JonnyReeves.co.uk » CakePHP

My Development Environment.

Jonny — Fri, 21 Nov 2008 20:49:00 +0000

I spend most of my development time sat in Eclipse, I find it funny (or maybe slightly alarming) that only four moths ago I had never ventured near an Integrated Development Environment and spent a lot of time toiling away with a Crimson Editor. All I can say is that if you haven’t tried getting to grips with Eclipse, then now is the time.

As my work is split between programming in PHP and ActionScript, I use Flex Builder as the base for my Eclipse Setup (Flex Builder 3 is built ontop of the Eclipse 3.3 platform). Flex Builder comes with an ActionScript parser and debugger. The parser is not as good as FDT (which I use at work), but is a damn sight cheaper which is always welcome. Eclipse is incredibly modular and allows you to enhance it’s basic functionality buy installing components which provide additional perspective and functionality. I make use of the following:

PDT 1.x – PHP Development Tool, includes code completion and syntax highlighting.
Subclipse 1.4 – SVN Integration for eclipse, essentail for checking in my own code and 3rd party code which I make sure of (Such as the CakePHP Core). Again, if you’re not using SVN then you really should!

I keep my PHP and ActionScript development seperate by using two Workspaces and swtiching between the two (I do a similar thing at work by having two workspaces for our ActionScript 2 and ActionScript 3 projects at Mindcandy). To avoid any potential UAC problems in Vista, I make sure that my Workspace is located in my User folder – this also helps with backups keeping everything in one place.

To back this up, I run a straight forward Apache 2.2, MySQL 5 and PHP 5.2 stack ontop of Windows Vista x64 (Even with UAC turned on!). I had no problems installing the stack, I just made sure that everything was installed inside my User folder. (ie: C:\Users\Jonny\Webroot\Apache2-2, etc). I configure individual vhosts for the projects I work on and point the webroot at my Eclipse Workspace (ie: C:\Users\Jonny\Projects\PHP\Project_Name). This allows me to simulate a webdeploy environment which makes deploying sites to a web server easier. To complete my local dev setup I setup fake sendmail which allows the mail() funcitons inside PHP 5 to be relayed to a remote mail server (very handy! — again, I was suprised that this worked without a hitch on Vista x64).

Validating Image Uploads in CakePHP

Jonny — Mon, 16 Jun 2008 21:17:46 +0000

Following on from my article on CakePHP – Uploaded File Validation in Models, today’s snippet will show you how to use Cake’s validation rules to reject invalid images, or images which do not conform to a specified mime-type. This code relies on the fact that you have LibGD installed on your webserver.

Class Image extends AppModel
{
var $name = ‘Image’;
var $validate = array
(
‘uploaded_image’ => array
(
// Ensure file uploaded OK.
‘valid_upload’ => array
(
‘rule’ => array(‘validateUploadedfile’, false),
‘message’ => ‘An error occured whilst uploading your image, please try again’,
),

// Check image is valid / of allowed mime-type
‘valid_image’ => array
(
‘rule’ => array(‘isValidImageFile’),
‘message’ => ‘The file you have uploaded is not a valid or is unsupported, please try again’,
),
),
);

/**
* Custom validation rule for uploaded files.
*
* @param Array $data CakePHP File info.
* @param Boolean $required Is this field required?
* @return Boolean
*/
function validateUploadedFile($data, $required = false)
{
// Remove first level of Array ($data['Image']['size'] becomes $data['size'])
$upload_info = array_shift($data);

// No file uploaded.
if ($required && $upload_info[’size’] == 0) {
return false;
}

// Check for Basic PHP file errors.
if ($upload_info[‘error’] !== 0) {
return false;
}

// Finally, use PHP’s own file validation method.
return is_uploaded_file($upload_info[‘tmp_name’]);
}

/**
* Use LibGD to determine if an uploaded file is a valid Image by
* running it’s mime-type against a list of $valid_mime_types
*
* @param Array $data CakePHP File info
* @return Boolean
*/
function isValidImageFile($data)
{
// Allow these image mime-types, all others will be rejected
$valid_mime_types = array(‘image/jpeg’, ‘image/png’, ‘image/gif’);

$data = array_shift($data);
$filename = $data[‘tmp_name’];

// Catch I/O Errors.
if (!is_readable($filename)) {
debug(__METHOD__." failed to read input file: {$filename}");
return false;
}

// Retrieve the MimeType of Image, if none is returned, it’s invalid
if (!$mime_type = $this->getImageMimeType($filename)) {
debug(__METHOD__." Uploaded file does not have a mime-type");
return false;
}

// Check the MimeType against the array of valid ones specified above
if (!in_array($mime_type, $valid_mime_types)) {
debug(__METHOD__." Uploaded image has rejected Mime Type: {$mime_type}");
return false;
}

if (!$this->__getImageHandleFromFile($filename)) {
return false;
}

return true;
}

/**
* Use LibGD to return an uploaded Image’s MimeType as a String, FALSE
* on errors or if the file is not an image
*
* @param String $filename Absolute path to file on disc
* @return String Image MimeType of $filename, false on failure
*/
function getImageMimeType($filename)
{
// If this error is thrown LibGD is not installed on your server.
if (!function_exists(‘getimagesize’)) {
debug(__METHOD__." LibGD PHP Extension was not found, please refer to http://www.php.net/manual/en/book.image.php");
exit();
}

$result = getimagesize($filename);
if (isset($result[‘mime’])) {
return $result[‘mime’];
}
return false;
}

/**
* Returns a LibGD Image Handle for a file specified by $filename
*
* @param String $filename Absolute path to image on disk
* @return LibGD Image Handle on success, FALSE on failure.
*/
function __getImageHandleFromFile($filename)
{
if (!is_readable($filename)) {
debug(__METHOD__." failed to read input file: {$filename}");
return false;
}

// Retrieve the MimeType of Image, if none is returned, it’s invalid
if (!$mime_type = $this->getImageMimeType($filename)) {
debug(__METHOD__." failed to assertain MimeType of {$filename}");
return false;
}

switch ($mime_type)
{
case ‘image/jpeg’:
$handle = @imagecreatefromjpeg($filename);
break;

case ‘image/gif’:
$handle = @imagecreatefromgif($filename);
break;

case ‘image/png’:
$handle = @imagecreatefrompng($filename);
break;

default:
debug(__METHOD__." Didn’t know how to handle MimeType: {$mime_type}");
$handle = false;
break;
}

return $handle;
}
}

As always, comments are welcome.

CakePHP – Activating User Account via Email

Jonny — Tue, 03 Jun 2008 21:11:20 +0000

Continuing on from my User Registration with the AuthComponent post I’m going to cover how to activate user account’s via email. Before we get down to the code lets look at a simple use case first.

Activating User Accounts Via Email Use Case
Goal: To confirm that users are registering with a valid email address, force them to activate their account before they can log in.

User registers for an account, all validations passes and $User->save() has been called
At this point we flag that the user’s account is pending activation. An email gets sent to the email address the user registered with. The email contains a unique activation link
The user recieves the activation email and clicks the activation link
The system (your website) handles the incoming link, checks that the activation link is correct (the hash matches) and marks the user’s account as “active” – the user can now log in!

Alternative Path: The activation link is rejected by the system (it’s invalid / wasn’t copied correctly) – we present some helpful information to the user.

Time for Some Code!
Okay, let’s start simple – the basic User Table we created in the previous article needs to be expanded to include an “active” flag (boolean) to indicate if the user’s account has been activated yet:

– Table structure for table `users`
CREATE TABLE IF NOT EXISTS `users` (
`id` INT(11) NOT NULL AUTO_INCREMENT,
`username` VARCHAR(20) NOT NULL,
`password` VARCHAR(50) NOT NULL,
`email` VARCHAR(255) NOT NULL,
`active` TINYINT(1) NOT NULL DEFAULT ‘0′,
`created` DATETIME NOT NULL,
`modified` DATETIME NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=INNODB DEFAULT CHARSET=latin1;

Okay, let’s go ahead and hook this into our Users Controller’s login() action to stop “un-activated” users from loging in (after all, that is the primary goal of performing this work).

// Note: not all logic is show!
uses(’sanitize’);
class UsersController extends AppController
{
var $name = ‘Users’;
var $components = array(‘Auth’);
function login() {
// Check for incoming login request.
if ($this->data) {
// Use the AuthComponent’s login action
if ($this->Auth->login($this->data)) {
// Retrieve user data
$results = $this->User->find(array(‘User.username’ => $this->data[‘User’][‘username’]), array(‘User.active’), null, false);
// Check to see if the User’s account isn’t active
if ($results[‘User’][‘active’] == 0) {
// Uh Oh!
$this->Session->setFlash(‘Your account has not been activated yet!’);
$this->Auth->logout();
$this->redirect(‘/users/login’);
}
// Cool, user is active, redirect post login
else {
$this->redirect(‘/’);
}
}
}
}
}
?>

With this login check in place, we now need to sort out sending out the email which will actually “activate” the user’s account for them. Before we start with the controller actions, let’s defined some custom logic in the Model. As a quick side note, I work to the principle of skinny controllers, fat models (and so should you). What this means, in a nutshell – is that any logic which relates to a Model (in our case, generating the Confirmation Link) should be done in the Model – so let’s do that now.

# /app/models/user.php
# please note that validation logic is not shown
Class User extends AppModel
{
var $name = ‘User’;

/**
* Creates an activation hash for the current user.
*
* @param Void
* @return String activation hash.
*/
function getActivationHash()
{
if (!isset($this->id)) {
return false;
}
return substr(Security::hash(Configure::read(‘Security.salt’) . $this->field(‘created’) . date(‘Ymd’)), 0, 8);
}
}
?>

So, incase you didn’t gather, we can grab a unique Activation Hash for any given user by calling $User->getActivationHash() from inside the controller. Let’s just break down what we are doing in the getActivationHash funciton and the reason why we’re doing it.

When we send the email to the user, we are going to send them a link which they can click on to activate their account. If we don’t create unique activation links then users would be able to “guess” or craft activation links for other users, for example, if we didn’t use an activation hash our links may look like this: http://mysite.com/user/activate/jreeves/ – Hmm, well I know that my username is jreeves, so I could guess pretty easily that /users/activate/dchang is going to active someone elses’ account… not great.

So, what is getActivationHash doing? Basically, it’s taking the datetime of when the user created their account (this will be unique for each user), adding in the Day-Month-Year value (so that activation links only last for 24 hours) and combining the whole shebang with the Security.salt value from CakePHP’s core.ini and Hashing it (with either MD5 or SHA-1 depending on your Cake’s settings). In case you are wondering, this process is called salting and it makes any unique value (such as a password, or MD5 hash), almost impossible to guess.

Okay, enough talk, let’s hook this into the register action so that this email gets sent out.

# /controllers/users_controller.php
# please note that not all code is shown…
uses(’sanitize’);
class UsersController extends AppController {
var $name = ‘Users’;
// Include the Email Component so we can send some out :)
var $components = array(‘Email’, ‘Auth’);

// Allow users to access the following action when not logged in
function beforeFilter() {
$this->Auth->allow(‘register’, ‘thanks’, ‘confirm’, ‘logout’);
$this->Auth->autoRedirect = false;
}

// Allows a user to sign up for a new account
function register() {
if (!empty($this->data)) {
// See my previous post if this is forgien to you
$this->data[‘User’][‘password’] = $this->Auth->password($this->data[‘User’][‘passwrd’]);
$this->User->data = Sanitize::clean($this->data);
// Successfully created account – send activation email
if ($this->User->save()) {
$this->__sendActivationEmail($this->User->getLastInsertID());

// this view is not show / listed – use your imagination and inform
// users that an activation email has been sent out to them.
$this->redirect(‘/users/thanks’);
}
// Failed, clear password field
else {
$this->data[‘User’][‘passwrd’] = null;
}
}
}

/**
* Send out an activation email to the user.id specified by $user_id
* @param Int $user_id User to send activation email to
* @return Boolean indicates success
*/
function __sendActivationEmail($user_id) {
$user = $this->User->find(array(‘User.id’ => $user_id), array(‘User.email’, ‘User.username’), null, false);
if ($user === false) {
debug(__METHOD__." failed to retrieve User data for user.id: {$user_id}");
return false;
}

// Set data for the "view" of the Email
$this->set(‘activate_url’, ‘http://’ . env(‘SERVER_NAME’) . ‘/users/activate/’ . $user[‘User’][‘id’] . ‘/’ . $this->User->getActivationHash());
$this->set(‘username’, $this->data[‘User’][‘username’]);

$this->Email->to = $user[‘User’][‘email’];
$this->Email->subject = env(‘SERVER_NAME’) . ‘ – Please confirm your email address’;
$this->Email->from = ‘noreply@’ . env(‘SERVER_NAME’);
$this->Email->template = ‘user_confirm’;
$this->Email->sendAs = ‘text’; // you probably want to use both :)
return $this->Email->send();
}
}
?>

Okay, now we’re cooking – time to create the Email “views” which will be sent out with the emails – in case you are not familiar with the EmailComponent then now would be a good time to refer to the CookBook. So, let’s create the plain text email template which will contain the activation link set above:

# /app/views/elements/email/text/user_confirm.ctp
?>
Hey there = $username ?>, we will have you up and running in no time, but first we just need you to confirm your user account by clicking the link below:

= $activate_url ?>

Phew! The end is in sight, just one more controller action to hook up (and probably the most important one) – /users/activate – I’m sure you can figure out what this is going to do.

# /controllers/user_controller.php
# note that only the activate function is shown…

/**
* Activates a user account from an incoming link
*
* @param Int $user_id User.id to activate
* @param String $in_hash Incoming Activation Hash from the email
*/
function activate($user_id = null, $in_hash = null) {
$this->User->id = $id;
if ($this->User->exists() && ($in_hash == $this->User->getActivationHash()))
{
// Update the active flag in the database
$this->User->saveField(‘active’, 1);

// Let the user know they can now log in!
$this->Session->setFlash(‘Your account has been activated, please log in below’);
$this->redirect(‘login’);
}

// Activation failed, render ‘/views/user/activate.ctp’ which should tell the user.
}
?>

And there we have it, now when your users register they have to confirm their user accounts via Email – job done!

CakePHP – Open_Basedir Restriction in Effect

Jonny — Mon, 02 Jun 2008 21:37:17 +0000

Just deployed a CakePHP on a domain running PLESK and dismayed by the fact that your screen is over-flowing with warning about open_basedir restriction in effect? Fear not, the solution is straight forward (if a little frustrating to track down!)

The problem is caused by this line (line 69, in CakePHP 1.2.0.6311) in /app/webroot/index.php:

ini_set(‘include_path’, CAKE_CORE_INCLUDE_PATH . PATH_SEPARATOR . ROOT . DS . APP_DIR . DS . PATH_SEPARATOR . ini_get(‘include_path’));

Yep, the simple ini_set command – the clues should start coming in thick and fast that ini_set is causing the problem due to the fact taht open_basedir complains about paths with :’s in their structure. (:’s being the delimiter for automatically included paths). To fix the problem you can either remove the if logic that calls “function_exists(’ini_set’)”, or, if you prefer to fix things the corret way, modify the line to remove the final stub:

ini_set(‘include_path’, CAKE_CORE_INCLUDE_PATH . PATH_SEPARATOR . ROOT . DS . APP_DIR . DS);

Good luck, hope that saves someone a headache! :)

CakePHP – Uploaded File Validation in Models

Jonny — Sun, 01 Jun 2008 14:56:26 +0000

Allowing uploaded files from users in PHP is fraught with danger, however by using CakePHP 1.2 and a little bit of Validation magic we can make things a little safer.

First, lets start by creating a simple upload form where the users will be uploading their files

# /app/views/story/create.ctp
echo $form->create(‘Story’, array(‘action’ => ‘create’, ‘type’ => ‘file’));
echo $form->input(‘Story.title’);
echo $form->input(‘Story.contents’);
echo $form->input(‘Artwork.uploaded_image’, array(‘type’ => ‘file’, ‘label’ => ‘Front Artwork’));
echo $form->end(‘Create Story’);
?>

Nothing particularly special here, just to note that we are specifying “type” => “file” in the $form::create method – this makes cake inset the correct ‘enc-type’ value in the generated

tag.

So when the user submits this form, they will be pointed towards the create() action in the StoryController, lets have a look at that:

# /app/controllers/story_controller.php
uses(’sanitize’);
class StoryController extends AppController {
var $name = ‘Story’;

/**
* Allows users to create a story with an attached image.
*/
function create() {
// Always sanitize user input, except for the filename (which will get borked on Win32 systems)
$uploaded_image = $this->data[‘Artwork’][‘uploaded_image’];
$this->data = Sanitize::clean($this->data);
$this->data[‘Artwork’][‘uploaded_image’] = $uploaded_image

if ($this->Story->save()) {
// redirect to the new story.
$this->Session->setFlash(‘Your story was created!’);
$insert_id = $this->Story->getInsertID();
$this->redirect(‘/stories/view/’ . $insert_id);
} else {
$this->Session->setFlash(‘Please correct the errors below’);
}
}
}
?>

Again, nothing unusual here, however, without any data validation we would be opening the application up to attack from malicious users – they could upload PHP code that could later be executed; for more general reading on the woes of File uploads, see what Chris Shiftlett, author of Essential PHP Security has to say.

So, in order to add some security to Image uploads, we are going to add some simple custom validation rules to the Artwork Model:

# /app/models/artwork.php
Class Artwork extends AppModel {
var $name = ‘Artwork’;
var $validate = array (
‘uploaded_image’ => array (
‘valid_upload’ => array (
‘rule’ => array(‘validateUploadedFile’, false)
‘message’ => ‘An error occurred whilst uploading’,
),
),
);

/**
* Custom validation rule for uploaded files.
*
* @param Array $data CakePHP File info.
* @param Boolean $required Is this field required?
* @return Boolean
*/
function validateUploadedFile($data, $required = false) {
// Remove first level of Array ($data['Artwork']['size'] becomes $data['size'])
$upload_info = array_shift($data);

// No file uploaded.
if ($required && $upload_info[’size’] == 0) {
return false;
}

// Check for Basic PHP file errors.
if ($upload_info[‘error’] !== 0) {
return false;
}

// Finally, use PHP’s own file validation method.
return is_uploaded_file($upload_info[‘tmp_name’]);
}
}
?>

Now, before the Data from the form is saved, it will be passed through the custom validation above – any invalid, or potentially malicious files will be rejected. This could easily be split into separate validation methods to provide more understandable error messages for your users.

CakePHP, Using CounterCache to keep track of Comments

Jonny — Sat, 31 May 2008 18:59:06 +0000

CounterCache is one of the new Core Model Behaviors in CakePHP 1.2 and it’s an absolute life saver for working with hasMany relationships where you want to OrderBy one of the children.

The basic idea behind a CounterCache is to keep tabs on how ‘children’ a specific model has, this is best explained in a quick snippet of CakePHP. In the following example I am going to set up a simple relationship of Users and Comments, however, I want to add the condition that posts must be moderated first as indicated by a `moderated` Boolean field in the MySQL table.

CREATE TABLE IF NOT EXISTS `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(50) NOT NULL,
`comments_count` int(11) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE IF NOT EXISTS `comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`message` text NOT NULL,
`moderated` tinyint(1) NOT NULL DEFAULT ‘0′,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Users Model: /app/models/user.php

Class User extends AppModel {
var $name = ‘User’;
var $hasMany = array(‘Comment’);
}
?>

Comments Model: /app/models/comment.php

Class Comment extends AppModel {
var $name = ‘Comment’;
var $actsAs = array(‘CounterCache’);
var $belongsTo = array (‘User’ => array (
‘foreignKey’ => ‘user_id’,
‘counterCache’ => ‘comments_count’,
‘counterScope’ => ‘moderated = 1′)
);
}
?>

So the magic being introduced here is the CounterCache Behavior, in the Comments Model (which is included by setting is in the $actsAs variable). The ‘counterCache’ => ‘comments_count’ value indicates to column on the `belongsTo` table which will contain the count and the ‘counterScope’ => ‘moderated = 1′ tells CounterCache to only increment the count value when this SQL Condition is met (in this case, `moderated` must be true).

Go ahead, build the application, throw some scaffolding into the Controllers and watch in awe as the `comments_count` value increments each time you save a comment where $data['Comment']['moderated'] = 1. Now, this is all well and good, but in the real world, users won’t be setting the moderated value, instead you will have a Controller action to approve comments which looks something like this:

/**
* Callback for when Cake has performed a save() operation.
*
* @param Boolean $created TRUE if save() performed a CREATE
* @return Void
*/
function afterSave($created) {
if (!$created) {
// Kick the counterCache value.
$this->updateCounterCache();
}
}
}
?>

You could further tweak this callback to enhance performance, only updating the counterCache when logic dictates it necessary.

CakePHP Vimeo Helper

Jonny — Mon, 26 May 2008 09:37:01 +0000

I’ve just posted a new Helper over at the bakery to assist with embedding Vidoes from Vimeo.com on your CakePHP site. The helper grants you access to all configuration flags for the player. Grab it here, happy baking!

As a side note, whilst fiddling around with this helper I found it interesting to note that Vimeo directly link to the .swf file in their embed code rather than using a Wrapper Script to log incoming embed locations – I presume they are trawling their Apache logs instead – still seems a bit backwards…

VimeoHelper source code after the leap

class VimeoHelper extends AppHelper
{
/**
* Creates Vimeo Embed Code from a given Vimeo Video.
*
* @param String $vimeo_id URL or ID of Video on Vimeo.com
* @param Array $usr_options VimeoHelper Options Array (see below)
* @return String HTML output.
*/
function getEmbedCode($vimeo_id, $usr_options = array())
{
// Default options.
$options = array
(
‘width’ => 400,
‘height’ => 225,
’show_title’ => 1,
’show_byline’ => 1,
’show_portrait’ => 0,
‘color’ => ‘00adef’,
);
$options = array_merge($options, $usr_options);

// Extract Vimeo.id from URL.
if (substr($vimeo_id, 0, 21) == ‘http://www.vimeo.com/’) {
$vimeo_id = substr($vimeo_id, 21);
}

$output = array();
$output[] = sprintf(‘’, $options[‘width’], $options[‘height’]);
$output[] = ‘ ’;
$output[] = ‘ ’;
$output[] = sprintf(‘ ’, $vimeo_id, $options[’show_title’], $options[’show_byline’], $options[’show_portrait’], $options[‘color’]);
$output[] = sprintf(‘ ’, $vimeo_id, $options[’show_title’], $options[’show_byline’], $options[’show_portrait’], $options[‘color’], $options[‘width’], $options[‘height’]);
$output[] = ‘’;

return $this->output(implode($output, "\n"));
}
}
?>

User Registration with CakePHP 1.2 and Auth Component

Jonny — Sat, 24 May 2008 10:54:46 +0000

With CakePHP 1.2 nearly reaching the RC release, I have started using it as the framework for my own applications. Once of the new features of 1.2 over 1.1 is the addition of numerous core Components for handling things such as Cookies, Email and Authentication (all of which I rolled myself in 1.1). Today’s article is going to focus on the Auth Component and a couple of problems it threw up whilst I was trying to create a simple registration page.

Before starting with the code listings for a simple registation action, a little bit of background as to why I’m writing this post. CakePHP 1.2’s Auth Component will automatically hash the value of $this->data['User']['password'] – this is helpful in many ways and allows for a lot of Cake’s auto-magic, however it can cause problems. For example, as the passowrd is automatically being hashed into a 40 character value before any other logic is applied, any validation rules in the Model will be ignored (including NOT_EMPTY like checks). Take this as a hypothetical situation:

User goes to /users/register to create a new account
User enters their username and password correctly, they then enter an invalid email address
Controller fails to validate() the invalid email address supplied so takes the user back to the registration page – Cake helpfully re-populates the form with the values in $this->data array
This unfortunatley means the user’s password has been turned into a 40 Character SHA-1 Hash! If the user fails to notice this fact, fixes their email address and clicks submit then that 40 Character SHA-1 Hash is going to get hashed again – now the user has no idea what their password is set to – whoops!

Getting around this problem is pretty straight forward, it just requires a little bit of thought – change the fieldname from password (Which CakePHP 1.2’s Auth Component will automatically hash) to something else, ie: passwrd. Now Cake won’t hash this value, your model’s validation checks can run and everyone is happy – just don’t forget to use AuthComponent::password() to hash this value before storing it.

User Model Class

array
(
‘alphanumeric’ => array
(
‘rule’ => ‘alphaNumeric’,
‘message’ => ‘Only the letters A-z and digits 0-9 are allowed’,
),
‘length’ => array
(
‘rule’ => array(‘between’, 4, 20),
‘message’ => "Your username must be between 4 and 20 characters long",
),
),
‘passwrd’ => array
(
‘rule’ => array(‘minLength’, 6),
‘message’ => ‘Your password must be at least 6 characters long’,

),
‘email’ => ‘email’,
);
}
?>

User Controller Class

Auth->allow(‘register’);
}

/**
* Allows a user to sign up for a new account
*/
function register()
{
// If the user submitted the form…
if (!empty($this->data))
{
// Turn the supplied password into the correct Hash.
// and move into the ‘password’ field so it will get saved.
$this->data[‘User’][‘password’] = $this->Auth->password($this->data[‘User’][‘passwrd’]);

// Always Sanitize any data from users!
$this->User->data = Sanitize::clean($this->data);
if ($this->User->save())
{
// Use a private method to send a confirmation
// email to the new user (code not shown)
$this->__sendConfirmationEmail();

// Success! Redirect to a thanks page.
$this->redirect(‘/users/thanks’);
}

// The plain text password supplied has been hashed into the ‘password’ field so
// should now be nulled so it doesn’t get render in the HTML if the save() fails
$this->data[‘User’][‘passwrd’] = null;
}
}
}

User/Register.ctp View

Create an Account

create(‘User’, array(‘action’ => ‘register’));
echo $form->input(‘username’, array(‘between’ => ‘Pick a username’));

// Force the FormHelper to render a password field, and change the label.
echo $form->input(‘passwrd’, array(‘type’ => ‘password’, ‘label’ => ‘Password’));
echo $form->input(‘email’, array(‘between’ => ‘We need to send you a confirmation email to check you are human’));
echo $form->submit(‘Create Account’);
echo $form->end();
?>