T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/fix_stephane_essential.php
<?php
/**
 * IMMEDIATE FIX: Restore Stéphane to Essential Plan
 * Run this in browser: https://soundstudiopro.com/fix_stephane_essential.php
 */

session_start();
require_once __DIR__ . '/config/database.php';

// Security check - only allow if admin or direct access
$is_admin = isset($_SESSION['is_admin']) && $_SESSION['is_admin'];
$direct_access = isset($_GET['fix']) && $_GET['fix'] === 'now';

if (!$is_admin && !$direct_access) {
    die("Access denied. Add ?fix=now to URL if you're sure.");
}

$pdo = getDBConnection();

echo "<h2>Fixing Stéphane's Plan</h2>";

// Get Stéphane's info
$stmt = $pdo->prepare("SELECT id, name, email, plan, credits FROM users WHERE email = ? OR id = 5");
$stmt->execute(['stevenberg450@gmail.com']);
$user = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$user) {
    die("User not found");
}

echo "<p><strong>BEFORE:</strong> Plan = {$user['plan']}, Credits = {$user['credits']}</p>";

// Get subscription
$sub_stmt = $pdo->prepare("SELECT plan_name, status FROM user_subscriptions WHERE user_id = ? ORDER BY created_at DESC LIMIT 1");
$sub_stmt->execute([$user['id']]);
$subscription = $sub_stmt->fetch(PDO::FETCH_ASSOC);

if ($subscription) {
    echo "<p>Subscription: {$subscription['plan_name']} (status: {$subscription['status']})</p>";
}

try {
    $pdo->beginTransaction();
    
    // Fix plan to essential
    $update = $pdo->prepare("UPDATE users SET plan = 'essential' WHERE id = ?");
    $update->execute([$user['id']]);
    
    // Fix track limit
    $usage_stmt = $pdo->prepare("SELECT id FROM monthly_track_usage WHERE user_id = ? ORDER BY created_at DESC LIMIT 1");
    $usage_stmt->execute([$user['id']]);
    $usage = $usage_stmt->fetch(PDO::FETCH_ASSOC);
    
    if ($usage) {
        $fix_usage = $pdo->prepare("UPDATE monthly_track_usage SET track_limit = 5 WHERE id = ?");
        $fix_usage->execute([$usage['id']]);
        echo "<p>✅ Updated track_limit to 5</p>";
    }
    
    $pdo->commit();
    
    // Verify
    $verify = $pdo->prepare("SELECT plan FROM users WHERE id = ?");
    $verify->execute([$user['id']]);
    $fixed = $verify->fetch(PDO::FETCH_ASSOC);
    
    echo "<h3 style='color: green;'>✅ FIXED!</h3>";
    echo "<p><strong>Plan is now:</strong> {$fixed['plan']}</p>";
    echo "<p><strong>Track limit:</strong> 5 (Essential plan)</p>";
    
} catch (Exception $e) {
    if ($pdo->inTransaction()) {
        $pdo->rollBack();
    }
    die("<p style='color: red;'>ERROR: " . htmlspecialchars($e->getMessage()) . "</p>");
}

echo "<hr>";
echo "<h3>Root Cause Analysis:</h3>";
echo "<p>The issue was in the <code>addCreditsToUser()</code> function in <code>webhooks/stripe.php</code>.</p>";
echo "<p><strong>What happened:</strong> When you added 100 credits using the 'premium' package, the function changed Stéphane's plan from 'essential' to 'premium' because it was updating the plan based on the credit package, not preserving the subscription plan.</p>";
echo "<p><strong>Fix applied:</strong> The function now checks if the user has an active subscription and preserves their subscription plan. Credits and subscription plans are now independent.</p>";
echo "<p><strong>Prevention:</strong> The code now has multiple safeguards to prevent this from happening again.</p>";

CasperSecurity Mini