Setting Up A New CakePHP Environment in Ubuntu
CakePHP is a useful MVC framework for PHP applications. However, there are a few common gotchas when setting up a new development environment. In this post, I will go through how to get around these issues when setting up a new environment on a LAMP (Linux Apache MySQL PHP) server, in this case server running an Ubuntu OS. Please leave a comment if you have any feedback or can recommend any improvements on the suggestions here.
Grab a Copy and Get Started
The first thing you'll need to do is get a local LAMP server up and running. Then, grab a fresh copy of CakePHP from cakephp.org. This site also has some useful resources if you'd like to learn more about the framework.
$wget http://download.github.com/cakephp-cakephp1x-ef18ab2.tar.gz
Once you have downloaded the tarball, extract it and then rename the new directory to something more useful. This is the root directory of the application.
$tar -xvvzf cakephp-cakephp1x-ef18ab2.tar.gz
$mv cakephp-cakephp1x-ef18ab2/ cake_project/
Make Tmp/ Writable
Next, you need to make sure that the tmp/ directory is writeable. To avoid using insecure 777 permissions, I recommend installing suPHP. SuPHP allows PHP scripts to be run as their owner rather than as the default Apache user (www-data). As a result, you can use more secure file and directory permissions while still allowing the tmp/ directory to be writeable by the application. Generally, 755 permissions are sufficiently secure for directories and 644 for files.
Install the correct packages, enable suphp and disable the php5 module.
$sudo apt-get install libapache2-mod-suphp suphp-common
$sudo a2enmod suphp;sudo a2dismod php5;sudo /etc/init.d/apache2 restart
Add A Dash of Salt
With that out of the way, now you need to change the default salt value for the application. CakePHP needs a random string ("salt") which is used to generate secure hashes. I find the pwgen utility in Linux very useful for quickly generating a randomĀ string.
Open up app/config/core.php. Then, replace the random_string value below with the output of the pwgen command .
Configure::write('Security.salt', 'random_string');
$pwgen -y 100
Point Your Domain at the Cake Directory
You can use Apache's userdir module to test your application. This will allow you to go to http://yourdomain.com/~username in your browser where /home/username/public_html is the document root. However, this often conflicts with the Apache rewrite module which is necessary for "friendly" URLs.
To get around this conflict on a local development environment, I recommend pointing your domain at the application's root directory. In this way, when you go to the domain in your browser it will show you the newly installed CakePHP application.
First, add a rule to your computer's /etc/hosts file so that the domain points to localhost.
#add a similar rule to /etc/hosts
127.0.0.1 caketest.com www.caketest.com
Then, add and enable a vhost for the domain you are working on.
$sudo vim /etc/apache2/sites-available/caketest.com
<VirtualHost *:80 >
#Basic setup
ServerAdmin webmaster@mydomain.com
ServerName caketest.com
ServerAlias www.caketest.com
DocumentRoot /home/andrew/public_html/cakeErrorLog /home/andrew/public_html/cake/error_log/error.log
<Directory /home/andrew/public_html/cake>
Order Deny,Allow
Allow from all
# Don't show indexes for directories
Options -Indexes
</Directory>
</VirtualHost>
$sudo a2ensite caketest.com;/etc/init.d/apache2 restart
Why is Everything Black and White?
If the new Cake installation displays without any CSS markup, make sure that the Apache rewrite module is enabled. After that, your done.
$sudo a2enmod rewrite;/etc/init.d/apache2 restart
At this point, you might want to check out the CakePHP documentation which will give you more information on what to do from here. You should also check out this article on using Netbeans as your developemnt IDE for CakePHP projects.
Nasty Site Hack Leads to Phony Google Links
Thar be nasty scripts here!
Came across a dirty (but interesting) website hack today. Essentially when a person googled their domain name they discovered hundreds and hundreds of phony links pointing to a sub-directory of their site. (With various explicitly charming descriptions). Clicking on these links displayed a page full of advertisements.
Had a nose around the sub-directory in question and couldn't find any files corresponding to the links.
Eventually, I found a rogue PHP script (called report.php). Turns out that the .htaccess file in the directory had been modified to redirect any "404 Not Found" errors to the PHP script. Even dirtier still was that when you accessed the script directly in a browser it showed a typical default 404 error, a tactic I guess is there to add confusion when you are trying to find the cause of the hack. Bastards.
Script was base64'd and full of typical randomness meant to slow down those trying to figure out exactly what it's trying to do. As far as I can tell, it just serves up ad pages when it's redirected to and the 404 error page when accessed directly.
The ultimate bastardly thing about this hack is that even after you clean up your site, it'll be ages before the explicit phony links dissappear from Google. Another good reason to avoid 777 permissions of directories and keep your web software updated.
Just wanted to make people aware of it. If you come across something similar have a look in the .htaccess file first. 
***UPDATE***
The following bash one-liner can help find any files that contain a call to the base64_encode() method. Some legitimate files may be included, but this should help narrow down the list of dirty scripts.
$find . -type f | xargs grep -l base64_encode
Also worth checking out the following links for htaccess tips and tricks:
New Theme
I got a bit sick of the old fusion theme. The new theme is based on the Vigilance Theme by Jestro with some tweaks suggested in an excellent article by Dean Peters along with a couple of tweaks of my own.
Header image is a photo I took atop the cliff at Silver Strand overlooking Galway Bay.
It's a lot cleaner and I think it's easier to read, too. Hope you like it!