I need to send more than 1 session flash with cakephp, I have found some solutions how to create a for loop and put together a deal but wanted to know if there was any native function of cake for something.
Two days ago I wrote http://www.dereuromark.de/2014/04/21/cakephp-flash-messages-2-0/
Which basically added support for this in CakePHP1.x, and therefore also for CakePHP2.x now.
It stacks multiple messages per type, as well. Details see the Wiki.
Its really not clear what you really wants- but to create multiple flash message as on documentation-
// set a bad message.
$this->Session->setFlash('Something bad.', 'default', array(), 'bad');
// set a good message.
$this->Session->setFlash('Something good.', 'default', array(), 'good');
And on your view-
echo $this->Session->flash('good');
echo $this->Session->flash('bad');
And there is a Helper you can checkout- MultiFlashHelper
Related
I just read this quite interesting post about security for CakePHP: Cakephp Security
It says that whenever a helper is used, CakePHP basically takes care security risks unless I turn of escape. I believe I only turn off escape when I want my links to be images, so nesting an image helper line inside a link helper line. For example:
echo $this->Html->link($this->Html->image('logo.png'), "/" , array('id'=>'logo', 'escape' => false));
Is that bad practise? Does that leave me vulnerable? Should I be doing it some other way?
Additionally, is it correct that whenever I output database data on dynamic pages, it needs to be enclosed in htmlspecialchars($myvariable)? I don't understand why I need to do that if I know that my database is clean from "bad stuff" and all of my forms for input into my database uses FormHelper.
In the example code shown you have all static values, no content coming from user so there's no risk.
Similarly for your content coming from database if for eg. all content is managed by site admin and no content from users is saved to database its reasonably safe to echo the content without escaping.
For some reason my cakephp application is not showing any of the queries made to the database. It prints the table fine, but there are not records. What could cause this?
Check to make sure you are pulling the records correctly.
$models = $this->Model->find('all');
// or
$this->Model->recursive = 0;
$this->set('models', $this->paginate());
Then when you add them in the view, be sure you are looping through them correctly:
foreach ($models as $model) {
echo $model['Model']['field_name'];
}
UPDATE
To show the SQL statements, be sure you have the following set in core.php
Configure::write('debug', 2);
Also, in the Layout, besure you have this included someone between the <body> and </body> tags:
<?php echo $this->element('sql_dump'); ?>
I assume that you are getting an empty table with just the "Nr","Query","Error", etc. column headers?
You are getting the empty table because you have "Configure::write('debug',0);" set somewhere before you have "Configure::write('debug',2);" set. Find the first instance of it and delete it or change it to "2".
I know that you have long since fixed this problem but hopefully it helps somebody else in the future.
The CakePHP debug kit can help you. After you install it, you will notice a small (pie-chart) icon on the top right of your CakePHP pages. Clicking on that will allow you to see various useful information, and most importantly for this issue, all the SQL queries that occurred in the back-end upon the page loading.
I faced a similar problem in cakephp. I found that debug($variable) has limitation to the content size. Since you are fetching huge sized content from database, it is not able to print. Try doing print_r($variable) instead. To format it properly, you can do like this
echo "<pre>".print_r($variable)."</pre>";
I'm trying to understand how use AROs and ACOs if I've added a section in my site.
The CakePHP guide is clear on how the concept of ACL works, but not on how it should be implemented in the code. Personally I've found all the part of the tutorial very unclear on how they should be used inside CakePHP framework. It seems to be most unfriendly part of CakePHP framework.
Now when I go in new sections I've created, I get this error, and I don't understand how I could fix it.
Warning (512): DbAcl::check() - Failed ARO/ACO node lookup in permissions check. Node references:
Aro: Array
(
[User] => Array (
[id] => 1
[username] => vittorio
[group_id] => 1
[created] => 2011-03-30 10:51:23
[modified] => 2011-03-30 10:51:23
[viewable] => 0
)
)
Aco: controllers/Works/index [CORE/cake/libs/controller/components/acl.php, line 273]
If I look on
http://book.cakephp.org/view/647/An-Automated-tool-for-creating-ACOs
and on
http://book.cakephp.org/view/996/Creating-Components#!/view/1548/Creating-ACOs-Access-Control-Objects
I should get the answers, but if I run this code calling the url mysite.com/build_acl again I only get these errors:
Missing Controller
Error: BuildAclController could not be found.
Error: Create the class BuildAclController below in file: app/controllers/build_acl_controller.php
<?php
class BuildAclController extends AppController {
var $name = 'BuildAcl';
}
?>
Notice: If you want to customize this error message, create app/views/errors/missing_controller.ctp
Does exist a decent guide who talks about ACL, AROs and ACOs and how to implement them on CakePHP without leave the reader lost?
Vittorio,
with due respect, ACL and AUTH combined are a very generic tool. Getting it to work for the first time annoyed me quite a bit. The main errors, which I keep seeing over and over again are:
Not calling build_acl after one or more new actions has been created.
Not initializing the newly arisen setup (fresh ACL nodes as output of
the previous step) with proper access
rights.
Not calling parent::beforeFilter() in every controller who inherits from parent app_controller (as often crucial settings reside in this method).
Trying to save a foobared setup instead of going over the Auth+Acl tutorial at the end of the book again. It works (no offense), many people accomplished it before, so you can, too (I do not say that it is accomplished instantaneously).
Reinventing the wheel: After a basic functioning Auth+Acl tutorial, check out the plugins on sourceforge and github.
Not reinventing the wheel ^^, afaik the perfect AUTH+ACL management plugin is yet to be written (but useable code does exist)
Good journey, Benjamin.
Edit0
Basic code hygiene helps, e.g. if you allow users as requesting objects and actions as controlled objects, it makes sense to write the build_acl() into the users_controller, directly followed by, e.g. init_db(), where you centralize settings access rights.
Do not forget to remove these hacks before going into production, even though setting correct access rights again would not hurt much, but imagine what john doe and friends do to your app if they run this function all the time Ü
mysite.com/build_acl
you must run build_acl in any action of your controller, you can't call it like that you're referring to an action without controller. at least you can try like this
mysite.com/{my_controller}/build_acl
or run it in app_controller's beforeFilter method e.g.
function beforeFilter(){
$this->build_acl();
}
of course the function itself must be declared in app_controller.
I am using cakePHP v1.26.
In the default.ctp file,
I got a single of this code in it:
$session->flash();
I came a corss a web site in which the author suggested using this instead:
if($session->check('Message.flash')){
$session->flash();
}
I do not understand what this line of code is doing:
if($session->check('Message.flash')){...}
what is "Message.flash" in this case?
Is "Message.flash" a custom variable or
a built-in varibale which has been predefined in cakePHP?
Message.flash is the session variable name. It will be defined by cakephp, when you use $this->Session->setFlash('Your message'); from your controller.
if($session->check('Message.flash')){...} checks, if session Message.flash, which contains the flash message, exists.
Note also that contrary to the current manual description, $session->flash() does not echo the result, it just returns it, so you will need to have
echo $session->flash();
in your view.
For latest cakephp version
if(!($this->Session->check('Message.flash')));
// your code
In view section for show messages.
$this->Session->flash();
How does cakephp handle a get request? For instance, how would it handle a request like this...
http://us.mc01g.mail.yahoo.com/mc/welcome?.gx=1&.rand=9553121_pg=showFolder&fid=Inbox&order=down&tt=1732&pSize=20&.rand=425311406&.jsrand=3
Would "mc" be the controller and "welcome" be the action?
How is the rest of the information handled?
Also note that you could use named parameters as of Cake 1.2. Named parameters are in key:value order, so the url http://somesite.com/controller/action/key1:value1/key2:value2 would give a a $this->params['named'] array( 'key1' => 'value1', 'key2' => 'value2' ) from within any controller.
If you use a CNN.com style GET request (http://www.cnn.com/2009/SHOWBIZ/books/04/27/ayn.rand.atlas.shrugged/index.html), the parameters are in order of appearance (2009, SHOWBIZ, books, etc.) in the $this->params['pass'] array, indexed starting at 0.
I strongly recommend named paramters, as you can later add features by passing get params, without having to worry about the order. I believe you can also change the named parameter separation key (by default, it's ':').
So it's a slightly different paradigm than the "traditional" GET parameters (page.php?key1=value1&key2=value2). However, you could easily add some logic in the application to automatically parse traditional parameters into an array by tying into how the application parses requests.
CakePHP uses routes to determine this. By default, the routes work as you described. The remainder after the '?' is the querystring and it can be found in $this->params['url'] in the controller, parsed into an associative array.
Since I found this while searching for it, even though it's a little old.
$this->params['url']
holds GET information.
I have tested but it does work. The page in the Cakephp book for it is this link under the 'url' section. It even gives an example very similar to the one in the original question here. This also works in CakePHP 1.3 which is what I'm running.
It doesn't really use the get in the typical since.
if it was passed that long crazy string, nothing would happen. It expects data in this format: site.com/controller/action/var1/var2/var....
Can someone clarify the correct answer? It appears to me that spoulson's and SeanDowney's statements are contradicting each other?
Would someone be able to use the newest version of CakePHP and get the following url to work:
http://www.domain.com/index.php/oauth/authorize?oauth_version=1.0&oauth_nonce=c255c8fdd41bd3096e0c3bf0172b7b5a&oauth_timestamp=1249169700&oauth_consumer_key=8a001709e6552888230f88013f23d5d004a7445d0&oauth_signature_method=HMAC-SHA1&oauth_signature=0bj5O1M67vCuvpbkXsh7CqMOzD0%3D
oauth being the controller and authorize being a method AS WELL as it being able to accept the GET request at the end?