<?php
// includes/shell_exec.php — Executes shell commands securely (admin only)
require_once __DIR__ . '/config.php';
session_start();
header('Content-Type: application/json');

if (empty($_SESSION['is_admin'])) {
    http_response_code(403);
    echo json_encode(['error' => 'Not authorized']);
    exit;
}

$cmd = trim($_POST['command'] ?? '');
if ($cmd === '') {
    echo json_encode(['output' => '']);
    exit;
}

// Restrict dangerous commands for safety
$blacklist = $CONFIG['blacklist_commands'];
foreach ($blacklist as $bad) {
    if (stripos($cmd, $bad) !== false) {
        echo json_encode(['output' => "⚠️ Command '$bad' not allowed"]);
        exit;
    }
}

// Execute safely (captures both stdout and stderr)
$descriptor = [
    1 => ['pipe', 'w'],
    2 => ['pipe', 'w']
];
$process = proc_open($cmd, $descriptor, $pipes, $CONFIG['default_dir']);
if (is_resource($process)) {
    $output = stream_get_contents($pipes[1]);
    $error  = stream_get_contents($pipes[2]);
    fclose($pipes[1]);
    fclose($pipes[2]);
    $status = proc_close($process);
    echo json_encode([
        'output' => trim($output . "\n" . $error),
        'status' => $status
    ]);
} else {
    echo json_encode(['output' => 'Failed to execute command']);
}