CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Quick start with Migrations plugin

Written by Pierre on March 01, 2010 •
37255 VIEWS

In a previous post I gave an overview of the CakePHP Migrations plugin, what it does and why you should use it in your applications. This article will explain how to use it in a practical way. We are going to bake a simple blog application recipe application and see how migrations are integrated in the development process.

Since we recently moved all our open source projects on http://cakedc.github.com/, this sample application source code is also available there: Sample Migrations Application - Github (it is a CakePHP 1.3 application). Ready?

Bake a new application and add the migrations plugin

First of all, we need to bake a new CakePHP application. Easy enough to do using cake bake, then configure your database (an empty database is sufficient for now) and check that the home page is all green! If you have not set up your environment to use the CakePHP command line yet, take some time to do so... it worth it!

Adding the migrations plugin might also be a straightforward task. You can either download the archive containing the plugin code and unzip it in the "/plugins/migrations" folder of your application, or add it as a git submodule with the following command:

git submodule add git://github.com/CakeDC/Migrations.git plugins/migrations

Then check that it is correctly installed by executing the following command from your application root:

cake migration help

If you see a list of available commands you can move on next step.

Create initial tables and bake the MVC

We now need something to migrate! Let's create some tables in the database. The application will have Users who can publish Recipes, each one having several Ingredients (of course Ingredients can be used in many Recipes). Here is a SQL dump of this simple database schema:

CREATE TABLE `ingredients` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `ingredients_recipes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `ingredient_id` int(11) NOT NULL,
  `recipe_id` int(11) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `recipes` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `user_id` int(11) NOT NULL,
  `name` varchar(100) NOT NULL,
  `content` text NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  `password` varchar(255) NOT NULL,
  `created` datetime NOT NULL,
  `modified` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1;

As our goal here is not to focus on the application code itself, baked MVC from these tables might be sufficient... just run the command cake bake all for User, Recipe and Ingredient to bake'em all!

At this point we must have an application with an initial architecture ready to share. To start from here, one will just have to checkout the related commit... but don't you see a problem with this? How will he create the initial database? Maybe we could send him the SQL dump by email, or better commit it with the application! It is where the Migrations plugin comes in.

Generate the initial migration

"Be kind with your coworkers and include the database schema with your code... along with some sample data."

Let's use the migrations shell to generate an agnostic database schema containing our 4 tables, and an initial admin user account. To do so we just need to run the following command:

cake migration generate

After entering a name for the migration and selected the database dump option, we might have a new "/config/migrations" directory containing two files:

map.php representing the different migrations order,
name_of_the_migration.php a migration file containing all the necessary information to create your actual database. In the sample application it is named: "001_added_users_recipes_and_ingredients_tables.php". You might have noticed that we added a 001 prefix to the migration name to make it easier to see migrations order, it is a good practice.

We can now open the generated migration file (/config/migrations/001_added_users_recipes_and_ingredients_tables.php) and take a look at it. If you need more information and understand all available migration directives, you can read the plugin documentation.

For now we are just going to focus on the empty "after()" callback. This callback is triggered once the migration has been executed, and allow you to do whatever you want, given the direction of the migration: applied (up) or reverted (down). We are going to use this callback to create an initial admin User. Here is the code of the callback (as you are a CakePHP developer you might understand it quite easily):

function after($direction) {
	if ($direction === 'up') {
		if (!class_exists('Security')) {
			App::import('Core', 'Security');
		}

		$User = $this->generateModel('User');
		$user = array(
			'User' => array(
				'name' => 'admin',
				'password' => Security::hash('unsecurepassword', null, true)));
		$User->save($user);
	}
	return true;
}

Notice the use of the generateModel() method provided by the Migrations plugin. It is a shorthand allowing you to cleanly load a model in the callback to insert new data or update the existing. We could explain the reason of it more deeply but it is not the goal of this article, so just keep in mind that it is the best way to load a Model from callbacks!

Here we are! We can now share the application with anyone. After checked out the application, one will just have to run cake migration all to turn an empty database to a database containing all the needed tables, and an initial admin user to start using the application.

Categorize the recipes!

As the application evolves, we need to sort recipes by categories. This change involves two changes in the current database schema: a new categories table must be created, and a category_id field added to the recipes table.

Note: If you later want to use the migrations diff feature to generate a migration containing a diff between your previous database schema and the current one, you have to generate a Cake Schema of your database at this point. Simply run cake schema generate.

We can now update the recipes table and create a new categories table. Here is a simple SQL script:

CREATE TABLE `categories` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(100) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1;

ALTER TABLE `recipes` ADD `category_id` INT NOT NULL

Bake the MVC for categories and update recipes view pages to display the category so the application reflect these database changes. Before sharing these code changes, we need to generate a second migration describing the above SQL snippet in an agnostic way... and creating initial categories!

Nothing different than what we did previously: run cake migration generate, give a name to the migration, and choose between generating a diff from the schema.php file (if one was generated), generating a dump of the database (we will remove unnecessary instructions later) or generating an empty migration file. Once generated, it is always important to check the generated directives for the migration and fix them if needed. The migration must look like this:

var $migration = array(
	'up' => array(
		'create_table' => array(
			'categories' => array(
				'id' => array('type' => 'integer', 'null' => false, 'default' => NULL, 'key' => 'primary'),
				'name' => array('type' => 'string', 'null' => false, 'default' => NULL, 'length' => 100),
				'indexes' => array(
					'PRIMARY' => array('column' => 'id', 'unique' => 1),
				),
				'tableParameters' => array('charset' => 'latin1', 'collate' => 'latin1_swedish_ci', 'engine' => 'MyISAM'),
			),
		),
		'create_field' => array(
			'recipes' => array(
				'category_id' => array('type' => 'integer', 'null' => false, 'default' => NULL)
			),
		),
	),
	'down' => array(
		'drop_table' => array(
			'categories'
		),
		'drop_field' => array(
			'recipes' => array(
				'category_id'
			),
		),
	),
);

If you understood what we did in the first migration callback to add an initial user you might be able to implement this one. We would like to add initial categories: Starters, Main Dish and Desserts.

For lazy people, the code is here:

function after($direction) {
	if ($direction === 'up') {
		$Category = $this->generateModel('Category');
		$categories = array(
			array('name' => 'Starters'),
			array('name' => 'Main Dish'),
			array('name' => 'Desserts'));
		$Category->saveAll($categories);
	}
	return true;
}

Here we are again! The changes are ready to commit, and the commit will contains both code and database changes. One could update the database after checking out this commit by running: cake migration all.

The end

I hope this very simple use case and the code we built will help you to start using Migrations. As you could see it is very simple to use and will make your life much more easier: you would not have to worry anymore about the state of your database schema.

The source code of this tutorial is available on Github. If you found any bug or have any suggestion about the Migrations plugin, please create a ticket on Github. Comment this article if you have any question, and do not hesitate to share it if you found it useful!

Latest articles

34 Views

The new CakePHP RateLimitMiddleware

This article is part of the CakeDC Advent Calendar 2025 (December 21st 2025) Rate limiting a specific endpoint of your application can be a life saver. Sometimes you can't optimize the endpoint and it'll be expensive in time or CPU, or the endpoint has a business restriction for a given user. In the past, I've been using https://github.com/UseMuffin/Throttle a number of times to provide rate limiting features to CakePHP. Recently, I've been watching the addition of the RateLimitMiddleware to CakePHP 5.3, I think it was a great idea to incorporate these features into the core and I'll bring you a quick example about how to use it in your projects. Let's imagine you have a CakePHP application with an export feature that will take some extra CPU to produce an output, you want to ensure the endpoint is not abused by your users. In order to limit the access to the endpoint, add the following configuration to your config/app.php // define a cache configuration, Redis could be a good option for a fast and distributed approach 'rate_limit' => [ 'className' => \Cake\Cache\Engine\RedisEngine::class, 'path' => CACHE, 'url' => env('CACHE_RATE_LIMIT_URL', null), ], Then, in your src/Application.php middleware method, create one or many configurations for your rate limits. The middleware allows a lot of customization, for example to select the strategy, or how are you going to identify the owner of the rate limit. ->add(new RateLimitMiddleware([ 'strategy' => RateLimitMiddleware::STRATEGY_FIXED_WINDOW, 'identifier' => RateLimitMiddleware::IDENTIFIER_IP, 'limit' => 5, 'window' => 10, 'cache' => 'rate_limit', 'skipCheck' => function ($request) { return !( $request->getParam('controller') === 'Reports' && $request->getParam('action') === 'index' ); } ])) In this particular configuration we are going to limit the access to the /reports/index endpoint (we skip everything else) to 5 requests every 10 seconds. You can learn more about the middleware configuration here https://github.com/cakephp/docs/pull/8063 while the final documentation is being finished. This article is part of the CakeDC Advent Calendar 2025 (December 21st 2025)

Written by Jorge on December 21, 2025

72 Views

Real-Time Notifications? You Might Not Need WebSockets

This article is part of the CakeDC Advent Calendar 2025 (December 20th 2025) As PHP developers, when we hear "real-time," our minds immediately jump to WebSockets. We think of complex setups with Ratchet, long-running server processes, and tricky Nginx proxy configurations. And for many applications (like live chats or collaborative editing) WebSockets are absolutely the right tool. But, if you don't need all that complexity or if you just want to push data from your server to the client? Think of a new notification, a "users online" counter, or a live dashboard update. For these one-way-street use cases, WebSockets are often overkill. Enter Server-Sent Events (SSE). It's a simple, elegant, and surprisingly powerful W3C standard that lets your server stream updates to a client over a single, long-lasting HTTP connection.

SSE vs. WebSockets: The Showdown

The most important difference is direction.

WebSockets (WS): Bidirectional. The client and server can both send messages to each other at any time. It's a two-way conversation.
Server-Sent Events (SSE): Unidirectional. Only the server can send messages to the client. It's a one-way broadcast.

This single difference has massive implications for simplicity and implementation.

Feature	Server-Sent Events (SSE)	WebSockets (WS)
Direction	Unidirectional (Server ➔ Client)	Bidirectional (Client ⟺ Server)
Protocol	Just plain HTTP/S	A new protocol (`ws://`, `wss://`)
Simplicity	High. simple API, complex ops at scale	Low. Requires a special server.
Reconnection	Automatic! The browser handles it.	Manual. You must write JS to reconnect.
Browser API	Native `EventSource` object.	Native `WebSocket` object.
Best For	Notifications, dashboards, live feeds.	Live chats, multiplayer games, co-editing.

Pros for SSE:

It's just HTTP. No new protocol, no special ports.
Automatic reconnection is a life-saver.
The server-side implementation can be a simple controller action.

Cons for SSE:

Strictly one-way. The client can't send data back on the same connection.
Some older proxies or servers might buffer the response, which can be tricky.

Infrastructure Note: Since SSE keeps a persistent connection open, each active client will occupy one PHP-FPM worker. For high-traffic applications, ensure your server is configured to handle the concurrent load or consider a non-blocking server like RoadRunner. Additionally, using HTTP/2 is strongly recommended to bypass the 6-connection-per-domain limit found in older HTTP/1.1 protocols

The Implementation: A Smart, Reusable SSE System in CakePHP

We're not going to build a naive while(true) loop that hammers our database every 2 seconds. That's inefficient. Instead, we'll build an event-driven system. The while(true) loop will only check a cache key. This is lightning-fast. A separate "trigger" class will update that cache key's timestamp only when a new notification is actually created. This design is clean, decoupled, and highly performant.

Note: This example uses CakePHP, but the principles (a component, a trigger, and a controller) can be adapted to any framework like Laravel or Symfony.

1. The Explicit `SseTrigger` Class

First, we need a clean, obvious way to "poke" our SSE stream. We'll create a simple class whose only job is to update a cache timestamp. This is far better than a "magic" Cache::write() call hidden in a model. src/Sse/SseTrigger.php

<?php
namespace App\Sse;

use Cake\Cache\Cache;

/**
 * Provides an explicit, static method to "push" an SSE event.
 * This simply updates a cache key's timestamp, which the
 * SseComponent is watching.
 */
class SseTrigger
{
    /**
     * Pushes an update for a given SSE cache key.
     *
     * @param string $cacheKey The key to "touch".
     * @return bool
     */
    public static function push(string $cacheKey): bool
    {
        // We just write the current time. The content doesn't
        // matter, only the timestamp.
        return Cache::write($cacheKey, microtime(true));
    }
}

CRITICAL PERFORMANCE WARNING: The PHP-FPM Bottleneck
In a standard PHP-FPM environment, each SSE connection is synchronous and blocking. This means one active SSE stream = one locked PHP-FPM worker. If your max_children setting is 50, and 50 users open your dashboard, your entire website will stop responding because there are no workers left to handle regular requests. How to mitigate this: Dedicated Pool: Set up a separate PHP-FPM pool specifically for SSE requests. Go Asynchronous: Use a non-blocking server like RoadRunner, Swoole or FrankenPHP. These can handle thousands of concurrent SSE connections with minimal memory footprint. HTTP/2: Always serve SSE over HTTP/2 to bypass the browser's 6-connection limit per domain.

2. The `SseComponent` (The Engine)

This component encapsulates all the SSE logic. It handles the loop, the cache-checking, the CallbackStream, and even building the final Response object. The controller will be left perfectly clean. To handle the stream, we utilize CakePHP's CallbackStream. Unlike a standard response that sends all data at once, CallbackStream allows us to emit data in chunks over time. It wraps our while(true) loop into a PSR-7 compliant stream, enabling the server to push updates to the browser as they happen without terminating the request. src/Controller/Component/SseComponent.php

<?php
namespace App\Controller\Component;

use Cake\Controller\Component;
use Cake\Http\CallbackStream;
use Cake\Cache\Cache;
use Cake\Http\Response;

class SseComponent extends Component
{
    protected $_defaultConfig = [
        'poll' => 2, // How often to check the cache (in seconds)
        'eventName' => 'message', // Default SSE event name
        'heartbeat' => 30, // Keep-alive to prevent proxy timeouts
    ];

    /**
     * Main public method.
     * Builds the stream and returns a fully configured Response.
     */
    public function stream(callable $dataCallback, string $watchCacheKey, array $options = []): Response
    {
        $stream = $this->_buildStream($dataCallback, $watchCacheKey, $options);

        // Get and configure the controller's response
        $response = $this->getController()->getResponse();
        $response = $response
            ->withHeader('Content-Type', 'text/event-stream')
            ->withHeader('Cache-Control', 'no-cache')
            ->withHeader('Connection', 'keep-alive')
            ->withHeader('X-Accel-Buffering', 'no') // For Nginx: disable response buffering
            ->withBody($stream);

        return $response;
    }

    /**
     * Protected method to build the actual CallbackStream.
     */
    protected function _buildStream(callable $dataCallback, string $watchCacheKey, array $options = []): CallbackStream
    {
        $config = $this->getConfig() + $options;

        return new CallbackStream(function () use ($dataCallback, $watchCacheKey, $config) {

            set_time_limit(0); 
            $lastSentTimestamp = null; 
            $lastHeartbeat = time();

            while (true) {
                if (connection_aborted()) {
                    break;
                }

                // 1. THE FAST CHECK: Read the cache.
                $currentTimestamp = Cache::read($watchCacheKey);

                // 2. THE COMPARE: Has it been updated?
                if ($currentTimestamp > $lastSentTimestamp) {

                    // 3. THE SLOW CHECK: Cache is new, so run the data callback.
                    $data = $dataCallback(); 

                    // 4. THE PUSH: Send the data.
                    echo "event: " . $config['eventName'] . "\n";
                    echo "data: " . json_encode($data) . "\n\n";

                    $lastSentTimestamp = $currentTimestamp; 
                    $lastHeartbeat = time();

                } else if (time() - $lastHeartbeat > $config['heartbeat']) {
                    // 5. THE HEARTBEAT: Send a comment to keep connection alive.
                    echo ": \n\n"; 
                    $lastHeartbeat = time();
                }

                if (ob_get_level() > 0) {
                    ob_flush();
                }
                flush();

                // Wait before the next check
                sleep($config['poll']);
            }
        });
    }
}

3. Connecting the Logic (Model & Controller)

First, we use our SseTrigger in the afterSave hook of our NotificationsTable. This makes it clear: "After saving a notification, push an update." src/Model/Table/NotificationsTable.php (Partial)

use App\Sse\SseTrigger; // Don't forget to import!

public function afterSave(EventInterface $event, Entity $entity, ArrayObject $options)
{
    // Check if the entity has a user_id
    if ($entity->has('user_id') && !empty($entity->user_id)) {

        // Build the user-specific cache key
        $userCacheKey = 'notifications_timestamp_user_' . $entity->user_id;

        // Explicitly trigger the push!
        SseTrigger::push($userCacheKey);
    }
}

Now, our controller action becomes incredibly simple. Its only jobs are to get the current user, define the data callback, and return the component's stream. src/Controller/NotificationsController.php

<?php
namespace App\Controller;

use App\Controller\AppController;
use Cake\Http\Exception\ForbiddenException;

class NotificationsController extends AppController
{
    public function initialize(): void
    {
        parent::initialize();
        $this->loadComponent('Sse');
        $this->loadComponent('Authentication.Authentication'); 
    }

    public function stream()
    {
        $this->autoRender = false;

        // 1. Get authenticated user
        $identity = $this->Authentication->getIdentity();
        if (!$identity) {
            throw new ForbiddenException('Authentication required');
        }

        // 2. Define user-specific parameters
        $userId = $identity->get('id');
        $userCacheKey = 'notifications_timestamp_user_' . $userId;

        // 3. Define the data callback (what to run when there's an update)
        $dataCallback = function () use ($userId) {
            return $this->Notifications->find()
                ->where(['user_id' => $userId, 'read' => false]) 
                ->order(['created' => 'DESC'])
                ->limit(5)
                ->all();
        };

        // 4. Return the stream. That's it!
        return $this->Sse->stream(
            $dataCallback, 
            $userCacheKey, 
            [
                'eventName' => 'new_notification', // Custom event name for JS
                'poll' => 2
            ]
        );
    }
}

4. The Frontend (The Easy Part)

Thanks to the native EventSource API, the client-side JavaScript is trivial. No libraries. No complex connection management.

<script>
    // 1. Point to your controller action
    const sseUrl = '/notifications/stream';
    const eventSource = new EventSource(sseUrl);

    // 2. Listen for your custom event
    eventSource.addEventListener('new_notification', (event) => {
        console.log('New data received!');
        const notifications = JSON.parse(event.data);

        // Do something with the data...
        // e.g., update a <ul> list or a notification counter
        updateNotificationBell(notifications);
    });

    // 3. (Optional) Handle errors
    eventSource.onerror = (error) => {
        console.error('EventSource failed:', error);
        // The browser will automatically try to reconnect.
    };

    // (Optional) Handle the initial connection
    eventSource.onopen = () => {
        console.log('SSE connection established.');
    };
</script>

Ideas for Your Projects

You can use this exact pattern for so much more than just notifications:

Live Admin Dashboard: A "Recent Sales" feed or a "Users Online" list that updates automatically.
Activity Feeds: Show "John recently commented..." in real-time.
Progress Indicators: For a long-running background process (like video encoding), push status updates ("20% complete", "50% complete", etc.).
Live Sports Scores: Push new scores as they happen.
Stock or Crypto Tickers: Stream new price data from your server.

When NOT to Use SSE: Know Your Limits

While SSE is an elegant solution for many problems, it isn't a silver bullet. You should avoid SSE and stick with WebSockets or standard Polling when:

True Bidirectional Communication is Required: If your app involves heavy "back-and-forth" (like a fast-paced multiplayer game or a collaborative whiteboarding tool), WebSockets are the correct choice.
Binary Data Streams: SSE is a text-based protocol. If you need to stream raw binary data (like audio or video frames), WebSockets or WebRTC are better suited.
Legacy Browser Support (IE11): If you must support older browsers that lack EventSource and you don't want to rely on polyfills, SSE will not work.
Strict Connection Limits: If you are on a restricted shared hosting environment with very few PHP-FPM workers and no support for HTTP/2, the persistent nature of SSE will quickly exhaust your server's resources.

Conclusion

WebSockets are a powerful tool, but they aren't the only tool. For the wide array of use cases that only require one-way, server-to-client communication, Server-Sent Events are a simpler, more robust, and more maintainable solution. It integrates perfectly with the standard PHP request cycle, requires no extra daemons, and is handled natively by the browser. So the next time you need real-time updates, ask yourself: "Do I really need a two-way conversation?" If the answer is no, give SSE a try. This article is part of the CakeDC Advent Calendar 2025 (December 20th 2025)

Written by Arodriguez on December 19, 2025

68 Views

QA vs. Devs: a MEME tale of the IT environment

QA testing requires knowledge in computer science but still many devs think of us like homer-simpson-meme BUT... morpheus-meme It is not like we want to detroy what you have created but... house-on-fire-meme And we have to report it, it is our job... tom-and-jerry-meme It is not like we think dev-vs-qa I mean cat-meme Plaeas do not consider us a thread :) willy-wonka-meme 0/0/0000 reaction-to-a-bug Sometimes we are kind of lost seeing the application... futurama-meme And sometimes your don't believe the crazy results we get... ironman-meme I know you think aliens-meme But remmember we are here to help xD the-office-meme Happy Holidays to ya'll folks! the-wolf-of-wallstreet-meme PS. Enjoy some more memes feature-vs-user hide-the-pain-harold-meme idea-for-qa peter-parker-meme meme dev-estimating-time-vs-pm