EzDevInfo.com

Exclude results from Lithium find

I'd like to exclude results from a call to a Lithium model's find() method. I need to do this for models with both MongoDB and MySQL data sources, but in SQL I mean something like WHERE myfield NOT IN (1,2,3).

I'd like to just be able to pass a not clause in the conditions array like below, but that doesn't appear to be possible.

Item::all(array('conditions' => array('not' => array('myfield' => array(1,2,3))));

So my question is, is this possible in Lithium in a way that I've overlooked? And if not, what would be the most Lithium-ish way to implement it for my models?

Memcache, Mongodb or other Database storage for Lithium Sessions

I'm getting comfortable with the Lithium framework, and was wondering if there were any samples for using MongoDB or Memcache for Lithium Sessions. Would there need to be a new Session Adapter written?

Calling MySQL functions in Lithium

How it's possible to call MySQL function (like GeomFromText() or SELECT AS) in the Lithium Framework's CRUD? Using database->read() is to inconvenient (I often change the database columns) and including the function in the variable's value only ends up being escaped.

How does the lithium PHP framework generate a $this context in a PHP page?

I've been investigating the Lithium PHP Framework and I don't understand how it sets $this->context; (particularly in this layout.)

Since you cannot simply re-assign $this obviously this layout will get included at some point and what confuses me even more is the fact that they use $this outside a class definition.

I haven't coded PHP in a while so please help me out here.

What is the best way to generate a login token? Is this method of authentication vulnerable to attack?

I have to implement login tokens in my Lithium (the PHP framework) based application. Two reasons:

I want to have a "remember me" function.

I also need a way of tracking logins on the server so that I can verify authenticated users on a node.js socket server like so:

1. User requests a page
2. Server returns a view with a session token somewhere in the HTML
3. The client side JS reads the token and send it to the node.js server in an attempt to establish a connection via web sockets.
4. The server receives the connect request and verifies the token sent to it with the PHP server.
5. Allows or denies a connection based on the result.

So this is a two part question, and it's just to verify that I'm not being an idiot because the security on this site is of higher priority than usual.

Is this a reasonable way of creating a login token?

<?php
// String::hash() generates a sha512 (by default) hash. 
String::hash(time() . $user['username']);
?>

Is the web socket authentication system I proposed sane? Can you see any problems arising or any more efficient ways of doing it?

How do I get notifications for commits to the framework?

I'd like to know what kind of commits are being made to the framework so I can update (or rollback) when there is something major.

I'm already watching the repository, but from what I've been able to find, that only shows updates on the github dashboard.

Hidden features of the Lithium framework? [closed]

Since there isn't a lot of documentation out there, some features of the Lithium PHP Framework are not well known by the public. Are there any cool code features which I would miss if I just use the framework as shown in the docs?

Lithium and validating complex form inputs - how?

I've done quite a few Lithium tutorials (links below in case they help someone else, and also to show I've done my homework:) and I understand the most basic parts of creating models, views, controllers and using MVC to create a DB record based on form input.

However, I'm new to MVC for webapps and Lithium, and I'm not sure how I should write my code in more complicated situations. This is a general question, but two specific validation questions that I have are:

• How should I validate date data submitted from the form?
• How should I check that the two user email fields have the same value?

I would be very grateful for any help with these questions, and concrete examples like this will also really help me understand how to do good MVC coding in other situations as well!

Date entry - validating data split across multiple form inputs

For UI reasons, the sign up form asks users to enter their DOB in three fields:

<?=$this->form->field('birthday', array('type' => 'select', 'list' => array(/*...*/))); ?>
<?=$this->form->field('birthmonth', array('type' => 'select', 'list' => array(/*...*/))); ?>
<?=$this->form->field('birthyear', array('type' => 'select', 'list' => array(/*...*/))); ?>

What is the best way to validate this server-side? I think I should take advantage of the automagic validation, but I'm not sure of the best way do that for a set of variables that aren't really part of the Model. E.g.:

• Should I post-process the $this->request->data in UsersController? E.g. modify $this->request->data inside UsersController before passing it to Users::create.
• Should I pull the form fields out of $this->request->data and use a static call to Validator::isDate inside UsersController?
• Is there a way to write a validation rule in the model for combinations of form variables that aren't part of the model?
• should I override Users::create and do all the extra validation and post-processing there?

All of these seem like they could work, although some seem a little bit ugly and I don't know which ones could cause major problems for me in the future.

[EDIT: Closely related to this is the problem of combining the three form fields into a single field to be saved in the model]

Email entry - checking two form fields are identical, but only storing one

For common sense/common practice, the sign up form asks users to specify their email address twice:

<?=$this->form->field('email_address'); ?>
<?=$this->form->field('verify_email_address'); ?>

How can I write an automagic validation rule that checks these two form fields have the same value, but only saves email_address to the database?

This feels like it's pretty much the same question as the above one because the list of possible answers that I can think of is the same - so I'm submitting this as one question, but I'd really appreciate your help with both parts, as I think the solution to this one is going to be subtle and different and equally enlightening!

[EDIT: Closely related to this is the problem of not storing verify_email_address into my model and DB]

Some background reading on Lithium

I've read others, but these three tutorials got me to where I am with users and sign up forms now...

• Blog tutorial
• Extended blog tutorial
• MySQL blog tutorial

Some other StackOverflow questions on closely related topics (but not answering it and also not Lithium-specific)

• One answer to this question suggests creating a separate controller (and model and...?) - it doesn't feel very "Lithium" to me, and I'm worried it could be fragile/easily buggy as well
• This wonderful story convinced me I was right to be worried about putting it in the controller, but I'm not sure what a good solution would be
• This one on views makes me think I should put it in the model somehow, but I don't know the best way to do this in Lithium (see my bulleted list under Date Entry above)
• And this Scribd presentation asked the question I'm hoping to answer on the last page... whereupon it stopped without answering it!

NB: CakePHP-style answers are fine too. I don't know it, but it's similar and I'm sure I can translate from it if I need to!

how to use LIKE with conditions in sqlite or mysql with lithium recordset

so I can look for concrete values by doing

        $recordset= Model::find('all', array(
            'conditions' => array(
                'condition' => $somevalue
            ) 
        ))

however, what do I do if I want to match on a partial value?
right now, I've resorted to writing the query myself, a la:

$abc = Connections::get('default')->
   read('SELECT * FROM myTable WHERE condition LIKE "%partial string%"');

What is Lithium's equivalent to CakePHP's Configure::load() and Configure::read()?

I'd like to store configuration data in separate files and load it/read it using the proper Lithium way.

Partials in lithium

Normally I use the Zend Framework and this is something I miss in Lithium. Partials. There is a render method in the view where you can use 'elements' which is the closest I got.

<?php $this->_render('element', 'form); ?>

This does work, however it requires that the form.html.php file is in the /views/elements folder. Is it possible to let it search in another path? Like /views/users/ so it gets the file /views/users/form.html.php.

I have tried the following, since I found out that the render method does accept an options argument wherein you can specify a path. So I made an Helper to fix this problem for me.

namespace app\extensions\helper;
use lithium\template\TemplateException;

class Partial extends \lithium\template\Helper
{
public function render($name, $folder = 'elements', $data = array())
{
    $path = LITHIUM_APP_PATH . '/views/' . $folder;     
    $options['paths']['element'] = '{:library}/views/' . $folder . '/{:template}.{:type}.php';

    return $this->_context->view()->render(
        array('element' => $name),
        $data,
        $options
    );
}
}

However it still only searches in the /view/elements folder, not in the path I specified.

Is there something I am doing wrong?

Disable render process in lithium

i use uploadify for my upload process. The problem is that after each upload lithium tries to render the view of the controller. In my case uploadify.html.php. How can i disable this behaviour and just return a 200 OK.

My controller code:

class UploadController extends \app\controllers\AppController {

public function index() {}

public function uploadify() {
    Logger::write('info', 'start upload');

    if (!empty($this->request->data)) {
        $fileData = $this->request->data['Filedata'];
        $error = $fileData['error'];
        if($error == UPLOAD_ERR_OK) {
            // everything ok
            $tempFile = $fileData['tmp_name'];
            $targetPath = $this->request->env('DOCUMENT_ROOT') . $fileData['folder'] . '/';
            $targetFile =  str_replace('//','/',$targetPath) . $fileData['name'];
            move_uploaded_file($tempFile, $targetFile);
            Logger::write('info', 'upload file successfull to ' . $targetFile);
        } else if($error == UPLOAD_ERR_INI_SIZE || $error == UPLOAD_ERR_FORM_SIZE) {
            // file size to large
            Logger::write('error', 'file to large ' . $fileData['Filename']);
        } else if($error == UPLOAD_ERR_PARTIAL) {
            // only partial uplopad
            Logger::write('error', 'uploaded partial ' . $fileData['Filename']);
        } else if($error == UPLOAD_ERR_NO_FILE) {
            // no file uploaded
            Logger::write('error', 'couldn\'t upload ' . $fileData['Filename']);
        } else {
            Logger::write('error', 'Unknown error code ' . $error);
        }
    } else {
        Logger::write('error', 'no form data');
    }
}
}

Lithium apps that go beyond CRUD

This is more or less a framework-centric version of a past Stack Overflow question, which is about how most introductory material on MVC applications tends to present a tight coupling between models, views, and controllers. For example, you'll have a User table that is modified by a User controller which in turn pushes filtered data to a User view. It's my impression that a lot of MVC frameworks tend to reflect this pattern as well. This is all fine and well for what it is, but it never really leads me to anything beyond building and displaying monotonous lists of things with an HTML form.

The MVC framework that looking at right now is Lithium, which seems quite interesting as a case study of clever PHP5.3 coding techniques. On one end, Lithium has a Model class that offers wrapper objects around a individual tables, and abstracts away some simple queries. On the other end, it's got a nifty convention of routing URLs to method calls on controller objects, which then render to display templates.

But in the midst of this, I find myself at a loss as to where to place all of the interesting logic that relates data in table A to data in tables B through Z. Or at least, I'm not sure where to place such logic in a manner that's consistent with the design of the framework. To my understanding, Lithium's Model abstraction doesn't do much more than eliminate some row-level insert/update/delete boilerplate, and the controller/view architecture seems mostly about user interface. I wouldn't want to put a lot of business logic in the same Controller class that is receiving routed function calls from URL requests.

My instinct would be to fill the gap with a bunch of my own code that exists more or less entirely outside of the framework. I'm not sure if I ought to expect more than that, but given how rigidly structured everything else is in Lithium, it feels somehow unsatisfying, like I could have just rolled my own boilerplate-reduction code without the overhead of grokking the source of a big framework.

What am I missing here? Is there a recommended architecture or philosophy to using this type of framework?

Accessing more than one model deep relationships in Lithium

Is it possible to access more than one model deep in a relationship in Lithium?

For example, I have a User model:

class Users extends \lithium\data\Model {
    public $validates = array();
    public $belongsTo = array("City");
}

and I have a City model:

class Cities extends \lithium\data\Model {
    public $validates = array();
    public $belongsTo = array("State");
}

and a State model, and so on.

If I'm querying for a User, with something similar to Users::first(), is it possible to get all the relationships included with the results? I know I can do Users::first(array('with' => 'City')) but I'd like to have each City return its State model, too, so I can access it like this:

$user->city->state->field

Right now I can only get it to go one deep ($user->city) and I'd have to requery again, which seems inefficient.

Is it safe to store passwords in Lithium sessions?

I'd like to use the "cookie" session adapter from Lithium. After the user logs in I'll create a cookie with his hashed password. If this cookie is present and the hashed password matches the one from the db, I'll log him in automatically.

Is this safe?

ok, I'm not talking about having the actual hash in the cookie, but an encrypted hash. I don't want anyone to find out how that hash looks :) Lithium has "strategies" that encrypt any data that you store in sessions with a "secret", so the hash would be encrypted. Basically I'm asking if Lithium's encryption is good enough. Has anyone worked with Lithium?