define('IO_ROOT', __DIR__.'/..'); //定义入口常量require IO_ROOT.'/include/common.php'; //加载公共控制器
if(!isset($_GET['action'])) {
$_GET['action'] = '';
}
switch($_GET['action']) {
// /admin/post.php?action=createcase 'create': {
// 检查权限if(!io_check_perm('post_create')) exit();
// GET读,POST写 ( $_GET['action'] vs $_POST['action'] )if(isset($_POST['action']) && $_POST['action'] == 'create') {
// 判断是否是AJAX请求if(!io_is_ajax()) exit();
// $data = array('status' => 0, 'msg' => 'success', 'data' => array());header('Content-Type: application/json; charset=utf-8');
// 检查输入参数是否完整if(!isset($_POST['csrf'])
|| !isset($_POST['title'])
|| !isset($_POST['content'])
) {
$data = array('status' => 1);
echo json_encode($data);
exit();
}
// 检查CSRFif(!io_check_csrf($io['base_url'].'/admin/post.php?action=create')) {
$data = array('status' => 2);
echo json_encode($data);
exit();
}
// 插入文章if(!io_post_create()) {
$data = array('status' => 3);
echo json_encode($data);
exit();
}
$data = array('status' => 0);
echo json_encode($data);
exit();
}
echo io_render('post_create.php', 'admin');
exit();
}
// /admin/post.php?action=read&id=1024case 'read': {
if(!io_check_perm('post_read')) exit();
if(!isset($_GET['id'])) exit();
$io['data'] = io_post_read($_GET['id']);
echo io_render('post_read.php', 'admin');
exit();
}
// /admin/post.php?action=update&id=1024case 'update': {
if(!io_check_perm('post_update')) exit();
if(isset($_POST['action']) && $_POST['action'] == 'update') {
if(!io_is_ajax()) exit();
header('Content-Type: application/json; charset=utf-8');
if(!isset($_POST['csrf'])
|| !isset($_POST['title'])
|| !isset($_POST['content'])
) {
$data = array('status' => 1);
echo json_encode($data);
exit();
}
if(!io_check_csrf($io['base_url'].'/admin/post.php?action=update')) {
$data = array('status' => 2);
echo json_encode($data);
exit();
}
if(!io_post_update($_GET['id'])) {
$data = array('status' => 3);
echo json_encode($data);
exit();
}
$data = array('status' => 0);
echo json_encode($data);
exit();
}
// update操作包含read操作if(!isset($_GET['id'])) exit();
$io['data'] = io_post_read($_GET['id']);
echo io_render('post_update.php', 'admin');
exit();
}
// /admin/post.php?action=delete&id=1024case 'delete': {
if(!io_check_perm('post_delete')) exit();
if(isset($_POST['action']) && $_POST['action'] == 'delete') {
if(!io_is_ajax()) exit();
header('Content-Type: application/json; charset=utf-8');
if(!isset($_POST['csrf'])
|| !isset($_GET['id'])
) {
$data = array('status' => 1);
echo json_encode($data);
exit();
}
if(!io_check_csrf($io['base_url'].'/admin/post.php?action=delete')) {
$data = array('status' => 2);
echo json_encode($data);
exit();
}
if(!io_post_delete($_GET['id'])) {
$data = array('status' => 3);
echo json_encode($data);
exit();
}
$data = array('status' => 0);
echo json_encode($data);
exit();
}
exit();
}
// /admin/post.php?action=indexcase 'index': {
if(!io_check_perm('post_index')) exit();
$io['data'] = io_post_index($_GET['id']);
echo io_render('post_index.php', 'admin');
exit();
}
default: {
header('Location: '.$io['base_url'].'/admin/post.php?action=index');
exit();
}
}
/*CRUD:create(insert/add/new): 插入read(select/view): 查询update(edit/modify/change/alter): 查询+更新delete(remove/drop): 删除index(list): 分页/排序/筛选io_post_create()io_post_read()io_post_update()io_post_delete()io_post_index()上述这些函数就是对文章这个数据模型的操作,可以归为"数据访问层".用PDO+SQL即可完成这一层的操作:$stmt = $db->prepare($sql);$stmt->execute($params);io_render()函数用于渲染模板,可以归为"界面表示层"./admin/content/theme/default/post_create.php/admin/content/theme/default/post_read.php/admin/content/theme/default/post_update.php/admin/content/theme/default/post_index.php渲染模板函数实现也很简单,比如:ob_start();require $template;return ob_get_clean();*/