Final Touches

Posted: May 10, 2012 in Uncategorized

To finish this project i added data sanatization to the posts and comments.

The following code was added to achieve this

\Controller\PostsController.php and \Controller\CommentsController.php

this->set( ‘comments’, Sanitize::clean($this->paginate(),$this->cleanOptions) );

\Controller\AppController.php file.

App::uses(‘Sanitize’, ‘Utility’);

public $cleanOptions = array (
‘odd_spaces’ => false,
‘encode’ => true,
‘dollar’ => false,
‘carriage’ => false,
‘unicode’ => true,
‘escape’ => false,
‘backslash’ => true,
‘remove_html’ => false

Finally to Styling.

I found the style sheet in the folder


and changed various elements to change the colour of the site, bold colours were chosen to hightlight the change from the original version.


Remove Diagnostics

Posted: May 6, 2012 in Uncategorized

To do this it was necessary to edit the app/Config/core.php file from

Configure::write(‘debug’, 2);


Configure::write(‘debug’, 0);

To enable this feature it was necessary to download the FormEnumHelper.php file provided and add it to the app/View/Helper folder.

Once this was done I used the instructions at  to help achieve it.

I needed to edit the app/Controller/appController file to include a reference to our helper file like this

public $helpers = array(‘FormEnum’);

then I added

if($is_admin) echo $this->FormEnum->input(‘User.role’,array(‘empty’=>false));
else echo $this->FormEnum->input(‘User.role’,array(‘empty’=>false,’disabled’=>’disabled’));

to both the app\View\Users\edit.ctp and app\View\Users\add.ctp files.

The form that allowed the user to edit their details pre-filled the password field this is unecessary as the user may not wish to change their password as part of their edit. To remove the password from the form the app/View/Users/edit.ctp file was amended to say

echo $this->Form->input(‘password’), array(‘value’=>”));

This sets the password value to zero.

It should be noted that to avoid the password being saved as zero should the user not enter a new password you should make sure that you unset the password.

To avoid the user submitting the form with an empty field or duplicate username it was necessary to amend the app/Model/User.php

‘username’ => array(
‘notempty’ => array(
‘rule’ => array(‘isUnique’),
‘message’ => ‘You must emter a unique username’,
‘allowEmpty’ => false,
//’required’ => false,
//’last’ => false, // Stop validation after this rule
//’on’ => ‘create’, // Limit validation to ‘create’ or ‘update’ operations

A similar method was used in the app/Model/Post.php file to avoid duplicate Post titles.

Removing hashed passwords

Posted: May 2, 2012 in Uncategorized

The uscms allowed for the adding/editing users; this page displayed the users hashed passwords making it possible to decipher other users passwords if they happen to identical to a known hashed password. To fix this the following lines were removed from app/View/Users/index.ctp.

<th><?php echo $this->Paginator->sort(‘password’);?></th>

<td><?php echo $user[‘User’][‘password’]; ?>&nbsp;</td>

Another error that was showing concerned the fact that there was no reference in the database to the file_number or mime. These lines were removed form the app/View/Users/view.ctp file.

Once the user had chosen a post to view I noticed that they could not view the media attached to that post without being logged in. This was because the authorisation was not setup correctly to allow this the app/Controller/AppController.php was edited from

$this->Auth->allow(‘index’, ‘view’);

to $this->Auth->allow(‘index’, ‘view’, ‘serve’);

My CakePHP Blog

Posted: May 1, 2012 in Uncategorized

This blog is part of an assessment for the Dynamic Web Technolgy module taught at UWS. Here I will attempt to explain the procedures necessary to fix the Ultra Simple Content Management System given to the class.

The first task was to view the files in order to assertain what needed fixing. To do this it was necessary to upload the files to a server. Unfortuanately I did not have access to the university server so I looked at using However despite trying to enable URL rewriting I could not get the site successfully running.

Thankfully I managed to upload the site to an alternative server suggested by Stacey Methven. After this I needed to create the database and tables using the uscms.sql file provided. The next task was to enable the database connection this was done by adding the relevant details to  the app/Config/databse.php file

‘login’ => ‘web166_cake’,
‘password’ => ‘evolution’,
‘database’ => ‘web166_cake’,

After this I wanted to allow the user to see the posts instead of taking the user to the log-in page. This was done by changing the Config/routes.php file from

Router::connect(‘/’, array(‘controller’ => ‘pages’, ‘action’ => ‘display’, ‘home’));


Router::connect(‘/’, array(‘controller’ => ‘posts’, ‘action’ => ‘index’));

The next error that appeared was fixed by amending the syntax error in the app/View/Users/view.ctp file. Here there was a missing ‘ it should have read

<?php if ( $current_user[‘id’]==$user[‘User’][‘id’] || ‘$is_admin’ ) :  ?>