From 6700b93c4d7a16e7288e4e2cd3223093926666ea Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Sat, 24 Sep 2011 14:25:33 +0300
Subject: Added _file_mime_type() method to system/libraries/Upload.php in
order to fix a possible MIME-type injection (issue #60)
---
system/libraries/Upload.php | 68 +++++++++++++++++++++++++++++++++++++++++++--
user_guide/changelog.html | 5 +++-
2 files changed, 70 insertions(+), 3 deletions(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 3177424c4..93f763ed9 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -196,7 +196,8 @@ class CI_Upload {
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
$this->file_size = $_FILES[$field]['size'];
- $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
+ $this->_file_mime_type($_FILES[$field]);
+ $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type);
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
$this->file_ext = $this->get_extension($this->file_name);
@@ -1006,8 +1007,71 @@ class CI_Upload {
// --------------------------------------------------------------------
+ /**
+ * File MIME type
+ *
+ * Detects the (actual) MIME type of the uploaded file, if possible.
+ * The input array is expected to be $_FILES[$field]
+ *
+ * @param array
+ * @return void
+ */
+ protected function _file_mime_type($file)
+ {
+ $file_type = '';
+
+ // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag)
+ if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file'))
+ {
+ $finfo = new finfo(FILEINFO_MIME_TYPE);
+ if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system
+ {
+ $file_type = $finfo->file($file['tmp_name']);
+
+ /* According to the comments section of the PHP manual page,
+ * it is possible that this function returns an empty string
+ * for some files (e.g. if they don't exist in the magic MIME database.
+ */
+ if (strlen($file_type) > 1)
+ {
+ $this->file_type = $file_info;
+ return;
+ }
+ }
+ }
+
+ // Fall back to the deprecated mime_content_type(), if available
+ if (function_exists('mime_content_type'))
+ {
+ $this->file_type = @mime_content_type($file['tmp_name']);
+ return;
+ }
+
+ /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type,
+ * which is still more secure than depending on the value of $_FILES[$field]['type'].
+ *
+ * Notes:
+ * - a 'W' in the substr() expression bellow, would mean that we're using Windows
+ * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check
+ */
+ if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec'))
+ {
+ $output = array();
+ @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);
+ if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution
+ {
+ $this->file_type = rtrim($output[0]);
+ return;
+ }
+ }
+
+ $this->file_type = $file['type'];
+ }
+
+ // --------------------------------------------------------------------
+
}
// END Upload Class
/* End of file Upload.php */
-/* Location: ./system/libraries/Upload.php */
\ No newline at end of file
+/* Location: ./system/libraries/Upload.php */
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index 88b4363ea..e44e2f707 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -70,7 +70,10 @@ Change Log
Helpers
-
Added increment_string() to String Helper to turn "foo" into "foo-1" or "foo-1" into "foo-2".
+
Added increment_string() to String Helper to turn "foo" into "foo-1" or "foo-1" into "foo-2".
+
Altered form helper - made action on form_open_multipart helper function call optional. Fixes (#65)
+
url_title() will now trim extra dashes from beginning and end.
+
Improved speed of String Helper's random_string() method
Database
--
cgit v1.2.3-24-g4f1b
From 6a12d8faba9dcb4f321700c86d047f7b6a4f1780 Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Sat, 24 Sep 2011 14:35:10 +0300
Subject: Remove an unnecessary variable initialization
---
system/libraries/Upload.php | 2 --
1 file changed, 2 deletions(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 93f763ed9..04abc9ac6 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1018,8 +1018,6 @@ class CI_Upload {
*/
protected function _file_mime_type($file)
{
- $file_type = '';
-
// Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag)
if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file'))
{
--
cgit v1.2.3-24-g4f1b
From 7bfb95b9c329a7905a20f9ebfeacccac7ffd7e41 Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Sat, 24 Sep 2011 14:45:44 +0300
Subject: Fix alignment with tabs instead of spaces
---
system/libraries/Upload.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 04abc9ac6..fd9c8b3e8 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1058,7 +1058,7 @@ class CI_Upload {
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);
if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution
{
- $this->file_type = rtrim($output[0]);
+ $this->file_type = rtrim($output[0]);
return;
}
}
--
cgit v1.2.3-24-g4f1b
From f1649bf567aa769b283bb0b74ed8aee5b44a704b Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Sat, 24 Sep 2011 22:59:37 +0300
Subject: Fix an erroneus variable name and a typo in comments
---
system/libraries/Upload.php | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index fd9c8b3e8..a0f3e76bb 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1028,11 +1028,11 @@ class CI_Upload {
/* According to the comments section of the PHP manual page,
* it is possible that this function returns an empty string
- * for some files (e.g. if they don't exist in the magic MIME database.
+ * for some files (e.g. if they don't exist in the magic MIME database)
*/
if (strlen($file_type) > 1)
{
- $this->file_type = $file_info;
+ $this->file_type = $file_type;
return;
}
}
--
cgit v1.2.3-24-g4f1b
From dcfee7103408416329c42f376d23fb3c88d4cffc Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Tue, 4 Oct 2011 18:18:21 +0300
Subject: CI_Upload::_file_mime_type
---
user_guide/changelog.html | 1 +
1 file changed, 1 insertion(+)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index e44e2f707..b4bd8bb7f 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -98,6 +98,7 @@ Change Log
If a config class was loaded first then a library with the same name is loaded, the config would be ignored.
Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.
Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.
+
Fixed a bug (#60) - Added _file_mime_type() method to the File Uploading Library in order to fix a possible MIME-type injection (also fixes bug #394).
Version 2.0.3
--
cgit v1.2.3-24-g4f1b
From c5efd10679a7b7b4010cd6cc30bd976d3fe8c1ef Mon Sep 17 00:00:00 2001
From: Andrey Andreev
Date: Tue, 4 Oct 2011 18:27:32 +0300
Subject: Change Windows OS detection approach
---
system/libraries/Upload.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index a0f3e76bb..05511b5d3 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1052,7 +1052,7 @@ class CI_Upload {
* - a 'W' in the substr() expression bellow, would mean that we're using Windows
* - many system admins would disable the exec() function due to security concerns, hence the function_exists() check
*/
- if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec'))
+ if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec'))
{
$output = array();
@exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code);
--
cgit v1.2.3-24-g4f1b
From b7263d152a3c29751e39fd74972707f62f51ca72 Mon Sep 17 00:00:00 2001
From: Mark Huot
Date: Fri, 23 Sep 2011 08:20:29 -0400
Subject: resolve a difference between the two memcache set method parameters
---
system/libraries/Cache/drivers/Cache_memcached.php | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/system/libraries/Cache/drivers/Cache_memcached.php b/system/libraries/Cache/drivers/Cache_memcached.php
index ec2fd216a..fc586e025 100644
--- a/system/libraries/Cache/drivers/Cache_memcached.php
+++ b/system/libraries/Cache/drivers/Cache_memcached.php
@@ -64,7 +64,16 @@ class CI_Cache_memcached extends CI_Driver {
*/
public function save($id, $data, $ttl = 60)
{
- return $this->_memcached->add($id, array($data, time(), $ttl), $ttl);
+ if (get_class($this->_memcached) == 'Memcached')
+ {
+ return $this->_memcached->set($id, array($data, time(), $ttl), $ttl);
+ }
+ else if (get_class($this->_memcached) == 'Memcache')
+ {
+ return $this->_memcached->set($id, array($data, time(), $ttl), 0, $ttl);
+ }
+
+ return FALSE;
}
// ------------------------------------------------------------------------
--
cgit v1.2.3-24-g4f1b
From e13aa67f3e8275d672dc08f21a3992e94bbe3038 Mon Sep 17 00:00:00 2001
From: Bo-Yi Wu
Date: Fri, 7 Oct 2011 14:40:15 +0800
Subject: Fix #537 issue: replace new wav mimetype
---
application/config/mimes.php | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/application/config/mimes.php b/application/config/mimes.php
index 82767d7c8..f00e5b6ed 100644
--- a/application/config/mimes.php
+++ b/application/config/mimes.php
@@ -65,8 +65,8 @@ $mimes = array( 'hqx' => 'application/mac-binhex40',
'rpm' => 'audio/x-pn-realaudio-plugin',
'ra' => 'audio/x-realaudio',
'rv' => 'video/vnd.rn-realvideo',
- 'wav' => 'audio/x-wav',
- 'bmp' => 'image/bmp',
+ 'wav' => array('audio/x-wav', 'audio/wave', 'audio/wav'),
+ 'bmp' => array('image/bmp', 'image/x-windows-bmp'),
'gif' => 'image/gif',
'jpeg' => array('image/jpeg', 'image/pjpeg'),
'jpg' => array('image/jpeg', 'image/pjpeg'),
@@ -103,4 +103,4 @@ $mimes = array( 'hqx' => 'application/mac-binhex40',
/* End of file mimes.php */
-/* Location: ./application/config/mimes.php */
\ No newline at end of file
+/* Location: ./application/config/mimes.php */
--
cgit v1.2.3-24-g4f1b
From 08b0a1cb53f0c3b54a2bf7f8ac0f8b2cd5d8f0ff Mon Sep 17 00:00:00 2001
From: Phil Sturgeon
Date: Wed, 26 Oct 2011 23:39:38 +0100
Subject: Added changelog entry for bugfix.
---
user_guide/changelog.html | 135 +++++++++++++++++++++++-----------------------
1 file changed, 68 insertions(+), 67 deletions(-)
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index b4bd8bb7f..dc1a1f366 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -59,13 +59,13 @@ Change Log
The indicates items that were contributed to CodeIgniter via CodeIgniter Reactor.
-
Version 2.1.0 (planned)
-
Release Date: Not Released
+
Version 2.1.0
+
Release Date: November 01, 2011
General Changes
-
Callback validation rules can now accept parameters like any other validation rule.
+
Callback validation rules can now accept parameters like any other validation rule.
Helpers
@@ -78,27 +78,28 @@ Change Log
Database
-
Added a CUBRID driver to the Database Driver. Thanks to the CUBRID team for supplying this patch.
-
Typecast limit and offset in the Database Driver to integers to avoid possible injection.
+
Added a CUBRID driver to the Database Driver. Thanks to the CUBRID team for supplying this patch.
+
Typecast limit and offset in the Database Driver to integers to avoid possible injection.
Libraries
-
Changed $this->cart->insert() in the Cart Library to return the Row ID if a single item was inserted successfully.
-
Added support to set an optional parameter in your callback rules of validation using the Form Validation Library.
-
Added a Migration Library to assist with applying incremental updates to your database schema.
-
Driver children can be located in any package path.
+
Changed $this->cart->insert() in the Cart Library to return the Row ID if a single item was inserted successfully.
+
Added support to set an optional parameter in your callback rules of validation using the Form Validation Library.
+
Added a Migration Library to assist with applying incremental updates to your database schema.
+
Driver children can be located in any package path.
Bug fixes for 2.1.0
-
Fixed #378 Robots identified as regular browsers by the User Agent class.
-
If a config class was loaded first then a library with the same name is loaded, the config would be ignored.
-
Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.
+
Fixed #378 Robots identified as regular browsers by the User Agent class.
+
If a config class was loaded first then a library with the same name is loaded, the config would be ignored.
+
Fixed a bug (Reactor #19) where 1) the 404_override route was being ignored in some cases, and 2) auto-loaded libraries were not available to the 404_override controller when a controller existed but the requested method did not.
Fixed a bug (Reactor #89) where MySQL export would fail if the table had hyphens or other non alphanumeric/underscore characters.
Fixed a bug (#60) - Added _file_mime_type() method to the File Uploading Library in order to fix a possible MIME-type injection (also fixes bug #394).
+
Fixed a bug (#537) - Support for all wav type in browser.
Version 2.0.3
@@ -116,43 +117,43 @@ Change Log
Added Session Class userdata to the output profiler. Additionally, added a show/hide toggle on HTTP Headers, Session Data and Config Variables.
Removed internal usage of the EXT constant.
Visual updates to the welcome_message view file and default error templates. Thanks to danijelb for the pull request.
-
Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
-
Added "application/x-csv" to mimes.php.
+
Added insert_batch() function to the PostgreSQL database driver. Thanks to epallerols for the patch.
+
Added "application/x-csv" to mimes.php.
Fixed a bug where Email library attachments with a "." in the name would using invalid MIME-types.
Helpers
Added an optional third parameter to heading() which allows adding html attributes to the rendered heading tag.
-
form_open() now only adds a hidden (Cross-site Reference Forgery) protection field when the form's action is internal and is set to the post method. (Reactor #165)
-
Re-worked plural() and singular() functions in the Inflector helper to support considerably more words.
+
form_open() now only adds a hidden (Cross-site Reference Forgery) protection field when the form's action is internal and is set to the post method. (Reactor #165)
+
Re-worked plural() and singular() functions in the Inflector helper to support considerably more words.
Libraries
Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions.
Changed $this->cart->insert() in the Cart Library to return the Row ID if a single item was inserted successfully.
+
Added $this->load->get_var() to the Loader library to retrieve global vars set with $this->load->view() and $this->load->vars().
+
Changed $this->db->having() to insert quotes using escape() rather than escape_str().
Bug fixes for 2.0.3
-
Added ENVIRONMENT to reserved constants. (Reactor #196)
-
Changed server check to ensure SCRIPT_NAME is defined. (Reactor #57)
-
Removed APPPATH.'third_party' from the packages autoloader to negate needless file stats if no packages exist or if the developer does not load any other packages by default.
+
Added ENVIRONMENT to reserved constants. (Reactor #196)
+
Changed server check to ensure SCRIPT_NAME is defined. (Reactor #57)
+
Removed APPPATH.'third_party' from the packages autoloader to negate needless file stats if no packages exist or if the developer does not load any other packages by default.
Fixed a bug (Reactor #231) where Sessions Library database table example SQL did not contain an index on last_activity. See Upgrade Notes.
Fixed a bug (Reactor #229) where the Sessions Library example SQL in the documentation contained incorrect SQL.
Fixed a bug (Core #340) where when passing in the second parameter to $this->db->select(), column names in subsequent queries would not be properly escaped.
-
Fixed issue #199 - Attributes passed as string does not include a space between it and the opening tag.
-
Fixed a bug where the method $this->cart->total_items() from Cart Library now returns the sum of the quantity of all items in the cart instead of your total count.
-
Fixed a bug where not setting 'null' when adding fields in db_forge for mysql and mysqli drivers would default to NULL instead of NOT NULL as the docs suggest.
-
Fixed a bug where using $this->db->select_max(), $this->db->select_min(), etc could throw notices. Thanks to w43l for the patch.
-
Replace checks for STDIN with php_sapi_name() == 'cli' which on the whole is more reliable. This should get parameters in crontab working.
+
Fixed issue #199 - Attributes passed as string does not include a space between it and the opening tag.
+
Fixed a bug where the method $this->cart->total_items() from Cart Library now returns the sum of the quantity of all items in the cart instead of your total count.
+
Fixed a bug where not setting 'null' when adding fields in db_forge for mysql and mysqli drivers would default to NULL instead of NOT NULL as the docs suggest.
+
Fixed a bug where using $this->db->select_max(), $this->db->select_min(), etc could throw notices. Thanks to w43l for the patch.
+
Replace checks for STDIN with php_sapi_name() == 'cli' which on the whole is more reliable. This should get parameters in crontab working.
Version 2.0.2
@@ -164,36 +165,36 @@ Hg Tag: v2.0.2
The Security library was moved to the core and is now loaded automatically. Please remove your loading calls.
The CI_SHA class is now deprecated. All supported versions of PHP provide a sha1() function.
-
constants.php will now be loaded from the environment folder if available.
-
Added language key error logging
-
Made Environment Support optional. Comment out or delete the constant to stop environment checks.
Fixed issue #172 Google Chrome 11 posts incorrectly when action is empty.
@@ -205,34 +206,34 @@ Hg Tag: v2.0.1
General changes
Added $config['cookie_secure'] to the config file to allow requiring a secure (HTTPS) in order to set cookies.
-
Added the constant CI_CORE to help differentiate between Core: TRUE and Reactor: FALSE.
-
Added an ENVIRONMENT constant in index.php, which affects PHP error reporting settings, and optionally,
+
Added the constant CI_CORE to help differentiate between Core: TRUE and Reactor: FALSE.
+
Added an ENVIRONMENT constant in index.php, which affects PHP error reporting settings, and optionally,
which configuration files are loaded (see below). Read more on the Handling Environments page.
Changed the logic for form_open() in Form helper. If no value is passed it will submit to the current URL.
+
Changed the logic for form_open() in Form helper. If no value is passed it will submit to the current URL.
Bug fixes for 2.0.1
-
CLI requests can now be run from any folder, not just when CD'ed next to index.php.
-
Fixed issue #41: Added audio/mp3 mime type to mp3.
-
Fixed a bug (Core #329) where the file caching driver referenced the incorrect cache directory.
-
Fixed a bug (Reactor #69) where the SHA1 library was named incorrectly.
+
CLI requests can now be run from any folder, not just when CD'ed next to index.php.
+
Fixed issue #41: Added audio/mp3 mime type to mp3.
+
Fixed a bug (Core #329) where the file caching driver referenced the incorrect cache directory.
+
Fixed a bug (Reactor #69) where the SHA1 library was named incorrectly.
Version 2.0.0
@@ -246,7 +247,7 @@ Hg Tag: v2.0.0
Scaffolding, having been deprecated for a number of versions, has been removed.
Plugins have been removed, in favor of Helpers. The CAPTCHA plugin has been converted to a Helper and documented. The JavaScript calendar plugin was removed due to the ready availability of great JavaScript calendars, particularly with jQuery.
This tutorial did not cover all of the things you might expect of a full-fledged content management system, but it introduced you to the more important topics of routing, writing controllers, and models. We hope this tutorial gave you an insight into some of CodeIgniter's basic design patterns, which you can expand upon.
+
+
Now that you've completed this tutorial, we recommend you check out the rest of the documentation. CodeIgniter is often praised because of its comprehensive documentation. Use this to your advantage and read the "Introduction" and "General Topics" sections thoroughly. You should read the class and helper references when needed.
+
+
Every intermediate PHP programmer should be able to get the hang of CodeIgniter within a few days.
+
+
If you still have questions about the framework or your own CodeIgniter code, you can:
You now know how you can read data from a database using CodeIgnite, but you haven't written any information to the database yet. In this section you'll expand your news controller and model created earlier to include this functionality.
+
+
Create a form
+
+
To input data into the database you need to create a form where you can input the information to be stored. This means you'll be needing a form with two fields, one for the title and one for the text. You'll derive the slug from our title in the model. Create the new view at application/views/news/create.php.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/user_guide/tutorial/hard_coded_pages.html b/user_guide/tutorial/hard_coded_pages.html
new file mode 100644
index 000000000..6201ed081
--- /dev/null
+++ b/user_guide/tutorial/hard_coded_pages.html
@@ -0,0 +1,159 @@
+
+
+
+
+
+CodeIgniter Features : CodeIgniter User Guide
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The first thing we're going to do is setting up a controller to handle our hard coded pages. A controller is a class with a collection of methods that represent the different actions you can perform on a certain object. In our case, we want to be able to view a page.
+
+
Note: This tutorial assumes you've downloaded CodeIgniter and installed the framework in your development environment.
+
+
Create a file at application/controllers/pages.php with the following code.
If you're familiar with PHP classes you see that we create a Pages class with a view method that accepts one parameter, $page. Another interesting observation is that the Pages class is extending the CI_Controller class. This means that the new Pages class can access the methods and variables defined in the CI_Controller class. When you look at this class in system/core/controller.php you can see this class is doing something really important; assigning an instance from the CodeIgniter super object to the $this object. In most of your code, $this is the object you will use to interact with the framework.
+
+
Now we've created our first method, it is time to do some basic templating. For this tutorial, we will be creating two views to acts as our footer and header. Let's create our header at application/views/templates/header.php and ad the following code.
+
+
+
+
+ - CodeIgniter 2 Tutorial
+
+
+
CodeIgniter 2 Tutorial
+
+
+
+
Our header doesn't do anything exciting. It contains the basic HTML code that we will want to display before loading the main view. You can also see that we echo the $title variable, which we didn't define. We will set this variable in the Pages controller a bit later. Let's go ahead and create a footer at application/views/templates/footer.php that includes the following code.
Now we've set up the basics so we can finally do some real programming. Earlier we set up our controller with a view method. Because we don't want to write a separate method for every page, we made the view method accept one parameter, the name of the page. These hard coded pages will be located in application/views/pages/. Create two files in this directory named home.php and about.php and put in some HTML content.
+
+
In order to load these pages we'll have to check whether these page actually exists. When the page does exist, we load the view for that pages, including the header and footer and display it to the user. If it doesn't, we show a "404 Page not found" error.
The first thing we do is checking whether the page we're looking for does actually exist. We use PHP's native file_exists() to do this check and pass the path where the file is supposed to be. Next is the function show_404(), a CodeIgniter function that renders the default error page and sets the appropriate HTTP headers.
+
+
In the header template you saw we were using the $title variable to customize our page title. This is where we define the title, but instead of assigning the value to a variable, we assign it to the title element in the $data array. The last thing we need to do is loading the views in the order we want them to be displayed. We also pass the $data array to the header view to make its elements available in the header view file.
+
+
Routing
+
+
Actually, our controller is already functioning. Point your browser to index.php/pages/view to see your homepage. When you visit index.php/pages/view/about you will see the about page, again including your header and footer. Now we're going to get rid of the pages/view part in our URI. As you may have seen, CodeIgniter does its routing by the class, method and parameter, separated by slashes.
+
+
Open the routing file located at application/config/routes.php and add the following two lines. Remove all other code that sets any element in the $route array.
CodeIgniter reads its routing rules from top to bottom and routes the request to the first matching rule. These routes are stored in the $route array where the keys represent the incoming request and the value the path to the method, as described above.
+
+
The first rule in our $routes array matches every request - using the wildcard operator (:any) - and passes the value to the view method of the pages class we created earlier. The default controller route makes sure every request to the root goes to the view method as well, which has the first parameter set to 'home' by default.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/user_guide/tutorial/introduction.html b/user_guide/tutorial/introduction.html
new file mode 100644
index 000000000..cb91f4856
--- /dev/null
+++ b/user_guide/tutorial/introduction.html
@@ -0,0 +1,92 @@
+
+
+
+
+
+CodeIgniter Features : CodeIgniter User Guide
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
This tutorial is intended to introduce you to the CodeIgniter framework and the basic principles of MVC architecture.
+ It will show you how a basic CodeIgniter application is constructed in step-by-step fashion.
+
+
+
In this tutorial, you will be creating a basic news application. You will begin by writing the code that can load static pages. Next, you will create a news section that reads news items from a database. Finally, you'll add a form to create news items in the database.
+
+
This tutorial will primarily focus on:
+
+
Model-View-Controller basics
+
Routing basics
+
Form validation
+
Performing basic database queries using "Active Record"
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/user_guide/tutorial/news_section.html b/user_guide/tutorial/news_section.html
new file mode 100644
index 000000000..d0f64e0c9
--- /dev/null
+++ b/user_guide/tutorial/news_section.html
@@ -0,0 +1,242 @@
+
+
+
+
+
+CodeIgniter Features : CodeIgniter User Guide
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
In the last section, we went over some basic concepts of the framework by writing a class that includes static pages. We cleaned up the URI by adding custom routing rules. Now it's time to introduce dynamic content and start using a database.
+
+
Setting up your model
+
+
Instead of writing database operations right in the controller, queries should be placed in a model, so they can easily be reused later. Models are the place where you retrieve, insert, and update information in your database or other data stores. They represent your data.
+
+
Open up the application/models directory and create a new file called news_model.php and add the following code. Make sure you've configured your database properly as described here.
This code looks similar to the controller code that was used earlier. It creates a new model by extending CI_Model and loads the database library. This will make the database class available through the $this->db object.
+
+
Before querying the database, a database schema has to be created. Connect to your database and run the SQL command below. Also add some seed records.
+
+
+CREATE TABLE news (
+ id int(11) NOT NULL AUTO_INCREMENT,
+ title varchar(128) NOT NULL,
+ slug varchar(128) NOT NULL,
+ text text NOT NULL,
+ PRIMARY KEY (id),
+ KEY slug (slug)
+);
+
+
+
Now that the database and a model have been set up, you'll need a method to get all of our posts from our database. To do this, the database abstraction layer that is included with CodeIgniter — ActiveRecord — is used. This makes it possible to write your 'queries' once and make them work on all supported database systems. Add the following code to your model.
With this code you can perform two different queries. You can get all news records, or get a news item by its slug. You might have noticed that the $slug variable wasn't sanitized before running the query; Active Record does this for you.
+
+
Display the news
+
+
Now that the queries are written, the model should be tied to the views that are going to display the news items to the user. This could be done in our pages controller created earlier, but for the sake of clarity, a new "news" controller is defined. Create the new controller at application/controllers/news.php.
Looking at the code, you may see some similarity with the files we created earlier. First, the "__construct" method: it calls the constructor of its parent class (CI_Controller) and loads the model, so it can be used in all other methods in this controller.
+
+
Next, there are two methods to view all news items and one for a specific news item. You can see that the $slug variable is passed to the model's method in the second method. The model is using this slug to identify the news item to be returned.
+
+
Now the data is retrieved by the controller through our model, but nothing is displayed yet. The next thing to do is passing this data to the views.
The code above gets all news records from the model and assigns it to a variable. The value for the title is also assigned to the $data['title'] element and all data is passed to the views. You now need to create a view to render the news items. Create application/views/news/index.php and add the next piece of code.
Here, each news item is looped and displayed to the user. You can see we wrote our template in PHP mixed with HTML. If you prefer to use a template language, you can use CodeIgniter's Template Parser class or a third party parser.
+
+
The news overview page is now done, but a page to display individual news items is still absent. The model created earlier is made in such way that it can easily be used for this functionality. You only need to add some code to the controller and create a new view. Go back to the news controller and add the following lines to the file.
Instead of calling the get_news() method without a parameter, the $slug variable is passed, so it will return the specific news item. The only things left to do is create the corresponding view at application/views/news/view.php. Put the following code in this file.
Because of the wildcard routing rule created earlier, you need need an extra route to view the controller that you just made. Modify your routing file (application/config/routes.php) so it looks as follows. This makes sure the requests reaches the news controller instead of going directly to the pages controller. The first line routes URI's with a slug to the view method in the news controller.
Note: This tutorial assumes you've downloaded CodeIgniter and installed the framework in your development environment.
+
+
The first thing you're going to do is set up a controller to handle static pages.
+A controller is simply a class that helps delegate work. It is the glue of your
+web application.
+
+
For example, when a call is made to: http://example.com/news/latest/10 We might imagine
+that there is a controller named "news". The method being called on news
+would be "latest". The news method's job could be to grab 10
+news items, and render them on the page. Very often in MVC, you'll see URL
+patterns that match: http://example.com/[controller-class]/[controller-method]/[arguments]
+As URL schemes become more complex, this may change. But for now, this is all we will need to know.
+
+
Create a file at application/controllers/pages.php with the following code.
You have created a class named "pages", with a view method that accepts one argument named $page.
+The pages class is extending the CI_Controller class.
+This means that the new pages class can access the methods and variables defined in the CI_Controller class
+(system/core/Controller.php).
+
+
The controller is what will become the center of every request to your web application.
+In very technical CodeIgniter discussions, it may be referred to as the super object.
+Like any php class, you refer to it within your controllers as $this.
+Referring to $this is how you will load libraries, views, and generally
+command the framework.
+
+
Now you've created your first method, it's time to make some basic page templates.
+We will be creating two "views" (page templates) that act as our page footer and header.
+
+
Create the header at application/views/templates/header.php and add the following code.
+
+
+
+
+ - CodeIgniter 2 Tutorial
+
+
+
CodeIgniter 2 Tutorial
+
+
+
+
The header contains the basic HTML code that you'll want to display before loading the main view, together with a heading.
+It will also output the $title variable, which we'll define later in the controller.
+Now create a footer at application/views/templates/footer.php that includes the following code:
Earlier you set up a controller with a view() method. The method accepts one parameter, which is the name of the page to be loaded.
+The static page templates will be located in the application/views/pages/ directory.
+
+
In that directory, create two files named home.php and about.php.
+Within those files, type some text − anything you'd like − and save them.
+If you like to be particularly un-original, try "Hello World!".
+
+
In order to load those pages, you'll have to check whether the requested page actually exists:
+
+
+function view($page = 'home')
+{
+
+ if ( ! file_exists('application/views/pages/' . $page . EXT))
+ {
+ // Whoops, we don't have a page for that!
+ show_404();
+ }
+
+ $data['title'] = ucfirst($page); // Capitalize the first letter
+
+ $this->load->view('templates/header', $data);
+ $this->load->view('pages/' . $page, $data);
+ $this->load->view('templates/footer', $data);
+
+}
+
+
+
Now, when the page does exist, it is loaded, including the header and footer, and displayed to the user. If the page doesn't exist, a "404 Page not found" error is shown.
+
+
The first line in this method checks whether the page actually exists. PHP's native file_exists() function is used to check whether the file is where it's expected to be. show_404() is a built-in CodeIgniter function that renders the default error page.
+
+
In the header template, the $title variable was used to customize the page title. The value of title is defined in this method, but instead of assigning the value to a variable, it is assigned to the title element in the $data array.
+
+
The last thing that has to be done is loading the views in the order they should be displayed.
+The second parameter in the view() method is used to pass values to the view. Each value in the $data array is assigned to a variable with the name of its key. So the value of $data['title'] in the controller is equivalent to $title in the view.
+
+
Routing
+
+
The controller is now functioning! Point your browser to [your-site-url]index.php/pages/view to see your page. When you visit index.php/pages/view/about you'll see the about page, again including the header and footer.
+
+
Using custom routing rules, you have the power to map any URI to any controller and method, and break free from the normal convention:
+http://example.com/[controller-class]/[controller-method]/[arguments]
+
+
Let's do that. Open the routing file located at application/config/routes.php and add the following two lines. Remove all other code that sets any element in the $route array.
CodeIgniter reads its routing rules from top to bottom and routes the request to the first matching rule. Each rule is a regular expression
+(left-side) mapped to a controller and method name separated by slashes (right-side).
+When a request comes in, CodeIgniter looks for the first match, and calls the appropriate controller and method, possibly with arguments.
+
+
More information about routing can be found in the URI Routing documentation.
+
+
Here, the second rule in the $routes array matches any request using the wildcard string (:any).
+and passes the parameter to the view() method of the pages class.
+
+
Now visit index.php/about. Did it get routed correctly to the view() method
+in the pages controller? Awesome!
+
+
+
+
+
+
+
+
+
\ No newline at end of file
--
cgit v1.2.3-24-g4f1b
From b430ecd00aaa80c63734b508c82501bec3a0b703 Mon Sep 17 00:00:00 2001
From: Joël Cox
Date: Tue, 23 Aug 2011 14:54:42 +0200
Subject: Bumped the version number, corrected spelling mistakes (thanks
@chrisberthe) and added links to the tutorial pages in the introduction.
---
user_guide/tutorial/conclusion.html | 4 ++--
user_guide/tutorial/create_news_items.html | 6 +++---
user_guide/tutorial/introduction.html | 17 +++++++++++++----
user_guide/tutorial/news_section.html | 4 ++--
user_guide/tutorial/static_pages.html | 2 +-
5 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/user_guide/tutorial/conclusion.html b/user_guide/tutorial/conclusion.html
index f0a22956d..f3bdaad1d 100644
--- a/user_guide/tutorial/conclusion.html
+++ b/user_guide/tutorial/conclusion.html
@@ -28,7 +28,7 @@
There are only two things here that probably look unfamiliar to you: the form_open() function and the validation_errors() function.
-
The first function is provided by the form helper and renders the form element and adds extra functionality, like adding a hidden CSFR prevention field. The latter is used to report errors related to from validation.
+
The first function is provided by the form helper and renders the form element and adds extra functionality, like adding a hidden CSFR prevention field. The latter is used to report errors related to form validation.
Go back to your news controller. You're going to do two things here, check whether the form was submitted and whether the submitted data passed the validation rules. You'll use the form validation library to do this.
@@ -150,7 +150,7 @@ function set_news()
Routing
-
Before you can start adding news items into your CodeIgniter application you have to add an extra rule to config/routes.php file. Make sure your file contains the following. This makes sure CodeIgniter sees 'update' as a method instead of a news item's slug.
+
Before you can start adding news items into your CodeIgniter application you have to add an extra rule to config/routes.php file. Make sure your file contains the following. This makes sure CodeIgniter sees 'create' as a method instead of a news item's slug.
This tutorial is intended to introduce you to the CodeIgniter framework and the basic principles of MVC architecture.
- It will show you how a basic CodeIgniter application is constructed in step-by-step fashion.
-
+
This tutorial is intended to introduce you to the CodeIgniter framework and the basic principles of MVC architecture. It will show you how a basic CodeIgniter application is constructed in step-by-step fashion.
In this tutorial, you will be creating a basic news application. You will begin by writing the code that can load static pages. Next, you will create a news section that reads news items from a database. Finally, you'll add a form to create news items in the database.
@@ -73,6 +71,17 @@ Introduction
Performing basic database queries using "Active Record"
+
The entire tutorial is split up over several pages, each explaining a small part of the functionality of the CodeIgniter framework. You'll go through the following pages:
+
+
Introduction, this page, which gives you an overview of what to expect.
+
Static pages, which will teach you the basics of controllers, views and routing.
+
News section, where you'll start using models and will be doing some basic database operations.
+
Create news items, which will introduce more advanced database operations and form validation.
+
Conclusion, which will give you some pointers on further reading and other resources.
+
+
+
Enjoy your exploration of the CodeIgniter framework.
Now that the database and a model have been set up, you'll need a method to get all of our posts from our database. To do this, the database abstraction layer that is included with CodeIgniter — ActiveRecord — is used. This makes it possible to write your 'queries' once and make them work on all supported database systems. Add the following code to your model.
+
Now that the database and a model have been set up, you'll need a method to get all of our posts from our database. To do this, the database abstraction layer that is included with CodeIgniter — Active Record — is used. This makes it possible to write your 'queries' once and make them work on all supported database systems. Add the following code to your model.
function get_news($slug = FALSE)
diff --git a/user_guide/tutorial/static_pages.html b/user_guide/tutorial/static_pages.html
index 69e5b7446..d5eec43da 100644
--- a/user_guide/tutorial/static_pages.html
+++ b/user_guide/tutorial/static_pages.html
@@ -28,7 +28,7 @@
Go back to your news controller. You're going to do two things here, check whether the form was submitted and whether the submitted data passed the validation rules. You'll use the form validation library to do this.
-function create()
+public function create()
{
$this->load->helper('form');
$this->load->library('form_validation');
@@ -112,7 +112,6 @@ function create()
$this->news_model->set_news();
$this->load->view('news/success');
}
-
}
@@ -127,7 +126,7 @@ function create()
The only thing that remains is writing a method that writes the data to the database. You'll use the Active Record class to insert the information and use the input library to get the posted data. Open up the model created earlier and add the following:
-function set_news()
+public function set_news()
{
$this->load->helper('url');
@@ -140,7 +139,6 @@ function set_news()
);
return $this->db->insert('news', $data);
-
}
diff --git a/user_guide/tutorial/hard_coded_pages.html b/user_guide/tutorial/hard_coded_pages.html
index e83f1ec80..408634a78 100644
--- a/user_guide/tutorial/hard_coded_pages.html
+++ b/user_guide/tutorial/hard_coded_pages.html
@@ -68,7 +68,7 @@ Features
<?php
class Pages extends CI_Controller {
- function view($page = 'home')
+ public function view($page = 'home')
{
}
@@ -104,7 +104,7 @@ class Pages extends CI_Controller {
In order to load these pages we'll have to check whether these page actually exists. When the page does exist, we load the view for that pages, including the header and footer and display it to the user. If it doesn't, we show a "404 Page not found" error.
This tutorial is intended to introduce you to the CodeIgniter framework and the basic principles of MVC architecture. It will show you how a basic CodeIgniter application is constructed in step-by-step fashion.
+
+
In this tutorial, you will be creating a basic news application. You will begin by writing the code that can load static pages. Next, you will create a news section that reads news items from a database. Finally, you'll add a form to create news items in the database.
+
+
This tutorial will primarily focus on:
+
+
Model-View-Controller basics
+
Routing basics
+
Form validation
+
Performing basic database queries using "Active Record"
+
+
+
The entire tutorial is split up over several pages, each explaining a small part of the functionality of the CodeIgniter framework. You'll go through the following pages:
+
+
Introduction, this page, which gives you an overview of what to expect.
+
Static pages, which will teach you the basics of controllers, views and routing.
+
News section, where you'll start using models and will be doing some basic database operations.
+
Create news items, which will introduce more advanced database operations and form validation.
+
Conclusion, which will give you some pointers on further reading and other resources.
+
+
+
Enjoy your exploration of the CodeIgniter framework.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/user_guide/tutorial/introduction.html b/user_guide/tutorial/introduction.html
deleted file mode 100644
index 78fd00b61..000000000
--- a/user_guide/tutorial/introduction.html
+++ /dev/null
@@ -1,101 +0,0 @@
-
-
-
-
-
-CodeIgniter Features : CodeIgniter User Guide
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
This tutorial is intended to introduce you to the CodeIgniter framework and the basic principles of MVC architecture. It will show you how a basic CodeIgniter application is constructed in step-by-step fashion.
-
-
In this tutorial, you will be creating a basic news application. You will begin by writing the code that can load static pages. Next, you will create a news section that reads news items from a database. Finally, you'll add a form to create news items in the database.
-
-
This tutorial will primarily focus on:
-
-
Model-View-Controller basics
-
Routing basics
-
Form validation
-
Performing basic database queries using "Active Record"
-
-
-
The entire tutorial is split up over several pages, each explaining a small part of the functionality of the CodeIgniter framework. You'll go through the following pages:
-
-
Introduction, this page, which gives you an overview of what to expect.
-
Static pages, which will teach you the basics of controllers, views and routing.
-
News section, where you'll start using models and will be doing some basic database operations.
-
Create news items, which will introduce more advanced database operations and form validation.
-
Conclusion, which will give you some pointers on further reading and other resources.
-
-
-
Enjoy your exploration of the CodeIgniter framework.
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/user_guide/tutorial/news_section.html b/user_guide/tutorial/news_section.html
index 191f0e1eb..b2d883184 100644
--- a/user_guide/tutorial/news_section.html
+++ b/user_guide/tutorial/news_section.html
@@ -42,7 +42,7 @@
@@ -71,10 +71,9 @@ News section
<?php
class News_model extends CI_Model {
- function __construct()
+ public function __construct()
{
$this->load->database();
-
}
}
@@ -97,18 +96,16 @@ CREATE TABLE news (
Now that the database and a model have been set up, you'll need a method to get all of our posts from our database. To do this, the database abstraction layer that is included with CodeIgniter — Active Record — is used. This makes it possible to write your 'queries' once and make them work on all supported database systems. Add the following code to your model.
The news overview page is now done, but a page to display individual news items is still absent. The model created earlier is made in such way that it can easily be used for this functionality. You only need to add some code to the controller and create a new view. Go back to the news controller and add the following lines to the file.
@@ -79,7 +79,7 @@ As URL schemes become more complex, this may change. But for now, this is all we
class Pages extends CI_Controller {
- function view($page = 'home')
+ public function view($page = 'home')
{
}
@@ -134,10 +134,10 @@ If you like to be particularly un-original, try "Hello World!".
In order to load those pages, you'll have to check whether the requested page actually exists:
-function view($page = 'home')
+public function view($page = 'home')
{
- if ( ! file_exists('application/views/pages/' . $page . '.php'))
+ if ( ! file_exists('application/views/pages/'.$page.'.php'))
{
// Whoops, we don't have a page for that!
show_404();
@@ -146,10 +146,10 @@ function view($page = 'home')
$data['title'] = ucfirst($page); // Capitalize the first letter
$this->load->view('templates/header', $data);
- $this->load->view('pages/' . $page, $data);
+ $this->load->view('pages/'.$page, $data);
$this->load->view('templates/footer', $data);
-
-}
+
+}
Now, when the page does exist, it is loaded, including the header and footer, and displayed to the user. If the page doesn't exist, a "404 Page not found" error is shown.
@@ -193,7 +193,7 @@ in the pages controller? Awesome!