// admin_shell.php// Attenzione: usare SOLO su server di test o in rete interna protetta// --- Configurazione ---$USERNAME = &#039;admin&#039;;$PASSWORD_HASH = password_hash(&#039;admin&#039;, PASSWORD_DEFAULT); // genera hash e sostituisci$LOG_FILE = __DIR__ . &#039;/admin_shell.log&#039;;// Lista di comandi consentiti (esatti). Non aggiungere comandi con input libero.$WHITELIST = [    &#039;whoami&#039;,    &#039;uptime&#039;,    &#039;df -h&#039;,    &#039;free -m&#039;,    &#039;ls -la /var/www&#039;,   // esempio: percorso specifico];// --- Basic HTTP Auth ---if (!isset($_SERVER[&#039;PHP_AUTH_USER&#039;])) {    header(&#039;WWW-Authenticate: Basic realm=&quot;Admin Shell&quot;&#039;);    header(&#039;HTTP/1.0 401 Unauthorized&#039;);    echo &#039;Autenticazione richiesta&#039;;    exit;}if ($_SERVER[&#039;PHP_AUTH_USER&#039;] !== $USERNAME || !password_verify($_SERVER[&#039;PHP_AUTH_PW&#039;], $PASSWORD_HASH)) {    header(&#039;HTTP/1.0 403 Forbidden&#039;);    echo &#039;Credenziali non valide&#039;;    exit;}// --- Gestione form ---$selected = $_POST[&#039;cmd&#039;] ?? null;$output = &#039;&#039;;if ($selected) {    // Verifica whitelist    if (!in_array($selected, $WHITELIST, true)) {        $output = &quot;Comando non consentito.&quot;;    } else {        // Esegui comando in modo limitato        // Non usare input utente per costruire il comando        $safe_cmd = escapeshellcmd($selected);        $output = shell_exec($safe_cmd . &#039; 2&gt;&amp;1&#039;); // cattura stderr        // Log        $entry = sprintf(&quot;[%s] user=%s cmd=%s\n&quot;, date(&#039;c&#039;), $_SERVER[&#039;PHP_AUTH_USER&#039;], $selected);        file_put_contents($LOG_FILE, $entry, FILE_APPEND | LOCK_EX);    }}&lt;!doctype html&gt;&lt;html lang=&quot;it&quot;&gt;<head>&lt;meta charset=&quot;utf-8&quot;&gt;<title>Admin Console (whitelist)</title>&lt;title&gt;Admin Console (whitelist)&lt;/title&gt;&lt;style&gt;body{font-family:system-ui,Segoe UI,Roboto,Arial;margin:20px}textarea{width:100%;height:300px;font-family:monospace}.card{max-width:900px;margin:auto}&lt;/style&gt;</head><body>&lt;div class=&quot;card&quot;&gt;  <h2>Console Amministrativa (solo comandi consentiti)</h2>  <form>    &lt;label for=&quot;cmd&quot;&gt;Scegli comando:&lt;/label&gt;    &lt;select name=&quot;cmd&quot; id=&quot;cmd&quot;&gt;      &lt;option value=&quot;&quot;&gt;-- seleziona --&lt;/option&gt;       foreach ($WHITELIST as $c):         &lt;option value=&quot; echo htmlspecialchars($c) &quot;  if($selected===$c) echo &#039;selected&#039; &gt; echo htmlspecialchars($c) &lt;/option&gt;       endforeach;     &lt;/select&gt;    &lt;button type=&quot;submit&quot;&gt;Esegui&lt;/button&gt;  </form>  <h3>Output</h3>  &lt;textarea readonly&gt; echo htmlspecialchars($output) &lt;/textarea&gt;  &lt;p&gt;&lt;small&gt;Log:  echo htmlspecialchars($LOG_FILE) &lt;/small&gt;&lt;/p&gt;  &lt;p style=&quot;color:crimson&quot;&gt;&lt;strong&gt;Avvertenze:&lt;/strong&gt; accesso limitato, usare solo su server controllati. Non esporre a internet pubblico.&lt;/p&gt;&lt;/div&gt;</body></html>