But this is doing nothing, it's not rebooting or shutting down using this code.
If you are using apache, it runs as its own user and does not have permission to run
sudo. To do that, you have to edit
/etc/sudoers (as root) and add a line:
apache ALL = NOPASSWD: /sbin/reboot, /sbin/halt
That's presuming the user name is
apache -- I'm not sure what it actually is since I don't have it installed on the pi. To check, try in order:
grep apache /etc/passwd
grep httpd /etc/passwd
grep www-data /etc/passwd
The first one of those that returns a line is the name you should use. Alternately, you could just look at
top while the server is running and find the user name. There is one instance of apache/httpd that runs root, but there are others that are unprivileged and those execute PHP.