Introduction
Basic Concepts
Understanding Routing
Controllers
Views
Assets
Modules Calling Modules
Parent & Child Modules
Database Operations
Modules within Modules
Templates & Themes
Helpers Explained
Form Handling
Working with Files
The Module Import Wizard
Authorization & Authentication
The API Explorer
If you’ve found an error, spotted something missing, or feel a section could be clearer or better explained, we’d love to hear from you. Your feedback helps keep the documentation accurate and useful for everyone.
Please report issues or suggest improvements on GitHub. Community input is invaluable in making the docs stronger.
Not comfortable with GitHub? No problem — you can also get in touch with us directly via our contact form. We welcome all feedback.
Securing Methods
Trongate provides a straightforward way to protect controller methods from direct URL access while keeping them available for internal use. This is crucial for maintaining application security.
Using the Underscore Prefix
To prevent direct URL access to a method, prefix it with an underscore (_):
Method Access Rules
| Method Type | URL Access | Internal Access | Example Usage |
|---|---|---|---|
| Public Method | ✓ Allowed | ✓ Allowed | function products() |
| Underscore Method | ✗ Blocked | ✓ Allowed | function _process_form() |
Common Use Cases
Form Processing
API Methods
Security Implications
Important: The underscore prefix only prevents URL access. These methods can still be called from within your application code using $this->_method_name().
Best Practices
- Protect Data Processing: Use underscore prefix for methods that handle sensitive operations or data processing
- Helper Methods: Internal helper methods should always use the underscore prefix
- Form Handlers: Methods that process form submissions should be protected
- API Internals: Internal API operations should use protected methods
Method Organization
A well-organized controller might look like this:
This organization makes it clear which methods are part of your public interface and which are for internal use only.