Tags

Archives

Recent posts

Recent comments

In Benchmarking requestAction
David wrote: Why you are not counting database connection impact? Is it really so unimportant?
In Nate Abele - PHP is dying
Victor wrote: When you say the following: "[PHP] is just too simple. It requires only a few lines to generate...
In Felix Geisendörfer - Git and CakePHP
Josh wrote: I'd really like to figure out a way to clone the official git repo and merge it with my own in a...
In Martin Radosta - Record level security based on SQL
markstory wrote: Well the article was about a talk that Martin Radosta gave. I have not written this behavior. ...
In Martin Radosta - Record level security based on SQL
skitle wrote: Was curious if the files for this are available? I have searched through the SF site, and have...

Categories

RSS Feed for comments

Mariano Iglesias - CakeFest.org: Themes, ACL, Auth, Security, and more

Written on Wed, Dec 3rd 2008, 10:11 in ,

Mariano is presenting about creating a complete website with a framework. Specifically Mariano will be talking the CakeFest site. This should help to show how to apply the theories that have been talked about up to today and throughout the rest of the week. cakefest.org was developed for the first Cakefest, it is multi-user, multi-event, multi-language application, that was needed to scale for mulitple events. It was built with Themes, Behaviors, pagination, security, Acl, Auth and i18n.

Using themes to 'reskin' a site

Themes are set by using Controller::$view = 'Theme'; and setting Controller::$theme = 'themeName'. The theme views allow you to override specific views and leave others as they are in the core application. In the CakeFest site the theme was tied to a url parameter. This allowed search engines to crawl and consume all of the content. A cookie would not allow that.

Behaviors

Behaviors were used to reduce and abstract much of the model code. Behaviors allow you to reuse code not only between models in this application but others as well. Mariano provided an example with the tokenaable behavior used in resetting passwords.

Security

You can use security to stop form manipulation, and force actions to only accept specific HTTP requests. For example using requireGet('login') will not allow a POST or any other request type other than GET to login. Security component automatically secures all forms built with form helper. A hash key is added to each form, and if the hash key doesn't match after post, the request is sent to a blackHole. Using the security component is an easy way to keep forms secure and safe.

Email Component

Email component was used to send emails from the CakeFest site. It used templates and attachments which are both native to the EmailComponent.

RSS and RequestHandler

By using RequestHandler and Router::parseExtensions() we don't need to add a separate action for the RSS and non RSS versions of the news listings. With this approach we also use a separate view file for the RSS format. Another benefit is that we are not required to set the headers manually or switch the layout. This helps to save time and effort, as the layout switching and header content types are generated automatically.

Back to Mark's articles

Trackback | Digg This | Stumble It

Comments:

Add comment
openID

What is OpenID?

OpenID is a new open standard that lets you sign in to web sites with a single URL that you own. This URL can be your homepage or blog, or it can be provided to you by a web site you use. In either case, you only have to sign in once to your OpenID provider and so you only need to maintain a single password.Learn more.

How is CakeDC using OpenID?

You can use your OpenID identity when posting comments on the site. When you see a form field with OpenID logo entering your OpenID identity is sufficient to allow your post. We also accept Google or Yahoo! identities. Simply use either "google.com" or "yahoo.com" and our OpenID library will locate your information from the appropriate source.