Configuration Files Overview
Yoneily’s configuration is managed through several key files in the app/config/ directory:
core.php
Core application settings, security, caching, and sessions
database.php
Database connection configuration
bootstrap.php
Application-wide initialization and custom functions
acl.ini.php
Access Control List permissions (legacy INI-based ACL)
Database Configuration
The database configuration is defined in app/config/database.php:
Basic Configuration
<?php
class DATABASE_CONFIG {
var $default = array(
'driver' => 'mysql',
'persistent' => false,
'host' => 'localhost',
'login' => 'root',
'password' => '1234',
'database' => 'magdaleno',
'prefix' => '',
'encoding' => 'utf-8',
);
}
?>
Connection Parameters
| Parameter | Description | Default | Notes |
|---|
driver | Database driver | mysql | Options: mysql, mysqli, postgres |
persistent | Use persistent connections | false | Set to true for better performance, but monitor connections |
host | Database server host | localhost | Can be IP address or hostname |
login | Database username | root | Use restricted user in production |
password | Database password | 1234 | Change this immediately! |
database | Database name | magdaleno | Must match the created database |
prefix | Table prefix | '' | Useful for shared hosting |
encoding | Character encoding | utf-8 | Use utf8 or utf8mb4 for emoji support |
Always use strong, unique passwords for database users in production. Never use the default password 1234.
Core Settings
The app/config/core.php file contains critical application settings.
Debug Level
From core.php:36:
Configure::write('debug', 0);
Production (0)
Development (1)
Full Debug (2)
Configure::write('debug', 0);
- No error messages shown to users
- Flash messages redirect automatically
- Best performance
- Recommended for production
Configure::write('debug', 1);
- Errors and warnings displayed
- Model caches refreshed on each request
- Flash messages require click to continue
- Good for general development
Configure::write('debug', 2);
- Full debug messages shown
- SQL queries displayed
- All errors and warnings visible
- Use only in development
Logging Configuration
From core.php:51:
Configure::write('log', true);
// Boolean: Enable/disable all logging
Configure::write('log', true);
app/tmp/logs/
Character Encoding
From core.php:56:
Configure::write('App.encoding', 'UTF-8');
UTF-8 encoding is essential for international character support. This should match your database encoding.
URL Rewriting
Yoneily uses mod_rewrite by default. If you need to disable it:
From core.php:69:
// Uncomment to use CakePHP without mod_rewrite
//Configure::write('App.baseUrl', env('SCRIPT_NAME'));
Only disable mod_rewrite if your server doesn’t support it. You’ll need to remove all .htaccess files and URLs will include index.php.
Routing Prefixes
From core.php:88:
Configure::write('Routing.prefixes', array('bcknaciones'));
bcknaciones prefix for administrative routes:
/bcknaciones/users/index - Admin user management/bcknaciones/pages/edit/1 - Admin page editor/bcknaciones/galleries/add - Admin gallery creation
Configure::write('Routing.prefixes', array('admin'));
// Enables: admin_index(), admin_edit(), etc.
Security Configuration
Security settings are critical. Always change default values in production!
Security Salt
From core.php:203:
Configure::write('Security.salt', 'PYhG93b0qyJfIxfs2guVoUubWwvniR2G0FgaC9m');
# Generate a random salt
openssl rand -base64 40
core.php:
Configure::write('Security.salt', 'YOUR_GENERATED_RANDOM_STRING_HERE');
Cipher Seed
From core.php:208:
Configure::write('Security.cipherSeed', '7485712659625147843639846751');
# Generate random numbers
date +%s%N | sha256sum | head -c 28
core.php:
Configure::write('Security.cipherSeed', 'YOUR_28_DIGIT_NUMBER');
Security Level
From core.php:198:
Configure::write('Security.level', 'medium');
Configure::write('Security.level', 'high');
- Session timeout:
Session.timeout × 10
- Session IDs regenerated between requests
- Most secure, slight performance impact
Configure::write('Security.level', 'medium');
- Session timeout:
Session.timeout × 100
- Balanced security and performance
- Recommended default
Configure::write('Security.level', 'low');
- Session timeout:
Session.timeout × 300
- Less secure, better performance
- Only for low-security applications
Session Configuration
Session Handler
From core.php:127:
Configure::write('Session.save', 'php');
PHP Sessions
File-based Sessions
Database Sessions
Configure::write('Session.save', 'php');
php.ini)
- Pros: Simple, no configuration needed
- Cons: Not suitable for load-balanced environments
Configure::write('Session.save', 'cake');
app/tmp/sessions/
- Pros: Portable, CakePHP-controlled
- Cons: Requires writable tmp directory
Configure::write('Session.save', 'database');
Configure::write('Session.table', 'cake_sessions');
Configure::write('Session.database', 'default');
- Pros: Scalable, works with load balancers
- Cons: Requires schema setup
Create the table:cake schema run create Sessions
Session Settings
From core.php:167-184:
Configure::write('Session.cookie', 'CAKEPHP');
Configure::write('Session.timeout', '120');
Configure::write('Session.start', true);
Configure::write('Session.checkAgent', true);
| Setting | Value | Description |
|---|
Session.cookie | CAKEPHP | Session cookie name (alphanumeric only) |
Session.timeout | 120 | Base timeout in minutes (modified by Security.level) |
Session.start | true | Auto-start sessions on each request |
Session.checkAgent | true | Verify HTTP_USER_AGENT for security |
With Security.level set to medium and Session.timeout of 120, actual timeout is 120 × 100 = 12,000 minutes (about 8 days).
ACL Configuration
Database ACL
From core.php:240-241:
Configure::write('Acl.classname', 'DbAcl');
Configure::write('Acl.database', 'default');
ACOs (Access Control Objects)
Define what can be accessed (controllers/actions)CREATE TABLE acos (
id int(10) unsigned NOT NULL AUTO_INCREMENT,
parent_id int(10) DEFAULT NULL,
model varchar(255) DEFAULT '',
foreign_key int(10) unsigned DEFAULT NULL,
alias varchar(255) DEFAULT '',
lft int(10) DEFAULT NULL,
rght int(10) DEFAULT NULL,
PRIMARY KEY (id)
);
AROs (Access Request Objects)
Define who requests access (users/groups)These are linked to your User and Group models via the actsAs behavior:From app/models/user.php:89:var $actsAs = array('Acl' => array('requester'));
Permissions (aros_acos)
Links AROs to ACOs with permissions (allow/deny)
Building ACL Tree
Yoneily includes an automatic ACL builder in app/app_controller.php:29-106:
function build_acl() {
// Automatically creates ACO nodes for all controllers and actions
// Only works when debug mode is enabled
}
http://yoneily.local/pages/build_acl
The build_acl() method only runs when Configure::read('debug') is greater than 0.
Authentication Setup
From app/app_controller.php:6,10-22:
var $components = array('Acl','Auth','Session','Email','PasswordHelper');
function beforeFilter(){
parent::beforeFilter();
$this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
$this->Auth->allow('add_vendedor','consulta_codigo','registrado','display');
$this->Auth->loginRedirect = array('controller' => 'users', 'action' => 'home');
$this->Auth->loginError = 'El Usuario o el Password no son válidos por favor intenta nuevamente';
$this->Auth->authorize = 'controller';
}
Key Auth Settings
$this->Auth->loginAction = array(
'controller' => 'users',
'action' => 'login'
);
$this->Auth->allow('add_vendedor','consulta_codigo','registrado','display');
loginRedirect - After Login
$this->Auth->loginRedirect = array(
'controller' => 'users',
'action' => 'home'
);
authorize - Permission Check
$this->Auth->authorize = 'controller';
isAuthorized() method checks permissions.From app/app_controller.php:24-26:function isAuthorized() {
return true;
}
Override this method in specific controllers for custom permission logic.
Cache Configuration
From core.php:302:
Cache::config('default', array('engine' => 'File'));
Cache::config('default', array(
'engine' => 'File',
'duration'=> 3600,
'probability'=> 100,
'path' => CACHE,
'prefix' => 'cake_',
'lock' => false,
'serialize' => true
));
Timezone Configuration
For PHP 5.3+, set the timezone in core.php:247:
// Uncomment and set your timezone
date_default_timezone_set('America/Caracas');
America/Caracas - VenezuelaAmerica/New_York - US EasternAmerica/Los_Angeles - US PacificEurope/London - UKUTC - Universal Coordinated Time
Environment-Specific Configuration
Use environment variables or separate config files for different environments:
// Add to app/config/bootstrap.php
if (file_exists(dirname(__FILE__) . '/environment.php')) {
include dirname(__FILE__) . '/environment.php';
}
// Then create app/config/environment.php (gitignored)
if ($_SERVER['SERVER_NAME'] == 'localhost') {
Configure::write('debug', 2);
} else {
Configure::write('debug', 0);
}
Verification Checklist
Next Steps
User Management
Configure users, groups, and permissions
Admin Panel
Learn how to manage pages, galleries, and promotions