# |
Feb 12th 2020, 08:26 |
spriz |
I am split between firing off methods in my models' `afterSave()` functions rather than actually using events and actually building events |
# |
Feb 12th 2020, 08:25 |
spriz |
Does anyone have some oss examples of events usage that is not related to controller/view/models? :P I mean where you are defining custom events and using those to decouple things without just adding uneccessary complexity? :) |
# |
Feb 12th 2020, 08:23 |
admad |
@ishan `(string)$response->getBody()` |
# |
Feb 12th 2020, 08:06 |
jotpe |
Hi, folks! |
# |
Feb 12th 2020, 07:58 |
spriz |
or even better - if you are using an IDE go to the definition of the Diactoros stream and see what that class can do for you :) |
# |
Feb 12th 2020, 07:58 |
spriz |
@ishan Try ->getBody()->getContents() |
# |
Feb 12th 2020, 07:24 |
ishan |
How can I get html response as a string in cakephp >= 3.5? I want same output as `$response->body()` but since it's deprecated what is the best alternative? I've tried using `$response->getBody()` but it is returning object of `\Zend\Diactoros\Stream` instead of string. |
# |
Feb 12th 2020, 07:13 |
ishan |
Hello, Good morning |
# |
Feb 12th 2020, 07:02 |
alexdd55976 |
morning |
# |
Feb 12th 2020, 05:10 |
md.islam11 |
it always returning something: { "success": true, "data": { "id": 24 } } |
# |
Feb 12th 2020, 05:10 |
md.islam11 |
How to make custom return type of " ```return $this->Crud->execute();``` " |
# |
Feb 12th 2020, 05:08 |
md.islam11 |
Hello |
# |
Feb 11th 2020, 20:24 |
thomas078 |
still works..ok |
# |
Feb 11th 2020, 20:15 |
thomas078 |
cake 3.8.9 isAuthorized($user) should it still work?? |
# |
Feb 11th 2020, 19:43 |
np |
@phantomwatson OK, the problem is with the scrutinizer. Thanks. |
# |
Feb 11th 2020, 19:31 |
np |
We have upgrade app from cakephp3 to 4, config it’s same, now error comme https://scrutinizer-ci.com/ tool. I try now in different way |
# |
Feb 11th 2020, 19:29 |
phantomwatson |
And you can connect to the database using 'root' and no password through other means, like phpMyAdmin or via a command line? Just to rule out there being something wrong/missing with the database. |
# |
Feb 11th 2020, 19:26 |
np |
@phantomwatson yes, its test and null. |
# |
Feb 11th 2020, 19:22 |
phantomwatson |
@np, it looks like you're running a test. Are you sure that you set the password to `null` in the `'test'` configuration in `app.php`? |
# |
Feb 11th 2020, 19:20 |
jslamka5685 |
@phantomwatson Thank you |
# |
Feb 11th 2020, 19:19 |
phantomwatson |
@jslamka5685, I think that's `Date::i18nFormat(Date::$niceformat)` |
# |
Feb 11th 2020, 18:56 |
np |
Hallo, how to set db without password in cakephp4, we try ‘password’ => ‘’, ‘password’ => null, but ```PHPUnit 8.5.2 by Sebastian Bergmann and contributors. IIIIIIIIIIIIIIII..Exception: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES)``` |
# |
Feb 11th 2020, 18:54 |
jslamka5685 |
When a date is being output in a template, it has a default "friendly" output. What function is being run to apply this formatting? |
# |
Feb 11th 2020, 17:39 |
damiano |
thanks |
# |
Feb 11th 2020, 17:38 |
damiano |
yeah got it |
# |
Feb 11th 2020, 17:38 |
phantomwatson |
This is assuming that the request also transmits user data, like a username or a user ID that you'd use to figure out which user is trying to log in. |
# |
Feb 11th 2020, 17:37 |
phantomwatson |
which you'd be generating on the fly. That way, tokens won't get exposed if someone gets into your database. |
# |
Feb 11th 2020, 17:37 |
phantomwatson |
Another option is to randomly generate a single salt (or use the `Security.salt` configuration value that's already in CakePHP) that you use for everyone's token. Then, you don't need to store the token in the database at all, because whenever there's a token in a request, you can compare it to `Security::hash($entity->username . $entity->password . $salt, 'sha1', true);` |
# |
Feb 11th 2020, 17:35 |
damiano |
in db |
# |
Feb 11th 2020, 17:35 |
damiano |
yes |
# |
Feb 11th 2020, 17:35 |
phantomwatson |
So this token is stored in the database? |
# |
Feb 11th 2020, 17:34 |
phantomwatson |
If you want to get wacky, you could generate the token by `hash($username . $passwordHash)` in order for that remote possibility of someone deriving the password from the publicly-transmitted authentication token to be even less likely. But whenever people are hashing hashes, people tend to consider that a code smell that indicates that something dumb is happening. |
# |
Feb 11th 2020, 17:34 |
damiano |
maybe randomString() there is pointless |
# |
Feb 11th 2020, 17:34 |
damiano |
this is what i did: `$entity->token = Security::hash($entity->username . $entity->password . Security::randomString(24), 'sha1', true);` |
# |
Feb 11th 2020, 17:31 |
damiano |
@phantomwatson sure!! hehe |
# |
Feb 11th 2020, 17:31 |
phantomwatson |
(Assuming usernames must be unique ;) ) |
# |
Feb 11th 2020, 17:31 |
damiano |
but i must add a salt for sure |
# |
Feb 11th 2020, 17:31 |
damiano |
yeah i would like to avoid it, i mean, i would like to save and stop, as @neon1024 said i can hash(user + password) in that way i will surelly get an unique token |
# |
Feb 11th 2020, 17:30 |
phantomwatson |
If you just need a unique string and that's the only requirement, then you could literally just generate a random string and test it for uniqueness before setting it. That would be perfectly fine for a small user pool, but might cause long database lookups if you have a billion users. |
# |
Feb 11th 2020, 17:30 |
damiano |
however if my database gets exposed, they will copy the token and that's all, they can use whatever they want with user token... i am implementing login via user/password, token and cookie |
# |
Feb 11th 2020, 17:28 |
damiano |
@phantomwatson but are there any other method to create a safe token ? |