to version control the
initial schema of your applications database, you can run the migration_snapshot command:
bin/cake bake migration_snapshot Initial

It will generate a migration file called Initial containing all the create statements for all tables in your
database.

Creating Custom Primary Keys


If you need to avoid the automatic creation of the id primary key when adding new tables to the database,
you can use the second argument of the table() method:
class CreateProductsTable extends AbstractMigration
{
public function change()
{
$table = $this->table('products', ['id' => false, 'primary_key' => ['id']]);
$table
->addColumn('id', 'uuid')
->addColumn('name', 'string')
->addColumn('description', 'text')
->create();
}

The above will create a CHAR(36) id column that is also the primary key.

Collations
If you need to create a table with a different collation than the database default one, you can define it with
the table() method, as an option:
class CreateCategoriesTable extends AbstractMigration
{
public function change()
{
$table = $this
->table('categories', [
'collation' => 'latin1_german1_ci'
])
->addColumn('title', 'string', [
'default' => null,
'limit' => 255,
'null' => false,
])
->create();
}

Creating Migrations

749

CakePHP Cookbook Documentation, Release 3.x

Note however this can only be done on table creation : there is currently no way of adding a column to
an existing table with a different collation than the table or the database. Only MySQL and SqlServer
supports this configuration key for the time being.

Applying Migrations
Once you have generated or written your migration file, you need to execute the following command to
apply the changes to your database:
bin/cake migrations migrate

To migrate to a specific version then use the target parameter or -t for short:
bin/cake migrations migrate -t 20150103081132

That corresponds to the timestamp that is prefixed to the migrations file name.

Reverting Migrations
The Rollback command is used to undo previous migrations executed by this plugin. It is the reverse action
of the migrate command.
You can rollback to the previous migration by using the rollback command:
bin/cake migrations rollback

You can also pass a migration version number to rollback to a specific version:
bin/cake migrations rollback -t 20150103081132

Migrations Status
The Status command prints a list of all migrations, along with their current status. You can use this command
to determine which migrations have been run:
bin/cake migrations status

Marking a migration as migrated


New in version cakephp/migrations: 1.1.0
It can sometimes be useful to mark a migration as migrated without actually running it. In order to do this,
you can use the mark_migrated command. This command expects the migration version number as
argument:

750

Chapter 45. Migrations

CakePHP Cookbook Documentation, Release 3.x

bin/cake migrations mark_migrated 20150420082532

Note that when you bake a snapshot with the cake bake migration_snapshot command, the created migration will automatically be marked as migrated.

Using Migrations In Plugins


Plugins can also provide migration files. This makes plugins that are intended to be distributed much more
portable and easy to install. All commands in the Migrations plugin support the --plugin or -p option
that will scope the execution to the migrations relative to that plugin:
bin/cake migrations status -p PluginName
bin/cake migrations migrate -p PluginName

Using Migrations In Plugins

751

CakePHP Cookbook Documentation, Release 3.x

752

Chapter 45. Migrations

CHAPTER 46

Appendices

Appendices contain information regarding the new features introduced in each version and the migration
path between versions.

3.0 Migration Guide


3.0 Migration Guide
This page summarizes the changes from CakePHP 2.x that will assist in migrating a project to 3.0, as well
as a reference to get up to date with the changes made to the core since the CakePHP 2.x branch. Be sure to
read the other pages in this guide for all the new features and API changes.
Requirements
CakePHP 3.x supports PHP Version 5.4.16 and above.
CakePHP 3.x requires the mbstring extension.
CakePHP 3.x requires the intl extension.
Warning: CakePHP 3.0 will not work if you do not meet the above requirements.

Upgrade Tool
While this document covers all the breaking changes and improvements made in CakePHP 3.0, weve also
created a console application to help you easily complete some of the time consuming mechanical changes.
You can get the upgrade tool from github1 .
1

https://github.com/cakephp/upgrade

753

CakePHP Cookbook Documentation, Release 3.x

Application Directory Layout


The application directory layout has changed and now follows PSR-42 . You should use the app skeleton3
project as a reference point when updating your application.
CakePHP should be installed with Composer
Since CakePHP can no longer easily be installed via PEAR, or in a shared directory, those options are no
longer supported. Instead you should use Composer4 to install CakePHP into your application.
Namespaces
All of CakePHPs core classes are now namespaced and follow PSR-4 autoloading specifications. For
example src/Cache/Cache.php is namespaced as Cake\Cache\Cache. Global constants and helper
methods like __() and debug() are not namespaced for convenience sake.
Removed Constants
The following deprecated constants have been removed:
IMAGES
CSS
JS
IMAGES_URL
JS_URL
CSS_URL
DEFAULT_LANGUAGE
Configuration
Configuration in CakePHP 3.0 is significantly different than in previous versions. You should read the
Configuration documentation for how configuration is done in 3.0.
You can no longer use App::build() to configure additional class paths. Instead you should map additional paths using your applications autoloader. See the section on Additional Class Paths for more
information.
Three new configure variables provide the path configuration for plugins, views and locale files. You can
add multiple paths to App.paths.templates, App.paths.plugins, App.paths.locales to
configure multiple paths for templates, plugins and locale files respectively.
2

http://www.php-fig.org/psr/psr-4/
https://github.com/cakephp/app
4
http://getcomposer.org
3

754

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

The config key www_root has been changed to wwwRoot for consistency. Please adjust your app.php
config file as well as any usage of Configure::read(App.wwwRoot).
New ORM
CakePHP 3.0 features a new ORM that has been re-built from the ground up. The new ORM is significantly different and incompatible with the previous one. Upgrading to the new ORM will require extensive
changes in any application that is being upgraded. See the new Database Access & ORM documentation for
information on how to use the new ORM.
Basics
LogError() was removed, it provided no benefit and is rarely/never used.
The following global functions have been removed: config(), cache(), clearCache(),
convertSlashes(), am(), fileExistsInPath(), sortByKey().
Debugging
Configure::write(debug, $bool) does not support 0/1/2 anymore. A simple boolean
is used instead to switch debug mode on or off.
Object settings/configuration
Objects used in CakePHP now have a consistent instance-configuration storage/retrieval system. Code
which previously accessed for example: $object->settings should instead be updated to use
$object->config().
Cache
Memcache engine has been removed, use Cake\Cache\Cache\Engine\Memcached instead.
Cache engines are now lazy loaded upon first use.
Cake\Cache\Cache::engine() has been added.
Cake\Cache\Cache::enabled() has been added. This replaced the Cache.disable configure option.
Cake\Cache\Cache::enable() has been added.
Cake\Cache\Cache::disable() has been added.
Cache configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Cache::set() has been removed. It is recommended that you create multiple cache configurations
to replace runtime configuration tweaks previously possible with Cache::set().

3.0 Migration Guide

755

CakePHP Cookbook Documentation, Release 3.x

All CacheEngine subclasses now implement a config() method.


Cake\Cache\Cache::readMany(),
Cake\Cache\Cache::deleteMany(),
Cake\Cache\Cache::writeMany() were added.

and

All Cake\Cache\Cache\CacheEngine methods now honor/are responsible for handling the configured key prefix. The Cake\Cache\CacheEngine::write() no longer permits setting the duration
on write - the duration is taken from the cache engines runtime config. Calling a cache method with an
empty key will now throw an InvalidArgumentException, instead of returning false.
Core
App

App::pluginPath() has been removed. Use CakePlugin::path() instead.


App::build() has been removed.
App::location() has been removed.
App::paths() has been removed.
App::load() has been removed.
App::objects() has been removed.
App::RESET has been removed.
App::APPEND has been removed.
App::PREPEND has been removed.
App::REGISTER has been removed.
Plugin

Cake\Core\Plugin::load() does not setup an autoloader unless you set the autoload option to true.
When loading plugins you can no longer provide a callable.
When loading plugins you can no longer provide an array of config files to load.
Configure

Cake\Configure\PhpReader renamed to Cake\Core\Configure\EnginePhpConfig


Cake\Configure\IniReader renamed to Cake\Core\Configure\EngineIniConfig
Cake\Configure\ConfigReaderInterface
Cake\Core\Configure\ConfigEngineInterface

renamed

to

Cake\Core\Configure::consume() was added.


756

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Cake\Core\Configure::load() now expects the file name without extension suffix as this
can be derived from the engine. E.g. using PhpConfig use app to load app.php.
Setting
a
$config
variable
in
PHP
config
file
is
deprecated.
Cake\Core\Configure\EnginePhpConfig now expects the config file to return an
array.
A new config engine Cake\Core\Configure\EngineJsonConfig has been added.
Object

The Object class has been removed. It formerly contained a grab bag of methods that were
used in various places across the framework. The most useful of these methods have been extracted into traits. You can use the Cake\Log\LogTrait to access the log() method. The
Cake\Routing\RequestActionTrait provides requestAction().
Console
The cake executable has been moved from the app/Console directory to the bin directory within the
application skeleton. You can now invoke CakePHPs console with bin/cake.
TaskCollection Replaced

This class has been renamed to Cake\Console\TaskRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code. Tasks no longer have access to callbacks, as
there were never any callbacks to use.
Shell

Shell::__construct() has
Cake\Console\ConsoleIo.

changed.

It

now

takes

an

instance

of

Shell::param() has been added as convenience access to the params.


Additionally all shell methods will be transformed to camel case when invoked. For example, if you had a
hello_world() method inside a shell and invoked it with bin/cake my_shell hello_world,
you will need to rename the method to helloWorld. There are no changes required in the way you invoke
commands.
ConsoleOptionParser

ConsoleOptionParser::merge() has been added to merge parsers.

3.0 Migration Guide

757

CakePHP Cookbook Documentation, Release 3.x

ConsoleInputArgument

ConsoleInputArgument::isEqualTo() has been added to compare two arguments.


Shell / Task
Shells and Tasks have been moved from Console/Command and Console/Command/Task to Shell
and Shell/Task.
ApiShell Removed

The ApiShell was removed as it didnt provide any benefit over the file source itself and the online documentation/API5 .
SchemaShell Removed

The SchemaShell was removed as it was never a complete database migration implementation and better
tools such as Phinx6 have emerged. It has been replaced by the CakePHP Migrations Plugin7 which acts as
a wrapper between CakePHP and Phinx8 .
ExtractTask

bin/cake i18n extract no longer includes untranslated validation messages. If you want
translated validation messages you should wrap those messages in __() calls like any other content.
BakeShell / TemplateTask

Bake is no longer part of the core source and is superseded by CakePHP Bake Plugin9
Bake templates have been moved under src/Template/Bake.
The syntax of Bake templates now uses erb-style tags (<% %>) to denote templating logic, allowing
php code to be treated as plain text.
The bake view command has been renamed bake template.
5

http://api.cakephp.org/
https://phinx.org/
7
https://github.com/cakephp/migrations
8
https://phinx.org/
9
https://github.com/cakephp/bake
6

758

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Event
The getEventManager() method, was removed on all objects that had it. An eventManager()
method is now provided by the EventManagerTrait. The EventManagerTrait contains the logic
of instantiating and keeping a reference to a local event manager.
The Event subsystem has had a number of optional features removed. When dispatching events you can no
longer use the following options:
passParams This option is now enabled always implicitly. You cannot turn it off.
break This option has been removed. You must now stop events.
breakOn This option has been removed. You must now stop events.
Log
Log configurations are now immutable. If you need to change configuration you must first drop the
configuration and then re-create it. This prevents synchronization issues with configuration options.
Log engines are now lazily loaded upon the first write to the logs.
Cake\Log\Log::engine() has been added.
The following methods have been removed from Cake\Log\Log :: defaultLevels(),
enabled(), enable(), disable().
You can no longer create custom levels using Log::levels().
When configuring loggers you should use levels instead of types.
You can no longer specify custom log levels. You must use the default set of log levels. You should use
logging scopes to create custom log files or specific handling for different sections of your application.
Using a non-standard log level will now throw an exception.
Cake\Log\LogTrait was added. You can use this trait in your classes to add the log() method.
The logging scope passed to Cake\Log\Log::write() is now forwarded to the log engines
write() method in order to provide better context to the engines.
Log engines are now required to implement Psr\Log\LogInterface instead of Cakes own
LogInterface. In general, if you extended Cake\Log\Engine\BaseEngine you just need
to rename the write() method to log().
Cake\Log\Engine\FileLog now writes files in ROOT/logs instead of ROOT/tmp/logs.
Routing
Named Parameters

Named parameters were removed in 3.0. Named parameters were added in 1.2.0 as a pretty version of
query string parameters. While the visual benefit is arguable, the problems named parameters created are
not.
3.0 Migration Guide

759

CakePHP Cookbook Documentation, Release 3.x

Named parameters required special handling in CakePHP as well as any PHP or JavaScript library that
needed to interact with them, as named parameters are not implemented or understood by any library except
CakePHP. The additional complexity and code required to support named parameters did not justify their
existence, and they have been removed. In their place you should use standard query string parameters or
passed arguments. By default Router will treat any additional parameters to Router::url() as query
string arguments.
Since many applications will still need to parse incoming URLs containing named parameters.
Cake\Routing\Router::parseNamedParams() has been added to allow backwards compatibility with existing URLs.
RequestActionTrait

Cake\Routing\RequestActionTrait::requestAction() has had some of the extra options changed:


options[url] is now options[query].
options[data] is now options[post].
Named parameters are no longer supported.
Router

Named parameters have been removed, see above for more information.
The full_base option has been replaced with the _full option.
The ext option has been replaced with the _ext option.
_scheme, _port, _host, _base, _full, _ext options added.
String URLs are no longer modified by adding the plugin/controller/prefix names.
The default fallback route handling was removed. If no routes match a parameter set / will be returned.
Route classes are responsible for all URL generation including query string parameters. This makes
routes far more powerful and flexible.
Persistent
parameters
were
removed.
They
were
replaced
with
Cake\Routing\Router::urlFilter() which allows a more flexible way to mutate
URLs being reverse routed.
Router::parseExtensions()
has
been
removed.
Use
Cake\Routing\Router::extensions() instead. This method must be called before
routes are connected. It wont modify existing routes.
Router::setExtensions() has been removed. Use Cake\Routing\Router::extensions()
instead.
Router::resourceMap() has been removed.

760

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

The [method] option has been renamed to _method.


The ability to match arbitrary headers with [] style parameters has been removed. If you need to
parse/match on arbitrary conditions consider using custom route classes.
Router::promote() has been removed.
Router::parse() will now raise an exception when a URL cannot be handled by any route.
Router::url() will now raise an exception when no route matches a set of parameters.
Routing scopes have been introduced. Routing scopes allow you to keep your routes file DRY and
give Router hints on how to optimize parsing & reverse routing URLs.
Route

CakeRoute was re-named to Route.


The signature of match() has changed to match($url, $context = []) See
Cake\Routing\Route::match() for information on the new signature.
Dispatcher Filters Configuration Changed

Dispatcher filters are no longer added to your application using Configure.


You now append them with Cake\Routing\DispatcherFactory. This means if your application used
Dispatcher.filters, you should now use Cake\Routing\DispatcherFactory::add().
In addition to configuration changes, dispatcher filters have had some conventions updated, and features
added. See the Dispatcher Filters documentation for more information.
FilterAssetFilter

Plugin & theme assets handled by the AssetFilter are no longer read via include instead they are
treated as plain text files. This fixes a number of issues with JavaScript libraries like TinyMCE and
environments with short_tags enabled.
Support for the Asset.filter configuration and hooks were removed. This feature can easily be
replaced with a plugin or dispatcher filter.
Network
Request

CakeRequest has been renamed to Cake\Network\Request.


Cake\Network\Request::port() was added.
Cake\Network\Request::scheme() was added.
Cake\Network\Request::cookie() was added.
3.0 Migration Guide

761

CakePHP Cookbook Documentation, Release 3.x

Cake\Network\Request::$trustProxy was added. This makes it easier to put CakePHP


applications behind load balancers.
Cake\Network\Request::$data is no longer merged with the prefixed data key, as that prefix
has been removed.
Cake\Network\Request::env() was added.
Cake\Network\Request::acceptLanguage() was changed from static method to nonstatic.
Request detector for mobile has been removed from the core. Instead the app template adds detectors for mobile and tablet using MobileDetect lib.
The method onlyAllow() has been renamed to allowMethod() and no longer accepts var
args. All method names need to be passed as first argument, either as string or array of strings.
Response

The mapping of mimetype text/plain to extension csv has been removed. As a consequence Cake\Controller\Component\RequestHandlerComponent doesnt set extension to csv if Accept header contains mimetype text/plain which was a common annoyance
when receiving a jQuery XHR request.
Sessions
The session class is no longer static, instead the session can be accessed through the request object. See the
Sessions documentation for using the session object.
Cake\Network\Session and related session classes have been moved under the
Cake\Network namespace.
SessionHandlerInterface has been removed in favor of the one provided by PHP itself.
The property Session::$requestCountdown has been removed.
The session checkAgent feature has been removed. It caused a number of bugs when chrome frame,
and flash player are involved.
The conventional sessions database table name is now sessions instead of cake_sessions.
The session cookie timeout is automatically updated in tandem with the timeout in the session data.
The path for session cookie now defaults to apps base path instead of /. Also new config variable
Session.cookiePath has been added to easily customize the cookie path.
A new convenience method Cake\Network\Session::consume() has been added to allow
reading and deleting session data in a single step.
The default value of Cake\Network\Session::clear()s argument $renew has been
changed from true to false.

762

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Network\Http
HttpSocket is now Cake\Network\Http\Client.
HttpClient has been re-written from the ground up. It has a simpler/easier to use API, support for
new authentication systems like OAuth, and file uploads. It uses PHPs stream APIs so there is no
requirement for cURL. See the Http Client documentation for more information.
Network\Email
Cake\Network\Email\Email::config() is now used to define configuration profiles. This
replaces the EmailConfig classes in previous versions.
Cake\Network\Email\Email::profile() replaces config() as the way to modify per
instance configuration options.
Cake\Network\Email\Email::drop() has been added to allow the removal of email configuration.
Cake\Network\Email\Email::configTransport() has been added to allow the definition of transport configurations. This change removes transport options from delivery profiles and
allows you to easily re-use transports across email profiles.
Cake\Network\Email\Email::dropTransport() has been added to allow the removal of
transport configuration.
Controller
Controller

The $helpers, $components properties are now merged with all parent classes not just
AppController and the plugin AppController. The properties are merged differently now as well.
Instead of all settings in all classes being merged together, the configuration defined in the child class
will be used. This means that if you have some configuration defined in your AppController, and
some configuration defined in a subclass, only the configuration in the subclass will be used.
Controller::httpCodes() has been removed, use Cake\Network\Response::httpCodes()
instead.
Controller::disableCache()
has
been
Cake\Network\Response::disableCache() instead.

removed,

use

Controller::flash() has been removed. This method was rarely used in real applications and
served no purpose anymore.
Controller::validate() and Controller::validationErrors() have been removed. They were left over methods from the 1.x days where the concerns of models + controllers
were far more intertwined.
Controller::loadModel() now loads table objects.

3.0 Migration Guide

763

CakePHP Cookbook Documentation, Release 3.x

The Controller::$scaffold property has been removed. Dynamic scaffolding has been removed from CakePHP core. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
The Controller::$ext property has been removed. You now have to extend and override the
View::$_ext property if you want to use a non-default view file extension.
The Controller::$methods property has been removed.
You should now use
Controller::isAction() to determine whether or not a method name is an action. This
change was made to allow easier customization of what is and is not counted as an action.
The Controller::$Components property has been removed and replaced with
_components.
If you need to load components at runtime you should use
$this->loadComponent() on your controller.
The signature of Cake\Controller\Controller::redirect() has been changed to
Controller::redirect(string|array $url, int $status = null). The 3rd argument $exit has been dropped. The method can no longer send response and exit script, instead it
returns a Response instance with appropriate headers set.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
Underscore prefixed controller methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead. Only public methods can be used as controller actions.
Scaffold Removed

The dynamic scaffolding in CakePHP has been removed from CakePHP core. It was infrequently used,
and never intended for production use. An improved scaffolding plugin, named CRUD, can be found here:
https://github.com/FriendsOfCake/crud
ComponentCollection Replaced

This class has been renamed to Cake\Controller\ComponentRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake
upgrade rename_collections to assist in upgrading your code.
Component

The _Collection property is now _registry.


Cake\Controller\ComponentRegistry now.

It

contains

an

instance

of

All components should now use the config() method to get/set configuration.
Default configuration for components should be defined in the $_defaultConfig property. This
property is automatically merged with any configuration provided to the constructor.
Configuration options are no longer set as public properties.

764

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

The Component::initialize() method is no longer an event listener. Instead, it is


a post-constructor hook like Table::initialize() and Controller::initialize().
The new Component::beforeFilter() method is bound to the same event that
Component::initialize() used to be. The initialize method should have the following signature initialize(array $config).
Controller\Components
CookieComponent

Uses Cake\Network\Request::cookie() to read cookie data, this eases testing, and allows
for ControllerTestCase to set cookies.
Cookies encrypted in previous versions of CakePHP using the cipher() method are now unreadable because Security::cipher() has been removed. You will need to re-encrypt cookies
with the rijndael() or aes() method before upgrading.
CookieComponent::type() has been removed and replaced with configuration data accessed
through config().
write() no longer takes encryption or expires parameters. Both of these are now managed
through config data. See Cookie for more information.
The path for cookies now defaults to apps base path instead of /.
AuthComponent

Default is now the default password hasher used by authentication classes. It uses exclusively
the bcrypt hashing algorithm. If you want to continue using SHA1 hashing used in 2.x use
passwordHasher => Weak in your authenticator configuration.
A new FallbackPasswordHasher was added to help users migrate old passwords from one
algorithm to another. Check AuthComponents documentation for more info.
BlowfishAuthenticate class has been removed. Just use FormAuthenticate
BlowfishPasswordHasher class has been removed. Use DefaultPasswordHasher instead.
The loggedIn() method has been removed. Use user() instead.
Configuration options are no longer set as public properties.
The methods allow() and deny() no longer accept var args. All method names need to be
passed as first argument, either as string or array of strings.
The method login() has been removed and replaced by setUser() instead. To login a user you
now have to call identify() which returns user info upon successful identification and then use
setUser() to save the info to session for persistence across requests.
BaseAuthenticate::_password() has been removed. Use a PasswordHasher class instead.
3.0 Migration Guide

765

CakePHP Cookbook Documentation, Release 3.x

BaseAuthenticate::logout() has been removed.


AuthComponent now triggers two events Auth.afterIdentify and Auth.logout after a
user has been identified and before a user is logged out respectively. You can set callback functions
for these events by returning a mapping array from implementedEvents() method of your authenticate class.
ACL related classes were moved to a separate plugin. Password hashers, Authentication and Authorization
providers where moved to the \Cake\Auth namespace. You are required to move your providers and
hashers to the App\Auth namespace as well.
RequestHandlerComponent

The following methods have been removed from RequestHandler component:: isAjax(),
isFlash(), isSSL(), isPut(), isPost(), isGet(), isDelete().
Use the
Cake\Network\Request::is() method instead with relevant argument.
RequestHandler::setContent() was removed, use Cake\Network\Response::type()
instead.
RequestHandler::getReferer() was removed, use Cake\Network\Request::referer()
instead.
RequestHandler::getClientIP() was removed, use Cake\Network\Request::clientIp()
instead.
RequestHandler::getAjaxVersion() was removed.
RequestHandler::mapType() was removed, use Cake\Network\Response::mapType()
instead.
Configuration options are no longer set as public properties.
SecurityComponent

The following methods and their related properties have been removed from Security component: requirePost(), requireGet(), requirePut(), requireDelete(). Use the
Cake\Network\Request::allowMethod() instead.
SecurityComponent::$disabledFields()
SecurityComponent::$unlockedFields().

has

been

removed,

use

The CSRF related features in SecurityComponent have been extracted and moved into a separate CsrfComponent. This allows you more easily use CSRF protection without having to use form tampering
prevention.
Configuration options are no longer set as public properties.
The methods requireAuth() and requireSecure() no longer accept var args. All method
names need to be passed as first argument, either as string or array of strings.

766

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

SessionComponent

SessionComponent::setFlash() is deprecated. You should use Flash instead.


Error

Custom ExceptionRenderers are now expected to either return a Cake\Network\Response object or


string when rendering errors. This means that any methods handling specific exceptions must return a
response or string value.
Model
The Model layer in 2.x has been entirely re-written and replaced. You should review the New ORM Upgrade
Guide for information on how to use the new ORM.
The Model class has been removed.
The BehaviorCollection class has been removed.
The DboSource class has been removed.
The Datasource class has been removed.
The various datasource classes have been removed.
ConnectionManager

ConnectionManager has been moved to the Cake\Datasource namespace.


ConnectionManager has had the following methods removed:
sourceList
getSourceName
loadDataSource
enumConnectionObjects
Database\ConnectionManager::config() has been added and is now the only way to
configure connections.
Database\ConnectionManager::get() has been added. It replaces getDataSource().
Database\ConnectionManager::configured() has been added. It and config() replace sourceList() & enumConnectionObjects() with a more standard and consistent
API.
ConnectionManager::create() has been removed. It can be replaced by config($name,
$config) and get($name).

3.0 Migration Guide

767

CakePHP Cookbook Documentation, Release 3.x

Behaviors

Underscore prefixed behavior methods like _someMethod() are no longer treated as private methods. Use proper visibility keywords instead.
TreeBehavior

The TreeBehavior was completely re-written to use the new ORM. Although it works the same as in 2.x, a
few methods were renamed or removed:
TreeBehavior::children() is now a custom finder find(children).
TreeBehavior::generateTreeList() is now a custom finder find(treeList).
TreeBehavior::getParentNode() was removed.
TreeBehavior::getPath() is now a custom finder find(path).
TreeBehavior::reorder() was removed.
TreeBehavior::verify() was removed.
TestSuite
TestCase

_normalizePath() has been added to allow path comparison tests to run across all operation
systems regarding their DS settings (\ in Windows vs / in UNIX, for example).
The following assertion methods have been removed as they have long been deprecated and replaced by
their new PHPUnit counterpart:
assertEqual() in favor of assertEquals()
assertNotEqual() in favor of assertNotEquals()
assertIdentical() in favor of assertSame()
assertNotIdentical() in favor of assertNotSame()
assertPattern() in favor of assertRegExp()
assertNoPattern() in favor of assertNotRegExp()
assertReference() if favor of assertSame()
assertIsA() in favor of assertInstanceOf()
Note that some methods have switched the argument order, e.g. assertEqual($is, $expected)
should now be assertEquals($expected, $is).
The following assertion methods have been deprecated and will be removed in the future:
assertWithinMargin() in favor of assertWithinRange()

768

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

assertTags() in favor of assertHtml()


Both method replacements also switched the argument order for a consistent assert method API with
$expected as first argument.
The following assertion methods have been added:
assertNotWithinRange() as counter part to assertWithinRange()
View
Themes are now Basic Plugins

Having themes and plugins as ways to create modular application components has proven to be limited, and
confusing. In CakePHP 3.0, themes no longer reside inside the application. Instead they are standalone
plugins. This solves a few problems with themes:
You could not put themes in plugins.
Themes could not provide helpers, or custom view classes.
Both these issues are solved by converting themes into plugins.
View Folders Renamed

The folders containing view files now go under src/Template instead of src/View. This was done to separate
the view files from files containing php classes (eg. Helpers, View classes).
The following View folders have been renamed to avoid naming collisions with controller names:
Layouts is now Layout
Elements is now Element
Errors is now Error
Emails is now Email (same for Email inside Layout)
HelperCollection Replaced

This class has been renamed to Cake\View\HelperRegistry. See the section on Registry Objects for more information on the features provided by the new class. You can use the cake upgrade
rename_collections to assist in upgrading your code.
View Class

The
plugin
key
has
been
Cake\View\View::element().
SomePlugin.element_name instead.

3.0 Migration Guide

removed
from
$options
argument
Specify
the
element
name

of
as

769

CakePHP Cookbook Documentation, Release 3.x

View::getVar() has been removed, use Cake\View\View::get() instead.


View::$ext has been removed and instead a protected property View::$_ext has been added.
View::addScript() has been removed. Use Using View Blocks instead.
The base, webroot, here, data, action, and params magic properties have been removed.
You should access all of these properties on $this->request instead.
View::start() no longer appends to an existing block. Instead it will overwrite the block content
when end is called. If you need to combine block contents you should fetch the block content when
calling start a second time, or use the capturing mode of append().
View::prepend() no longer has a capturing mode.
View::startIfEmpty() has been removed. Now that start() always overwrites startIfEmpty
serves no purpose.
The View::$Helpers property has been removed and replaced with _helpers. If you need to
load helpers at runtime you should use $this->addHelper() in your view files.
View will now raise Cake\View\Exception\MissingTemplateException when templates are missing instead of MissingViewException.
ViewBlock

ViewBlock::append() has been removed, use Cake\ViewViewBlock::concat() instead. However, View::append() still exists.
JsonView

By default JSON data will have HTML entities encoded now. This prevents possible XSS issues when
JSON view content is embedded in HTML files.
Cake\View\JsonView now supports the _jsonOptions view variable. This allows you to
configure the bit-mask options used when generating JSON.
XmlView

Cake\View\XmlView now supports the _xmlOptions view variable. This allows you to configure the options used when generating XML.
View\Helper
The $settings property is now called $_config and should be accessed through the config()
method.
Configuration options are no longer set as public properties.

770

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Helper::clean() was removed. It was never robust enough to fully prevent XSS. instead you
should escape content with h or use a dedicated library like htmlPurifier.
Helper::output() was removed. This method was deprecated in 2.x.
Methods
Helper::webroot(),
Helper::url(),
Helper::assetUrl(),
Helper::assetTimestamp() have been moved to new Cake\View\Helper\UrlHelper
helper. Helper::url() is now available as Cake\View\Helper\UrlHelper::build().
Magic accessors to deprecated properties have been removed. The following properties now need to
be accessed from the request object:
base
here
webroot
data
action
params
Helper

Helper has had the following methods removed:


Helper::setEntity()
Helper::entity()
Helper::model()
Helper::field()
Helper::value()
Helper::_name()
Helper::_initInputField()
Helper::_selectedArray()
These methods were part used only by FormHelper, and part of the persistent field features that have proven
to be problematic over time. FormHelper no longer relies on these methods and the complexity they provide
is not necessary anymore.
The following methods have been removed:
Helper::_parseAttributes()
Helper::_formatAttribute()
These methods can now be found on the StringTemplate class that helpers frequently use. See the
StringTemplateTrait for an easy way to integrate string templates into your own helpers.

3.0 Migration Guide

771

CakePHP Cookbook Documentation, Release 3.x

FormHelper

FormHelper has been entirely rewritten for 3.0. It features a few large changes:
FormHelper works with the new ORM. But has an extensible system for integrating with other ORMs
or datasources.
FormHelper features an extensible widget system that allows you to create new custom input widgets
and easily augment the built-in ones.
String templates are the foundation of the helper. Instead of munging arrays together everywhere,
most of the HTML FormHelper generates can be customized in one central place using template sets.
In addition to these larger changes, some smaller breaking changes have been made as well. These changes
should help streamline the HTML FormHelper generates and reduce the problems people had in the past:
The data[ prefix was removed from all generated inputs. The prefix serves no real purpose anymore.
The various standalone input methods like text(), select() and others no longer generate id
attributes.
The inputDefaults option has been removed from create().
Options default and onsubmit of create() have been removed. Instead one should use
JavaScript event binding or set all required js code for onsubmit.
end() can no longer make buttons. You should create buttons with button() or submit().
FormHelper::tagIsInvalid() has been removed. Use isFieldError() instead.
FormHelper::inputDefaults() has been removed. You can use templates() to define/augment the templates FormHelper uses.
The wrap and class options have been removed from the error() method.
The showParents option has been removed from select().
The div, before, after, between and errorMessage options have been removed from
input(). You can use templates to update the wrapping HTML. The templates option allows
you to override the loaded templates for one input.
The separator, between, and legend options have been removed from radio(). You can
use templates to change the wrapping HTML now.
The format24Hours parameter has been removed from hour(). It has been replaced with the
format option.
The minYear, and maxYear parameters have been removed from year(). Both of these parameters can now be provided as options.
The dateFormat and timeFormat parameters have been removed from datetime(). You can
use the template to define the order the inputs should be displayed in.
The submit() has had the div, before and after options removed. You can customize the
submitContainer template to modify this content.

772

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

The inputs() method no longer accepts legend and fieldset in the $fields parameter,
you must use the $options parameter. It now also requires $fields parameter to be an array.
The $blacklist parameter has been removed, the functionality has been replaced by specifying
field => false in the $fields parameter.
The inline parameter has been removed from postLink() method. You should use the block
option instead. Setting block => true will emulate the previous behavior.
The timeFormat parameter for hour(), time() and dateTime() now defaults to 24, complying with ISO 8601.
The $confirmMessage argument of Cake\View\Helper\FormHelper::postLink()
has been removed. You should now use key confirm in $options to specify the message.
Checkbox and radio input types are now rendered inside of label elements by default. This helps
increase compatibility with popular CSS libraries like Bootstrap10 and Foundation11 .
Templates tags are now all camelBacked. Pre-3.0 tags formstart, formend, hiddenblock
and inputsubmit are now formStart, formEnd, hiddenBlock and inputSubmit. Make
sure you change them if they are customized in your app.
It is recommended that you review the Form documentation for more details on how to use the FormHelper
in 3.0.
HtmlHelper

HtmlHelper::useTag() has been removed, use tag() instead.


HtmlHelper::loadConfig() has been removed. Customizing the tags can now be done using
templates() or the templates setting.
The second parameter $options for HtmlHelper::css() now always requires an array as
documented.
The first parameter $data for HtmlHelper::style() now always requires an array as documented.
The inline parameter has been removed from meta(), css(), script(), scriptBlock() methods. You
should use the block option instead. Setting block => true will emulate the previous behavior.
HtmlHelper::meta() now requires $type to be a string. Additional options can further on be
passed as $options.
HtmlHelper::nestedList() now requires $options to be an array. The forth argument for
the tag type has been removed and included in the $options array.
The $confirmMessage argument of Cake\View\Helper\HtmlHelper::link() has
been removed. You should now use key confirm in $options to specify the message.
10
11

http://getbootstrap.com/
http://foundation.zurb.com/

3.0 Migration Guide

773

CakePHP Cookbook Documentation, Release 3.x

PaginatorHelper

link() has been removed. It was no longer used by the helper internally. It had low usage in user
land code, and no longer fit the goals of the helper.
next() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
prev() no longer has class, or tag options. It no longer has disabled arguments. Instead templates
are used.
first() no longer has after, ellipsis, separator, class, or tag options.
last() no longer has after, ellipsis, separator, class, or tag options.
numbers() no longer has separator, tag, currentTag, currentClass, class, tag, ellipsis options. These options are now facilitated through templates. It also requires the $options parameter
to be an array now.
The
%page%
style
placeholders
have
Cake\View\Helper\PaginatorHelper::counter().
holders instead.

been
removed
from
Use {{page}} style place-

url() has been renamed to generateUrl() to avoid method declaration clashes with
Helper::url().
By default all links and inactive texts are wrapped in <li> elements. This helps make CSS easier to write,
and improves compatibility with popular CSS frameworks.
Instead of the various options in each method, you should use the templates feature. See the PaginatorHelper
Templates documentation for information on how to use templates.
TimeHelper

TimeHelper::__set(), TimeHelper::__get(), and TimeHelper::__isset() were


removed. These were magic methods for deprecated attributes.
TimeHelper::serverOffset() has been removed. It promoted incorrect time math practices.
TimeHelper::niceShort() has been removed.
NumberHelper

NumberHelper::format() now requires $options to be an array.


SessionHelper

The SessionHelper has been deprecated. You can use $this->request->session() directly, and the flash message functionality has been moved into Flash instead.

774

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

JsHelper

JsHelper and all associated engines have been removed. It could only generate a very small subset
of JavaScript code for selected library and hence trying to generate all JavaScript code using just the
helper often became an impediment. Its now recommended to directly use JavaScript library of your
choice.
CacheHelper Removed

CacheHelper has been removed. The caching functionality it provided was non-standard, limited and incompatible with non-HTML layouts and data views. These limitations meant a full rebuild would be necessary.
Edge Side Includes have become a standardized way to implement the functionality CacheHelper used to
provide. However, implementing Edge Side Includes12 in PHP has a number of limitations and edge cases.
Instead of building a sub-par solution, we recommend that developers needing full response caching use
Varnish13 or Squid14 instead.
I18n
The I18n subsystem was completely rewritten. In general, you can expect the same behavior as in previous
versions, specifically if you are using the __() family of functions.
Internally, the I18n class uses Aura\Intl, and appropriate methods are exposed to access the specific
features of this library. For this reason most methods inside I18n were removed or renamed.
Due to the use of ext/intl, the L10n class was completely removed. It provided outdated and incomplete
data in comparison to the data available from the Locale class in PHP.
The default application language will no longer be changed automatically by the browser accepted language
nor by having the Config.language value set in the browser session. You can, however, use a dispatcher
filter to get automatic language switching from the Accept-Language header sent by the browser:
// In config/bootstrap.php
DispatcherFactory::addFilter('LocaleSelector');

There is no built-in replacement for automatically selecting the language by setting a value in the user
session.
The default formatting function for translated messages is no longer sprintf, but the more advanced and
feature rich MessageFormatter class. In general you can rewrite placeholders in messages as follows:
// Before:
__('Today is a %s day in %s', 'Sunny', 'Spain');
// After:
__('Today is a {0} day in {1}', 'Sunny', 'Spain');
12

http://en.wikipedia.org/wiki/Edge_Side_Includes
http://varnish-cache.org
14
http://squid-cache.org
13

3.0 Migration Guide

775

CakePHP Cookbook Documentation, Release 3.x

You can avoid rewriting your messages by using the old sprintf formatter:
I18n::defaultFormatter('sprintf');

Additionally, the Config.language value was removed and it can no longer be used to control the
current language of the application. Instead, you can use the I18n class:
// Before
Configure::write('Config.language', 'fr_FR');
// Now
I18n::locale('en_US');

The methods below have been moved:


From Cake\I18n\Multibyte::utf8() to Cake\Utility\Text::utf8()
From Cake\I18n\Multibyte::ascii() to Cake\Utility\Text::ascii()
From
Cake\I18n\Multibyte::checkMultibyte()
Cake\Utility\Text::isMultibyte()

to

Since CakePHP now requires the mbstring extension, the Multibyte class has been removed.
Error messages throughout CakePHP are no longer passed through I18n functions. This was done to
simplify the internals of CakePHP and reduce overhead. The developer facing messages are rarely, if
ever, actually translated - so the additional overhead reaps very little benefit.
L10n
Cake\I18n\L10n s constructor now takes a Cake\Network\Request instance as argument.
Testing
The TestShell has been removed. CakePHP, the application skeleton and newly baked plugins all
use phpunit to run tests.
The webrunner (webroot/test.php) has been removed. CLI adoption has greatly increased since the
initial release of 2.x. Additionaly, CLI runners offer superior integration with IDEs and other automated tooling.
If you find yourself in need of a way to run tests from a browser you should checkout VisualPHPUnit15 . It offers many additional features over the old webrunner.
ControllerTestCase is deprecated and will be removed for CakePHP 3.0.0. You should use the
new Controller Integration Testing features instead.
Fixtures should now be referenced using their plural form:
15

https://github.com/NSinopoli/VisualPHPUnit

776

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

// Instead of
$fixtures = ['app.article'];
// You should use
$fixtures = ['app.articles'];

Utility
Set Class Removed

The Set class has been removed, you should use the Hash class instead now.
Folder & File

The folder and file classes have been renamed:


Cake\Utility\File renamed to Cake\Filesystem\File
Cake\Utility\Folder renamed to Cake\Filesystem\Folder
Inflector

The default value for $replacement argument of Cake\Utility\Inflector::slug() has


been changed from underscore (_) to dash (-). Using dashes to separate words in URLs is the popular
choice and also recommended by Google.
Transliterations for Cake\Utility\Inflector::slug() have changed. If you use custom
transliterations you will need to update your code. Instead of regular expressions, transliterations use
simple string replacement. This yielded significant performance improvements:
// Instead of
Inflector::rules('transliteration', [
'/|/' => 'ae',
'//' => 'aa'
]);
// You should use
Inflector::rules('transliteration', [
'' => 'ae',
'' => 'ae',
'' => 'aa'
]);

Separate set of uninflected and irregular rules for pluralization and singularization
have been removed.
Instead we now have a common list for each.
When using
Cake\Utility\Inflector::rules() with type singular and plural you can no longer
use keys like uninflected, irregular in $rules argument array.

3.0 Migration Guide

777

CakePHP Cookbook Documentation, Release 3.x

You can add / overwrite the list of uninflected and irregular rules using
Cake\Utility\Inflector::rules() by using values uninflected and irregular for
$type argument.
Sanitize

Sanitize class has been removed.


Security

Security::cipher() has been removed. It is insecure and promoted bad cryptographic practices. You should use Security::encrypt() instead.
The Configure value Security.cipherSeed is no longer required.
Security::cipher() it serves no use.

With the removal of

Backwards compatibility in Cake\Utility\Security::rijndael() for values encrypted prior to CakePHP 2.3.1 has been removed.
You should re-encrypt values using
Security::encrypt() and a recent version of CakePHP 2.x before migrating.
The ability to generate a blowfish hash has been removed. You can no longer use type blowfish
for Security::hash(). One should just use PHPs password_hash() and password_verify() to
generate and verify blowfish hashes. The compability library ircmaxell/password-compat16 which is
installed along with CakePHP provides these functions for PHP < 5.5.
OpenSSL is now used over mcrypt when encrypting/decrypting data. This change provides better
performance and future proofs CakePHP against distros dropping support for mcrypt.
Security::rijndael() is deprecated and only available when using mcrypt.
Warning: Data encrypted with Security::encrypt() in previous versions is not compatible with the
openssl implementation. You should set the implementation to mcrypt when upgrading.

Time

CakeTime has been renamed to Cake\I18n\Time.


CakeTime::serverOffset() has been removed. It promoted incorrect time math practises.
CakeTime::niceShort() has been removed.
CakeTime::convert() has been removed.
CakeTime::convertSpecifiers() has been removed.
CakeTime::dayAsSql() has been removed.
CakeTime::daysAsSql() has been removed.
16

https://packagist.org/packages/ircmaxell/password-compat

778

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

CakeTime::fromString() has been removed.


CakeTime::gmt() has been removed.
CakeTime::toATOM() has been renamed to toAtomString.
CakeTime::toRSS() has been renamed to toRssString.
CakeTime::toUnix() has been renamed to toUnixString.
CakeTime::wasYesterday() has been renamed to isYesterday to match the rest of the
method naming.
CakeTime::format() Does not use sprintf format strings anymore, you can use
i18nFormat instead.
Time::timeAgoInWords() now requires $options to be an array.
Time is not a collection of static methods anymore, it extends DateTime to inherit all its methods and adds
location aware formatting functions with the help of the intl extension.
In general, expressions looking like this:
CakeTime::aMethod($date);

Can be migrated by rewriting it to:


(new Time($date))->aMethod();

Number

The Number library was rewritten to internally use the NumberFormatter class.
CakeNumber has been renamed to Cake\I18n\Number.
Number::format() now requires $options to be an array.
Number::addFormat() was removed.
Number::fromReadableSize() has been moved to Cake\Utility\Text::parseFileSize().
Validation

The range for Validation::range() now is inclusive if $lower and $upper are provided.
Validation::ssn() has been removed.
Xml

Xml::build() now requires $options to be an array.


Xml::build() no longer accepts a URL. If you need to create an XML document from a URL,
use Http\Client.

3.0 Migration Guide

779

CakePHP Cookbook Documentation, Release 3.x

New ORM Upgrade Guide


CakePHP 3.0 features a new ORM that has been re-written from the ground up. While the ORM used in 1.x
and 2.x has served us well for a long time it had a few issues that we wanted to fix.
Frankenstein - Is it a record, or a table? Currently its both.
Inconsistent API - Model::read() for example.
No query object - Queries are always defined as arrays, this has some limitations and restrictions. For
example it makes doing unions and sub-queries much harder.
Returns arrays - This is a common complaint about CakePHP, and has probably reduced adoption at
some levels.
No record object - This makes attaching formatting methods difficult/impossible.
Containable - Should be part of the ORM, not a crazy hacky behavior.
Recursive - This should be better controlled as defining which associations are included, not a level
of recursiveness.
DboSource - It is a beast, and Model relies on it more than datasource. That separation could be
cleaner and simpler.
Validation - Should be separate, its a giant crazy function right now. Making it a reusable bit would
make the framework more extensible.
The ORM in CakePHP 3.0 solves these and many more problems. The new ORM focuses on relational data
stores right now. In the future and through plugins we will add non relational stores like ElasticSearch and
others.
Design of the New ORM
The new ORM solves several problems by having more specialized and focused classes. In the past you
would use Model and a Datasource for all operations. Now the ORM is split into more layers:
Cake\Database\Connection - Provides a platform independent way to create and use connections. This class provides a way to use transactions, execute queries and access schema data.
Cake\Database\Dialect - The classes in this namespace provide platform specific SQL and
transform queries to work around platform specific limitations.
Cake\Database\Type - Is the gateway class to CakePHP database type conversion system. It is
a pluggable framework for adding abstract column types and providing mappings between database,
PHP representations and PDO bindings for each data type. For example datetime columns are represented as DateTime instances in your code now.
Cake\ORM\Table - The main entry point into the new ORM. Provides access to a single table.
Handles the definition of association, use of behaviors and creation of entities and query objects.
Cake\ORM\Behavior - The base class for behaviors, which act very similar to behaviors in previous versions of CakePHP.

780

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Cake\ORM\Query - A fluent object based query builder that replaces the deeply nested arrays used
in previous versions of CakePHP.
Cake\ORM\ResultSet - A collection of results that gives powerful tools for manipulating data in
aggregate.
Cake\ORM\Entity - Represents a single row result. Makes accessing data and serializing to various formats a snap.
Now that you are more familiar with some of the classes youll interact with most frequently in the new
ORM it is good to look at the three most important classes. The Table, Query and Entity classes do
much of the heavy lifting in the new ORM, and each serves a different purpose.
Table Objects

Table objects are the gateway into your data. They handle many of the tasks that Model did in previous
releases. Table classes handle tasks like:
Creating queries.
Providing finders.
Validating and saving entities.
Deleting entities.
Defining and accessing associations.
Triggering callback events.
Interacting with behaviors.
The documentation chapter on Table Objects provides far more detail on how to use table objects than this
guide can. Generally when moving existing model code over it will end up in a table object. Table objects
dont contain any platform dependent SQL. Instead they collaborate with entities and the query builder to do
their work. Table objects also interact with behaviors and other interested parties through published events.
Query Objects

While these are not classes you will build yourself, your application code will make extensive use of the
Query Builder which is central to the new ORM. The query builder makes it easy to build simple or complex
queries including those that were previously very difficult in CakePHP like HAVING, UNION and subqueries.
The various find() calls your application has currently will need to be updated to use the new query builder.
The Query object is responsible for containing the data to make a query without executing the query itself.
It collaborates with the connection/dialect to generate platform specific SQL which is executed creating a
ResultSet as the output.

3.0 Migration Guide

781

CakePHP Cookbook Documentation, Release 3.x

Entity Objects

In previous versions of CakePHP the Model class returned dumb arrays that could not contain any logic
or behavior. While the community made this short-coming less painful with projects like CakeEntity, the
array results were often a short coming that caused many developers trouble. For CakePHP 3.0, the ORM
always returns object result sets unless you explicitly disable that feature. The chapter on Entities covers the
various tasks you can accomplish with entities.
Entities are created in one of two ways. Either by loading data from the database, or converting request data
into entities. Once created, entities allow you to manipulate the data they contain and persist their data by
collaborating with table objects.
Key Differences
The new ORM is a large departure from the existing Model layer. There are many important differences
that are important in understanding how the new ORM operates and how to update your code.
Inflection Rules Updated

You may have noticed that table classes have a pluralized name. In addition to tables having pluralized
names, associations are also referred in the plural form. This is in contrast to Model where class names and
association aliases were singular. There are a few reasons for this change:
Table classes represent collections of data, not single rows.
Associations link tables together, describing the relations between many things.
While the conventions for table objects are to always use plural forms, your entity association properties
will be populated based on the association type.
Note: BelongsTo and HasOne associations will use the singular form in entity properties, while HasMany
and BelongsToMany (HABTM) will use plural forms.
The convention change for table objects is most apparent when building queries. Instead of expressing
queries like:
// Wrong
$query->where(['User.active' => 1]);

You need to use the plural form:


// Correct
$query->where(['Users.active' => 1]);

Find returns a Query Object

One important difference in the new ORM is that calling find on a table will not return the results immediately, but will return a Query object; this serves several purposes.
782

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

It is possible to alter queries further, after calling find:


$articles = TableRegistry::get('Articles');
$query = $articles->find();
$query->where(['author_id' => 1])->order(['title' => 'DESC']);

It is possible to stack custom finders to append conditions, sorting, limit and any other clause to the same
query before it is executed:
$query = $articles->find('approved')->find('popular');
$query->find('latest');

You can compose queries one into the other to create subqueries easier than ever:
$query = $articles->find('approved');
$favoritesQuery = $article->find('favorites', ['for' => $user]);
$query->where(['id' => $favoritesQuery->select(['id'])]);

You can decorate queries with iterators and call methods without even touching the database. This is great
when you have parts of your view cached and having the results taken from the database is not actually
required:
// No queries made in this example!
$results = $articles->find()
->order(['title' => 'DESC'])
->formatResults(function ($results) {
return $results->extract('title');
});

Queries can be seen as the result object, trying to iterate the query, calling toArray() or any method
inherited from collection, will result in the query being executed and results returned to you.
The biggest difference you will find when coming from CakePHP 2.x is that find(first) does not
exist anymore. There is a trivial replacement for it, and it is the first() method:
// Before
$article = $this->Article->find('first');
// Now
$article = $this->Articles->find()->first();
// Before
$article = $this->Article->find('first', [
'conditions' => ['author_id' => 1]
]);
// Now
$article = $this->Articles->find('all', [
'conditions' => ['author_id' => 1]
])->first();
// Can also be written
$article = $this->Articles->find()
->where(['author_id' => 1])

3.0 Migration Guide

783

CakePHP Cookbook Documentation, Release 3.x

->first();

If you are a loading a single record by its primary key, it will be better to just call get():
$article = $this->Articles->get(10);

Finder Method Changes

Returning a query object from a find method has several advantages, but comes at a cost for people migrating
from 2.x. If you had some custom find methods in your models, they will need some modifications. This is
how you create custom finder methods in 3.0:
class ArticlesTable
{
public function findPopular(Query $query, array $options)
{
return $query->where(['times_viewed' > 1000]);
}
public function findFavorites(Query $query, array $options)
{
$for = $options['for'];
return $query->matching('Users.Favorites', function ($q) use ($for) {
return $q->where(['Favorites.user_id' => $for]);
});
}
}

As you can see, they are pretty straightforward, they get a Query object instead of an array and must return
a Query object back. For 2.x users that implemented afterFind logic in custom finders, you should check
out the Modifying Results with Map/Reduce section, or use the features found on the Collections. If in your
models you used to rely on having an afterFind for all find operations you can migrate this code in one of a
few ways:
1. Override your entity constructor method and do additional formatting there.
2. Create accessor methods in your entity to create the virtual properties.
3. Redefine findAll() and use formatResults.
In the 3rd case above your code would look like:
public function findAll(Query $query, array $options)
{
return $query->formatResults(function ($results) {
return $results->map(function ($row) {
// Your afterfind logic
});
})
}

784

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

You may have noticed that custom finders receive an options array. You can pass any extra information to
your finder using this parameter. This is great news for people migrating from 2.x. Any of the query keys
that were used in previous versions will be converted automatically for you in 3.x to the correct functions:
// This works in both CakePHP 2.x and 3.0
$articles = $this->Articles->find('all', [
'fields' => ['id', 'title'],
'conditions' => [
'OR' => ['title' => 'Cake', 'author_id' => 1],
'published' => true
],
'contain' => ['Authors'], // The only change! (notice plural)
'order' => ['title' => 'DESC'],
'limit' => 10,
]);

If your application uses magic or Dynamic Finders, you will have to adapt those calls. In 3.x the
findAllBy* methods have been removed, instead findBy* always returns a query object. To get the
first result, you need to use the first() method:
$article = $this->Articles->findByTitle('A great post!')->first();

Hopefully, migrating from older versions is not as daunting as it first seems. Many of the features we have
added will help you remove code as you can better express your requirements using the new ORM and at
the same time the compatibility wrappers will help you rewrite those tiny differences in a fast and painless
way.
One of the other nice improvements in 3.x around finder methods is that behaviors can implement finder
methods with no fuss. By simply defining a method with a matching name and signature on a Behavior the
finder will automatically be available on any tables the behavior is attached to.
Recursive and ContainableBehavior Removed

In previous versions of CakePHP you needed to use recursive, bindModel(), unbindModel()


and ContainableBehavior to reduce the loaded data to the set of associations you were interested in.
A common tactic to manage associations was to set recursive to -1 and use Containable to manage all
associations. In CakePHP 3.0 ContainableBehavior, recursive, bindModel, and unbindModel have all been
removed. Instead the contain() method has been promoted to be a core feature of the query builder.
Associations are only loaded if they are explicitly turned on. For example:
$query = $this->Articles->find('all');

Will only load data from the articles table as no associations have been included. To load articles and
their related authors you would do:
$query = $this->Articles->find('all')->contain(['Authors']);

By only loading associated data that has been specifically requested you spend less time fighting the ORM
trying to get only the data you want.

3.0 Migration Guide

785

CakePHP Cookbook Documentation, Release 3.x

No afterFind Event or Virtual Fields

In previous versions of CakePHP you needed to make extensive use of the afterFind callback and virtual
fields in order to create generated data properties. These features have been removed in 3.0. Because of how
ResultSets iteratively generate entities, the afterFind callback was not possible. Both afterFind and
virtual fields can largely be replaced with virtual properties on entities. For example if your User entity has
both first and last name columns you can add an accessor for full_name and generate the property on the fly:
namespace App\Model\Entity;
use Cake\ORM\Entity;
class User extends Entity
{
protected function _getFullName()
{
return $this->first_name . ' ' . $this->last_name;
}
}

Once defined you can access your new property using $user->full_name. Using the Modifying Results
with Map/Reduce features of the ORM allow you to build aggregated data from your results, which is another
use case that the afterFind callback was often used for.
While virtual fields are no longer an explicit feature of the ORM, adding calculated fields is easy to do in
your finder methods. By using the query builder and expression objects you can achieve the same results
that virtual fields gave:
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
class ReviewsTable extends Table
{
public function findAverage(Query $query, array $options = [])
{
$avg = $query->func()->avg('rating');
$query->select(['average' => $avg]);
return $query;
}
}

Associations No Longer Defined as Properties

In previous versions of CakePHP the various associations your models had were defined in properties like
$belongsTo and $hasMany. In CakePHP 3.0, associations are created with methods. Using methods
allows us to sidestep the many limitations class definitions have, and provide only one way to define associations. Your initialize() method and all other parts of your application code, interact with the same
API when manipulating associations:

786

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
class ReviewsTable extends Table
{
public function initialize(array $config)
{
$this->belongsTo('Movies');
$this->hasOne('Ratings');
$this->hasMany('Comments')
$this->belongsToMany('Tags')
}
}

As you can see from the example above each of the association types uses a method to create the association.
One other difference is that hasAndBelongsToMany has been renamed to belongsToMany. To find
out more about creating associations in 3.0 see the section on Associations - Linking Tables Together.
Another welcome improvement to CakePHP is the ability to create your own association classes. If you have
association types that are not covered by the built-in relation types you can create a custom Association
sub-class and define the association logic you need.
Validation No Longer Defined as a Property

Like associations, validation rules were defined as a class property in previous versions of CakePHP. This
array would then be lazily transformed into a ModelValidator object. This transformation step added a
layer of indirection, complicating rule changes at runtime. Furthermore, validation rules being defined as a
property made it difficult for a model to have multiple sets of validation rules. In CakePHP 3.0, both these
problems have been remedied. Validation rules are always built with a Validator object, and it is trivial
to have multiple sets of rules:
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\Query;
use Cake\Validation\Validator;
class ReviewsTable extends Table
{
public function validationDefault(Validator $validator)
{
$validator->requirePresence('body')
->add('body', 'length', [
'rule' => ['minLength', 20],
'message' => 'Reviews must be 20 characters or more',
])

3.0 Migration Guide

787

CakePHP Cookbook Documentation, Release 3.x

->add('user_id', 'numeric', [
'rule' => 'numeric'
]);
return $validator;
}
}

You can define as many validation methods as you need.


validation and accept a $validator argument.

Each method should be prefixed with

In previous versions of CakePHP validation and the related callbacks covered a few related but different
uses. In CakePHP 3.0, what was formerly called validation is now split into two concepts:
1. Data type and format validation.
2. Enforcing application, or business rules.
Validation is now applied before ORM entities are created from request data. This step lets you ensure data
matches the data type, format, and basic shape your application expects. You can use your validators when
converting request data into entities by using the validate option. See the documentation on Converting
Request Data into Entities for more information.
Application rules allow you to define rules that ensure your applications rules, state and workflows are
enforced. Rules are defined in your Tables buildRules() method. Behaviors can add rules using the
buildRules() hook method. An example buildRules() method for our articles table could be:
// In src/Model/Table/ArticlesTable.php
namespace App\Model\Table;
use Cake\ORM\Table;
use Cake\ORM\RulesChecker;
class Articles extends Table
{
public function buildRules(RulesChecker $rules)
{
$rules->add($rules->existsIn('user_id', 'Users'));
$rules->add(
function ($article, $options) {
return ($article->published && empty($article->reviewer));
},
'isReviewed',
[
'errorField' => 'published',
'message' => 'Articles must be reviewed before publishing.'
]
);
return $rules;
}
}

788

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

Identifier Quoting Disabled by Default

In the past CakePHP has always quoted identifiers. Parsing SQL snippets and attempting to quote identifiers
was both error prone and expensive. If you are following the conventions CakePHP sets out, the cost of
identifier quoting far outweighs any benefit it provides. Because of this identifier quoting has been disabled
by default in 3.0. You should only need to enable identifier quoting if you are using column names or table
names that contain special characters or are reserved words. If required, you can enable identifier quoting
when configuring a connection:
// In config/app.php
'Datasources' => [
'default' => [
'className' => 'Cake\Database\Driver\Mysql',
'username' => 'root',
'password' => 'super_secret',
'host' => 'localhost',
'database' => 'cakephp',
'quoteIdentifiers' => true
]
],

Note: Identifiers in QueryExpression objects will not be quoted, and you will need to quote them
manually or use IdentifierExpression objects.

Updating Behaviors
Like most ORM related features, behaviors have changed in 3.0 as well. They now attach to Table instances which are the conceptual descendant of the Model class in previous versions of CakePHP. There
are a few key differences from behaviors in CakePHP 2.x:
Behaviors are no longer shared across multiple tables. This means you no longer have to namespace
settings stored in a behavior. Each table using a behavior will get its own instance.
The method signatures for mixin methods have changed.
The method signatures for callback methods have changed.
The base class for behaviors have changed.
Behaviors can easily add finder methods.
New Base Class

The base class for behaviors has changed. Behaviors should now extend Cake\ORM\Behavior; if a
behavior does not extend this class an exception will be raised. In addition to the base class changing, the
constructor for behaviors has been modified, and the startup() method has been removed. Behaviors
that need access to the table they are attached to should define a constructor:

3.0 Migration Guide

789

CakePHP Cookbook Documentation, Release 3.x

namespace App\Model\Behavior;
use Cake\ORM\Behavior;
class SluggableBehavior extends Behavior
{
protected $_table;
public function __construct(Table $table, array $config)
{
parent::__construct($table, $config);
$this->_table = $table;
}
}

Mixin Methods Signature Changes

Behaviors continue to offer the ability to add mixin methods to Table objects, however the method signature for these methods has changed. In CakePHP 3.0, behavior mixin methods can expect the same
arguments provided to the table method. For example:
// Assume table has a slug() method provided by a behavior.
$table->slug($someValue);

The behavior providing the slug() method will receive only 1 argument, and its method signature should
look like:
public function slug($value)
{
// Code here.
}

Callback Method Signature Changes

Behavior callbacks have been unified with all other listener methods. Instead of their previous arguments,
they need to expect an event object as their first argument:
public function beforeFind(Event $event, Query $query, array $options)
{
// Code.
}

See Lifecycle Callbacks for the signatures of all the callbacks a behavior can subscribe to.

790

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

General Information
CakePHP Development Process
Here we attempt to explain the process we use when developing the CakePHP framework. We rely heavily
on community interaction through tickets and IRC chat. IRC is the best place to find members of the
development team17 and discuss ideas, the latest code, and make general comments. If something more
formal needs to be proposed or there is a problem with a release, the ticket system is the best place to share
your thoughts.
We currently maintain 4 versions of CakePHP.
stable : Tagged releases intended for production where stability is more important than features.
Issues filed against these releases will be fixed in the related branch, and be part of the next release.
maintenance branch : Development branches become maintenance branches once a stable release
point has been reached. Maintenance branches are where all bugfixes are committed before making
their way into a stable release. Maintenance branches have the same name as the major version they
are for example 1.2. If you are using a stable release and need fixes that havent made their way into
a stable release check here.
development branches : Development branches contain leading edge fixes and features. They are
named after the version number they are for example 1.3. Once development branches have reached
a stable release point they become maintenance branches, and no further new features are introduced
unless absolutely necessary.
feature branches : Feature branches contain unfinished or possibly unstable features and are recommended only for power users interested in the most advanced feature set and willing to contribute
back to the community. Feature branches are named with the following convention version-feature.
An example would be 1.3-router Which would contain new features for the Router for 1.3.
Hopefully this will help you understand what version is right for you. Once you pick your version you may
feel compelled to contribute a bug report or make general comments on the code.
If you are using a stable version or maintenance branch, please submit tickets or discuss with us on
IRC.
If you are using the development branch or feature branch, the first place to go is IRC. If you have a
comment and cannot reach us in IRC after a day or two, please submit a ticket.
If you find an issue, the best answer is to write a test. The best advice we can offer in writing tests is to look
at the ones included in the core.
As always, if you have any questions or comments, visit us at #cakephp on irc.freenode.net.

Glossary
routing array An array of attributes that are passed to Router::url(). They typically look like:
17

https://github.com/cakephp?tab=members

General Information

791

CakePHP Cookbook Documentation, Release 3.x

['controller' => 'Posts', 'action' => 'view', 5]

HTML attributes An array of key => values that are composed into HTML attributes. For example:
// Given
['class' => 'my-class', 'target' => '_blank']
// Would generate
class="my-class" target="_blank"

If an option can be minimized or accepts its name as the value, then true can be used:
// Given
['checked' => true]
// Would generate
checked="checked"

plugin syntax Plugin syntax refers to the dot separated class name indicating classes are part of a plugin:
// The plugin is "DebugKit", and the class name is "Toolbar".
'DebugKit.Toolbar'
// The plugin is "AcmeCorp/Tools", and the class name is "Toolbar".
'AcmeCorp/Tools.Toolbar'

dot notation Dot notation defines an array path, by separating nested levels with . For example:
Cache.default.engine

Would point to the following value:


[
'Cache' => [
'default' => [
'engine' => 'File'
]
]
]

CSRF Cross Site Request Forgery. Prevents replay attacks, double submissions and forged requests from
other domains.
CDN Content Delivery Network. A 3rd party vendor you can pay to help distribute your content to data
centers around the world. This helps put your static assets closer to geographically distributed users.
routes.php A file in config directory that contains routing configuration. This file is included before
each request is processed. It should connect all the routes your application needs so requests can be
routed to the correct controller + action.
DRY Dont repeat yourself. Is a principle of software development aimed at reducing repetition of information of all kinds. In CakePHP DRY is used to allow you to code things once and re-use them across
your application.

792

Chapter 46. Appendices

CakePHP Cookbook Documentation, Release 3.x

PaaS Platform as a Service. Platform as a Service providers will provide cloud based hosting, database
and caching resources. Some popular providers include Heroku, EngineYard and PagodaBox
DSN Data Source Name. A connection string format that is formed like a URI. CakePHP supports DSNs
for Cache, Database, Log and Email connections.

General Information

793

CakePHP Cookbook Documentation, Release 3.x

794

Chapter 46. Appendices

CHAPTER 47

Indices and Tables

genindex
modindex

795

CakePHP Cookbook Documentation, Release 3.x

796

Chapter 47. Indices and Tables

PHP Namespace Index

c
Cake\Cache, 485
Cake\Collection, 653
Cake\Console, 495
Cake\Console\Exception, 538
Cake\Controller, 183
Cake\Controller\Component, 579
Cake\Controller\Exception, 538
Cake\Core, 136
Cake\Core\Configure, 141
Cake\Core\Configure\Engine, 141
Cake\Core\Exception, 539
Cake\Database, 331
Cake\Database\Exception, 538
Cake\Database\Schema, 454
Cake\Datasource, 331
Cake\Error, 519
Cake\Filesystem, 675
Cake\Form, 575
Cake\I18n, 727
Cake\Log, 572
Cake\Network, 169
Cake\Network\Email, 527
Cake\Network\Exception, 537
Cake\Network\Http, 699
Cake\ORM, 363
Cake\ORM\Behavior, 446
Cake\ORM\Exception, 539
Cake\Routing, 145
Cake\Routing\Exception, 539
Cake\Utility, 733
Cake\Validation, 643
Cake\View, 231

Cake\View\Exception, 538
Cake\View\Helper, 316
Cake\View\UrlHelper, 317

797

CakePHP Cookbook Documentation, Release 3.x

798

PHP Namespace Index

Index

Symbols
() ( method), 229, 230
:action, 146
:controller, 146
:plugin, 146
$this->request, 169
$this->response, 175
__() (global function), 737
__d() (global function), 737
__dn() (global function), 737
__dx() (global function), 738
__dxn() (global function), 738
__n() (global function), 738
__x() (global function), 738
__xn() (global function), 738

A
acceptLanguage() (Cake\Network\Request method),
175
accepts() (Cake\Network\Request method), 175
accepts() (RequestHandlerComponent method), 220
addArgument() (Cake\Console\ConsoleOptionParser
method), 505
addArguments() (Cake\Console\ConsoleOptionParser
method), 506
addBehavior() (Cake\ORM\Table method), 368
addCrumb()
(Cake\View\Helper\HtmlHelper
method), 294
addDetector() (Cake\Network\Request method), 172
addInputType()
(RequestHandlerComponent
method), 222
addOption() (Cake\Console\ConsoleOptionParser
method), 506

addOptions() (Cake\Console\ConsoleOptionParser
method), 507
addPathElement()
(Cake\Filesystem\Folder
method), 676
addSubcommand() (Cake\Console\ConsoleOptionParser
method), 508
admin routing, 152
afterDelete() (Cake\ORM\Table method), 367
afterDeleteCommit() (Cake\ORM\Table method),
368
afterFilter() (Cake\Controller\Controller method),
191
afterLayout() (Helper method), 324
afterRender() (Helper method), 324
afterRenderFile() (Helper method), 323
afterRules() (Cake\ORM\Table method), 367
afterSave() (Cake\ORM\Table method), 367
afterSaveCommit() (Cake\ORM\Table method), 367
alert() (Cake\Log\Log method), 573
allInputs()
(Cake\View\Helper\FormHelper
method), 278
allow() (AuthComponent method), 204, 473
allowedActions (SecurityComponent property), 212,
603
allowedControllers (SecurityComponent property),
212, 603
allowMethod() (Cake\Network\Request method),
174
App (class in Cake\Core), 651
APP (global constant), 739
app.php, 133
app.php.default, 133
APP_DIR (global constant), 739

799

CakePHP Cookbook Documentation, Release 3.x

CacheEngine (class in Cake\Cache), 493


CAKE (global constant), 739
CAKE_CORE_INCLUDE_PATH (global constant),
739
Cake\Cache (namespace), 485
Cake\Collection (namespace), 653
Cake\Console (namespace), 495
Cake\Console\Exception (namespace), 538
Cake\Controller (namespace), 183
Cake\Controller\Component (namespace), 206, 210,
215, 579
Cake\Controller\Exception (namespace), 538
Cake\Core (namespace), 136, 651
Cake\Core\Configure (namespace), 141
Cake\Core\Configure\Engine (namespace), 141
Cake\Core\Exception (namespace), 539
B
Cake\Database (namespace), 331
BadRequestException, 537
Cake\Database\Exception (namespace), 538
beforeDelete() (Cake\ORM\Table method), 367
Cake\Database\Schema (namespace), 454
beforeFilter() (Cake\Controller\Controller method), Cake\Datasource (namespace), 331
191
Cake\Error (namespace), 519
beforeFind() (Cake\ORM\Table method), 366
Cake\Filesystem (namespace), 675
beforeLayout() (Helper method), 324
Cake\Form (namespace), 575
beforeMarshal() (Cake\ORM\Table method), 366
Cake\I18n (namespace), 711, 727
beforeRender()
(Cake\Controller\Controller Cake\Log (namespace), 572
method), 191
Cake\Network (namespace), 169
beforeRender() (Helper method), 324
Cake\Network\Email (namespace), 527
beforeRenderFile() (Helper method), 323
Cake\Network\Exception (namespace), 537
beforeRules() (Cake\ORM\Table method), 366
Cake\Network\Http (namespace), 699
beforeSave() (Cake\ORM\Table method), 367
Cake\ORM (namespace), 340, 363, 370, 379, 406,
blackHole() (SecurityComponent method), 212, 603
423
body() (Cake\Network\Http\Response method), 705 Cake\ORM\Behavior (namespace), 437439, 446
buffered() (Cake\Collection\Collection method), 673 Cake\ORM\Exception (namespace), 539
build() (Cake\Utility\Xml method), 733
Cake\Routing (namespace), 145
build() (Cake\View\UrlHelper\UrlHelper method), Cake\Routing\Exception (namespace), 539
317
Cake\Utility (namespace), 599, 683, 707, 719, 733
buildFromArray() (Cake\Console\ConsoleOptionParserCake\Validation (namespace), 643
method), 509
Cake\View (namespace), 231
buildRules() (Cake\ORM\Table method), 366
Cake\View\Exception (namespace), 538
buildValidator() (Cake\ORM\Table method), 366
Cake\View\Helper (namespace), 250, 251, 282, 295,
button() (Cake\View\Helper\FormHelper method),
299, 307, 310, 311, 316
273
Cake\View\UrlHelper (namespace), 317
camelize() (Cake\Utility\Inflector method), 708
C
cd() (Cake\Filesystem\Folder method), 676
Cache (class in Cake\Cache), 485
CDN, 792
CACHE (global constant), 739
charset() (Cake\Network\Response method), 176
cache() (Cake\Network\Response method), 178
charset() (Cake\View\Helper\HtmlHelper method),
cache() (Cake\View\View method), 241
282
append() (Cake\Collection\Collection method), 669
append() (Cake\Filesystem\File method), 680
application exceptions, 540
apply() (Cake\Utility\Hash method), 693
attachments() (Cake\Network\Email\Email method),
532
AuthComponent (class), 192, 461
autoLink() (Cake\View\Helper\TextHelper method),
312
autoLinkEmails() (Cake\View\Helper\TextHelper
method), 311
autoLinkUrls()
(Cake\View\Helper\TextHelper
method), 312
autoParagraph()
(Cake\View\Helper\TextHelper
method), 312

800

Index

CakePHP Cookbook Documentation, Release 3.x

consume() (Cake\Core\Configure method), 138


check() (Cake\Controller\Component\CookieComponent
consume() (Session method), 613
method), 208
contains() (Cake\Collection\Collection method), 668
check() (Cake\Core\Configure method), 138
contains() (Cake\Utility\Hash method), 688
check() (Cake\Utility\Hash method), 689
check() (Cake\View\Helper\SessionHelper method), Controller (class in Cake\Controller), 183
cookie() (Cake\Network\Http\Response method),
311
705
check() (Session method), 613
(class
in
checkbox()
(Cake\View\Helper\FormHelper CookieComponent
Cake\Controller\Component), 206
method), 263
checkNotModified()
(Cake\Network\Response cookies() (Cake\Network\Http\Response method),
705
method), 181
copy() (Cake\Filesystem\File method), 680
chmod() (Cake\Filesystem\Folder method), 676
copy() (Cake\Filesystem\Folder method), 676
classify() (Cake\Utility\Inflector method), 708
core() (Cake\Core\App method), 652
classname() (Cake\Core\App method), 651
CORE_PATH (global constant), 739
cleanInsert() (Cake\Utility\Text method), 720
correctSlashFor() (Cake\Filesystem\Folder method),
clear() (Cake\Cache\Cache method), 490
677
clear() (Cake\Cache\CacheEngine method), 493
countBy() (Cake\Collection\Collection method), 663
clear() (Cake\ORM\TableRegistry method), 370
counter()
(Cake\View\Helper\PaginatorHelper
clearGroup() (Cake\Cache\Cache method), 491
method), 304
clearGroup() (Cake\Cache\CacheEngine method),
CounterCacheBehavior
(class
in
493
Cake\ORM\Behavior), 437
Client (class in Cake\Network\Http), 699
create() (Cake\Filesystem\File method), 680
clientIp() (Cake\Network\Request method), 175
create() (Cake\Filesystem\Folder method), 677
close() (Cake\Filesystem\File method), 680
create() (Cake\View\Helper\FormHelper method),
Collection (class in Cake\Collection), 655
251
Collection (class in Cake\Database\Schema), 458
createFile() (Cake\Console\Shell method), 501
collection() (global function), 738
combine() (Cake\Collection\Collection method), critical() (Cake\Log\Log method), 573
CSRF, 792
658
css() (Cake\View\Helper\HtmlHelper method), 283
combine() (Cake\Utility\Hash method), 685
compile() (Cake\Collection\Collection method), 674 currency() (Cake\I18n\Number method), 711
(Cake\View\Helper\NumberHelper
components (Cake\Controller\Controller property), currency()
method), 295
190
current()
(Cake\View\Helper\PaginatorHelper
config() (Cake\Cache\Cache method), 486
method), 304
config() (Cake\Core\Configure method), 138
config() (Cake\Log\Log method), 572
ConfigEngineInterface
(interface
in D
data() (Cake\Network\Request method), 170
Cake\Core\Configure), 141
(Cake\View\Helper\FormHelper
configTransport()
(Cake\Network\Email\Email dateTime()
method), 268
method), 528
DAY (global constant), 740
configuration, 133
day() (Cake\View\Helper\FormHelper method), 271
Configure (class in Cake\Core), 136
debug() (Cake\Log\Log method), 573
configured() (Cake\Log\Log method), 573
debug() (global function), 519, 738
connect() (Cake\Routing\Router method), 147
Debugger (class in Cake\Error), 519
Connection (class in Cake\Database), 334
ConnectionManager (class in Cake\Datasource), 331 decrement() (Cake\Cache\Cache method), 490
decrement() (Cake\Cache\CacheEngine method),
ConsoleException, 538
493
ConsoleOptionParser (class in Cake\Console), 504
Index

801

CakePHP Cookbook Documentation, Release 3.x

E
decrypt() (Cake\Utility\Security method), 599
defaultCurrency() (Cake\I18n\Number method), 712 each() (Cake\Collection\Collection method), 657
defaultCurrency() (Cake\View\Helper\NumberHelper element() (Cake\View\View method), 238
method), 296
Email (class in Cake\Network\Email), 527
defaultRouteClass() (Cake\Routing\Router method), emailPattern()
(Cake\Network\Email\Email
161
method), 533
delete() (Cake\Cache\Cache method), 489
emergency() (Cake\Log\Log method), 573
delete() (Cake\Cache\CacheEngine method), 493
enable() (Cake\Cache\Cache method), 492
delete() (Cake\Controller\Component\CookieComponent
enabled() (Cake\Cache\Cache method), 492
method), 208
encoding() (Cake\Network\Http\Response method),
delete() (Cake\Core\Configure method), 138
706
delete() (Cake\Filesystem\File method), 680
encrypt() (Cake\Utility\Security method), 599
delete() (Cake\Filesystem\Folder method), 677
end() (Cake\View\Helper\FormHelper method), 274
delete() (Cake\ORM\Table method), 423
Entity (class in Cake\ORM), 370
delete() (Session method), 613
env() (Cake\Network\Request method), 171
deleteAll() (Cake\ORM\Table method), 424
env() (global function), 738
deleteMany() (Cake\Cache\Cache method), 490
epilog()
(Cake\Console\ConsoleOptionParser
deny() (AuthComponent method), 204, 474
method), 505
description() (Cake\Console\ConsoleOptionParser error() (Cake\Log\Log method), 573
method), 505
error() (Cake\View\Helper\FormHelper method),
destroy() (Session method), 613
272
diff() (Cake\Utility\Hash method), 693
errors() (Cake\Filesystem\Folder method), 677
dimensions() (Cake\Utility\Hash method), 692
errors() (Cake\ORM\Entity method), 374
dirsize() (Cake\Filesystem\Folder method), 677
etag() (Cake\Network\Response method), 180
dirty() (Cake\ORM\Entity method), 373
every() (Cake\Collection\Collection method), 660
disable() (Cake\Cache\Cache method), 492
Exception, 539
disableCache() (Cake\Network\Response method), ExceptionRenderer (class in Cake\Core\Exception),
178
540
dispatchShell() (Cake\Console\Shell method), 500
excerpt() (Cake\Error\Debugger method), 521
doc (role), 101
excerpt() (Cake\Utility\Text method), 724
docType() (Cake\View\Helper\HtmlHelper method), excerpt() (Cake\View\Helper\TextHelper method),
285
315
domain() (Cake\Network\Request method), 174
executable() (Cake\Filesystem\File method), 680
dot notation, 792
execute() (Cake\Database\Connection method), 334
drop() (Cake\Cache\Cache method), 487
exists() (Cake\Filesystem\File method), 680
drop() (Cake\Core\Configure method), 139
expand() (Cake\Utility\Hash method), 690
drop() (Cake\Log\Log method), 573
expires() (Cake\Network\Response method), 180
dropTransport()
(Cake\Network\Email\Email ext() (Cake\Filesystem\File method), 680
method), 529
extensions() (Cake\Routing\Router method), 154
DRY, 792
extract() (Cake\Collection\Collection method), 657
DS (global constant), 739
extract() (Cake\Utility\Hash method), 684
DSN, 793
F
dump() (Cake\Core\Configure method), 139
dump() (Cake\Core\Configure\ConfigEngineInterface fallbacks() (Cake\Routing\Router method), 161
method), 141
File (class in Cake\Filesystem), 679
dump() (Cake\Error\Debugger method), 519
file extensions, 154
file() (Cake\Network\Response method), 177
file() (Cake\View\Helper\FormHelper method), 267
802

Index

CakePHP Cookbook Documentation, Release 3.x

filter() (Cake\Collection\Collection method), 660


filter() (Cake\Utility\Hash method), 689
find() (Cake\Filesystem\Folder method), 677
find() (Cake\ORM\Table method), 380
findRecursive() (Cake\Filesystem\Folder method),
678
first() (Cake\Collection\Collection method), 669
first() (Cake\View\Helper\PaginatorHelper method),
303
firstMatch() (Cake\Collection\Collection method),
661
FlashComponent
(class
in
Cake\Controller\Component), 210
FlashHelper (class in Cake\View\Helper), 250
flatten() (Cake\Utility\Hash method), 690
Folder (Cake\Filesystem\File property), 679
Folder (class in Cake\Filesystem), 675
Folder() (Cake\Filesystem\File method), 680
ForbiddenException, 537
Form (class in Cake\Form), 575
format() (Cake\I18n\Number method), 714
format() (Cake\Utility\Hash method), 687
format()
(Cake\View\Helper\NumberHelper
method), 297
formatDelta() (Cake\I18n\Number method), 715
formatDelta() (Cake\View\Helper\NumberHelper
method), 298
FormHelper (class in Cake\View\Helper), 251

groupConfigs() (Cake\Cache\Cache method), 491

h() (global function), 738


handle (Cake\Filesystem\File property), 680
Hash (class in Cake\Utility), 683
hash() (Cake\Utility\Security method), 600
hasNext()
(Cake\View\Helper\PaginatorHelper
method), 304
hasPage()
(Cake\View\Helper\PaginatorHelper
method), 304
hasPrev()
(Cake\View\Helper\PaginatorHelper
method), 304
header() (Cake\Network\Http\Response method),
705
header() (Cake\Network\Request method), 174
header() (Cake\Network\Response method), 178
headers() (Cake\Network\Http\Response method),
705
Helper (class), 323
helpers (Cake\Controller\Controller property), 190
hidden() (Cake\View\Helper\FormHelper method),
262
highlight() (Cake\Utility\Text method), 722
highlight() (Cake\View\Helper\TextHelper method),
312
host() (Cake\Network\Request method), 174
HOUR (global constant), 740
hour() (Cake\View\Helper\FormHelper method),
G
271
HTML attributes, 792
gc() (Cake\Cache\Cache method), 490
HtmlHelper (class in Cake\View\Helper), 282
gc() (Cake\Cache\CacheEngine method), 494
generateUrl() (Cake\View\Helper\PaginatorHelper humanize() (Cake\Utility\Inflector method), 708
method), 307
get()
(Cake\Datasource\ConnectionManager I
i18nFormat() (Cake\I18n\Time method), 729
method), 331
identify() (AuthComponent method), 195, 464
get() (Cake\ORM\Table method), 379
image() (Cake\View\Helper\HtmlHelper method),
get() (Cake\ORM\TableRegistry method), 369
285
get() (Cake\Utility\Hash method), 684
in()
(Cake\Console\Shell
method), 500
getCrumbList()
(Cake\View\Helper\HtmlHelper
inCakePath() (Cake\Filesystem\Folder method), 678
method), 294
getCrumbs()
(Cake\View\Helper\HtmlHelper increment() (Cake\Cache\Cache method), 490
increment() (Cake\Cache\CacheEngine method),
method), 294
493
getType() (Cake\Error\Debugger method), 521
indexBy() (Cake\Collection\Collection method), 663
greedy star, 146
Inflector (class in Cake\Utility), 707
group() (Cake\Filesystem\File method), 680
groupBy() (Cake\Collection\Collection method), info (Cake\Filesystem\File property), 680
info() (Cake\Filesystem\File method), 680
663
Index

803

CakePHP Cookbook Documentation, Release 3.x

info() (Cake\Log\Log method), 573


IniConfig (class in Cake\Core\Configure\Engine),
142
initialize() (Cake\Console\Shell method), 504
inPath() (Cake\Filesystem\Folder method), 678
input() (Cake\Network\Request method), 171
input() (Cake\View\Helper\FormHelper method),
255
inputs() (Cake\View\Helper\FormHelper method),
277
insert() (Cake\Collection\Collection method), 670
insert() (Cake\Utility\Hash method), 684
insert() (Cake\Utility\Text method), 720
InternalErrorException, 537
is() (Cake\Network\Request method), 172
isAbsolute() (Cake\Filesystem\Folder method), 678
isAtom() (RequestHandlerComponent method), 221
isEmpty() (Cake\Collection\Collection method), 668
isFieldError()
(Cake\View\Helper\FormHelper
method), 273
isMobile() (RequestHandlerComponent method),
221
isOk() (Cake\Network\Http\Response method), 705
isRedirect()
(Cake\Network\Http\Response
method), 705
isRss() (RequestHandlerComponent method), 221
isSlashTerm() (Cake\Filesystem\Folder method),
678
isThisMonth() (Cake\I18n\Time method), 731
isThisWeek() (Cake\I18n\Time method), 731
isThisYear() (Cake\I18n\Time method), 731
isWap() (RequestHandlerComponent method), 222
isWindowsPath() (Cake\Filesystem\Folder method),
678
isWithinNext() (Cake\I18n\Time method), 732
isXml() (RequestHandlerComponent method), 221
isYesterday() (Cake\I18n\Time method), 731

last() (Cake\View\Helper\PaginatorHelper method),


304
lastAccess() (Cake\Filesystem\File method), 680
lastChange() (Cake\Filesystem\File method), 680
levels() (Cake\Log\Log method), 573
link() (Cake\View\Helper\HtmlHelper method), 286
listNested() (Cake\Collection\Collection method),
667
load() (Cake\Core\Configure method), 139
loadComponent()
(Cake\Controller\Controller
method), 190
loadModel() (Cake\Controller\Controller method),
189
lock (Cake\Filesystem\File property), 680
Log (class in Cake\Log), 572
log() (Cake\Error\Debugger method), 520
log() (Cake\Log\LogTrait method), 574
logout() (AuthComponent method), 202, 471
LOGS (global constant), 739
LogTrait (trait in Cake\Log), 574

map() (Cake\Collection\Collection method), 657


map() (Cake\Database\Type method), 332
map() (Cake\Utility\Hash method), 692
mapResources() (Cake\Routing\Router method),
155
match() (Cake\Collection\Collection method), 661
max() (Cake\Collection\Collection method), 662
maxDimensions() (Cake\Utility\Hash method), 692
md5() (Cake\Filesystem\File method), 681
media() (Cake\View\Helper\HtmlHelper method),
288
merge()
(Cake\Console\ConsoleOptionParser
method), 510
merge() (Cake\Utility\Hash method), 691
mergeDiff() (Cake\Utility\Hash method), 694
meridian()
(Cake\View\Helper\FormHelper
J
method), 272
JsonConfig (class in Cake\Core\Configure\Engine), messages() (Cake\Filesystem\Folder method), 678
meta() (Cake\View\Helper\HtmlHelper method),
142
284
JsonView (class), 250
method() (Cake\Network\Request method), 174
L
MethodNotAllowedException, 537
label() (Cake\View\Helper\FormHelper method), mime() (Cake\Filesystem\File method), 681
272
min() (Cake\Collection\Collection method), 662
last() (Cake\Collection\Collection method), 669
MINUTE (global constant), 740

804

Index

CakePHP Cookbook Documentation, Release 3.x

minute() (Cake\View\Helper\FormHelper method),


272
MissingActionException, 538
MissingBehaviorException, 539
MissingCellException, 538
MissingCellViewException, 538
MissingComponentException, 538
MissingConnectionException, 538
MissingControllerException, 539
MissingDispatcherFilterException, 539
MissingDriverException, 538
MissingElementException, 538
MissingEntityException, 539
MissingExtensionException, 539
MissingHelperException, 538
MissingLayoutException, 538
MissingRouteException, 539
MissingShellException, 538
MissingShellMethodException, 538
MissingTableException, 539
MissingTaskException, 538
MissingTemplateException, 538
MissingViewException, 538
mode (Cake\Filesystem\Folder property), 676
modified() (Cake\Network\Response method), 181
MONTH (global constant), 740
month() (Cake\View\Helper\FormHelper method),
270
move() (Cake\Filesystem\Folder method), 679

N
name (Cake\Filesystem\File property), 680
name() (Cake\Filesystem\File method), 681
namespaceSplit() (global function), 739
nest() (Cake\Collection\Collection method), 666
nest() (Cake\Utility\Hash method), 695
nestedList()
(Cake\View\Helper\HtmlHelper
method), 290
newQuery() (Cake\Database\Connection method),
335
next() (Cake\View\Helper\PaginatorHelper method),
303
nice() (Cake\I18n\Time method), 730
normalize() (Cake\Utility\Hash method), 695
normalizePath() (Cake\Filesystem\Folder method),
679
NotFoundException, 537
notice() (Cake\Log\Log method), 573
Index

NotImplementedException, 537
Number (class in Cake\I18n), 711
NumberHelper (class in Cake\View\Helper), 295
numbers()
(Cake\View\Helper\PaginatorHelper
method), 302
numeric() (Cake\Utility\Hash method), 692

O
offset() (Cake\Filesystem\File method), 681
open() (Cake\Filesystem\File method), 681
options()
(Cake\View\Helper\PaginatorHelper
method), 305
owner() (Cake\Filesystem\File method), 681

P
PaaS, 793
paginate() (Cake\Controller\Controller method), 190
PaginatorComponent
(class
in
Cake\Controller\Component), 215, 579
PaginatorHelper (class in Cake\View\Helper), 299
parseFileSize() (Cake\Utility\Text method), 720
passed arguments, 158
password()
(Cake\View\Helper\FormHelper
method), 262
path (Cake\Filesystem\File property), 680
path (Cake\Filesystem\Folder property), 676
path() (Cake\Core\App method), 651
path() (Cake\Core\Plugin method), 652
perms() (Cake\Filesystem\File method), 681
php:attr (directive), 103
php:attr (role), 104
php:class (directive), 102
php:class (role), 103
php:const (directive), 102
php:const (role), 103
php:exc (role), 104
php:exception (directive), 102
php:func (role), 103
php:function (directive), 102
php:global (directive), 102
php:global (role), 103
php:meth (role), 103
php:method (directive), 103
php:staticmethod (directive), 103
PhpConfig (class in Cake\Core\Configure\Engine),
141
pj() (global function), 739
plugin routing, 153
805

CakePHP Cookbook Documentation, Release 3.x

redirectUrl() (AuthComponent method), 195, 464


reduce() (Cake\Collection\Collection method), 661
reduce() (Cake\Utility\Hash method), 693
ref (role), 101
referer() (Cake\Network\Request method), 174
reject() (Cake\Collection\Collection method), 660
remember() (Cake\Cache\Cache method), 488
remove() (Cake\Utility\Hash method), 685
render() (Cake\Controller\Controller method), 186
renderAs() (RequestHandlerComponent method),
223
renew() (Session method), 614
replaceText() (Cake\Filesystem\File method), 681
Request (class in Cake\Network), 169
requestAction() (Cake\Routing\RequestActionTrait
method), 163
RequestActionTrait (trait in Cake\Routing), 163
RequestHandlerComponent (class), 220
requireAuth() (SecurityComponent method), 212,
603
requireSecure() (SecurityComponent method), 212,
603
Q
respondAs() (RequestHandlerComponent method),
Query (class in Cake\ORM), 340
223
query() (Cake\Database\Connection method), 334
Response (class in Cake\Network), 175
query() (Cake\Network\Request method), 170
Response (class in Cake\Network\Http), 705
responseHeader() (Cake\Core\Exception\Exception
R
method), 539
radio() (Cake\View\Helper\FormHelper method), responseType()
(RequestHandlerComponent
264
method), 224
read() (Cake\Cache\Cache method), 489
restore() (Cake\Core\Configure method), 140
read() (Cake\Cache\CacheEngine method), 493
RFC
read() (Cake\Controller\Component\CookieComponent
RFC 2606, 117
method), 208
RFC 4122, 720
read() (Cake\Core\Configure method), 137
ROOT (global constant), 739
read() (Cake\Core\Configure\ConfigEngineInterface Router (class in Cake\Routing), 145
method), 141
routes.php, 145, 792
read() (Cake\Filesystem\File method), 681
routing array, 791
read() (Cake\Filesystem\Folder method), 679
RssHelper (class in Cake\View\Helper), 307
read() (Cake\View\Helper\SessionHelper method), rules() (Cake\Utility\Inflector method), 709
311
S
read() (Session method), 613
readable() (Cake\Filesystem\File method), 681
safe() (Cake\Filesystem\File method), 681
readMany() (Cake\Cache\Cache method), 489
sample() (Cake\Collection\Collection method), 668
realpath() (Cake\Filesystem\Folder method), 679
save() (Cake\ORM\Table method), 416
RecordNotFoundException, 539
script() (Cake\View\Helper\HtmlHelper method),
redirect() (Cake\Controller\Controller method), 188
288
redirect() (Cake\Routing\Router method), 160

plugin syntax, 792


plugin() (Cake\Routing\Router method), 153
pluginSplit() (global function), 739
pluralize() (Cake\Utility\Inflector method), 707
postButton()
(Cake\View\Helper\FormHelper
method), 275
postLink()
(Cake\View\Helper\FormHelper
method), 275
pr() (global function), 739
precision() (Cake\I18n\Number method), 712
precision()
(Cake\View\Helper\NumberHelper
method), 296
prefers() (RequestHandlerComponent method), 223
prefix routing, 152
prefix() (Cake\Routing\Router method), 152
prepare() (Cake\Filesystem\File method), 681
prev() (Cake\View\Helper\PaginatorHelper method),
303
PrivateActionException, 538
pwd() (Cake\Filesystem\File method), 681
pwd() (Cake\Filesystem\Folder method), 679

806

Index

CakePHP Cookbook Documentation, Release 3.x

scriptBlock()
(Cake\View\Helper\HtmlHelper
method), 290
scriptStart()
(Cake\View\Helper\HtmlHelper
method), 290
SECOND (global constant), 740
secure() (Cake\View\Helper\FormHelper method),
282
Security (class in Cake\Utility), 599
SecurityComponent (class), 211, 602
select() (Cake\View\Helper\FormHelper method),
265
send() (Cake\Network\Response method), 181
Session (class), 612
SessionHelper (class in Cake\View\Helper), 310
set() (Cake\Controller\Controller method), 186
set() (Cake\ORM\Entity method), 372
set() (Cake\View\View method), 233
setAction() (Cake\Controller\Controller method),
189
setUser() (AuthComponent method), 201, 470
sharable() (Cake\Network\Response method), 179
Shell (class in Cake\Console), 496
shuffle() (Cake\Collection\Collection method), 668
singularize() (Cake\Utility\Inflector method), 707
size() (Cake\Filesystem\File method), 681
skip() (Cake\Collection\Collection method), 669
slashTerm() (Cake\Filesystem\Folder method), 679
slug() (Cake\Utility\Inflector method), 709
some() (Cake\Collection\Collection method), 661
sort (Cake\Filesystem\Folder property), 676
sort() (Cake\Utility\Hash method), 693
sort() (Cake\View\Helper\PaginatorHelper method),
301
sortBy() (Cake\Collection\Collection method), 665
sortDir()
(Cake\View\Helper\PaginatorHelper
method), 302
sortKey()
(Cake\View\Helper\PaginatorHelper
method), 302
startup() (Cake\Console\Shell method), 504
statusCode()
(Cake\Network\Http\Response
method), 706
stopWhen() (Cake\Collection\Collection method),
659
store() (Cake\Core\Configure method), 139
stripLinks() (Cake\Utility\Text method), 722
stripLinks()
(Cake\View\Helper\TextHelper
method), 313

Index

style()

(Cake\View\Helper\HtmlHelper method),
283
subdomains() (Cake\Network\Request method), 174
submit() (Cake\View\Helper\FormHelper method),
273
sumOf() (Cake\Collection\Collection method), 662

T
Table (class in Cake\Database\Schema), 455
Table (class in Cake\ORM), 363, 379, 406, 423
tableCells()
(Cake\View\Helper\HtmlHelper
method), 292
tableHeaders()
(Cake\View\Helper\HtmlHelper
method), 291
tableize() (Cake\Utility\Inflector method), 708
TableRegistry (class in Cake\ORM), 369
tail() (Cake\Utility\Text method), 723
tail() (Cake\View\Helper\TextHelper method), 314
take() (Cake\Collection\Collection method), 669
templates()
(Cake\View\Helper\HtmlHelper
method), 293
templates()
(Cake\View\Helper\PaginatorHelper
method), 300
TESTS (global constant), 739
Text (class in Cake\Utility), 719
text() (Cake\View\Helper\FormHelper method), 262
textarea() (Cake\View\Helper\FormHelper method),
263
TextHelper (class in Cake\View\Helper), 311
through() (Cake\Collection\Collection method), 672
Time (class in Cake\I18n), 727
time() (Cake\View\Helper\FormHelper method),
269
TIME_START (global constant), 740
timeAgoInWords() (Cake\I18n\Time method), 730
TimeHelper (class in Cake\View\Helper), 316
TimestampBehavior (class in Cake\ORM\Behavior),
438
TMP (global constant), 740
tokenize() (Cake\Utility\Text method), 720
toList() (Cake\Utility\Text method), 725
toList() (Cake\View\Helper\TextHelper method),
315
toPercentage() (Cake\I18n\Number method), 713
toPercentage() (Cake\View\Helper\NumberHelper
method), 296
toQuarter() (Cake\I18n\Time method), 731
toReadableSize() (Cake\I18n\Number method), 713
807

CakePHP Cookbook Documentation, Release 3.x

toReadableSize() (Cake\View\Helper\NumberHelper
method), 297
trace() (Cake\Error\Debugger method), 520
trailing star, 146
transactional() (Cake\Database\Connection method),
335
TranslateBehavior (class in Cake\ORM\Behavior),
439
tree() (Cake\Filesystem\Folder method), 679
TreeBehavior (class in Cake\ORM\Behavior), 446
truncate() (Cake\Utility\Text method), 722
truncate() (Cake\View\Helper\TextHelper method),
313
Type (class in Cake\Database), 331
type() (Cake\Network\Response method), 176

write() (Cake\Cache\Cache method), 487


write() (Cake\Cache\CacheEngine method), 493
write() (Cake\Controller\Component\CookieComponent
method), 207
write() (Cake\Core\Configure method), 137
write() (Cake\Filesystem\File method), 681
write() (Cake\Log\Log method), 573
write() (Session method), 613
writeMany() (Cake\Cache\Cache method), 488
WWW_ROOT (global constant), 740

YEAR (global constant), 740


year() (Cake\View\Helper\FormHelper method), 270

X
Xml (class in Cake\Utility), 733
XmlView (class), 249

UnauthorizedException, 537
underscore() (Cake\Utility\Inflector method), 708
Z
unfold() (Cake\Collection\Collection method), 659
unlockedFields (SecurityComponent property), 213, zip() (Cake\Collection\Collection method), 664
604
unlockField()
(Cake\View\Helper\FormHelper
method), 281
updateAll() (Cake\ORM\Table method), 423
url() (Cake\Routing\Router method), 159
UrlHelper (class in Cake\View\UrlHelper), 317
user() (AuthComponent method), 201, 471
uuid() (Cake\Utility\Text method), 720

V
validatePost (SecurityComponent property), 213,
604
Validator (class in Cake\Validation), 643
variable() (Cake\Utility\Inflector method), 708
vary() (Cake\Network\Response method), 181
vendor/cakephp-plugins.php, 585
View (class in Cake\View), 231
viewClassMap()
(RequestHandlerComponent
method), 224

W
warning() (Cake\Log\Log method), 573
wasWithinLast() (Cake\I18n\Time method), 732
WEEK (global constant), 740
wrap() (Cake\Utility\Text method), 721
wrapBlock() (Cake\Utility\Text method), 721
writable() (Cake\Filesystem\File method), 681
808

Index

You might also like