Modelless Forms With Ajax & JSON in CakePHP 3.4

Earlier this week, I needed to implement a simple contact form on a project’s landing page. Since I didn’t want the form to interact with a database, this was the perfect opportunity for what CakePHP calls a ‘modelless form’.

This tutorial describes how to implement a modelless form in CakePHP 3.4 using Ajax and JSON to communicate between the client and server.

(In a follow-up to this tutorial, I take the project one step further by Integrating the SparkPost API.)

Table of Contents

  1. Starting Assumptions
  2. Bake a Contact Form
  3. Bake a Mailer Class for the Form
  4. Bake a Form Controller With No Actions
  5. Create the Contact Form View
  6. Create the Ajax Script
  7. Implement and Test
  8. Conclusion

1: Starting Assumptions

Before starting, be sure the following is true:

  • CakePHP 3.4 is installed for your project, and you are familiar with how it works
  • A ‘typical’ email transfer has been implemented and tested (i.e. SMTP, Debug, etc)
  • jQuery is installed for your project
  • You are comfortable working with PHP, Javascript, jQuery, and HTML
  • You are familiar with command-line basics *

* Command-line instructions are shown for Linux Ubuntu 16.04. You may need to make adjustments if you are using a different OS, or if you prefer to use an IDE or GUI-based text-editor (i.e SublimeText).

2: Bake a Contact Form

At the command line, go to the site’s root directory and enter the following to bake a new form:

bin/Cake bake Form Contact

By default, CakePHP saves the new form as src/Form/ContactForm.php. Open the file, and you should see something like this:

namespace App\Form;

use Cake\Form\Form;
use Cake\Form\Schema;
use Cake\Validation\Validator;

class ContactForm extends Form
    protected function _buildSchema(Schema $schema)
        return $schema;

    protected function _buildValidator(Validator $validator)
        return $validator;

    protected function _execute(array $data)
        return true;

This file includes three magic function signatures to use as a starting point for coding. CakePHP will run these functions automatically when creating, validating, and executing the form.

Let’s start adding some code to this class. First, add the following two namespaces at the top of the file:

use Cake\Log\LogTrait;
use Cake\Mailer\MailerAwareTrait;

We’ll be using both of these shortly.

Now replace the return statement in the _buildSchema function with the following:

return $schema->addField('name', 'string')
            ->addField('email', ['type' => 'email'])
            ->addField('phone', ['type' => 'tel'])
            ->addField('message', ['type' => 'text']);

This bit of code tells CakePHP’s FormHelper about the inputs the form needs to include.

Next, add the following validators to the _buildValidator function, just above the return statement:

// 'name' field
        'message' => __('Please provide your name'),
    ->notBlank('name',__('Name cannot be blank'))
    ->add('name', [
        'minlength' => [
            'rule' => ['minLength', 2],
            'message' => __('Name must be at least 2 characters long')
        'maxlength' => [
            'rule' => ['maxLength', 50],
            'message' => __('Name cannot be more than 50 characters long')
// 'email' field
        'message' => __('Please provide your email address'),
    ->notBlank('email',__('Email address cannot be blank'))
    ->add('email', 'format', [
        'rule' => 'email',
        'message' => __('Please provide a valid email address')
// 'phone' field
    ->add('phone', [
        'minlength' => [
            'rule' => ['minLength', 7],
            'message' => __('Your phone# must be at least 7 characters long'),
            'on' => function ($context) {return !empty($context['data']['phone']);} // conditional on presence
        'maxlength' => [
            'rule' => ['maxLength', 30],
            'message' => __('Your phone# cannot be more than 30 characters long')
// 'message' field
        'message' => __('Please include your message'),
    ->notBlank('name',__('Your message cannot be blank'))
    ->add('message', [
        'minlength' => [
            'rule' => ['minLength', 4],
            'message' => __('Your message must be at least 4 characters long')
        'maxlength' => [
            'rule' => ['maxLength', 2048],
            'message' => __('Your message cannot be more than 2048 characters long')

Basically, this bit of code takes care of the validations that would normally be found in a Model class. These validators help CakePHP’s FormHelper set up the form properly, and are used to validate whatever data the form sends when submitted.

Last, add the following statements in the _execute function above the return statement:


$this->log('Someone just sent us a contact message', 'info');

The first statement uses the Mailer to send the form, the second takes care of logging the event.

3: Bake a Mailer Class For the Form

At the command line, go to the site’s root directory and enter the following to bake a new Mailer class dedicated to the form:

bin/Cake bake mailer ContactUs

By default, CakePHP saves the new Mailer as src/Mailer/ContactUsMailer.php. Open the file, and you should see something like this:

namespace App\Mailer;

use Cake\Mailer\Mailer;

class ContactUsMailer extends Mailer
    static public $name = 'ContactUs';

Now add the following public function to the class:

public function submission(array $data)
        ->setReplyTo($data['email'], $data['name'])
        ->setSubject($data['name'].' just sent us a message')
        ->set(['content' => (array_key_exists('phone',$data) && $data['phone'] != "") ? '<p>Phone#: '.$data['phone'].'</p>'.$data['message'] : $data['message']])

This new Mailer class sets up the email submission defaults needed to post the message. The mailer doesn’t actually send the email – that happens in the controller.

4: Bake a Form Controller With No Actions

At the command line, go to the site’s root directory and enter the following to bake a new controller without any actions:

bin/Cake bake controller Contacts --no-actions

By default, CakePHP saves the new form as src/Controller/ContactsController.php. Open the file, and you should see something like this:

namespace App\Controller;

use App\Controller\AppController;

class ContactsController extends AppController

Once again, this file serves as a starting point for coding. First, add the following namespaces at the top of the file:

use App\Form\ContactForm;
use Cake\Validation\Validator;

Here, we take a step back from the suggested approach in the CakePHP documentation to follow a slightly different path. Instead of creating an index() function, create a function called contactUs() by adding the following public function inside the ContactsController class:

public function contactUs()
    $this->autoRender = 'false';
    $this->viewBuilder()->layout('ajax'); // src/Template/Layout/ajax.ctp
    // Disallow direct access via browser URL

    $mailsent = [
        ,'message'=>__('Your message could not be sent')

    $form = new ContactForm();

    if ($this->request->is('post')) 
        if ($form->execute($this->request->data)) 
            $mailsent = [
                ,'message'=>__('Your message has been sent')
            $errors = $form->errors();

            if (count($errors) > 0) 
                $mailsent['message'] .= ' &mdash; ' . __('Please correct any errors and try again.');

                foreach ($errors as $key => $value) 
                    $mailsent['errors'][$key] = $value;
    } // this is not a post request (error condition)

    $mailsent = json_encode($mailsent, JSON_FORCE_OBJECT);

This function will only be callable via Ajax, and contains the code needed to process the form. It returns a status code, a message, and potentially an array of error objects, all in a JSON format.

5: Create the Contact Form View

At the command line, go to the site’s src/Template directory and enter the following to create a new folder for the view:

mkdir Contacts

Once again, we depart from the suggested approach here. The documentation calls for creating a src/Templates/Contacts/index.ctp page to contain the form. Instead, go into the src/Template/Contacts folder and enter the following to create a new view file that CakePHP can match up with the contactUs() controller function:

touch contact_us.ctp

Open the file, and add the following:

<?= $mailsent ?>

The controller will use this file to pass Ajax responses back to the caller.

Also, before moving on, make sure ownership and permissions are set correctly on both the folder and the file.

Next, embed the form into whatever view file you want. In my case, I placed the form on a website landing page. Here’s the code to generate the form:

<?= $this->Form->create($form,['url'=>['controller'=>'Contacts','action'=>'contactUs'],'id'=>'contactForm','class'=>'async','role'=>'form','name'=>'sentMessage']); ?>
    <?= $this->Form->control('name',['id'=>'name','placeholder'=>'Your Name (required)']); ?>
    <?= $this->Form->control('email',['id'=>'email','placeholder'=>'Your Email (required)']); ?>
    <?= $this->Form->control('phone',['id'=>'phone','placeholder'=>'Your Phone # (optional)']); ?>
    <?= $this->Form->control('message',['id'=>'message','placeholder'=>'Your Message (required)']); ?>
    <div id="responseMessage"></div>
    <?= $this->Form->button('Send Message', ['type' => 'submit','class'=>'btn btn-xl submit']);?>
<?= $this->Form->end() ?>

This code will tell CakePHP everything it needs to know in order to generate an Ajax-ready form inside the view.

6: Create the Ajax Script

Next step is to create the Ajax script that will handle the to-and-fro between client and server. At the command line, go the folder in the site’s webroot where the .js files are stored and enter the following to create the file:

touch ajax.js

Again, make sure ownership and permissions are set correctly, then include this file in your site’s layout template:

<?= $this->Html->script('/js/ajax.js') ?>

Adjust this as needed to target the correct folder for your project. Also, ajax.ctp will use jQuery, so make sure this is included as well.

Now open ajax.js and add the following script:

$(function() {
    "use strict";

    var contentTarget = $("div#responseMessage");

    // handle form submissions
        // prevent the form from submitting 

        // set a convenience variable for the form
        var form = $(this);

        // disable the submit button to prevent repeated clicks
        form.find('.submit').prop('disabled', true);

        // create and post a temporary spinner
        var spinner = '<div class="alert alert-info" role="alert" style="text-align: center;">';
        spinner += '<p class="lead"><span class="fa fa-spinner fa-spin"></span></p>';
        spinner += '</div>';

        // create a text string of form variables in standard URL-encoded notation
        var data = form.serialize(); 

        // set up the Ajax submission defaults
        var type = "POST";
        var url = form.attr('action');

        // submit the form

    // makeAjaxCall function
    function makeAjaxCall(data,type,url,form)
            type    : type,
            url     : url,
            data    : data,
            cache    : false,

    // success function (when the server responds)
    function successFunction(data,textStatus,jqXHR) 
        // create a JS object from the returned string
        var jsonData = JSON.parse(data); // best practice: use native JS instead of jQuery

        // create the server response message
        var message = '<div class="alert alert-'+jsonData.alert+' alert-dismissible" role="alert">';
        message += '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>';
        message += '<p class="lead">'+jsonData.message+'</p>';
        message += '</div>';

        // process the server response
         if (jsonData.status == 'sent')
            // reset the form fields back to their defaults
            $(".async")[0].reset(); // best practice: using [0] will return the native html element, not the DOM element
        else // aka. status is 'error'
             * @TODO: on (re)submit, clear any old error messages that were appended to the inputs
            // append error messages to matching inputs 
            $.each(jsonData.errors, function(input,error)
                    $.each(error, function(type,message)
                            var notice = '<p class="help-block text-danger">'+type+' : '+message+'</p>';
                            var errorTarget = "#"+input;
        // post the server response message

    // fail function (when Ajax fails to make the connection to the server)
    function failFunction(request, textStatus, errorThrown) 
        // create & post the 'failed request' message
        var message = '<div class="alert alert-danger alert-dismissible" role="alert">';
        message += '<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>';
        message += '<p class="lead">OOPS! An error occurred during your request: ' + request.status + ' ' + textStatus + ': ' + errorThrown+'</p>';
        message += '</div>';
        // post the fail message

    // always function, executes regardless of success or failure
    function alwaysFunction(form) 
        // re-enable the submit button
        form.find('.submit').prop('disabled', false);

Note, the alert messages in this script are marked up to work with Bootstrap 3 and FontAwesome 4. Adjust these as needed for your project.

Also, look closely at this script and you’ll notice it can handle any form with a class of .async, not just the contact form!

7: Implement and Test

At this point, the coding is done. All that remains is to implement and test what you’ve done.

Note that I purposely avoided using a specific testing regime in this tutorial. This is because just about everyone has their own approach and toolset for testing. Simply adjust the instructions provided to suit your preferred methodology.


Assuming all has gone well, you should now have in hand a simple, robust, and highly-performant contact form that uses Ajax, jQuery, and JSON to leverage many of CakePHP’s powerful new features.

Next Steps…

In a follow-up to this tutorial, I take the project one step further by Integrating the SparkPost API With CakePHP 3.4.

SkiddleBop: My Latest Project

Since the beginning of April this year I’ve been working on a new app under the working title, ‘SkiddleBop’.

SkiddleBop is designed to be a high-functioning configurable ‘business starter template’ that takes care of managing users, subscriptions, and recurring payments right out of the box.

Designed specifically with subscription-based ventures in mind, the app will handle demos, trials, subscriptions, payments, plans, coupons, discounts, user authorization and authentication, transactional emailing, and more.

As sole practitioner on this project, my role covers the entire development life-cycle from concept development through operational deployment. The project is slated for completion by October 2017.

Core technologies include:

  • Cakephp 3.4
  • Php 7/MySQL5
  • Javascript/jQuery
  • Bootstrap 3 w/ BeyondAdmin theme
  • Stripe API
  • Sparkpost API
  • Apache 2.4.18
  • Ubuntu 16.04.3

The entire month of April was spent on gathering requirements and developing an object-oriented design for the app. The following first two weeks in May were spent transforming this design into a database and application architecture.

Since then, roughly three weeks were spent on building out the core platform in CakePHP 3 to the point where app development can actually get moving. In late May, I was pulled away from the project to deal with a bunch of other things.

It’s now late June and I’m finally getting back in the saddle.

So, basically, much of the app’s core framework has been engineered and implemented. There’s still plenty to do but most is stuff I’ve done before, so I expect things should go somewhat smoothly.

To build out the app from here, I think it makes sense to:

  1. Implement the email messaging capabilities (done)
  2. Set up authorization & authentication stuff
  3. Set up the user management stuff
  4. Implement the login stuff (anonymous & known)
  5. Implement plans
  6. Implement subscriptions
    1. Anonymous demos
    2. Sign-ups & trials
    3. Coupons & discounts
    4. Up/downgrade
    5. Cancel/Reinstate
  7. Implement account management
    1. Invoices & payments
    2. Card replacement
  8. Finish implementing the app configurator
  9. Tidy up the landing site

Implementing SSL Using Let’s Encrypt

I recently decided to implement SSL certificates for all of my published websites. Rather than pay the high costs that commercial cert providers charge, I opted for using Let’s Encrypt. This turned out to be a lot easier than I expected, though I did run into a few gotchas.

First, go the EFF’s Certbot website and use the interactive selector to find the appropriate instructions for the OS/server combo for your system. In my case, I’m running Apache on Ubuntu 16.04. Here’s how I installed the app on my server:

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

Second step is to run the app. The simplest way to do this (for my configuration) is with the following code:

$ sudo certbot --apache

Although this will work fine, I host a number of different projects on the same server. Best practice in this scenario is to certify each hosted domain individually. It’s also best practice to include any aliases and sub-domains as well. Here’s an example for one of my projects:

$ sudo certbot --apache -d -d -d

Note that it’s important to start the list of domains with simple version of the name first as show above.

This is where my first ‘gotcha’ happened. Silly me, I never thought to set my router to direct https requests to Port 443. Once I fixed this, certbot ran just perfectly, although it now threw a different error.

My second ‘gotcha’ was that I had never enabled the mod_ssl module in Apache. In short, Apache was not listening for anything on Port 443. This turned out to be a super-easy fix as well:

sudo a2enmod ssl

Followed by:

sudo service apache2 restart

Then followed by:

apache2ctl -M

… to confirm the module was enabled.

When the instruction runs successfully, the app will ask for some details. Among these, you’ll be asked to choose between allowing both http and https requests or forcing all requests to https. I went with the second, more secure option.

Third, I confirmed that all was working properly using’s SSL testing tool at

Fourth, and finally, I set up a cron job to update the certs when they expire. (Let’s Encrypt certs only last for 90 days, so this is important.)

At the command line, I entered the following instruction to first confirm that cert updating actually works properly for my install. Here’s the code:

$ sudo certbot renew --dry-run

With confirmation in hand, the next thing is to set up a cron job to run this on a daily basis. This involved adding something like the following instruction to /etc/crontab:

15 3 * * * /usr/bin/certbot renew --quiet

Choose whatever run schedule you want. I went for 3:15 every afternoon. Note this will only renew certs that are about to expire. This helps to avoid into any over-quota situations.


This tutorial at Digital Ocean was quite useful in understanding the above process. I also found the Certbot documentation, the community forum at Let’s Encrypt, and the documentation at Let’s Encrypt to be very useful.