Phrame is a simple PHP-MVC-framework. This means it divides an application into three parts:
- Controllers handle user input and patches data from the model to the view.
- Models allow abstracted access to the database and perform validity checks, conversion, sanatation and so on
- Views provide the user interface.
class Page_Controller extends Application_Controller {
var $title;
function index () {
$this->title = 'Hallo Welt';
render();
}
}
Per default, the index
-function is called if the user accesses /index.php/page/ (see Routing)
For render
, see Views.
class Page extends Model {
static $table_name = 'pages';
static $index = array('name');
static $struct = array(
'name' => 'string',
'content' => 'text',
'updatedAt' => 'timestamp',
'createdAt' => 'timestamp'
);
}
Note here that the ID field is automaticly generated. There are several default methods for accessing Models:
$page = Page::find(1); // Finds page with id = 1
$page['name'] = 'Testseite';
$page.save(); // Saves pages to database
$page.delete(); // Removes page from database
views/layout/global.php
wraps every viewviews/layout/page.php
wraps all views for the page controllerviews/page/index.php
contains the view forPage_Controllers
index
method
If the layout pages don't exist, they will be skiped
Higher level views are able to access lower level view using the $yield
variable (This is adopted from
Rails, we will most certainly change this)
A views/layout/global.php
could look like this:
<html>
<head>
<title><?php echo $this->title ?></title>
</head>
<body>
<?php echo $yield ?>
</body>
</html>
A views/page/index
could look like this:
List of Pages:
<?php while ($page = Page.each()) { ?>
<p>
<a href="/index.php/page/<?php echo $page['ID'] ?>"><?php echo $page['name'] ?></a>
</p>
<?php } ?>
Inside the Controller, we can use the render
method.
render()
inside the index
method automaticly sends the index-view to the user.
render('show')
sends the show-view to the user, regardless of the action you are in.
The default routing looks like this:
HTTP Method | Path | Action Called |
---|---|---|
GET | /controller/ | controller_Controller#index |
POST | /controller/ | controller_Controller#create |
GET | /controller/new | controller_Controller#new |
GET | /controller/id | controller_Controller#view |
POST | /controller/id | controller_Controller#update |
DELETE | /controller/id | controller_Controller#destroy |
any | /controller/id/action | controller_Controller#action |
(controller_Controller
means controller
from URL with _Controller
appended, e.g. Page_Controller )
- db_up.php creates the database and tables
- db_down.php destroys the database
NOTE: Make sure to delete this folder in a production enviroment (Or at least passwort protect it using .htaccess)
Phrame has several features aim to make your application more secure- All standart folders, except /phrame are hidden using
.htaccess
- The database adapter automaticly sanatizes the input to prevent SQL-Injections
- The public folder uses
.htaccess
to delete the php file handler. That way, uploaded files cannot be executed - Protection against CSRF
This features are TODO:
- A better way of sanatizing HTML-Input then
htmlentities