CakeDC Blog

With the latest attack, Petya, fresh in our minds, we thought it would be a good time to discuss what exactly a ransomware attack is and how you, as a business, can protect yourselves from such. These cybersecurity attacks not only attack individuals and small to medium sized business, but also large multinational enterprises from around the world. What is clear is that the attack from the past week, Petya/GoldenEye while similar, is a lot more serious than the attack of the previous month - the WannaCry worm attack that struck hundreds of thousands of computers.   Have we gotten your attention? Good! The first real way to protect yourself, and your business, is to know what the attacks are and what they look like. And then to move onto how to set yourself up so that you are secured against such an attack. With the latest ransomware worm, the ransomware infects computers and locks down their hard drives. Then demanding $300 ransom in digital currency Bitcoin.
The email account associated with the ransomware will have been blocked, so even if victims pay, they won't get their files back. Many experts are calling for people to not pay the ransom. The virus or worm is spread by infecting multiple computers on a network, and is initially contracted via an outside source, commonly an email. Many companies were hit severely this time round, as they did not update their Microsoft packages, leaving them vulnerable to the attack.  Am I at risk you may be asking yourself? Well potentially. The great news is that if you have a Windows machine, and it is up to date with security updates, then you are fine. The bad news is that if you are on a network with a machine that is not up to date, then this will cause a problem for you should they get the virus. Top tips for keeping you and your network secure:

1. Keep all servers and network connections up to date with the latest security updates;
2. Be sure to backup your computer regularly and keeping a recent backup copy off-site.
3. Brief all network users on what phishing emails look like, the importance of not on links;
4. Make sure your antivirus software is up to date.

As technology becomes more and more entrenched into our daily lives, we become more dependent on it. This dependence may lead to vulnerability - especially if the technology fails. As we move further into 2017, we are seeing even bigger cybersecurity threats than before - more deceptive and creating more vulnerability than ever. Hackers (and their associated threats) are forever evolving and changing, we need to be constantly aware. There are of course simple rules that we need to keep note of:

• Update your passwords regularly and use different characters and symbols each time.
• Set up security questions with answers that hackers can’t guess based on your public information. The city you were born in or the name of your prom date aren’t exactly iron-clad secrets.
• Avoid downloading suspicious links and delete your cookies every month.

A hack threat can cause more than just a crashed server or spam sent through your systems. From basic phishing through to fundamental security flaws on your website, it is important that you align yourself with a development partner that is up to date with security. Phishing refers to the fraudulent practice of sending emails pretending to be from reputable companies in order induce individuals to reveal personal information. Another important thing about cybersecurity and potential hack threats, is that it is not limited to bigger corporations - small businesses are under attack as well. Cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks. If you are getting a website or web application developed, don’t be shy to ask about how your application is being built and considered against the current and past security threats. Ask about how updates will work and about continued support to ensure that you web application is kept secure and up to date. As a business, you can institute solid network security protocols to keep information secure in both the present and future. Keeping ahead of attacks and creating a secure environment are fundamental steps in protecting your assets. Another key component is training your staff, such training is particularly important for companies that rely heavily on cyber communication due to having remote employees. Some of the security protocols that you can implement can start with these simple steps:

• Protect every end point
  All devices that are connected to your network, should be secured - every connected item, including wearable technology.

• Build for scale and flexibility
  A key consideration when developing a web application, but have you thought about it?

• Prepare for new sources of data
  As technology is evolving so are the sources of new data. Make sure that you are planning ahead of the curve.

Concerned about the security of your web application? Chat with us! Also be sure to check out online tools that provide free webscanning on your site. There are also online resources where you are able to track the security issues in cakephp. Other resources to look at include OWASP’s web application security testing cheat sheet and OWASP testing project.  

Agile has been around for a while, but recently it has come back into focus. But what is agile development and why has it become such an important concept? It has become such a buzz word but do you really know what it means or why it could be a great addition to your development process? Agile is a project management term that uses short development cycles, or iterations, to focus on continuous improvement in the development of a product or service. Agile was originally developed to improve the development process - allowing it to rapidly identify and adjust for issues and defects. A major benefit is that it allows development to keep ahead of customer expectations, competition etc.  There are 12 key principles that guide an agile project

1. Customer satisfaction is always the highest priority; achieved through rapid and continuous delivery.
2. Changing environments are embraced at any stage of the process to provide the customer with a competitive advantage.
3. A product or service is delivered with higher frequency.
4. Stakeholders and developers closely collaborate on a daily basis.
5. All stakeholders and team members remain motivated for optimal project outcomes, while teams are provided with all the necessary tools and support, and trusted to accomplish project goals.
6. Face-to-face meetings are deemed the most efficient and effective format for project success.
7. A final working product is the ultimate measure of success.
8. Sustainable development is accomplished through agile processes whereby development teams and stakeholders are able to maintain a constant and ongoing pace.
9. Agility is enhanced through a continuous focus on technical excellence and proper design.
10. Simplicity is an essential element.
11. Self-organizing teams are most likely to develop the best architectures, designs and meet requirements.
12. Regular intervals are used by teams to improve efficiency through fining tuning behaviors.

 Many industries actually make use of an agile development process and follow these key principles. It is highly collaborative and is seen to be more efficient. Some of the more popular agile methods used are

• Scrum
• Kanban
• Lean (LN)
• Dynamic System Development Model, (DSDM)
• Extreme Programming (XP)
• Crystal
• Adaptive software development (ASD)
• Agile Unified Process (AUP)
• Crystal Clear methods
• Disciplined agile delivery
• Feature-driven development (FDD)
• Scrumban
• RAD(Rapid Application Development)

While agile development has many advantages, it also has a few disadvantages - it certainly is not for every project or project team. It also favors developers, project teams and customer goals, not necessarily the end user’s experience.

Has your team gotten you down with the use of so many terms that seem so unfamiliar? Don’t despair! The ability to rapidly develop, deploy and integrate new software is essential to success - but you should be aware of the terms that the dev ops team will be using! First starting off with devops - which is a mash-up of two terms: "software development" and "information technology operations. But there are more A/B testing A technique for testing new software or new features whereby two or more versions are deployed to users for testing. The metrics from each variant are then compared and assessed based on the testing criteria. Acceptance testing The testing performed near the end of the development cycle that determines whether software is ready for deployment. Agile development Agile development refers to a methodology that emphasizes short iterative planning and development cycles. The idea is that iterative development affords more control and establishes predictability.   Behaviour driven development A development methodology that asserts software should be specified in terms of the desired behavior of the application, and with syntax that is readable for business managers. Build Automation Tools or frameworks that allow source code to be automatically compiled into releasable binaries. Usually includes code-level unit testing to ensure individual pieces of code behave as expected. CA Release Automation CA Release Automation is an enterprise-class, continuous delivery solution that automates complex, multi-tier release deployments through orchestration and promotion of applications from development through production. Continuous delivery Continuous Delivery is a set of processes and practices that radically removes waste from your software production process, enables faster delivery of high-quality functionality and sets up a rapid and effective feedback loop between your business and your users. Deployment Manager Cloud Deployment Manager allows developers to easily design, deploy, and reuse complex Cloud Platform solutions using simple and flexible declarative templates. From simple web servers to complex highly available clusters, Deployment Manager allows teams to spend less time managing, and more time building. Delivery pipeline A sequence of orchestrated, automated tasks implementing the software delivery process for a new application version. Each step in the pipeline is intended to increase the level of confidence in the new version to the point where a go/ no-go decision can be made. A delivery pipeline can be considered the result of optimizing an organization’s release process. Functional testing Testing of the end-to-end system to validate (new) functionality. With executable specifications, Functional Testing is carried out by running the specifications against the application. Gitlab GitLab is a web-based Git repository manager with wiki and issue tracking features. GitLab is similar to GitHub, but GitLab has an open source version, unlike GitHub. Github GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a web-based graphical interface and desktop as well as mobile integration. Lean “Lean manufacturing” or “lean production” is an approach or methodology that aims to reduce waste in a production process by focussing on preserving value. Largely derived from practices developed by Toyota in car manufacturing, lean concepts have been applied to software development as part of agile methodologies. The Value Stream Map (VSM), which attempts to visually identify valuable and wasteful process steps, is a key lean tool. Micro services Microservices is a software architecture design pattern, in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs. These services are small, highly decoupled and focus on doing a small task. NoOps A type of organization in which the management of systems on which applications run is either handled completely by an external party (such as a PaaS vendor) or fully automated. A NoOps organization aims to maintain little or no in-house operations capability or staff. Non-Functional•Requirements (NFRs) The specification of system qualities such as ease-of-use, clarity of design, latency, speed, ability to handle large numbers of users etc. that describe how easily or effectively a piece of functionality can be used, rather than simply whether it exists. These characteristics can also be addressed and improved using the Continuous Delivery feedback loop. Orchestration pipeline Tools or products that enable the various automated tasks that make up a Continuous Delivery pipeline to be invoked at the right time. They generally also record the state and output of each of those tasks and visualize the flow of features through the pipeline. Whitebox testing A testing or quality assurance practice which is based on verifying the correct functioning of the internals of a system by examining its (internal) behavior and state as it runs.  

Do you know who Ed Finkler is or what OSMI does? If you are in the developer community, then it definitely is a name you should get to know. Open Sourcing Mental Illness is a non-profit organization  dedicated to raising awareness, educating, and providing resources to support mental wellness in the tech and open source communities. CakeDC and CakePHP has long supported and stood behind OSMI - Ed Finkler has been instrumental in making mental health a topic of discussion, and opening up lines of support for mental wellness in tech. Mental health and wellness are close to our hearts and we want to share with you OSMI and why you should support it. Ed has been active in bringing forward a previously rarely discussed topic - mental health. Being an advocate of mental health awareness and using his own experiences as a developer, he has recently announced that he is now able to go full time into OSMI. This is really fantastic news and CakeDC stands 100% behind him. We caught us with him to find out more. We love that you are now putting all your time into OSMI - but what was the Catalyst for your decision to focus full time into OSMI?
What we found is that we simply had to much to do, and not enough time to do it. Everyone at OSMI are volunteers, and it was becoming increasingly challenging to find the bandwidth for anyone to complete major tasks. We are ambitious, and our ambition far exceeded the time available. I couldn’t ask it of anyone else, but I could make a decision myself -- that I would step away from my CTO role at a tech startup and dedicate myself to OSMI full-time.
What is your favorite thing to do out of ‘office’ hours (Hobbies/activities etc)?
Generally I find myself watching movies or good TV shows, or playing video games (I’m deep in Mass Effect: Andromeda right now). I also write electronic music, which you can hear at deadagent.net.
Do you think that companies are becoming more receptive to your message and becoming more open about speaking about mental health?
Yes, I think so. Companies in general are gradually becoming more aware of the need to discuss mental health openly, the same way we discuss other serious public health issues, like cancer and heart disease. But there’s a long, long way to go, and we are just taking our first steps as an industry to deal with this in a healthy way.
Have you seen a marked difference in people opening up about their personal experiences?
I definitely have observed, over and over, that when someone takes that first step forward, others follow. Fear is the thing that keeps mental illness hidden, and fear is why so many suffer in silence. Seeing someone speak without fear about their own issues empowers the listener. They may not need to stand up on stage like I do, but I’ve had numerous people tell me that hearing someone speak openly was what allowed them to seek help and/or start speaking openly about the subject.
What would you say is the biggest misconception that you have encountered when speaking about and sharing your personal experiences?
I think the biggest misconception I encounter is companies believing that by simply offering some level of mental health care in medical coverage, they’ve done all they can. That would be fine if we treated mental disorders like we do cancer or heart disease or diabetes, but we don’t -- we are afraid to discuss it, and as a consequence, we don’t know what to look for, why it matters, and how to seek help. In the absence of consistent, positive affirmation that it’s a safe topic, our default is to be afraid to discuss it. That keeps people from seeking the help they need.
Biggest piece of advice that you would give someone battling with mental health issues
You are not alone. Lots of people are like you. There is no shame in what you deal with. You are stronger than you know.
You recently spoke about mental health breaks on the OSMI blog, how would someone know they are in need of one and how would you suggest for employees to bring this topic up with their employers?
I am leery of giving specific health advice, but in general I’d say this: listen to your mind and your body, and remember that your own health is far, far more important than any job. Plus, if you’re healthy, you’ll be able to do your job much better.
In the last 5 years, you have achieved incredible breakthroughs and achievements in bringing this to the fore - where do you see OSMI and mental illness awareness in the next 5 years?
Ultimately, those two things are intertwined. OSMI will continue to grow because so many of us suffer from this, and more and more of us are realizing that we aren’t alone. That we aren’t broken. That we aren’t without hope. OSMI is about giving hope to those that felt they had none. Giving compassion to those who are hardest on themselves.
It’s my sincere hope that OSMI will drive the awareness of mental health in the tech workplace and change what we choose to value in employers and employees. However we get there, I believe we will succeed.
As someone suffering and wanting to find out more or be involved, how do we reach out, what should we expect and where should we go?
There are lots of ways to help OSMI, and all you really need is a willingness to spend some of your time working with us. You should visit https://osmihelp.org and learn more about our work, and then email [email protected] to talk to us about volunteering.
As a business with employees in the tech industry, what should we do to make mental health more accessible
For each employer there’s a different answer, but there are some general things to keep in mind. The biggest one is that the well-being of your employees must be a top priority. It’s an easy thing to say, but if you truly value it, you’ll avoid doing what so many organizations do: rewarding overwork and unhealthy “loyalty.” Ping pong tables and bean bag chairs don’t make people healthier, and neither do free snacks and beer at the office. They’re short-term tricks to get people to come to you and maybe stay in the office longer, but they don’t encourage a healthy work/life balance. Too many developers think their work IS their life. That’s a mistake.
Long term, what works are reasonable work hours, easy access to mental and physical health care, and promoting healthy preventative habits. Employees who feel that their well-being is demonstrably valued will be more productive and stay with your organization longer.
I also strongly encourage everyone in a leadership position to take Mental Health First Aid <https://www.mentalhealthfirstaid.org>, a program that teaches the skills to respond to the signs of mental illness and substance use.
Quote to live by or key advice to follow every day
One time I was encouraged to do a six-word memoir, and this is what I came up with:
“By helping others, I save myself.” Thanks to Ed! We absolutely loved catching up with him about OSMI, we hope that you take a moment to check out the links and find out more to get involved and continue this important conversation! For more information, be sure to check out https://osmihelp.org/about/about-osmi  

Designing websites can be fun, challenging and exciting. Even if you are just managing the process behind the website design, it is important to be aware of best practices of color use in web design. Color is one of the most powerful tools when designing. Color can introduce personality into your web page, it can bring across your brand and your message, it can make the user feel more at ease. But it can also alienate and confuse people - imagine being color blind and navigating a site that hasn’t thought about this intricacy. Have you considered your end user in your color choice for your web design? Other factors that you should take into consideration are how our brains see color, the way color affects usability, and the cultural connotations of color. Color plays a role in the readability and user experience. For instance, overlaying colors on opposite ends of the color wheel can make reading easier. Designing with accessibility in mind is not a barrier to innovation, guidelines to help you design for a diverse set of end users will challenge you to find the best solution to your design problem. Some tips for designing with color accessibility in mind Don’t use color as the only visual means of conveying information Find and use alternative visual means to convey information - Use both colors and symbols. For instance, a required field left blank could be conveyed with a red border. However, if you are finding color difficult to visualise, then this wouldn’t be too useful. Another method would be to include a hazard triangle in the empty field to visualise and convey that the field has been left blank. This will help users who are unable to, or have difficulty with, distinguishing colors. Always ensure sufficient contrast between text and background Ideally it is said that the contrast ratio between text and its’ background should be at least 4.5 to 1. If your font is at least 24px or 19px bold, the minimum drops to 3 to1. But why you ask? Imagine if you are color blind, if the contrast is not there, the text and the background will just fade into each other. Quick rule of thumb - don’t overlay light-on-light or dark-on-dark and do overlay colors with varying values to help with readability. Keep it minimal Limit the color palette you use for your website - allow for fewer instances of confusion. Stick to a core group or core set of colors to best represent your design or brand. Minimalistic design is timeless and a current trend - it also is very useful if you are designing for color accessibility. Avoid these color combinations Here are a few combinations to avoid - depending on the type and severity of a user’s color blindness - these combo’s may be a potential nightmare

• Green and red;
• Blue and purple;
• Green and brown;
• Green and blue;
• Light Green and yellow;
• Blue and grey;
• Green and grey;
• Green and black;

Web apps, web applications, website applications - all terms that you have probably heard thrown around. But why should you be in the ‘web app’ know and why is it important that you have a working solution (in the form of a web application) for your business? Web applications, in simplified terms, are dynamic web sites combined with a server side backend, providing functionalities such as interacting with users, building databases, generating information or databases for users etc. There are a wide variety of functionalities - if you can think it, you will be able to build an app to do it (especially with the expert services of our development team!). There are two main technology categories for creating web apps, client side scripting and server side scripting. Here are some common Client Side Scripting technologies:

• HTML (HyperText Markup Language)
• CSS (Cascading Style Sheets)
• JavaScript
• Ajax (Asynchronous JavaScript and XML)
• jQuery (JavaScript Framework Library - commonly used in Ajax development)

While here are the common Server Side Scripting technologies:

• PHP (very common Server Side Scripting language - Linux / Unix based Open Source - free redistribution, usually combines with MySQL database)
• ASP.NET (Microsoft's Web Application Framework - successor of ASP)
• Ruby
• Perl (general purpose high-level programming language and Server Side Scripting Language - free redistribution - lost its popularity to PHP)
• Python (general purpose high-level programming language and Server Side Scripting language - free redistribution)

Web application frameworks are sets of libraries, components and tools organized in an architecture system which allows developers to build and maintain applications with a fast and efficient manner. CakePHP is one such framework. So why does CakeDC stand by CakePHP - for that precise reason, CakePHP is a tool that allows us to deliver your vision efficiently. But why are we app’s becoming more popular for businesses

• They help create a professional online presence;
• Get the reach to customers;
• Create multi layer/multi category customer journeys
• Flexibility and versatility offered by web applications

Are you in need of an updated website or a new website that better suits where you are now with your business? Maybe you had your website developed and designed a few years ago, and it’s starting to show its age - or you’ve had a new idea and your website isn’t capable of that. Websites all need basic things - here are our tips for things to have on your website

• Contact information on every single page.

Seems like a simple thing right? But most companies either miss this or forget to design it into each page. Include the phone number that you want people to call you on for sales inquiries. Another important key piece of information is an email address - not every visitor likes or has the time to phone through to inquire about your product.

• Easy navigation.

It is so important to make sure that your visitors will be able to navigate your website easily. This could make or break your initial impression of the site (and in connection, the business overall). Have an easy to read and understand navigation menu - make it easy for visitors to stick around and find what they are looking for.

• A blog.

We suggest having quality content. Quality content will help in your online marketing efforts - social media marketing, SEO optimization. To get maximum benefit, your blog (and associated content) should be listed under your main domain, and not on an off-site service. As an added benefit, a blog is an excellent opportunity to establish your company as an expert in your industry and connect with your customers.

• An SEO strategy that suits and targets your services and products.

This also means having a clear message - your visitors shouldn’t have to guess if they have found the right place. Optimizing your site so that people can find you via web searches or web browsers is key to being seen and bringing in new customers/visitors to your site. This means more than just including your company name in the the metadata. Focus on generic terms that customers who may not know your business are searching for.

• Links to your social media accounts.

Add links to your profile or business pages set up on social media sites like Facebook, Twitter, Google+.

SSL certificates are incredibly important if you want a safe and secure site - especially for end user reassurance. But what are they and why should you be concerned if you do not have one for your website? Confidential information can be exposed to prying eyes, hackers or cyber criminals - SSL certificates offer a line of defense against this. SSL - secure sockets layer) certificates are small data files that are digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol. This allows for secure connections between a web server to the browser. They were created to protect sensitive data in transmission. It is designed to provide security while remaining simple enough for everyday use. Typically, these certificates are used to secure credit card transactions, data transfers and logins. The SSL protocol has been traditionally used to encrypt and secure transmitted data. Each time a new and more secure version was released, only the version number changed to reflect the update. However, when the update from SSLv3.0 to the new version was released, the version was renamed to TLSv1.0. Because SSL is still the recognised name, this is what most people refer to when describing these certificates - however, you are actually likely using/getting a TLS certificate. This is important to remember if you get a third party to purchase your certificate and you would like to make sure you are getting the right version/protocol. When secured by TLS, connections have one or more of the following properties:

• The connection is private/secure because symmetric cryptography is used to encrypt the data transmitted.
• The identity of the communicating parties can be authenticated using public-key cryptography.
• The connection ensures integrity because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

What is important to also know is that browsers are going to start penalising HTTP sites from 2017. Why? Well because browsers, like Google, want to make it known to their users of sites that may be less secure or do not have a SSL certificate and are collecting sensitive information. From January 2017, Google has started flagging HTTP pages that collect passwords or credit card details as non secure. Ideally, website owners should get onto this as soon as possible and ensure that their sites are secured. Visitors have also started to expect secure sites, research has indicated that they are specifically looking out for a ‘padlock’ or secure notification. This is important to sites in general - not only websites with an online store or login portal. SSL is more than just encrypting data submissions. Have you heard about letsencrypt.org? Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Letsencrypt.org makes certificates more accessible while guiding you with how to properly set it up.  

We've been using https://c9.io for some time to run our training sessions for CakePHP, both the free cakephp training sessions and our standard (paid) cakephp training sessions. The service works great, but they provide a default workspace (Ubuntu 14.04 LTS and PHP 5.5.9) not compatible with the latest version of the CakePHP framework (3.4) requiring PHP 5.6+ (7+ strongly recommended). We wanted to provide an automated upgrade script for legacy cloud9 workspaces to PHP7.1 so we created a gist to upgrade the default workspace here https://gist.github.com/steinkel/4eb1cb0b67ddb92f5d5b04646f470cd5 You can execute this gist using the raw link to the script, for example source <(curl RAW_GIST_URL_HERE) Enjoy!

Are you creating an API in CakePHP? This task looks very popular these days, and most of our clients need an API to expose certain services to their own rich client applications, or third party services. Even if it's easy to configure CakePHP to expose a REST API, and there are other plugins that could help you building an API, we found ourselves working on specific tweaks per project to adjust the way the API was designed, so we decided to wrap all these ideas and create a specific CakePHP API Plugin including

• Services definition
• Integrated CRUD
• Nested resources
• Pagination
• Sorting
• Associations
• Versioning
• Custom Extensions (data format / transformers)
• Self documentation

We've gathered all the best practices around API building and CakePHP and wrapped them into an easy to install and setup Plugin to be used as the foundation of your API intensive CakePHP projects. Let's walkthru some of the Plugin features using an example application: the bookmarker tutorial http://book.cakephp.org/3.0/en/tutorials-and-examples/bookmarks/intro.html We'll assume you've already created a new CakePHP application and configured it to use the bookmarker database (schema dump here http://book.cakephp.org/3.0/en/tutorials-and-examples/bookmarks/intro.html#creating-the-database).

Setting up the CakePHP API Plugin

Download the plugin first composer require cakedc/cakephp-api:dev-master Then ensure plugin is loaded in you bootstrap.php file Plugin::load('CakeDC/Api', ['bootstrap' => true, 'routes' => true]);

Now you have an API!

Test your newly configured "default" API using curl curl -X GET http://bookmarker.dev/api/bookmarks You'll get something similar to: { "status": "success", "data": [], "pagination": { "page": 1, "limit": 20, "pages": 0, "count": 0 }, "links": [ { "name": "self", "href": "http:\/\/bookmarker.dev\/api\/bookmarks", "rel": "\/api\/bookmarks", "method": "GET" }, { "name": "bookmarks:add", "href": "http:\/\/bookmarker.dev\/api\/bookmarks", "rel": "\/api\/bookmarks", "method": "POST" } ] } If you look at the provided output you'll identify we've used a JSend default renderer (status, data) and we append some extra data under 'links' (HATEOAS dynamically generated for your CRUDs) and pagination. The specific "extensions" used can be configured and custom extensions created for your specific needs, see https://github.com/CakeDC/cakephp-api/blob/master/docs/Documentation/extensions.md We'll publish a couple tutorials soon covering some of the features implemented, and explaining how did we use the CakePHP API Plugin to address specific use cases. Meanwhile, please check the documentation here https://github.com/CakeDC/cakephp-api/blob/master/docs/Documentation/overview.md

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:

• Professional, commercial CakePHP development and CakePHP consulting
• Professional CakePHP training
• CakePHP code review

 

Here's a step by step tutorial about how to create a web oauth2 app in Google dashboard.

• Go to https://console.developers.google.com/apis/dashboard and create a new app

• Add some cool name for your new Google app project and click "Create"

• Under "Library" section, create a new Google+ API project

• Click "Enable" in the dashboard tab

• Under "Credentials" menu, click "Oauth consent screen" tab and enter some cool name to be displayed to users when requesting their access to your application. Then click "Save".

• Under "Credentials" menu, click "Create credentials" and select "Oauth client ID".

• Now click "Web application" radio, and type your domain name and oauth callback
  • Under "Authorized Javascript origins", add your domain name: mydomain.com
  • Under "Authorized redirect URIs", add all the allowed callback url's to your application. For example if you are using CakeDC/Users Plugin, you'll need to add mydomain.com/auth/google
• Then click "Save"

• Copy the Iauth client and secret id's into your application configuration
• Be careful, some browsers will append blank spaces to the codes, remove any extra blank space (trim)

• Ensure the API is enabled, you can test your application now and check there is "Traffic" displayed

  You have now a Google app configured to provide Oauth2 login to your web application. Enjoy!                  

This article is inspired by this question in Stack Overflow and belongs to a series of articles describing the step by step tutorial to configure CakeDC Users Plugin with the most commonly used Oauth2 providers, in this case we'll configure Google login. We'll assume you have a working CakePHP application with no Auth configured yet.

Setup

Use composer to install the CakeDC Users Plugin and the required oauth2 providers To be able to configure the callbacks in Google dashboard, you'll need to create a virtual host for you application. You don't need a working domain name, you could use something like "mydomain.dev" but Google requires a domain name (no localhost). composer require cakedc/users:@stable composer require league/oauth2-google:@stable Load it from your bootstrap.php file Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); Run migrations to add 2 new tables: 'users' and 'social_accounts' bin/cake migrations migrate -p CakeDC/Users

Configuration

Load the Component in your src/Controller/AppController.php public function initialize() { parent::initialize(); // // ... // $this->loadComponent('CakeDC/Users.UsersAuth'); }

Create a new Google application

• Go to https://console.developers.google.com/apis/dashboard and create a new google+ application
• You can follow the datailed instructions (screenshots included) here: Step by step create google app for social login Oauth2
• Once you get your client id and client secret strings, add the following configuration file under /config/users.php, and paste your client id and secret. Trim any blank space in the codes before paste.

<?php // /config/users.php file contents $config = [ 'Users.Social.login' => true, 'OAuth.providers.google.options.clientId' => 'CLIENT_ID_HERE', 'OAuth.providers.google.options.clientSecret' => 'SECRET_HERE', ]; return $config;

• Modify your bootstrap.php file to ensure the config file is loaded this way

Configure::write('Users.config', ['users']); //add this line before Plugin::load('CakeDC/Users... Plugin::load('CakeDC/Users', ['routes' => true, 'bootstrap' => true]); This file will override any configuration key present in the Plugin, you can check the configuration options here Configuration. If you want to use a different page as homepage, and this page requires authorization, don't forget to add a rule to permissions.php file to allow users with role 'user' to read your homepage, for example, add this content to your config/permissions.php file to enable access to your homepage <?php return [ 'Users.SimpleRbac.permissions' => [ [ 'role' => 'user', 'controller' => 'YOUR_HOMEPAGE_CONTROLLER_NAME', 'action' => 'YOUR_HOMEPAGE_ACTION_NAME', ],     // ... more rules here ]]; Now you are ready to go to your login page and click "Sign up with Google". Upon successful login, a new user will be created in your users table and related oauth2 tokens will be saved in the social_accounts table. The new user created will have the "user" role (by default, but customizable). And based on your Auth rules, this user will be able to access your site. You are done!

Read more about CakeDC Users Plugin

• CakeDC Users Plugin for CakePHP 3
• CakePHP Facebook login using CakeDC Users Plugin

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:

• Professional, commercial CakePHP development and CakePHP consulting
• Professional CakePHP training
• CakePHP code review

We hope you've enjoyed this short tutorial covering the Google login, stay tunned for new CakePHP + Users Plugin tutorials coming soon...

  Validation
Let us consider “validation” in a little more detail to see how it has been implemented and optimized in CakePHP 3.0. In addition to what we discussed in the earlier sections, validation now incorporates two complementary conceptions or areas. These include 1) data type and format validation and 2) Application rules. 1. Data Type and Format Validation This part of the validation deals structural aspects such as data type, format validation, and basic types. Unlike in previous versions, validation is applied before ORM entities are created. This is a very useful feature that ensures everything is totally in sync and set in a way that preserves data integrity and the overall stability of the entire application. Moreover, it markedly reduces application errors and inconsistencies throughout the system. It is therefore a significant enhancement over previous versions. 2. Application Rules Application rules are the second component of validation in CakePHP 3.0 implementation. They play a key role in quality control to ensure that all application rules and workflows are operating in an orderly and systematic fashion. This is implemented through buildRules() method in tables. Here is a code example that uses buildRules() method for articles table. // In src/Model/Table/ArticlesTable.php namespace App\Model\Table; use Cake\ORM\Table; use Cake\ORM\RulesChecker; class Articles extends Table {     public function buildRules(RulesChecker $rules)     {         $rules->add($rules->existsIn('user_id', 'Users'));         $rules->add(             function ($article, $options) {                 return ($article->published && empty($article->reviewer));             },             'isReviewed', [                 'errorField' => 'published',                 'message' => 'Articles must be reviewed before publishing.'             ]         );         return $rules;     } } Identifier Quoting Identifier quoting is another CakePHP feature or process that has changed in CakePHP 3.0. In the new release, quoted identifiers, which were expensive and involved a notoriously error-prone process of parsing SQL snippets has been disabled by default - thereby removing a major source of frustration for developers. The only time you may want to enable identifier quoting is when working with column names or table names with special characters or reserved words. Here is how to enable identifier quoting when configuring a connection. // In config/app.php 'Datasources' => [     'default' => [         'className' => 'Cake\Database\Driver\Mysql',         'username' => 'root',         'password' => 'super_secret',         'host' => 'localhost',         'database' => 'cakephp',         'quoteIdentifiers' => true     ] ],
Note: Identifiers in QueryExpression objects require manual quoting or IdentifierExpression objects.   Updating Behaviors Let us now turn to behaviors. As with most features that has to do with ORM, the way behaviors are setup and configured has evolved for smooth integration with the new framework. Among other things, behaviors now attach to table instances. Here are some other significant differences in the way behaviors are handled in CakePHP as compared to earlier versions. 1. Each table that uses a behavior will have its own instance. No storing of “name space” setting in a behavior is required. 2. Method signature for mixin, callback, and base class for behaviors have all changed 3. Finder methods can now be added easily by behaviors.   The above, in a nutshell, summarizes the main changes and enhancements in the new ORM and CakePHP 3.0 in general. Like all major releases or upgrades, the new release supplants many processes and functions in previous versions while at the same time adding many brand new features. But as you go through the initial learning curve, please remember that you, the developer, have been the primary driving force behind the changes and enhancements. Your feedback and critiques over the years was the invaluable source that inspired CakePHP team to produce this groundbreaking and cutting-edge release that you are reviewing.

  In line with its overall goal of eliminating redundancy and increasing efficiency, the new ORM has replaced several functions in the earlier versions with newer and significantly improved functions or functionality. Among the functions affected, we will confine ourselves here to three functions, commands, or processes: 1. afterFind or virtual fields Developers of previous versions will recall how extensively they had to use afterFind callback and virtual fields to generate data properties. In the new CakePHP 3.0, this is no longer necessary and has been removed in favor of virtual properties on entities which are easier and more powerful. For example, using this method, properties can be generated on the fly to user entities with both first and last names by adding an accessor for full_name. Here is a code example. By defining accessors you can provide access to fields/properties that do not actually exist. For example if your users table has first_name and last_name you could create a method for the full name: namespace App\Model\Entity; use Cake\ORM\Entity; class User extends Entity { protected function _getFullName() { return $this->_properties['first_name'] . ' ' . $this->_properties['last_name']; } } You can access virtual fields as if they existed on the entity. The property name will be the lower case and underscored version of the method: echo $user->full_name; Do bear in mind that virtual fields cannot be used in finds. Once a code segment similar to the above has been defined, the new property can be accessed easily using $user->full_name. Moreover, you can build aggregated data sets from your results. Note also that though virtual fields no longer constitute an explicit feature of ORM, you will still be able to achieve the same result using query builder and expression objects which are more powerful and flexible. Here is a code example that will make this clear. 2. Definition of Associations Another extremely important feature introduced in CakePHP 3.0 is the use of methods to create associations. Instead of defining associations using properties like $belongsTo and $hasMany, this significant attribute uses methods that bypass the many inherent limitations of class definitions by allowing only one way of defining associations. Furthermore, the same API handles the “initialize” method and all other parts of your application code when manipulating associations. This is much more efficient and significantly improves productivity. Here is a code snippet to illustrate this. class ArticlesTable extends Table { public function initialize(array $config) { $this->belongsTo('Authors'); $this->hasMany('Comments', [ 'className' => 'Comments', 'conditions' => ['approved' => true] ]); $this->hasMany('UnapprovedComments', [ 'className' => 'Comments', 'conditions' => ['approved' => false], 'propertyName' => 'unapproved_comments' ]); } } Beside the use of methods to create associations as shown in the example above, the awkward name hasAndBelongsToMany has been renamed to belongsToMany. As if the above enhancements were not enough, CakePHP 3.0 has equipped developers with the ability to create custom association classes which will be a welcome relief as a safety valve for situations where the built-in relation types do not meet specific requirements. For more details on creating associations, please consult our section: Associations – Linking Tables together. 3. Validation Rules Validation plays a crucial role in all software development efforts but if they are to contribute to the overall productivity of the development cycle, the way they are defined and used must be straightforward and easy. When it comes to validation rules, CakePHP 3.0 team introduced an elegant solution to many problems with earlier versions through the use of Validator object to generate validation rules. With this feature, defining multiple sets of rules has become a breeze! Here is an example:   class UsersTable extends Table { public function validationPasswordConfirm(Validator $validator) { $validator ->requirePresence('password_confirm', 'create') ->notEmpty('password_confirm'); $validator->add('password', 'custom', [ 'rule' => function ($value, $context) { $confirm = Hash::get($context, 'data.password_confirm'); if (!is_null($confirm) && $value != $confirm) { return false; } return true; }, 'message' => __d('Users', 'Your password does not match your confirm password. Please try again'), 'on' => ['create', 'update'], 'allowEmpty' => false ]); return $validator; } } In Patch entity validationPasswordConfirm will be applied if is passed in ‘validate’ param.   $user = $this->Users->patchEntity($user, $this->request->data(), ['validate' => 'passwordConfirm']); What is noteworthy about the above code segment is the ability to define as many validation methods as needed. Notice how each method should be prefixed with validation and should be structured to accept a $validator argument.

  As the name suggests, CakePHP is a delightfully easy-to-use framework for rapid application development (RAD). It has evolved to become the most advanced and the most sought-after rapid application development in PHP. Part of this popularity stems from the framework’s ability to simultaneously fulfill the needs of the various stake holders to a project including business owners, project managers, developers, and system administrators. If you are a business owner, you will love CakePHP because it requires no purchasing costs and no licensing fees. Moreover, the entire development cycle from conception to development to deployment is so breathtakingly simple that it can be completed in a matter of weeks. This is possible because CakePHP, from its very inception, was designed to streamline and simplify the process of delivery. The precious time and effort that is often wasted in frantically wrestling with code to make it work can instead be redirected to building a feature-rich site. If you are a project manager, CakePHP is an answer to your projects. You will be relieved to find out that it resolves many issues that pestered you in the past. First, costing less than a fraction of what other commercial products charge, it will neatly fit your business plan whatever the size of your organization. Second, assembling a team of highly qualified developed will be easy due to the abundance of PHP developers. Third, it requires little training or coaching due to its intuitive simplicity and the lots of clear documentation that come with it. And finally, its functionality can be expanded and enhanced to meet the growing demands and needs of a project or an organization. Likewise, if you are a developer, you will find CakePHP markedly boosts your productivity and the quality of the final deliverable you hand over. Furthermore, it obviates the need for the often tedious and prone to error process of integrating different components. With CakePHP, you can have a fully functional unit in half a day or so because code generation tools do much of the work for you. From simple design and syntax to application scaffolding and code generation tools, CakePHP makes it easy for all developers regardless of skill levels to achieve quick results with minimum effort. Even developers with little or no previous web development experience will be able to learn it and figure out its syntax and conventions. Another important feature of CakePHP is its innovative implementation of “convention over configuration” concept that drastically reduces the overall size of code. This is a technique that bypasses endless configuration and setting by attributing special meaning to names given to tables, fields, directories, classes etc… To this end, CakePHP requires adherence to naming conventions. MVC is also another aspect of CakePHP that contributes to its flexibility and robustness. By dividing the system into three distinct self-contained layers according to function, CakePHP ensure the maintainability and manageability of your code. Last but not least, system administrators will appreciate the ease with which CakePHP can be installed on an existence system. A ready-made package, the framework is easy to decipher and configure. Plug-ins and third party libraries are also available for added functionality when and if needed. Additionally, it has a flexible directory structure, solid security infrastructure, and support for the most popular databases. All a system administrator need to do to get the ball rolling is to download the code; define databases, and set file permissions and, voila, the system is ready to go! The above is a brief synopsis of what CakePHP can do for you. Whether what you want is rapid prototyping or the creation of full-fledged website, you will find all the necessary tools within CakePHP. Please contact us if you have questions or need a more detailed explanation of its many features.

  The prospect of migrating to a new version often sets off alarm bells in many a developer who may know or have heard of upgrade related horror stories here and there. Indeed, the concern is justified because major software releases constitute extensive and massive changes over previous versions that sometimes may lead to errors and glitches. But all major releases are not created equal. Some are better than others at managing the process. CakePHP 3.0 is a good example of the latter. In line with its overarching goal of lightening the load developers carry, it has made migration to 3.0 easy and painless. There are a number of reasons why migration to CakePHP is so different, easy, and so manageable. If you still haven't made the move to migrate to CakePHP 3, now is the time to do it! First, the minimum requirements needed to make it work are very few and very straightforward. They include: a) PHP version must be 5.4 or above b) must have mbstring and intl extensions. Note: CakePHP also features a totally new ORM that has been rebuilt from the ground up as well as numerous other enhancements that improve upon or replace previous entities. For details, please refer to the full migration guide. Second, a complete list of all new features and enhancements that the new version introduces is easily accessible and clearly presented. Third and most importantly, you are provided with an upgrade tool (a console application) for tackling the more time consuming migration tasks. What more could you ask from an upgrade? With the above in place, you have everything you need at your fingertips for a smooth and successful migration to CakePHP 3.0. Simplicity in design, development, and implementation has always been the trademark of CakePHP as many who have used the previous versions of CakePHP will attest. It is this factor more than anything else that has earned it a reputation as a framework of choice for developers in PHP.The huge number of developers that continue to use it every year and the excellent reviews it has received over the years provide ample proof to its success in this effort. CakePHP team, on the other hand, though thrilled at the success its hard work brought it, never took such triumphs for granted and never succumbed to complacency. Throughout the period between releases, the team has been actively soliciting feedback and diligently listening to the wish lists and concerns of developers while working very hard to make them a reality. The result is CakePHP 3.0 – a new version that has over the past year been silently taking the software development world by storm with its rich set of highly customizable features. If you ever liked CakePHP 2.x, we guarantee you will fall head over heels in love with CakePHP 3.0! Of course no software can ever be said to be perfect but CakePHP 3.0 is one framework version that comes close by crossing as it does new frontiers in software ingenuity and simplicity that will carry you to heights you never dreamed possible. 

  One issue that has recently attained center stage in the business world is the debate over whether outsourcing web development is a good business strategy or not. Proponents point among other things to local shortage of highly qualified web developers and to cost savings. Critics on the other hand remain skeptical and often point to the potential loss of control over some aspects of a company’s business processes that outsourcing requires. To add to the dilemma, some use the term interchangeably with offshoring. So let us begin by defining exactly what outsourcing is and how it differs from offshoring. Outsourcing is a general term used to describe the act of delegating an entire business function or part of a business process to a third party or contractor. Despite its techie-sounding name, the idea of outsourcing, is a very ordinary one. When you don’t have money, you borrow from those that have it and when you lack talent or experience in one area, you seek it from those that have it. That is what outsourcing is all about. Businesses outsource when they determine that they either do not have the expertise they need to accomplish a given objective or, when they just want to maximize benefits and reduce cost. Outsourcing allows businesses to lower costs, take advantage of skilled experts, and to increase productivity and efficiency. Unlike offshoring, it does not imply work done in a different country and therefore does not entail the same risks inherent in offshoring such as project delivery failures due to political unrest, poor communication, and language barriers in the contractor’s country.   In this article, we will focus on outsourcing web development as a major business venture that should be carefully planned and executed. Here are 10 guidelines to help you outsource web development successfully. 1. The first thing you need to do before even considering who to partner with for your outsourcing needs is to specify exactly what business objective you want fulfilled with the finished website. Will the website be a fully functional, highly interactive website where people can conduct commercial transactions at all times of the day or will it used to simply list detailed information about the business? Do you expect the website to evolve at some point or will this development be the final rendition? In general, most websites evolve in response to changing business demands. So it is wiser to plan ahead with changes in mind. Having a clear vision of what you want the website to do for you will help the contractor and you to tailor the project to the specific long term goals of your business. 2. After defining the general business objective, consider what functionality you want the website to provide. Will the website or some parts of it require a secure login? If so, what will be the requirements or access levels? Will the website include an online demo or a forum? How about databases and calculations? 3. Specify exactly how you will measure success. The main reason why you would develop a website in the first place is to enable people to do certain tasks at your website. So you need a way to measure this and a means to evaluate success or failure when the contractor completes the project. There are many tools you can use including one free one: Google Analytics. 4. Research similar sites. Visit websites of businesses that have already created sites similar to the one you are envisioning. The goal is not to simply copy or emulate them but to learn from them. Examine the design and functionality of these websites and write your impressions about what you like and what you don’t like about them. You can also request friends or other dis-interested parties to visit these sites and give you their opinions. Additionally, read customer comments (if available) and carefully note what problems users complain about and what they like or do not like about such websites. With this knowledge under your belt, you can then craft a better website that avoids the common pitfalls and incorporates all the features visitors find valuable. This will give you a definitive edge over your competitors. 5. Prioritize your needs. It is not always possible to include all the things you want in a website due to budget, time, and other constraints. It is therefore important to begin by categorizing your needs into “must haves” and “wish to haves.” Then make sure you consider optional features only after you have budgeted for those features that you absolutely must have. 6. Prepare a brief or summary for prospective contractors. This should include a short introduction of your company; what it does; and what its overall goals are. The brief should also include the purpose of the website; who the target audience will be; anticipated functionality (ecommerce, advertising etc…); how you will evaluate success; and who will be responsible for creating and maintaining content. You should also state whether you will be doing maintenance in-house or expect the contractor to do it for you. 7. After you have completed the above steps, it is time to look for a business partner. Make phone calls to several businesses who have the expertise you need and then draw up a list of those that meet the criteria you set in your brief (step #6 above). You can then send your brief to the few you have selected along with a request for a proposal. When you receive a proposal, look over its provisions very carefully. It is more important particularly at this stage to make sure that you get the most important features you identified in step #4. Price is important of course but don’t make the mistake of focusing only on cost. Though cost saving is a major reason for outsourcing, it should never be at the expense of quality. Moreover, a well developed site will save you more money in the long run than a mediocre site. 8. Ask prospective contractors for details about the staff that will be handling your project. If you will be outsourcing the entire web development life cycle, you want to know if subject-matter experts will be managing each phase of the project. In other words, you want to know if the task will be divided in such a way that dedicated web design specialists will be doing the design phase while software developers will handle the nuts and bolts of software development. It should be noted here that there are some web developers who are also excellent web designers and vice versa. This should not be a problem and in fact can be preferable because such an expert can match development to design more easily to create a well-balanced and harmonious website. 9. Discuss a timeline for in-person or electronic progress report. How often will the prospective contractor provide you with a progress report? Does their proposal give a phased outline of what will be accomplished when? If they can’t provide a reasonable response to this, look elsewhere. 10. Finally, ask for references and check them thoroughly. Inquire about their customer service, their task completion history, and their general professionalism.   If you follow the above steps faithfully, you will be rewarded with the proven cost-saving benefits of outsourcing. Carefully managed and executed, outsourcing is a strategic business move and a great boon to all types of businesses.

  Since its debut in 2005, CakePHP’s main thrust has been to make software development easy, fast, and painless. In a span of just 11 years, CakePHP proved its worth by withstanding the test of time and earning its place as the premier framework for software development. Its success in this grand effort can be gauged by how enthusiastically it has been embraced by the software community: a whopping 8 million visitors; 29,908 commits; and 30 million page views! What are the secrets behind its enduring popularity? What features and benefits account for its continued appeal? Why would anyone want to use CakePHP? These are some of the questions we will answer below. Solid and Impregnable Security Features One main reason you want to use CakePHP is for its solid security attributes. With incidents of cyber security breaches and random computer-generated-attacks at an all-time high, who isn’t worried about website security these days? Gone are the days when security used to be optional. Today, security is a mandatory feature that all websites must ensure if they are to thrive and survive. Framework support for security varies from one framework to another but CakePHP is by far the finest in security among frameworks for PHP because of its unmatched set of security tools and safeguards it incorporates. These include among other things input validation, data sanitization, SQL injection, CSRF (cross site request forgery - prevents unauthorized commands from being transferred), and XSS (cross site scripting - prevents malicious content from being delivered). It also features hashing and advanced encryption algorithms such as SHA1, SHA256, MD5, Blowfish, and Rijndael/AES-256). CakePHP Facilitates Development If security was its only strength, CakePHP would still remain a top contender. But CakePHP also excels in the ease and simplicity with which software applications can be developed. Featuring a lean MVC architecture that neatly organizes code according to function; conventions that facilitate standardization; and scaffolding and code generation tools that streamline development, CakePHP has everything you need to develop a highly functioning and trouble-free website in a very short time. Moreover, its support for all the popular and major databases such as MySQL, SQLite, PostgreSQL, and Microsoft SQL Server as well as for caching engines such as Memcached or Redis will be greeted with pleasure by all developers. Simplifies Migration and Compatibility CakePHP also makes maintaining migration path very easy for developers because tools do most of the work. Moreover, new features and updates are enumerated clearly making it easy for developers to keep abreast of the latest versions of the framework among other things. Abundant and Readily Available Documentation CakePHP's documentation is truly phenomenal! It not only provides a detailed explanation of the entire framework along with a complete API reference but also features hundreds of instructional manuals and video tutorials. Moreover, all are accessible online. Certification paths and training venues are also available for those who want to delve even deeper towards mastery. Totally Free License Best of all, CakePHP's code is open source, totally free, and available under MIT license that allows commercial use! The above list of features makes it clear that CakePHP’s popularity is earned and well deserved. No framework has ever been able to simultaneously provide so many benefits in such a short time. Please contact us if you have any questions or want to know how CakePHP can help you with your project.