kokjan/backend/modules/administrator/controllers/ThemeEditorController.php

<?php

namespace backend\modules\administrator\controllers;

use Yii;
use yii\web\Controller;
use yii\web\NotFoundHttpException;
use yii\helpers\FileHelper;
use yii\filters\AccessControl;

/**
 * ThemeEditorController implements online file editing for frontend themes.
 */
class ThemeEditorController extends Controller
{
    /**
     * {@inheritdoc}
     */
    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::class,
                'rules' => [
                    [
                        'allow' => true,
                        'roles' => ['@'], // Only logged in users
                    ],
                ],
            ],
        ];
    }

    /**
     * Get the base path for theme files.
     */
    protected function getThemePath()
    {
        return Yii::getAlias('@frontend/themes/mali/views/layouts');
    }

    /**
     * Lists all editable theme files.
     */
    public function actionIndex()
    {
        $path = $this->getThemePath();
        $files = FileHelper::findFiles($path, [
            'only' => ['*.php', '*.css', '*.js'],
            'recursive' => false,
        ]);

        $fileList = [];
        foreach ($files as $file) {
            $fileList[] = basename($file);
        }

        return $this->render('index', [
            'files' => $fileList,
        ]);
    }

    /**
     * Edit a specific file.
     */
    public function actionEdit($file)
    {
        $path = $this->getThemePath() . DIRECTORY_SEPARATOR . $file;
        
        // Security check: ensure file is within theme directory
        if (!file_exists($path) || strpos(realpath($path), realpath($this->getThemePath())) !== 0) {
            throw new NotFoundHttpException('The requested file does not exist or access is denied.');
        }

        $content = file_get_contents($path);

        if (Yii::$app->request->isPost) {
            $newContent = Yii::$app->request->post('content');
            
            // Backup before save
            copy($path, $path . '.bak');
            
            if (file_put_contents($path, $newContent) !== false) {
                Yii::$app->session->setFlash('success', "บันทึกไฟล์ $file เรียบร้อยแล้ว (สำรองไฟล์เดิมไว้ที่ $file.bak)");
            } else {
                Yii::$app->session->setFlash('error', "ไม่สามารถบันทึกไฟล์ $file ได้ กรุณาตรวจสอบ Permission");
            }
            return $this->refresh();
        }

        return $this->render('edit', [
            'filename' => $file,
            'content' => $content,
        ]);
    }
}
feat: enhance backend dashboard, file manager, theme editor, and visitor statistics filtering 2026-02-27 05:17:24 +00:00			`<?php`

			`namespace backend\modules\administrator\controllers;`

			`use Yii;`
			`use yii\web\Controller;`
			`use yii\web\NotFoundHttpException;`
			`use yii\helpers\FileHelper;`
			`use yii\filters\AccessControl;`

			`/**`
			`* ThemeEditorController implements online file editing for frontend themes.`
			`*/`
			`class ThemeEditorController extends Controller`
			`{`
			`/**`
			`* {@inheritdoc}`
			`*/`
			`public function behaviors()`
			`{`
			`return [`
			`'access' => [`
			`'class' => AccessControl::class,`
			`'rules' => [`
			`[`
			`'allow' => true,`
			`'roles' => ['@'], // Only logged in users`
			`],`
			`],`
			`],`
			`];`
			`}`

			`/**`
			`* Get the base path for theme files.`
			`*/`
			`protected function getThemePath()`
			`{`
			`return Yii::getAlias('@frontend/themes/mali/views/layouts');`
			`}`

			`/**`
			`* Lists all editable theme files.`
			`*/`
			`public function actionIndex()`
			`{`
			`$path = $this->getThemePath();`
			`$files = FileHelper::findFiles($path, [`
			`'only' => ['.php', '.css', '*.js'],`
			`'recursive' => false,`
			`]);`

			`$fileList = [];`
			`foreach ($files as $file) {`
			`$fileList[] = basename($file);`
			`}`

			`return $this->render('index', [`
			`'files' => $fileList,`
			`]);`
			`}`

			`/**`
			`* Edit a specific file.`
			`*/`
			`public function actionEdit($file)`
			`{`
			`$path = $this->getThemePath() . DIRECTORY_SEPARATOR . $file;`

			`// Security check: ensure file is within theme directory`
			`if (!file_exists($path) \|\| strpos(realpath($path), realpath($this->getThemePath())) !== 0) {`
			`throw new NotFoundHttpException('The requested file does not exist or access is denied.');`
			`}`

			`$content = file_get_contents($path);`

			`if (Yii::$app->request->isPost) {`
			`$newContent = Yii::$app->request->post('content');`

			`// Backup before save`
			`copy($path, $path . '.bak');`

			`if (file_put_contents($path, $newContent) !== false) {`
			`Yii::$app->session->setFlash('success', "บันทึกไฟล์ $file เรียบร้อยแล้ว (สำรองไฟล์เดิมไว้ที่ $file.bak)");`
			`} else {`
			`Yii::$app->session->setFlash('error', "ไม่สามารถบันทึกไฟล์ $file ได้ กรุณาตรวจสอบ Permission");`
			`}`
			`return $this->refresh();`
			`}`

			`return $this->render('edit', [`
			`'filename' => $file,`
			`'content' => $content,`
			`]);`
			`}`
			`}`