Merge pull request #5285 from kenjis/update-tutorial

docs: update Tutorial

Author: kenjis

user_guide_src/source/images/error.png

@@ -25,7 +25,7 @@ Upgrade Guide
 1. You have to change the values in the default CI4 config files according to the
    changes in the CI3 files. The config names are pretty much the same as in CI3.
 2. If you are using custom config files in your CI3 project you have to create those
-   files as new php classes in your CI4 project in ``app/Config/``. These classes
+   files as new PHP classes in your CI4 project in ``app/Config/``. These classes
    should be in the ``Config`` namespace and should extend ``CodeIgniter\Config\BaseConfig``.
 3. Once you have created all custom config classes, you have to copy the variables
    from the CI3 config into the new CI4 config class as public class properties.

user_guide_src/source/images/tutorial1.png

@@ -6,6 +6,20 @@ you haven't written any information to the database yet. In this section,
 you'll expand your news controller and model created earlier to include
 this functionality.
 
+Enable CSRF Filter
+------------------
+
+Before creating a form, let's enable the CSRF protection.
+
+Open the **app/Config/Filters.php** file and update the ``$methods`` property like the following::
+
+    public $methods = [
+        'post' => ['csrf'],
+    ];
+
+It configures the CSRF filter to be enabled for all **POST** requests.
+You can read more about the CSRF protection in :doc:`Security </libraries/security>` library.
+
 Create a form
 -------------
 
@@ -19,7 +33,7 @@ the slug from our title in the model. Create a new view at
 
     <h2><?= esc($title) ?></h2>
 
-    <?= \Config\Services::validation()->listErrors() ?>
+    <?= service('validation')->listErrors() ?>
 
     <form action="/news/create" method="post">
         <?= csrf_field() ?>
@@ -28,13 +42,13 @@ the slug from our title in the model. Create a new view at
         <input type="input" name="title" /><br />
 
         <label for="body">Text</label>
-        <textarea name="body"></textarea><br />
+        <textarea name="body" cols="45" rows="4"></textarea><br />
 
         <input type="submit" name="submit" value="Create news item" />
     </form>
 
 There are probably only two things here that look unfamiliar. The
-``\Config\Services::validation()->listErrors()`` function is used to report
+``service('validation')->listErrors()`` function is used to report
 errors related to form validation. The ``csrf_field()`` function creates
 a hidden input with a CSRF token that helps protect against some common attacks.
 
@@ -47,7 +61,7 @@ validation <../libraries/validation>` library to do this.
 
     public function create()
     {
-        $model = new NewsModel();
+        $model = model(NewsModel::class);
 
         if ($this->request->getMethod() === 'post' && $this->validate([
             'title' => 'required|min_length[3]|max_length[255]',
@@ -60,7 +74,6 @@ validation <../libraries/validation>` library to do this.
             ]);
 
             echo view('news/success');
-
         } else {
             echo view('templates/header', ['title' => 'Create a news item']);
             echo view('news/create');
@@ -69,9 +82,9 @@ validation <../libraries/validation>` library to do this.
     }
 
 The code above adds a lot of functionality. First we load the NewsModel.
-After that, we check if we deal with the ``POST`` request and then
+After that, we check if we deal with the **POST** request and then
 the Controller-provided helper function is used to validate
-the $_POST fields. In this case, the title and text fields are required.
+the user input data. In this case, the POST data, and the title and text fields are required.
 
 CodeIgniter has a powerful validation library as demonstrated
 above. You can read :doc:`more about this library
@@ -83,7 +96,7 @@ was submitted **and** passed all the rules, the model is called. This
 takes care of passing the news item into the model.
 This contains a new function ``url_title()``. This function -
 provided by the :doc:`URL helper <../helpers/url_helper>` - strips down
-the string you pass it, replacing all spaces by dashes (-) and makes
+the string you pass it, replacing all spaces by dashes (``-``) and makes
 sure everything is in lowercase characters. This leaves you with a nice
 slug, perfect for creating URIs.
 
@@ -106,9 +119,9 @@ or if the row already exists and should be updated, based on the presence
 of a primary key. In this case, there is no ``id`` field passed to it,
 so it will insert a new row into it's table, **news**.
 
-However, by default the insert and update methods in the model will
+However, by default the insert and update methods in the Model will
 not actually save any data because it doesn't know what fields are
-safe to be updated. Edit the model to provide it a list of updatable
+safe to be updated. Edit the **NewsModel** to provide it a list of updatable
 fields in the ``$allowedFields`` property.
 
 ::
@@ -168,8 +181,8 @@ Congratulations
 You just completed your first CodeIgniter4 application!
 
 The image underneath shows your project's **app** folder,
-with all of the files that you created in green.
-The two modified configuration files (Database & Routes) are not shown.
+with all of the files that you created in red.
+The two modified configuration files (**Config/Routes.php** & **Config/Filters.php**) are not shown.
 
 .. image:: ../images/tutorial9.png
     :align: left

user_guide_src/source/images/tutorial2.png

@@ -61,7 +61,7 @@ From your command line type the following:
 
     composer create-project codeigniter4/appstarter ci-news
 
-This creates a new folder, ci-news, which contains your application code, with
+This creates a new folder, **ci-news**, which contains your application code, with
 CodeIgniter installed in the vendor folder.
 
 By default, CodeIgniter starts up in production mode. This is a safety feature
@@ -71,7 +71,7 @@ So first let's fix that. Copy or rename the ``env`` file to ``.env``. Open it up
 This file contains server-specific settings. This means you never will need to
 commit any sensitive information to your version control system. It includes
 some of the most common ones you want to enter already, though they are all commented
-out. So uncomment the line with CI_ENVIRONMENT on it, and change ``production`` to
+out. So uncomment the line with ``CI_ENVIRONMENT`` on it, and change ``production`` to
 ``development``::
 
     CI_ENVIRONMENT = development