Simple Website Engine

Simple Yet Powerful Website Generator

Actions Documentation

Overview

The actions system allows you to execute PHP code before displaying HTML content. Actions are automatically matched to content pages based on the URL.

How It Works

  • When a page is requested (e.g., /contact)
  • The system looks for actions/contact.php
  • If found, it loads the Contact class
  • Executes the method matching the HTTP method (e.g., get() for GET requests or post() for POST requests)
  • Then displays the views/contact.html page contents

File Naming Convention

  • Action file: actions/contact.php
  • Class name: Contact (capitalized, matches filename)

For multi-word files:

  • File: contact-form.phpClass: ContactForm
  • File: product_list.phpClass: ProductList

Creating an Action Class

Create a PHP file in the actions/ directory matching your content file name:

<?php
// actions/contact.php
class Contact {
    public function get() {
        // Runs on GET requests to /contact
        // Prepare data, check auth, etc.

        return ['title' => 'Hello!']; // This will be available as  in the template
    }
    
    public function post() {
        // Runs on POST requests to /contact
        // Process forms, save data, etc.
        $this->validateCsrf();
        
        $name = getPost('name');
        // ... process data
        
        redirect('/success');
    }
}

Tips:

  • You can create a common parent class (e.g. App) which your actions can extend to share functionality.
  • Behind the actions you can use/create other logic to connect to databases, APIs, or other services.

Supported HTTP Methods

The action system automatically supports all HTTP methods:

  • get() - Handle GET requests
  • post() - Handle POST requests
  • put() - Handle PUT requests
  • delete() - Handle DELETE requests
  • patch() - Handle PATCH requests

Helper Methods

All action classes extend App and have access to these helper methods:

Navigation

redirect('/success');              // Redirect to another page
json(['status' => 'ok']);          // Return JSON response instead of html content
json(['status' => 'failed'], 503); // Return JSON response instead of html content with status code 501

Data Access

$name = getPost('name', 'default');     // Get POST data sanitized
$query = getQuery('q', '');             // Get GET data sanitized

Using those methods helps prevent XSS attacks by sanitizing input data.

Flash Messages

setFlash('success', 'Message sent!');   // Set flash message
$msg = getFlash('success');             // Get and clear flash

Security

verifyCsrf();

Use this in the post method to protect against CSRF attacks. If the CSRF token is invalid, the request will be rejected.