T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/create_wav_conversion.php
<?php
session_start();

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    header('Location: auth/login.php');
    exit;
}

// Check if form was submitted
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: index.php#create');
    exit;
}

require_once 'config/database.php';
require_once 'api_functions.php';
require_once 'includes/translations.php';

$pdo = getDBConnection();
$api = new APIBoxFunctions('63edba40620216c5aa2c04240ac41dbd');

// Get form data
$title = $_POST['title'] ?? 'Untitled WAV Conversion';
$audioUrl = $_POST['audioUrl'] ?? '';
$audioFile = $_FILES['audioFile'] ?? null;
$sampleRate = $_POST['sampleRate'] ?? '44100'; // 44100, 48000, 96000
$bitDepth = $_POST['bitDepth'] ?? '16'; // 16, 24, 32
$channels = $_POST['channels'] ?? '2'; // 1 (mono), 2 (stereo)

// Validate input
if (empty($audioUrl) && empty($audioFile['name'])) {
    $_SESSION['error'] = 'Please provide an audio file or URL.';
    header('Location: index.php#create');
    exit;
}

// Calculate credit cost
$creditCost = 1; // WAV conversion is relatively cheap

// Check user credits
$stmt = $pdo->prepare("SELECT credits FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();

if (!$user || $user['credits'] < $creditCost) {
    error_log("Insufficient credits for user {$_SESSION['user_id']}: has {$user['credits']}, needs $creditCost");
    $_SESSION['error'] = "Insufficient credits. You need $creditCost credits to convert to WAV. Please purchase credits to continue.";
    header('Location: index.php');
    exit;
}

// Handle file upload if provided
$finalAudioUrl = $audioUrl;
if (!empty($audioFile['name'])) {
    // SECURITY: Enhanced file upload validation
    require_once 'includes/security.php';
    $validation = validateFileUpload($audioFile, ['mp3', 'wav', 'm4a', 'ogg'], 50 * 1024 * 1024); // 50MB max for audio
    
    if (!$validation['valid']) {
        error_log("SECURITY: Invalid audio file upload attempt from user {$_SESSION['user_id']}: " . ($validation['error'] ?? 'unknown error'));
        $_SESSION['error'] = 'Invalid audio file. ' . ($validation['error'] ?? 'Please upload a valid audio file (MP3, WAV, M4A, or OGG).');
        header('Location: index.php#create');
        exit;
    }
    
    $uploadDir = 'uploads/';
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0755, true);
    }
    
    // Use sanitized filename from validation
    $fileName = time() . '_' . $_SESSION['user_id'] . '_' . $validation['filename'];
    $uploadPath = $uploadDir . $fileName;
    
    if (move_uploaded_file($audioFile['tmp_name'], $uploadPath)) {
        $finalAudioUrl = 'https://soundstudiopro.com/' . $uploadPath;
    } else {
        error_log("SECURITY: Failed to move uploaded audio file for user {$_SESSION['user_id']}");
        $_SESSION['error'] = 'Failed to upload audio file.';
        header('Location: index.php#create');
        exit;
    }
}

// Create track record
$temp_task_id = 'wav_conversion_' . time() . '_' . $_SESSION['user_id'] . '_' . uniqid();
$metadata = json_encode([
    'sampleRate' => $sampleRate,
    'bitDepth' => $bitDepth,
    'channels' => $channels,
    'originalAudioUrl' => $finalAudioUrl
]);

$track_id = $api->createTrackRecord($_SESSION['user_id'], $temp_task_id, $title, 'WAV conversion from audio', 'wav', json_decode($metadata, true));

// Deduct credits
$newCredits = $user['credits'] - $creditCost;
$stmt = $pdo->prepare("UPDATE users SET credits = ? WHERE id = ?");
$stmt->execute([$newCredits, $_SESSION['user_id']]);

// Record credit transaction
$stmt = $pdo->prepare("
    INSERT INTO credit_transactions (user_id, amount, type, description, created_at) 
    VALUES (?, ?, 'usage', 'WAV conversion: $title', NOW())
");
$stmt->execute([$_SESSION['user_id'], -$creditCost]);

$_SESSION['credits'] = $newCredits;

// Call the WAV conversion API
$api_data = [
    'audioUrl' => $finalAudioUrl,
    'sampleRate' => $sampleRate,
    'bitDepth' => $bitDepth,
    'channels' => $channels,
    'callBackUrl' => 'https://soundstudiopro.com/callback.php'
];

$result = $api->convertToWAV($api_data);

if (isset($result['error'])) {
    error_log("WAV conversion error: " . json_encode($result));
    $_SESSION['success'] = t('success.wav_conversion.started');
} else {
    // Extract task ID from response
    $real_task_id = $result['taskId'] ?? $result['id'] ?? $result['data']['taskId'] ?? $temp_task_id;
    
    // Update track with real task ID
    $stmt = $pdo->prepare("UPDATE music_tracks SET task_id = ? WHERE id = ?");
    $stmt->execute([$real_task_id, $track_id]);
    
    $_SESSION['success'] = t('success.wav_conversion.started');
}

// Redirect back to the create page with success message
header('Location: index.php#create');
exit;
?>

CasperSecurity Mini