CakePHP - read file from outside webroot - cakephp

I have a model in /app/Model/User.php where I would like to read a file.
The file is located in /app/View/Emails/html/welcome.html:
$message = file_get_contents('../View/Emails/html/welcome.html');
This works locally but not online. What to change?

You do it wrong, what you try is already covered by the framework. See this, "Sending templated emails". Reading the book is always a good idea. Copy and paste from the book:
Emails are often much more than just a simple text message. In order
to facilitate that, CakePHP provides a way to send emails using
CakePHP’s view layer.
The templates for emails reside in a special folder in your
applications View directory called Emails. Email views can also use
layouts, and elements just like normal views:
$Email = new CakeEmail();
$Email->template('welcome', 'fancy')
->emailFormat('html')
->to('bob#example.com')
->from('app#domain.com')
->send();
The above would use app/View/Emails/html/welcome.ctp for the view, and
app/View/Layouts/Emails/html/fancy.ctp for the layout. You can send
multipart templated email messages as well:

Related

CakePHP emailFormat('both') vs emailFormat('html') and emailFormat('text')

In cakephp documentation it is stated that you can use both text and html template files if you set up like this :
$email = new Email();
$email
->template('welcome', 'fancy')
->emailFormat('both')
->to('bob#example.com')
->from('app#domain.com')
->send();
This would use the following template files:
src/Template/Email/text/welcome.ctp
src/Template/Layout/Email/text/fancy.ctp
src/Template/Email/html/welcome.ctp
src/Template/Layout/Email/html/fancy.ctp
How does it use both html and text files here? Does it check both text files and html files when creating a view? What if there are differences in those templates?
When setting emailFormat to both, CakePHP will put both templates in email, and set Content-type header of message to multipart/alternative. With this behavior, receiving end will be provided with two versions of the same message and will be able to choose which to use.
That means you can provide rich and flashy HTML version of your email to users that can display it, and also provide simple plaintext version of your message which will be used by email clients that can not (or refuse to) render HTML emails.
For more info, please look at this question and answer, as well as at RFC.

CakePHP - Security - Image and Link Helpers

I just read this quite interesting post about security for CakePHP: Cakephp Security
It says that whenever a helper is used, CakePHP basically takes care security risks unless I turn of escape. I believe I only turn off escape when I want my links to be images, so nesting an image helper line inside a link helper line. For example:
echo $this->Html->link($this->Html->image('logo.png'), "/" , array('id'=>'logo', 'escape' => false));
Is that bad practise? Does that leave me vulnerable? Should I be doing it some other way?
Additionally, is it correct that whenever I output database data on dynamic pages, it needs to be enclosed in htmlspecialchars($myvariable)? I don't understand why I need to do that if I know that my database is clean from "bad stuff" and all of my forms for input into my database uses FormHelper.
In the example code shown you have all static values, no content coming from user so there's no risk.
Similarly for your content coming from database if for eg. all content is managed by site admin and no content from users is saved to database its reasonably safe to echo the content without escaping.

Embed a Cakephp form into Wordpress

I have a Wordpress blog and I'm developing a backend application using Cakephp.
I want to develop the blog's contact form using cake (since the entered information will be available from the backend app).
Right now, I tried including the cake view into wp using ajax. The problem with this approach is that I either use a Js->submit, which makes attaching files to the form quite complicated, or I use a Form->submit, which makes displaying validation errors problematic. Also, it creates problems with the recaptcha plugin not showing up.
Is there a way of integrating the form using php? I don't need authentication (it is a public form), but I need to be able to show validation errors on the form and upload files on the form.
Actually, you can load any website into a string using CURL, if you load en empty page with a placeholder from your wordpress, you can then use it as your layout
<?php
$url = "http://www.yourdomain.com/emptypage";
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
$output = curl_exec($curl);
curl_close($curl)
$placeholder = "{{CONTENT}}"
$placeholderPos = strpos($output,$placeholder);
$beginning = substr($output,0,$placeholderPos);
$end = substr($output,$placeholderPos+strlen($placeholder));
echo $beginning;
////// your form //////
echo $end;
?>
You may have to deal with relative path after that, but this should get you started.
So, I finally found a way I think is the best since it uses cake classes.
I created a file new_file.php on webroot that is basically a copy of index.php but instead of using a generic request it requests the specific page I'm looking for:
$Dispatcher = new Dispatcher();
$Dispatcher->dispatch(new CakeRequest('CONTROLLER/ACTION'), new CakeResponse(array('charset' => Configure::read('App.encoding'))));
Of course, you'll have to change 'CONTROLLER/ACTION' to whatever your controller is.
After that, you only have to include the file in a WordPress plugin.
There is only one more change. There are some methods that conflict with WP declarations. PHP will complain when you include the above file. You have to find those method and wrap them into an if to make sure the method is not redeclared. This can break some functionality like localization (function __()) but it is ok if what you are including is not a very complex cake application.
if (!function_exists('methodName')) {
Hopefully the last issue will be solved once Cake 3 is out with namespaces support.

Is it possible for an entry to have two URL in Expression Engine, and translate template names?

I'm currently making a bilingual Expression Engine 2.5.2 website. I'm using this technique to create the two langues, which works perfectly.
I have created a {country_code} global variable in the two index.php files which allows me to detect the current language.
Using this technique, I have no problems to get language-relative data when accessing an entry. My only concern is that I apparently have to privilege a language-specific "clean" URL.
Example entry:
{entry_id} = 123
{title} = My test article
{title_permalink} = my-test-article
{name_fr} = Mon article
{name_en} = My article
If I request http://www.example.com/index.php/en/blog/articles/my-test-article, I expect to to find, in english, "My article" using the template articles in the blog template group.
Everything is fine, but the french translation is accessible when requesting http://www.example.com/index.php/fr/blog/articles/my-test-article. The correct translation of the URL should be http://www.example.com/index.php/fr/blogue/articles/mon-article-test.
Anyone encountered a problem like this? Any solutions via extensions or modules?
I believe the Transcribe module solves this by both providing the ability to translate template group and template names, and having you create a separate entry for each language and piece of content in your site (hence, you have two separate URL titles). But that means buying into their entire methodology for a multi-lingual site.
Myself, I usually just stick to using the entry_id instead of the url_title, and live with the template names being in the primary language.
The best way I found to achieve this is by embedding templates with segment translations, duplicating template groups and duplicating channels.
In the blog/articles template:
{embed="shared/.head" segment_2_translation="blogue" segment_3_translation="articles"}
In the blogue/articles template:
{embed="shared/.head" segment_2_translation="blog" segment_3_translation="articles"}
In shared/.head template:
[...] {if lang == "fr"}English{if:else}Français{/if} [...]
And then you can create a Articles (FR) and a Articles (EN) channels, and each will have their unique URL titles. You can also add a relationship custom field for each channel to associate an entry with it's translation.
It feels messy, but it is the only way I could make it work without modules, plugins or whatnot.

Dealing with Alias URLs in CakePHP

I am rewriting our company website in cakephp, and need to find a way to do the following:
A user enters our site by using one
of the promotional alias URLS that
has been pregenerated for a specific
media advert ( magazine, web
promotion etc )
The URL is checked against a
database of alias URLs, and if an
alias exists, then a specific
tracking code is written into the
session.
I have considered several options, none of which seem suitable for this purpose. They are:
Putting the lookup script in the
beforeFilter() in appcontroller, so
that its included in every
controller. (Writes a session value
so it only perfoms once.)
This option only works for existing contollers, and gives the
Cake 'missing controller' error if a
URL doesn't exist.
Specific routes for each alias in
Routes.php - Works but there are
potentially hundreds of alias urls
added/removed regularly via admin
interface.
Route all site URLs to their own
actions, and having an 'everything
else' rule, for the alias URLs that
maps to my lookup script. - Messy
and I lose the built in Cake
routing.
Custom 404. - I don't want to
return 404's for these urls, as I
feel its bad practice unless they
really don't map to anything.
I really could do with a place in the application flow where I can put this lookup/tracking script, and I'm fairly new to cake so I'm stumped.
EDIT: Also, I know that a subfolder called say 'promo' would easily do this, but I have a lot of legacy URLS from our old site, that need handling too.
Note: I'm making an assumption that your promo URLs are in the form of "domain.com/advert-259" or something like that (i.e. no "domain.com/adverts/advert-259'). That would be just too simple :)
Hopefully, you can use the routing with some regex. Add this to your /config/routes.php and let me know if a different regex will help :)
$controllers = Configure::listObjects('controller');
foreach ($controllers as &$value)
{
$value = Inflector::underscore($value);
}
Router::connect('/:promo', array('controller' => 'promos', 'action' => 'process'), array('promo' => '(?!('.implode('|', $controllers).')\W+)[a-zA-Z\-_]+/?$'));
Now you can handle all your promo codes in PromosController::process().
Basically, it checks for a promo code in url, excluding those in the $controllers array (i.e. your regular routes won't be messed up).
Later on you might want to consider caching the value of Configure::listObjects() depending on the speed of your app and your requirements.
A very interesting question. I think I would use item #3. It's not really that messy -- after all, this typically is handled by the pages controller in my stuff. That's how I'd handle it - hardcode your routes to your controllers in routes.php, then have a matchall route that will work for your promo codes. This allows you to keep legacy URLs, as well as use a lot of the standard cake stuff (you probably will just have to explicitly state each of your controllers routes, not such a chore...) Additionally, it will let you do some cool stuff with 404 errors -- you can put some logic in there to try and figure out where they were trying to go, so you can superpower your 404's.

Resources