Home/ Questions/Q 5975051
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T21:01:45+00:00

I’m developing with cakePhP and I have the following problem: When a user logs

  • 0

I’m developing with cakePhP and I have the following problem:

When a user logs in with his name and password to the account system that I’ve created, he can save items (images) as favorites. This is saved in a text field into the database. What is saved is the image ID.

The saving process works perfectly, the user clicks on the images and they’re added to that field (it actually saves all the IDs as a text array that I process later).

The problem comes when removing images. When the user does it (I’ll post the code below), the images is removed correctly from the database (I go to PHP MyAdmin and I see it). This means that the array that holds the favorite images IDs is updated instantly. However, when I reload that array from the website, it hasn’t been updated. It’s like it’s stored in the caché or something. Then, if the user logs out and logs in again, then he can see the correct one. The thing is that I have other things in my website that work in a similar way and they all get updated instantly, so I can’t see why this doesn’t.

This is the code that I use to remove the ID from the database:

function remove_favorite($pictureID) {

    $this->User->id = $this->Auth->User('id'); //We get the ID of the current user

    $favoritesArray = $this->User->deleteFavoritePicture($this->User->id, $pictureID); //This function retrieves the array (string) of pictures from the user's table, and deletes all the images with the ID passed as parameter, returning the updated array (string)

    $fields = array('images_favorites' => $favoritesArray, 'modified' => true); //We indicate the field that we're going to update in the users table

    //We save the new string that doesn't contain the deleted image anymore
    if($this->User->save($fields, false, array('images_favorites'))) {
        $this->Session->setFlash(__('The image has been removed from your favorites', true));
    } else {
        $this->Session->setFlash(__('Error removing image from favorites, please try again', true));
    }

    $this->redirect(array('action' => 'manage_favorites',$this->User->id));
}

This is how the deleteFavoritePicture function looks like:

function deleteFavoritePicture($userID, $pictureID) {

        $userInfo = $this->find("id = $userID");

        $favoritePicturesString = $userInfo['User']['images_favorites'];
        $favoritePicturesArray = explode(",", $favoritePicturesString); //Array

        $i = 0;
        while ($i < count($favoritePicturesArray)) {
            //We remove from the array the images which ID is the one we receive to delete
            if ($favoritePicturesArray[$i] == $pictureID) unset($favoritePicturesArray[$i]);
            $i++;
        }

        $favoritePicturesString = implode(",", $favoritePicturesArray); //String
        return ($favoritePicturesString);
    }

That’s it. Does anyone now what can be going on? Thanks so much in advance for any clue!

EDIT

Ok, I think I found something that may give a clue of what’s going on here:

This is the code for the manage_favorites action:

function manage_favorites($id) {

    //$user = $this->User->find("id = $id");
    $user = $this->Auth->user();

    $this->set('user', $user);
}

That is the action that is called for the page when a user wants to modify his favorites. The same action is called once the user removes a favorite. Here’s the thing:

If I use the $id parameter in the manage_favorites function and the $user = $this->User->find("id = $id"); line (the one quoted now), then the problem does not exist! This is how I used to have it. HOWEVER, I had to change it because it was a big security flaw, since the user id ($id) was a visible parameter who anyone could change, and then access other users accounts. What I did was changing the way I obtain the user array of favorite images, using the following line: $user = $this->Auth->user();. This is how I have it now (well, and also without the $id parameter in the function header), so the user information (including the favorites array) comes from the Auth component, instead directly from the database.

So, the problem is clear: when the user deletes a favorite, it’s doing it on the array in the database. WHen I show the result of that operation, the array I’m retrieving is not the one in the DB, it’s the one in the session. That’s why it’s not showing the changes.

How can I avoid this without using a non-secure method like the one I had before?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you save, the array passed to the save method of the model should look like this:

    [User] => array(
    [field] => value,
    [field2] => value2,
    ...
)

    In your example, you clearly haven’t added the [User] key.

    Also, is your modified field actually the default Cake modified field? That is, the DATETIME field which changes to the current time when the row is updated?

    Lastly, maybe you have debugging set to 2 in config.php. try changing this to 0 (as in production) and see if caching persists.

    Hope some of the points I have mentioned above will solve your problem. Please let me know!

    • 0