Category Archives: cakephp

Fix timezone settings for “Strict Standards: strtotime()” error in CakePHP

When i installed CakePHP on a hostet webspace (e.g. 1und1) i received this error message:

Strict Standards: strtotime(): It is not safe to rely on the system’s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected ‘Europe/Berlin’ for ‘CEST/2.0/DST’ instead in /lib/Cake/Cache/CacheEngine.php on line 60

It seems that there are at least 2 solutions for that issue:

  1. adding this line of code into app/Config/core.php

    This one worked fine for me.

  2. adding/changing this line in your php.ini
    date.timezone = Europe/Berlin

    This did not work for me, but therefore this seems to be a solution for other users, i thought i should put it in here, too.

Simple webservice authentication using cakephp. A closer look.

After bringing up a very simple way to get authentification done in an older post, it is time to give it a closer look and bring up some code that will help to get things done.

I use one single controller to handle all external requests the webservice could receive, i do not know if that is “best practice”, but it seems reasonable
to me at this point. All responses are JSON, so i simply named the controller “json_controller“… 😉

Of course the user must log in first. For that he makes a request on “/json/login“.
The process is pretty much standard, the user logs in with his credentials as in the normal web application.
For this (my first) approach it was important to make it work before i start with (at this point) unnecessary security stuff.

public function login () {
	if($this->request->is('post')) {
		$post['username'] = $this->request->data['username'];
		$post['password'] = $this->request->data['password'];
		$post['android_registration_id'] = $this->request->data['reg_id'];
		$data['hash'] = $this->Auth->password($post['password']);
		$check = $this->User->find('first',
				'conditions' => array(
					'username' => $post['username'],
					'password' => $data['hash']
		$save = array();
		$return = array();
		if($check) {
			$save['id'] = $check['User']['id'];
			$save['token'] = $this->Auth->password($post['username'].date('dmY'));
			$save['android_registration_id'] = $this->request->data['reg_id'];
			$save['last_mobile_login'] = date('Y-m-d H:i:s');
			if($this->User->save($save)) {
				$return['return']['token'] = $save['token'];
				$return['return']['hash'] = $data['hash'];
				$return['return']['id'] = $check['User']['id'];
				$return['return']['username'] = $check['User']['username'];
			} else {
				$return = false;
		} else {
			$return = false;
	return new CakeResponse(array('body' => json_encode($return, JSON_NUMERIC_CHECK)));

The credentials will be checked against the request and the necessary data will be given back to the request source. As you can see i am saving the additional information (android_registration_id) already, so extending the code will be done quickly.
The returned JSON object will contain the token and the hash that will be needed for any further requests on the webservice and needs to be saved in the app on the device.
Continue reading “Simple webservice authentication using cakephp. A closer look.” »

Create a simple authentication used by a smartphone app with a cakephp webservice

Everybody is using smartphones to get there information on the go. To provide the necessary information there a several ways to do so, e.g.:

  • your usual web page
  • your usual web page with a special mobile layout
  • a native smartphone app retrieving its information via a provided web service.

In this post i take a closer look at the last point in a very simple way, which gives you an idea of how things can work and you can play around with.

For this simple approach the smartphone app needs to be able to store data on the device.

This is how the entire process works in my case:
The already registered User logs in via his smartphone app, which will send the username and password via post request to an url.

All the authentification happens on the website, so there will be no encryption done on the mobile device, which means there is no extra work to be done, when some thing on the webservice needs to be changed.

if username and password are correct the website will generate a token, saves it and send a response with either false or an array with the token and the encrypted password (i used the already encrypted password from database) that needs to be saved in the app.
From now on, the web service expects those values on every request and authenticates this device and therefor the user.

As long as this token is sent the app will be authenticated and on every login the token will be renwed for this user, which means that a login from another device will delete the current token and writes a new one that will be different. That means, that only one device can be logged in at the same time.

Continue reading “Create a simple authentication used by a smartphone app with a cakephp webservice” »

JSON response from controller action in CakePHP 2

We know that there is a layout for XML and AJAX response in CakePHP that did their job well. But what can we do to get an easy JSON response from a controller action?

It is easier then i thought, with the new CakeResponse.

Create an array that you want to convert into a JSON string in your controller action and just one line of code generates your response:

return new CakeResponse(array('body' => json_encode($array)));

No $this->set() or echo $string is needed anymore.

I use this to answer requests from an Android App and it works nice and fast. 🙂

using html5 form validation with cakephp

After some reading, i decided to add HTML5 form validation in the TLB admin panel. after making the changes, i am happy i made that decision at this point, because it would be a big workload to make the changes afterwards.

First of all i had to change the doctype in the layout, so the browsers knows that we want to use HTML5.

Very easy, isn’t it? 😉

Now the form. HTML5 offers some nice stuff for validation, e.g. its possible to tell the input field, that the expected value is a number or en e-mail address. Its also possible to validate against a Regex pattern. Below is an example for an input field, that requires an email address as value.

The code we use in CakePHP to create this field with the FormHelper will look like that:

echo $this->Form->input('email',
'required' => true, 
'placeholder' => 'enter e-mail',
'type' => 'email'

This will create an input field that will be checked against the logic structure of an email address. The field is also marked as required, that means, that the form, will not be be send and an error message will appear, if the field is not filled out properly.

For a more complex logic HTML5 gives us the parameter pattern, that will accept a regular expression. The code in CakePHP for a slug field could look like that:

echo $this->Form->input('slug',
'pattern' => '^[a-z0-9-]+$',
'placeholder' => 'Slug',
'required' => true

Of course, I kept the validation in the model, as a fallback if the browser has no HTML5 capabilities.

The clientside validation via HTML5 will help a lot with forms, where server sided validation could take a lot of time to code. I will come up with more HTML5 during upcoming development.

submit spam and submit ham – feed akismet from admin panel

Report Ham and Spam with just a clickAfter receiving feedback from Alex in my earlier post, i decided to add the mentioned functionality also to the admin panel. With the shown code its not a big thing to send the comment or product review to the Akismet service.

Next thing is the order management. a lot of stuff to do there, but i will come back to some Akismet features like checking for correct API key or submit errors. Thanks to Alex for coming up with that. 😉

admin panel development – using Akismet for product review spam detection

During the development of the simple features i recognize that the shop needs to have a product-rating-feature. In the current stage of development its pretty easy to implement, espacially if there is no shop shop frontend yet. 🙂

I decided to implement Akismet as a Spam filter and found an old DataSource from Felix Geisendörfer (, which – even after modification related to cakephp2.0 changes – did not work as expected.

After reading some API docs on the Akismet Website i decided to take out what i need from the DataSource and add some simple code to get the SpamCheck to work.

Here is what i did to make it work. It is not very clean and has to be tuned a lot, but like i wrote above, it works and thats the most important thing right now.

Put this code in app/config/database.php

public $Akismet = array(
'datasource' => 'Akismet',
'blog' => 'http://yourblog/',
'key' => 'your_akismet_key'

You can download the code for the DataSource from the little bakery project on Github -> Link to the file on Github

In your Model you just call the methods you need

App::uses('HttpSocket', 'Network/Http');
$this->Http = new HttpSocket();
$this->Akismet = ConnectionManager::getDataSource('Akismet');
$data = array(
'user_ip' => $author_ip,
'user_agent' => $_SERVER['HTTP_USER_AGENT'],
'referrer' => $some_referrer,
'permalink' => $permalink,
'comment_type' => 'comment',
'comment_author' => $author_name,
'comment_author_email' => $author_email,
'comment_author_url' => $author_url,
'comment_content' => $comment_text
$check = $this->Akismet->checkSpam($data);

As you can see in the DataSource the return value will be true (if spam) or false (if no spam) was send against the Akismet API. The check can easily implemented on a website and, if integrated into validation process, can spammer keep away from posting their stuff through validation.

As the code is not clean, i will be happy to get some feedback from you to get it done properly. 🙂

discovering the changes in cakephp 2.0

As expected, a lot of stuff changed in the new version of CakePHP and therefore the current version is not not even in beta phase there is no tutorial in sight.

first i tried to browse through the Cake code to find out, where my mistakes are, but it shows that this is kind of wasting time, if you don’t know where to start. i just asked in IRC (server: freenode, channel: #cakephp) and was sent to the lighthouse webpage, where all tickets for the current version are managed.

You will find the projectpage here:

The link for the changelog is not very useful, because its about version 1.3.x and ealier, but below this link there are all categories for version 2.0 and there are all written very good, so you will find them useful understanding the changes that are made in CakePHP 2.0.

Very useful is the information about the new Class Loader that has changed to App::uses. This took me a while until i found out about it, so you can imagine that i felt pretty happy, when i found those links 😉

That’s it pretty much for now, just wanna let you know about it, in case you did not know already. 😉