I am using cakephp. And i have written some cakephp find queries inside routes file. The requirement was to create dynamic url. But i have doubts whether it is safe to write queries in route file or is there any chances of SQL injection for this. If it is unsafe then what are the threats that will affect my website and what should i do to prevent these web threats.
No this sounds like terrible code smell.
What you want sounds as well like you want to use slugs or resolve URLs to something in the DB. Here is how to do it right:
Create a custom route class (SlugRoute, DbLookupRoute...)
Create a model method (MyUrLModel::lookup($url) for example) that does the actual lookup
Load that model in the Route class
Use the custom route class in your routes.php
Optional but a good idea to implement: Caching of the route lookup.
All of the above is described on book.cakephp.org, pay attention to the chapter about the router.
Related
I want to call a .ctp file in one 'Model' and the .ctp file is in another 'View'.
Is it possible in cakephp?
Or instead of that should i call that 'Controller' function in my 'Model'?
CakePHP in a nutshell, and the keywords that you might need to search for:
Dispatcher and Routing controlling how URL reaches your controller.
Controller places system logic and controlling individual routing requests from Dispatcher
Component places logics that can be easily shared by Controllers
Model is for all the database related queries, manipulation, selections, deletions
Behavior can be deem as similar to Component, that provides "mixins" to Models to achieve similar behaviors, such as TreeBehavior abstract your database tables into parent-child relationship.
View is used by Controller to render individual pages to the user
Helper placed shared functionalities to help View render certain stuff. For example, FormHelper helps you all sort of form rendering, inputs, etc.
Place globally shared library in app/Lib folder so it can be easily accessed through using App::uses('...', 'Lib'). For example, a Gravatar library that helps you convert emails to md5-hashed strings. So this can be used everywhere in your app.
vendors are for those packaged vendor libraries that do not respect MVC, for example, swiftmailer that helps you send emails. Usually I would abstract them into my Lib folder for ease.
plugins are for those baked CakePHP applications found everywhere in the internet.
There are others in-depth stuff that you might be interested in, but these are the most basic stuff that you need to know before using a MVC framework like CakePHP. Check out their docs before diving in.
You can't access View (.ctp) in Model, it's against MVC architecture and logic. Just tell us more what do you want to do, maybe you're doing something wrong.
I´m just working with Cakephp for a few days and I´m very impressed. But now I´m trying to get closer with Acl, but it´s a bit confusing.
My situation is, that I want to create a website with a frontend and a backend. But I´m not sure if I really need Acl for this, cause all Pages should be available for all users, except the backend of course. The tutorials in the Cookbook aren´t very helpful due to the fact, that it´s all about creating users, and groups and roles and creating the right views for login, adding and editing users, etc.
But I just need information about what Acl handles? Does it restrict the use of controllers or models?
Or do I need something else than Acl? Maybe it´s easier to check a session variable and redirect direct into the controller if the check false?
Hopefully you can bring me on the right way,
thanks in advance and best greetings from Germany,
Sascha
I suggest you to read this chapter and use the Auth component instead of simply accessing the session as you're teased to do.
http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
For your admin backend use prefix routing.
http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing
In conjunction with auth this is pretty easy to check and implement in the isAuthorized() callback.
If you don't need various 'levels' of permissions; i.e. any logged-in user is allowed to access the backend, it's best to skip ACL (for now). If, in a later stage, ACL is required, you can always add it later.
You can start with 'simple' authentication. This chapter in the cookbook describes how to do so;
http://book.cakephp.org/2.0/en/tutorials-and-examples/blog-auth-example/auth.html
In general, do not develop features that you don't need now. E.g. implementing ACL because you might need it in the future is only overcomplicating your development and chances are, they don't fit the requirements when that moment arrives.
Unlike #burzum, I'm not a big fan of prefix routing (only for very simple projects), because you'll end up mixing front- and backend actions and logic in the same controller.
I would advice to create separate controllers for the backend, possibly develop them as a Plugin. Either way, you may consider to create 'base' Controllers and Models for the backend and have your backendcontrollers/models extend them. This way you'll be able to define components/behaviors to use for the backend in 1 location. Also, by loading the 'Auth' component only in Backend controllers, you don't have to 'allow' actions in each controller in the frontend
for example;
class BackendCoreController extends AppController {
// only load the Auth component in backend controllers
// regular/frontend controllers don't require authentication
$components = array('Auth');
}
class PageAdminController extends BackendCoreController {
}
For considerations on developing the backend as a plugin, see my answer here:
Best way to implement admin panel in CakePHP
I am planning to rewrite my site into CakePHP and after having spent a full week on learning it, I am still not sure how to do good custom routing in CakePHP.
This is what I want:
Keep the current url structure in www.domain.tld/en/dragons.html, or use a www.domain.tld/en/dragons, but not www.domain.tld/en/nodes/dragons.html. And also be able to use controllers on a similar path structure.
There are about 100 static pages on the entire site. I have read into multi-language routing and I think I can do it. I can also make /en/* or /en/:slug route via a PagesControler or a self-written NodesController.
My problem is that I would like to be able to mix and match url's with and without controllers, so actually what I want is that it checks if a :slug is part of the slug-list, there should still be the option to use that url with a controller.
I have created routes for both /en/contact and /en/:slugid, but it seems all queries were routed to my NodesController, even while I explicitly said that /en/contact should be routed to the ContactsController.
How can I instruct Cakephp to keep my current dictorary structure? I read the routes part of the Cakephp book, but it was extremely short and made me a little unsure about the possibility of such routing. If necessary, I'll just write a php-code that prints all routes for all slugs, so I can still write controller-routes with a similar path structure.
If a file exists in webroot (ie. app/webroot/static.html), the .htaccess file will tell Apache to serve that file before loading the CakePHP framework for requests to www.example.com/static.html.
Cake loads routes in a top-down order and will use the first matching route to handle a request. In your case, /en/contact should be above /en/:slugid, else the slugid rule will always win.
If CakePHP's routing does not accomplish what you are after, you can always implement a custom route class (book / example).
I have an order processing and catalog system created in CakePHP. It manages orders, products, packages, invoices, etc. (anything that would be necessary for an ecommerce store basically).
I now want to make a "dashboard"-type page, that will show the latest orders, products that need to be updated, latest reviews, etc. I was going to create a Page for PagesController, but I don't know how to access models in PagesController.
Is there any way to access several, unassociated models on one page?
How to build a “dashboard” for your application in CakePHP.
I was going to create a Page for PagesController, but I don't know how to access models in PagesController.
With the built-in PagesController, you can't. You'll have to create your own PagesController, which would look something like this pastebin.
Another way to create such a portal page would be to create a Page for display via the built-in PagesController, the view for which would comprise a variety of view elements, each using requestAction to retrieve their respective data. This can be a tricky approach if you don't or can't employ caching, because requestAction is not very performant, as it begins a new dispatch cycle every time it's called. However, in conjunction with good, aggressive caching, this is a very modular approach, and very Cake-y, since it encapsulates each element of your dashboard's functionality in its own MVC element.
Edit: just to be extra-clear, if you cannot cache the dashboard's elements well, you want to avoid the requestAction route. It's just horrifically slow, and it's better to use an approach such as that in balcer's link, though it is perhaps not as elegant.
Update: i wrote some wrong statements about the use of header in php; so forget that part :)
What i want is to fetch and display a controller's view (with controller's data) from another controller, without have url change in browser.
Some details:
Redirect doesn't do the job because is a direct redirect (via browser)
requestAction doesn't allow me to fetch css and images correctly
I need this thing because i have a controller dispatcher that redirects internally to the other controllers.
I think the only (correct) solution is to use routes.php in /config with Router::connect
and there use the logic that was in the dispatcher controller.
ummm... header() is the function to use for a redirect unless the PHP documentation is wrong. (http://php.net/manual/en/function.header.php) The core in cakePHP uses header for the redirect function (see lines 721 - 730 of cake/libs/controller.php).
So I am not certain what you mean "like normal PHP". CakePHP is PHP, it's just built on object oriented code. It's not magic or twisted ways of doing things. So to do a redirect in cake, you can simply use:
$this->redirect(array('controller' => 'my_controller', 'action' => 'my_action'));
And it will call the header() function.
Now. If you are dead set on not using redirect (maybe if you are going to an external site), you can call header() in the code. Just be sure you put the exit(); after the header call:
header('Location: http://call/my/url');
exit();
It will work just the same as redirect. It's just a lot of unnecessary extra work. Keep in mind that using redirect will maintain the domain name and build the URL for you automatically.
In general, connecting URLs to controllers is the job of routes. If your logic is rather complex and normal routes won't cut it, you can even write your own route parser class that does more complex logic (that's all in the manual).
If this routing logic involves database queries or any other sort of controller logic and may lead to very different output for the same URL based on some internal state though, you're making a very RESTless application and I'd submit you should rethink what you're trying to do. Having said that, you can render any view from any controller action using $this->render(). The controller logic for each view could be put in the AppController or possibly (partly) the models to be called from anywhere. So instead of "redirecting" to a different controller, a route just routes to a specific controller action as usual, that action dynamically calls code it needs to call and then renders the view it needs to render.
If you want your app to stay on the same URL but display very different content, you should probably also look into making an AJAX app.
The right solution for you is probably somewhere in between.