I dont mean to sound rude, but in my opinion its extremely bad practice to do any shell_exec on php code, there are many ways you can go about avoiding this among your project.
There are a fair few holes in the project and a bunch of real bad practices too, I would suggest to relook at the code base if you plan on hiding this as more then just a prototype/POC project but actual production friendly :)
Anyways for proof of concept when a user is logged in:
Hi there,
I dont mean to sound rude, but in my opinion its extremely bad practice to do any shell_exec on php code, there are many ways you can go about avoiding this among your project.
There are a fair few holes in the project and a bunch of real bad practices too, I would suggest to relook at the code base if you plan on hiding this as more then just a prototype/POC project but actual production friendly :)
Anyways for proof of concept when a user is logged in:
http://123.123.123.123/index.php?action=runbackup&id=;%20cat%20/etc/passwd
All the best :)