T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/radio/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/radio/CATALOG_SEARCH_EXPLAINED.md
# 📚 Catalog Search - How It Works

## 🔍 URL Parameters

The catalog search uses URL query parameters:

```
/radio/catalog/?search=wind&genre=
```

**Parameters:**
- `search` - Search term (searches in track title and artist name)
- `genre` - Filter by genre (empty = all genres)
- `page` - Page number for pagination (optional)

---

## 🎯 How the Search Works

### **1. Search Parameter (`?search=wind`)**

**What it searches:**
- ✅ Track **title** (e.g., "Wind Song", "Windy Day")
- ✅ **Artist name** (e.g., "Wind Band", "Windy Artist")

**How it works:**
```sql
WHERE (title LIKE '%wind%' OR artist_name LIKE '%wind%')
```

**Examples:**
- `?search=wind` → Finds "Wind Song", "Windy Day", "Wind Band"
- `?search=rock` → Finds "Rock Song", "Rock Artist", "Hard Rock"
- `?search=jazz` → Finds tracks with "jazz" in title or artist

**Note:** Search is **case-insensitive** and uses **partial matching** (LIKE with wildcards)

---

### **2. Genre Parameter (`&genre=`)**

**What it filters:**
- Filters tracks by their genre field

**How it works:**
```sql
WHERE genre = 'rock'  -- If genre is provided
-- OR no genre filter if genre is empty
```

**Examples:**
- `?genre=rock` → Only shows rock tracks
- `?genre=jazz` → Only shows jazz tracks
- `?genre=` → Shows all genres (no filter)

**Available genres:**
- Populated from unique genres in `music_tracks` table
- Only shows genres that have `radio_enabled = 1`

---

### **3. Combined Search**

**Example:** `/radio/catalog/?search=wind&genre=ambient`

**What it does:**
1. Searches for "wind" in title or artist name
2. **AND** filters to only ambient genre tracks
3. Returns tracks that match BOTH criteria

**SQL Equivalent:**
```sql
WHERE radio_enabled = 1 
  AND status = 'complete'
  AND (title LIKE '%wind%' OR artist_name LIKE '%wind%')
  AND genre = 'ambient'
```

---

## 📊 Complete Query Flow

### **Step 1: Get Parameters**
```php
$search = $_GET['search'] ?? '';  // "wind"
$genre = $_GET['genre'] ?? '';    // "" (empty)
$page = max(1, (int)($_GET['page'] ?? 1));  // 1
```

### **Step 2: Build WHERE Clause**
```php
$where = ['radio_enabled = 1', 'status = "complete"'];

if ($search) {
    $where[] = '(title LIKE ? OR artist_name LIKE ?)';
    $params[] = '%wind%';
    $params[] = '%wind%';
}

if ($genre) {
    $where[] = 'genre = ?';
    $params[] = $genre;
}
```

**Result:**
```sql
WHERE radio_enabled = 1 
  AND status = 'complete'
  AND (title LIKE '%wind%' OR artist_name LIKE '%wind%')
```

### **Step 3: Execute Query**
```sql
SELECT 
    id, title, artist_name, genre, bpm, duration, 
    audio_url, radio_play_count
FROM music_tracks 
WHERE radio_enabled = 1 
  AND status = 'complete'
  AND (title LIKE '%wind%' OR artist_name LIKE '%wind%')
ORDER BY created_at DESC
LIMIT 50 OFFSET 0
```

---

## 🎨 User Interface

### **Search Form**
```html
<form method="GET">
    <input type="text" name="search" value="wind" placeholder="Search tracks...">
    <select name="genre">
        <option value="">All Genres</option>
        <option value="rock">Rock</option>
        <option value="jazz">Jazz</option>
        ...
    </select>
    <button type="submit">Search</button>
</form>
```

**When submitted:**
- Form sends GET request with parameters
- Page reloads with filtered results
- URL updates to include search parameters

---

## 📄 Pagination

**How it works:**
- Shows 50 tracks per page
- Calculates offset: `($page - 1) * 50`
- Shows "Previous" and "Next" buttons
- Preserves search parameters in pagination links

**Example:**
```
Page 1: LIMIT 50 OFFSET 0
Page 2: LIMIT 50 OFFSET 50
Page 3: LIMIT 50 OFFSET 100
```

**Pagination Links:**
```html
<a href="?page=2&search=wind&genre=">Next</a>
```

---

## 🔒 Security Features

### **1. SQL Injection Prevention**
- Uses **prepared statements** with placeholders
- Parameters are bound, not concatenated
- Safe from SQL injection attacks

### **2. Input Sanitization**
```php
$search = $_GET['search'] ?? '';  // Gets raw input
// Used in prepared statement (safe)
```

### **3. Access Control**
- Requires station login (`$_SESSION['radio_station_id']`)
- Redirects to login if not authenticated

---

## 📋 Example URLs

### **Search Only:**
```
/radio/catalog/?search=wind
```
**Result:** All tracks with "wind" in title or artist name

### **Genre Only:**
```
/radio/catalog/?genre=rock
```
**Result:** All rock tracks

### **Search + Genre:**
```
/radio/catalog/?search=wind&genre=ambient
```
**Result:** Ambient tracks with "wind" in title or artist

### **Pagination:**
```
/radio/catalog/?search=wind&page=2
```
**Result:** Page 2 of "wind" search results

### **No Parameters:**
```
/radio/catalog/
```
**Result:** All radio-enabled tracks (first 50)

---

## 🎯 Search Behavior

### **Partial Matching:**
- `search=wind` matches:
  - ✅ "Wind Song"
  - ✅ "Windy Day"
  - ✅ "The Wind"
  - ✅ "Wind Band" (artist)
  - ❌ "Window" (doesn't match "wind" as word)

### **Case Insensitive:**
- `search=WIND` = `search=wind` = `search=Wind`
- All return same results

### **Multiple Words:**
- `search=wind song` searches for tracks containing both "wind" AND "song"
- Uses LIKE matching, so partial matches work

---

## 🐛 Troubleshooting

### **No Results:**
- Check if tracks have `radio_enabled = 1`
- Check if tracks have `status = 'complete'`
- Verify search term spelling
- Check if genre exists in database

### **Slow Search:**
- Add indexes on `title`, `artist_name`, `genre` columns
- Consider full-text search for better performance

### **Missing Genres:**
- Genres are populated from existing tracks
- If no tracks have a genre, it won't appear in dropdown

---

## 💡 Tips

1. **Use specific terms** for better results
2. **Combine search + genre** for precise filtering
3. **Clear search** by removing `?search=` parameter
4. **Use pagination** for large result sets

---

## 🔄 How to Use

### **Via Browser:**
1. Go to `/radio/catalog/`
2. Enter search term in search box
3. Select genre (optional)
4. Click "Search"
5. URL updates with parameters
6. Results display

### **Via Direct URL:**
```
/radio/catalog/?search=wind&genre=ambient
```
Just paste in browser address bar!

---

## 📊 Current Implementation Status

✅ **Working:**
- Search by title/artist
- Filter by genre
- Pagination
- URL parameter handling
- SQL injection protection

⚠️ **Could Be Improved:**
- Full-text search (faster)
- Search suggestions/autocomplete
- Advanced filters (BPM, duration, date)
- Sort options (popularity, date, title)
- Search history

---

**That's how the catalog search works!** 🎉

CasperSecurity Mini