<?php
/**
* Template Name: System Terminal
* Description: An admin-only terminal emulator to execute system commands (use with extreme caution).
* Security: Only users with ‘manage_options’ capability can access this page.
*/
// Prevent direct access
if (!defined(‘ABSPATH’)) {
exit;
}
/**
* Ensure the session is started for storing the current working directory.
* WordPress doesn’t use sessions by default, so we start one only when needed.
*/
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
/**
* Security: Restrict access to administrators only.
* The ‘manage_options’ capability is typically held by admin roles.
*/
if (!current_user_can(‘manage_options’)) {
wp_die(
‘Access denied. You do not have sufficient permissions to access this page.’,
‘Unauthorized’,
[‘response’ => 403]
);
}
// Allowed PHP execution functions (ordered by preference)
$exec_functions = [‘passthru’, ‘system’, ‘exec’, ‘shell_exec’, ‘proc_open’, ‘popen’];
// Check if at least one command execution function is available
$can_execute = false;
foreach ($exec_functions as $func) {
if (function_exists($func)) {
$can_execute = true;
break;
}
}
// Initialize or retrieve the current working directory (CWD) from session
if (!isset($_SESSION[‘term_cwd’])) {
$_SESSION[‘term_cwd’] = getcwd() ?: ABSPATH;
}
// Handle directory change via the hidden ‘path’ field (or manual path change)
if (isset($_POST[‘term_path’]) && is_dir($_POST[‘term_path’])) {
$real_path = realpath($_POST[‘term_path’]);
if ($real_path && is_dir($real_path)) {
$_SESSION[‘term_cwd’] = $real_path;
}
}
$cwd = $_SESSION[‘term_cwd’];
$output = ”;
// Nonce verification for CSRF protection
if (isset($_POST[‘term_submit’]) && isset($_POST[‘term_nonce’])) {
if (!wp_verify_nonce($_POST[‘term_nonce’], ‘term_action’)) {
$output = ‘Security check failed. Please reload the page and try again.’;
} else {
$cmd_input = trim($_POST[‘term_text’] ?? ”);
// Handle the ‘cd’ command internally (changes directory without executing system cd)
if (preg_match(‘/^cd\s*(.*)$/’, $cmd_input, $matches)) {
$dir = trim($matches[1]);
// Empty or ‘~’ means go to document root (or fallback to current)
if ($dir === ” || $dir === ‘~’) {
$dir = $_SERVER[‘DOCUMENT_ROOT’] ?? $cwd;
} elseif ($dir[0] !== ‘/’ && $dir[0] !== ‘\\’) {
// Relative path: prepend current working directory
$dir = $cwd . DIRECTORY_SEPARATOR . $dir;
}
$real_dir = realpath($dir);
if ($real_dir && is_dir($real_dir)) {
$_SESSION[‘term_cwd’] = $real_dir;
$cwd = $real_dir;
$output = ‘Changed directory to ‘ . htmlspecialchars($real_dir);
} else {
$output = ‘bash: cd: ‘ . htmlspecialchars($matches[1]) . ‘: No such file or directory’;
}
} else {
// Execute any other command if execution functions are available
if ($can_execute) {
// Attempt to change to the stored working directory
if (!chdir($cwd)) {
$output = “Warning: Could not change to directory: ” . htmlspecialchars($cwd);
} else {
// Append stderr to stdout for consistent output capture
$cmd = $cmd_input . ‘ 2>&1’;
// PRIORITY: passthru (direct output to buffer)
if (function_exists(‘passthru’)) {
ob_start();
passthru($cmd);
$output = ob_get_clean();
} elseif (function_exists(‘system’)) {
ob_start();
system($cmd);
$output = ob_get_clean();
} elseif (function_exists(‘exec’)) {
exec($cmd, $out_lines);
$output = implode(“\n”, $out_lines);
} elseif (function_exists(‘shell_exec’)) {
$output = shell_exec($cmd);
} elseif (function_exists(‘proc_open’)) {
$pipes = [];
$process = proc_open($cmd, [
0 => [‘pipe’, ‘r’],
1 => [‘pipe’, ‘w’],
2 => [‘pipe’, ‘w’]
], $pipes, $cwd);
if (is_resource($process)) {
fclose($pipes[0]);
$output = stream_get_contents($pipes[1]);
fclose($pipes[1]);
$output .= stream_get_contents($pipes[2]);
fclose($pipes[2]);
proc_close($process);
} else {
$output = ‘Failed to execute command via proc_open.’;
}
} elseif (function_exists(‘popen’)) {
$handle = popen($cmd, ‘r’);
if ($handle) {
$output = stream_get_contents($handle);
pclose($handle);
} else {
$output = ‘Failed to execute command via popen.’;
}
} else {
$output = ‘Error: No command execution functions available.’;
}
}
} else {
$output = ‘Command execution functions are disabled on this server.’;
}
}
}
}
?>
<!DOCTYPE html>
<html <?php language_attributes(); ?>>
<head>
<meta charset=”<?php bloginfo(‘charset’); ?>”>
<meta name=”viewport” content=”width=device-width, initial-scale=1″>
<title>System Terminal · <?php echo esc_html(get_bloginfo(‘name’)); ?></title>
<?php wp_head(); ?>
<style>
/* Minimalist terminal styling */
.term-container {
background: #1e1e2f;
color: #c0caf5;
font-family: ‘Courier New’, ‘Fira Code’, monospace;
padding: 20px;
border-radius: 12px;
margin: 20px 0;
box-shadow: 0 8px 20px rgba(0,0,0,0.3);
}
.term-prompt {
color: #9cdcfe;
font-weight: bold;
margin-bottom: 10px;
font-size: 1.1em;
border-bottom: 1px solid #2a2a3c;
padding-bottom: 6px;
}
.term-output {
background: #0d0d17;
padding: 15px;
border-radius: 8px;
white-space: pre-wrap;
word-break: break-all;
font-size: 14px;
margin: 15px 0;
overflow-x: auto;
max-height: 400px;
overflow-y: auto;
border: 1px solid #2c2c3a;
}
.term-input-group {
display: flex;
gap: 12px;
align-items: center;
flex-wrap: wrap;
}
.term-input-group input[type=”text”] {
flex: 4;
background: #0d0d17;
border: 1px solid #3b3b4f;
color: #ffffff;
padding: 12px 16px;
font-family: monospace;
font-size: 14px;
border-radius: 40px;
outline: none;
transition: all 0.2s ease;
}
.term-input-group input[type=”text”]:focus {
border-color: #7aa2f7;
box-shadow: 0 0 0 2px rgba(122,162,247,0.3);
}
.term-input-group input[type=”submit”] {
background: #2c3e66;
border: none;
color: white;
padding: 12px 24px;
border-radius: 40px;
cursor: pointer;
font-weight: bold;
font-family: inherit;
transition: background 0.2s;
}
.term-input-group input[type=”submit”]:hover {
background: #3b5b8c;
}
.term-warning {
background: #2a1e1e;
border-left: 6px solid #e06c75;
padding: 12px 18px;
border-radius: 8px;
margin-bottom: 20px;
color: #f8c8c8;
font-size: 0.85rem;
}
.term-path {
color: #bb9af7;
font-size: 0.85rem;
background: #15161e;
display: inline-block;
padding: 6px 14px;
border-radius: 40px;
margin-top: 5px;
}
footer {
font-size: 0.7rem;
text-align: center;
margin-top: 30px;
opacity: 0.6;
}
</style>
</head>
<body <?php body_class(); ?>>
<?php wp_body_open(); ?>
<div class=”wrap” style=”max-width: 1200px; margin: 30px auto; padding: 0 20px;”>
<div class=”term-container”>
<div class=”term-prompt”>
⚡ SYSTEM TERMINAL (root@<?php echo esc_html(gethostname()); ?>)
</div>
<div class=”term-warning”>
⚠️ <strong>Ultra-sensitive area</strong> — You are executing commands directly on the server.
Any command you type has the same privileges as the web server user.
Use only if you know what you’re doing. This interface is restricted to administrators.
</div>
<div>
<span class=”term-path”>📁 <?php echo esc_html($cwd); ?></span>
</div>
<?php if ($output !== ”): ?>
<div class=”term-output”>
<?php echo nl2br(esc_html($output)); ?>
</div>
<?php else: ?>
<div class=”term-output” style=”color: #6e738d;”>
⚡ Ready — Enter a command (e.g., <kbd>ls -la</kbd>, <kbd>whoami</kbd>, <kbd>cd ..</kbd>)
</div>
<?php endif; ?>
<form method=”post” action=””>
<?php wp_nonce_field(‘term_action’, ‘term_nonce’); ?>
<div class=”term-input-group”>
<input type=”text” name=”term_text” size=”40″ placeholder=”Enter command here…” autocomplete=”off” spellcheck=”false” />
<input type=”hidden” name=”term_path” value=”<?php echo esc_attr($cwd); ?>” />
<input type=”submit” name=”term_submit” value=”⏎ Execute” />
</div>
</form>
<footer>
⚡ PHP exec functions: <?php echo $can_execute ? ‘available’ : ‘UNAVAILABLE’; ?> |
Session ID: <?php echo esc_html(substr(session_id(), 0, 8)); ?>… |
<a href=”<?php echo esc_url(admin_url()); ?>” style=”color:#7aa2f7;”>← Back to Dashboard</a>
</footer>
</div>
</div>