Simple Website Engine

Simple Yet Powerful Website Generator

Actions Documentation

Overview

The actions system allows executing PHP code before displaying HTML content. Actions are automatically matched to content pages based on the URL.

How It Works

  • When a page is requested (e.g., /contact)
  • The system looks for actions/contact.php
  • If found, it loads the Contact class
  • Executes the method matching the HTTP method (e.g., get() for GET requests or post() for POST requests)
  • Then displays the views/contact.html page contents

Namespaces in actions

There is no need to use namespaces in actions as each action is included and called in isolation.

This means if there is a file in the following directories:

|- /var/www/project-root/actions/index.php
|- /var/www/project-root/actions/blog/index.php

Both files would define a class called Index without namespace and it should work without a problem:

<?php
class Index {
    public function get() {
        return "Hello from index action";
    }
}

File Naming Convention

  • Action file: actions/contact.php
  • Class name: Contact (capitalized, matches filename)

For multi-word files:

  • File: contact-form.phpClass: ContactForm
  • File: product_list.phpClass: ProductList

Creating an Action Class

Create a PHP file in the actions/ directory matching the content file name:

<?php
// actions/contact-form.php
class ContactForm {
    public function get() {
        // Runs on GET requests to /contact
        // Prepare data, check auth, etc.
        
        // Access to .env parameters
        $var = $_ENV['SOME_PARAMETER'];

        return ['title' => 'Hello!']; // This will be available as  in the template
    }
    
    public function post() {
        // Runs on POST requests to /contact
        // Process forms, save data, etc.
        $this->validateCsrf();
        
        $name = getPost('name');
        // ... process data
        
        redirect('/success');
    }
}

Tips:

  • A common parent class (e.g. App) can be created which actions can extend to share functionality.
  • Additional logic can be used or created behind the actions to connect to databases, APIs, or other services.

Supported HTTP Methods

The action system automatically supports all HTTP methods:

  • get() - Handle GET requests
  • post() - Handle POST requests
  • put() - Handle PUT requests
  • delete() - Handle DELETE requests
  • patch() - Handle PATCH requests

all() method handles any HTTP methods that do not have a specific handler defined.

Helper Methods

redirect($url, $status = 302)
redirect('/success');              // Redirect to another page
json($data, $status = 200)
return json(['status' => 'ok']);          // Return JSON response instead of html content
return json(['status' => 'failed'], 503); // Return JSON response instead of html content with status code 501

Data Access

Using these functions would sanitize the variables. Avoid using raw input data directly like $_POST, $_GET or $_REQUEST.


getPost($key, $default = null)
$name = getPost('name', 'default');     // Get POST data sanitized
getQuery($key, $default = null)
$query = getQuery('q', '');             // Get GET data sanitized

Using those methods helps prevent XSS attacks by sanitizing input data.

Flash Messages

setFlash($key, $message)
setFlash('success', 'Message sent!');   // Set flash message
$msg = getFlash('success');             // Get and clear flash

See how to use flash messages in templates here.

Security

verifyCsrf()
verifyCsrf();

Use this in the post method to protect against CSRF attacks. If the CSRF token is invalid, the request will be rejected.