Added Shell Page

src/includes/shell_exec.php

@@ -0,0 +1,46 @@
+<?php
+// includes/shell_exec.php — Executes shell commands securely (admin only)
+require_once __DIR__ . '/config.php';
+session_start();
+header('Content-Type: application/json');
+
+if (empty($_SESSION['is_admin'])) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Not authorized']);
+    exit;
+}
+
+$cmd = trim($_POST['command'] ?? '');
+if ($cmd === '') {
+    echo json_encode(['output' => '']);
+    exit;
+}
+
+// Restrict dangerous commands for safety
+$blacklist = ['rm', 'shutdown', 'reboot', 'passwd', 'dd', ':(){'];
+foreach ($blacklist as $bad) {
+    if (stripos($cmd, $bad) !== false) {
+        echo json_encode(['output' => "⚠️ Command '$bad' not allowed"]);
+        exit;
+    }
+}
+
+// Execute safely (captures both stdout and stderr)
+$descriptor = [
+    1 => ['pipe', 'w'],
+    2 => ['pipe', 'w']
+];
+$process = proc_open($cmd, $descriptor, $pipes, '/home');
+if (is_resource($process)) {
+    $output = stream_get_contents($pipes[1]);
+    $error  = stream_get_contents($pipes[2]);
+    fclose($pipes[1]);
+    fclose($pipes[2]);
+    $status = proc_close($process);
+    echo json_encode([
+        'output' => trim($output . "\n" . $error),
+        'status' => $status
+    ]);
+} else {
+    echo json_encode(['output' => 'Failed to execute command']);
+}