How to lose data in CakePHP

I finally sat down to figure out why scripts for my hurricane website were acting up.  All I knew is for some reason certain yearly archives were not displaying via the pages or by direct linking.  My initial thought was that, for some reason, the for loop in my view was skipping iterations.  After crossing that out I used debug in the controller to see yet again much of the data was not pulling from the database.  Of course, I found that the issues lied in the tables themselves.  Somehow my database went from over 35,000 records of hurricane data to just a small inconspicuous few.

I spent a couple of hours correcting the information (though am still missing all of 2008’s hurricane data) to realize the problem was so freaking simple that I forgot to properly prepare my website prior to publishing.  I had scaffolded most of the controllers that held the information.  And because I did not remove that scaffolding, it allowed anyone who was familiar with CakePHP to edit and delete any and/or all of my records.

It’s a stupid mistake.  A very stupid mistake.  A lazy, thoughtless rush to go live that I did not run through my checklist as I should have.  Though this should not be confined to CakePHP programmers, all should understand the importance of even the smallest details going unchecked.  By allowing the scaffold variable in my controllers I was essentially giving anyone the permission to access domain.com/controller/delete and by overcoming the sole obstacle, a javascript verification box completely delete my records.  It’s easy to forget to remove that one variable line in the controller.  But absolutely costs in the long run.  Luckily my backups came in handy and I was able to restore the data and fix the issues in no time at all. Unfortunately for me I’ll be spending a few hours this weekend retrieving old data I did not have backed up.

Before going live, check all possible scenarios.  Should this instance occur again, I or you may not be so fortunate!