Archive

Archive for the ‘cakephp’ Category

Free Online HTML and PHP Editor for CakePHP

December 11th, 2010 Comments off

Baker – The Simple and Free Online Source Editor for CakePHP is published! Baker is a basic online text editor to write text, HTML, or PHP server files online. It’s a CakePHP application and you can do most basic text editor operations.

You can view syntax highlighted source files or edit them. Create, copy, rename, move and delete of files and directories are supported, too. You can upload files and extract ZIP archive. Baker has everything of your need to have a quick change of your PHP or HTML source code.

Baker’s Core Features

  • Syntax highlighting of PHP and HTML files (through Geshi, thanks to Mark for his plugin)
  • Create, Edit, Copy, Rename, Move, Delete files and directories
  • Upload files
  • Extract ZIP archive on server side
  • HTTP User Authentication
  • Filter file list
  • Different virtual directory roots

You can visit the demo page at http://baker.phtagr.org or download the source from GitHub. Screenshots are available here. See here for installation instructions.

Feel free to use it and to modify it.

Baker was very useful when I developed on phTagr, the free social web gallery, while being in a Internet café far far away with a slow Internet connection. I would love if someone adds SkyWrite Editor (AKA Bespin) to it. For sure Code ‘n Run is more fancy, but it’s not free and coding is fun 🙂

Baker - The Simple and Free Online Source Editor for CakePHP

Directory actions with move, copy, and delete

Syntax Highlighting in the View Mode

Categories: cakephp, info Tags: ,

Fast File Responder for CakePHP

October 3rd, 2010 1 comment

This article is very useful for all CakePHP applications which deal with lots of photos or other files which are shown in the resulting page. I will introduce an Fast File Responder for CakePHP which immediately sends the file to the client without stepping into the CakePHP stack. It increases the performances drastically to an minimum and got its inspiration from Lightning Fast Caching for CakePHP. The provided approach of the Fast File Responder is used in the open source social web gallery phTagr.

The web gallery phTagr is written on top of the great MVC framework CakePHP and deals with lots of photos. Its photo explorer displays by default 12 photos at once (see demo page). Therefore the CakePHP framework is called 13 times. The first request handles the authorized and the selection of the 12 photos. Then each photo is requested by the client to fetch it and to display it into the page. These requests check again the authorization and correctness of the user for each photo and requires a lot of time since it traverses again the whole MVC stack.

time = 1 x explorer page + 12 x image request = 13 x CakePHP stack = 13 x ~0.40s = 3,40s

Since the first request already checked the authorization of the photos the following 12 requests and checks are redundant and can be omitted. The user session can be used to store these authorization information for the 12 media requests and the photos could be send immediately before the CakePHP stack is called.

time = 1 x explorer page + 12 x fast image request = 1 x CakePHP stack = 0.45s

To do so a Fast File Responder component adds the file information to the session. It adds for each photo request the filename of the preview and an expiration date for safety.

<?php
 
class FastFileResponderComponent extens Object {
  var $controller = null;
  var $components = array('Session', 'FileCache');
  var $sessionKey = 'fastFile.items';
  var $expireOffset = 10; // seconds
 
  function initialize(&$controller) {
    $this->controller = $controller;
  }
 
  function add($key, $filename) {
    if (!is_readable($filename)) {
      return false;
    }
    $files = (array) $this->Session->read($this->sessionKey);
    $files[$key] = array('expires' => time() + $this->expireOffset, 'file' => $filename);
    $this->Session->write($this->sessionKey, $files);
    return true;
  }
 
  function addAll($data) {
    foreach ($data as $key => $filename) {
      $this->add($key, $filename);
    }
  }
}
?>

Than the app/webroot/index.php is modified to check for fast files before the MVC stack is called.

  // ...
  if (!defined('CORE_PATH')) {
    // ...
  }
  // Check the request URI if it matches the URI for photos
  if (isset($_GET['url']) && preg_match('/media\/\w+\/\d+/', $_GET['url'])) {
    require ROOT . DS . APP_DIR . DS . 'fast_file_responder.php';
 
    $fileResponder = new FastFileResponder();
    if ($fileResponder->exists()) {
      $fileResponder->send();
    } else {
      $fileResponder->close();
      unset($fileResponder);
    }
  }
  if (!include(CORE_PATH . 'cake' . DS . 'bootstrap.php')) {
    // ...
  }
  // ...

Finally the Fast File Responder itself located in app/fast_file_responder.php

<?php
 
/** This class enables a fast file response without the framework stack of
 * CakePHP. It checks the session and the URL and returns a valid file */
class FastFileResponder {
  /** Should be same as in app/config/core.php Session.cookie */
  var $sessionCookie = 'CAKEPHP';
  var $sessionKey = 'fastFile';
  var $items = array();
 
  function __construct() {
    $this->startSession();
  }
 
  /** Starts the session if the session sessionCookie is set */
  function startSession() {
    if (!isset($_COOKIE[$this->sessionCookie])) {
      return;
    }
    session_id($_COOKIE[$this->sessionCookie]);
    session_start();
    if (isset($_SESSION[$this->sessionKey])) {
      $this->items = (array) $_SESSION[$this->sessionKey]['items'];
      $this->deleteExpiredItems();
    }
  }
 
  /** Deletes expired itemes from the session list */
  function deleteExpiredItems() {
    if (!count($this->items)) {
      return;
    }
    $now = time();
    foreach ($this->items as $key => $item) {
      if ($item['expires'] < $now) {
        unset($_SESSION[$this->sessionKey][$key]);
      }
    }
  }
 
  /** Simple log function for debug purpos */
  function log($msg) {
    $h = @fopen(dirname(__FILE__) . DS . 'fast_file_responder.log', 'a');
    @fwrite($h, sprintf("%s %s\n", date('Y-M-d h:i:s', time()), $msg));
    @fclose($h);
  }
 
  /** Extracts the item key from the url and returns it. Returns false if no
   * key could be found. This function must be adapted for others */
  function getItemKey() {
    if (!isset($_GET['url'])) {
      return false;
    }
    $url = $_GET['url'];
    if (!preg_match('/media\/(\w+)\/(\d+)/', $url, $matches)) {
      return false;
    }
    return $matches[1] . '-' . $matches[2];
  }
 
  /** Returns the file of the media request */
  function getFilename() {
    $key = $this->getItemKey();
    if (!$key || !isset($this->items[$key])) {
      return false;
    }
    $item = $this->items[$key];
    if ($item['expires'] < time() || !is_readable($item['file'])) {
      return false;
    }
    return $item['file'];
  }
 
  /** Returns an array of request headers */
  function getRequestHeaders() {
    $headers = array();
    if (function_exists('apache_request_headers')) {
      $headers = apache_request_headers();
      foreach($headers as $h => $v) {
        $headers[strtolower($h)] = $v;
      }
    } else {
      $headers = array();
      foreach($_SERVER as $h => $v) {
        if(ereg('HTTP_(.+)', $h, $hp)) {
          $headers[strtolower($hp[1])] = $v;
        }
      }
    }
    return $headers;
  }
 
  /** Evaluates the client file cache and response if the client has still a
   * valid file
   * @param filename Current cache file */
  function checkClientCache($filename) {
    $cacheTime = filemtime($filename);
    $headers = $this->getRequestHeaders();
    if (isset($headers['if-modified-since']) &&
        (strtotime($headers['if-modified-since']) == $cacheTime)) {
      header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $cacheTime).' GMT', true, 304);
      // Allow further caching for 30 days
      header('Cache-Control: max-age=2592000, must-revalidate');
      exit;
    }
  }
 
  function sendResponseHeaders($file) {
    $fileSize = @filesize($file);
    header('Content-Type: image/jpg');
    header('Content-Length: ' . $fileSize);
    header('Cache-Control: max-age=2592000, must-revalidate');
    header('Pragma: cache');
    header('Last-Modified: ' . gmdate('D, d M Y H:i:s', filemtime($file)));
  }
 
  /** Evaluates if a valid cache file exists */
  function exists() {
    return $this->getFilename() != false;
  }
 
  /** Sends the cache file if it exists and exit. If it returns an error
    * occured */
  function send() {
    $filename = $this->getFilename();
    if (!$filename) {
      return false;
    }
    $this->checkClientCache($filename);
    $this->sendResponseHeaders($filename);
 
    $chunkSize = 1024;
    $buffer = '';
    $handle = fopen($filename, 'rb');
    while (!feof($handle)) {
      $buffer = fread($handle, $chunkSize);
      echo $buffer;
    }
    fclose($handle);
    //$this->log("File send: $filename");
    exit(0);
  }
 
  /** Closes the session */
  function close() {
    session_write_close();
  }
}
?>

Now the requested images are shown almost simultaneously with the explorer photo page. Awesome!

Please leave a comment if you liked this proposal.

Categories: cakephp Tags:

phTagr 2.1.2 released!

July 11th, 2010 Comments off

2.1.1 phTagr is released! It has a simplified upload function which is enabled by default and replaces the advance file browser. Users have now an upload menu entry where uploaded files are stored in a daily upload directory. ZIP archives are extracted automatically. Uploaded and extracted files are imported and are shown immediately. Therefore, users can upload their media within three clicks and the upload form has now five upload field instead of one.

The next big improvement is the quick search which covers sub word. The quick search of ‘ice‘ returns also media with tags of ‘slice‘ or ‘rice‘.

phTagr is build on top of the MVC framework CakePHP and uses now CakePHP 1.3 instead of CakePHP 1.2. You have to upgrade your CakePHP if you use SVN trunk. See How To Migrate Phtagr for more details.

An admin user can now see the access level of other users and can change these. This feature was requested to handle private or malicious media.

phTagr supports now Dutch as new language – Thanks to Remy Wetzels. See also How To Translate.

Following Tickets where closed since 2.1.1

  • #14 – Automatic media import on upload
  • #63 – Multiple inputs for HTML upload
  • #90 – Wish: search on part of a tag
  • #110 – Admin rights: Change access level of others
  • #89 – Wish: change “Welcome to phTagr” via system preferences
  • #83 – Wrong import of files with UTF-8 multi-byte characters
  • #86 – PEAR path is missing in include_path variable
  • #85 – User with 0 quota, file uploaded shows up in “My Files” even it said “Could not upload”
  • #87 – User can see root of filesystem in “My Files”
  • #91 – Search on unknown string returns “Array” as search key
  • #93 – Shorten the user authentication keys
  • #112 – Broken Unzip functionality

Cipher Behavior

August 11th, 2008 2 comments

If your want to cipher critical data of your cakephp model like passwords or emails, the cipher behavior of phtagr handles the symmetric encryption and decryption on the fly. For the symmetric encryption the cipher BlowFish is used, but other symmetric encryption algorithms are possible. This behavior is very useful if your data should not be stored in clear text in the database (e.g. external database connections).

The behavior could be configured simple for your needs. By default the behavior ciphers the password Model property.

The Behavior

First of all the PEAR package of BlowFish must be installed. This packages comes with an PHP implementation of BlowFish and does not required the MCrypt PHP extension. If the MCrypt extension is installed, the PEAR library will use it.

Usage

As mentioned above, the behavior ciphers the password property (table column) by default.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array());

}

Following example saves the User model. Submit your login data via a formular. The $this->data might looks like:

Array
(
    [User] => Array
        (
            [id] => 1
            [username] => admin
            [password] => MySecret
        )
)

In the controller you save your submitted data:

Controller:

$this->User->save($this->data);

Now every time a User is saved, the password will be ciphered. The behavior only ciphers the properties, if the values do not start with the ciphered prefix $E$.

The ciphered data looks now like:

Array
(
    [User] => Array
        (
            [id] => 1
            [username] => admin
            [password] => $E$fIOGYbF6jQMXOOa5umzgXGWBfo7roAuk
        )
)

By default the behavior does not decrypt the properties and the decryption must be called explicitly:

Controller:

$user = $this->User->findByUsername($this->data['User']['username']);
$this->User->decrypt(&$user);
if ($user['User']['password'] == $this->data['User']['password']) {
// successful login
}

Configuration

Automatic Decryption

If you want to decrpyt all data automatically (might cost some CPU cycles and slows down your requests), you can configure the cipher behavior:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('autoDecypt' => true));
}

Model Properties

By default, the cipher behavior encrypts and decrypts the model property (table column) password. Other fields are also possible.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('cipher' => array('password', 'email', 'creditnumber')));
}

Custom Key

By default, the cipher behavior uses the Security.salt as cipher key. If you require a custom key, you can set in on the configuration:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('key' => 'MySuperSecureCipherKey'));
}

Note: Since the Security.salt is used from your configuration config/core.php and cipher key, it is very important to change the default value of Security.salt! Otherwise the encryption is not secure!

 /**
  * A random string used in security hashing methods.
  */
      Configure::write('Security.salt', 'NewSecureAndUnknownSecuritySaltForCake');

Salt and Padding

Before a value is encrypted it will be packed and padded. The clear text before the value is ciphered is surrounded by a salt and padded to a specific length block to $salt.$value.$padding.$salt.

The salt is used to avoid same encrypted results of same values. It is also used to discover the correct decryption. The padding is used to hide the original value lengths. By default, the salt and padding have the length of 4. This could be changed in the behavior configuration.

Note: The salt should be at least 2 characters long. Otherwise the successful decryption could not be detected well (apart of the diversity of the ciphered value).

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('saltLen' => 6, 'padding' => 8));
}

Prefix

To distinguish between ciphered value and a clear text value, the ciphered value has a prefix. The default prefix is $E$ but could be change in the configuration.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('prefix' => '$ciphered$'));
}

Debug

The behavior dumps log message to the standard log if something goes wrong. Please watch these entries while developing with the cipher behavior.

Changing Security.salt

If you using this behavior and some data is already ciphered but have to change the Security.salt, you need to decrypt all the data with the old Security.salt, save the clear text and encrypt all values with the new Security.salt.

Decrypt all values with the old Security.salt value:

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array('noEncrypt' => true, 'autoDecrypt' => true));

  function clearCipher() {
    $users = $this->findAll();
    foreach ($users as $user) {
      $this->id = $user['User']['id'];
      $this->save($user);
    }
  }
}

Controller:

$this->User->clearCipher();

Encrypt now all values with the new Security.salt.

Model:

class User extends AppModel
{
  var $name = 'User';

  var $actsAs = array('Cipher' => array());

  function cipherAll() {
    $users = $this->findAll();
    foreach ($users as $user) {
      $this->id = $user['User']['id'];
      $this->save($user);
    }
  }
}

Controller:

$this->User->cipherAll();