T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/IMMEDIATE_ACTION_PLAN.md
# 🚀 SoundStudioPro - Immediate Action Plan

## 📋 Priority Matrix

### 🔴 **CRITICAL - Fix Immediately (Today)**
### 🟡 **HIGH - Fix This Week**  
### 🟢 **MEDIUM - Fix This Month**
### 🔵 **LOW - Future Improvement**

---

## 🔴 CRITICAL PRIORITY (Fix Today)

### 1. **Database Security Fix**
**Issue:** Hardcoded database credentials in `config/database.php`

**Action:**
```php
// Create config/database.env.php (outside web root)
<?php
return [
    'host' => 'localhost',
    'name' => 'gositeme_soundstudiopro',
    'user' => 'gositeme_soundstudiopro',
    'pass' => 'ttkKaHQunYYwgLCn6GxZ'
];
```

**Update config/database.php:**
```php
<?php
// Load credentials from external file
$db_config = include '../database.env.php';
define('DB_HOST', $db_config['host']);
define('DB_NAME', $db_config['name']);
define('DB_USER', $db_config['user']);
define('DB_PASS', $db_config['pass']);
```

### 2. **Remove Debug Files**
**Issue:** Test and debug files in production

**Action:**
```bash
# Remove all test and debug files
rm -rf test_files/
rm test_*.php
rm debug_*.php
rm *_debug.php
rm *_test.php
```

### 3. **Log File Rotation**
**Issue:** Large callback_log.txt (230KB)

**Action:**
```php
// Add to callback.php
function rotateLogFile($logFile, $maxSize = 1024 * 1024) {
    if (file_exists($logFile) && filesize($logFile) > $maxSize) {
        $backupFile = $logFile . '.' . date('Y-m-d-H-i-s') . '.bak';
        rename($logFile, $backupFile);
        
        // Keep only last 5 backup files
        $backupFiles = glob($logFile . '.*.bak');
        if (count($backupFiles) > 5) {
            array_map('unlink', array_slice($backupFiles, 0, -5));
        }
    }
}

// Call before writing to log
rotateLogFile('callback_log.txt');
```

---

## 🟡 HIGH PRIORITY (Fix This Week)

### 4. **Security Headers Enhancement**
**Issue:** Incomplete security headers

**Action:**
```apache
# Add to .htaccess
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; media-src 'self' https:;"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
```

### 5. **Session Security Fix**
**Issue:** 2-hour session timeout too long

**Action:**
```php
// Update includes/security.php line 58
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > 1800)) { // 30 minutes
    session_unset();
    session_destroy();
    header('Location: /auth/login.php?timeout=1');
    exit;
}
```

### 6. **Remove Duplicate Files**
**Issue:** Multiple backup/copy files

**Action:**
```bash
# Remove duplicate files
rm "checkout copy.php"
rm "checkout copy 2.php"
rm "library copy.php"
rm "library_new copy.php"
rm "library_new_backup.php"
rm "feed_old_backup.php"
```

### 7. **Database Optimization**
**Issue:** No database indexes

**Action:**
```sql
-- Add critical indexes
CREATE INDEX idx_music_tracks_user_status ON music_tracks(user_id, status);
CREATE INDEX idx_music_tracks_status_created ON music_tracks(status, created_at);
CREATE INDEX idx_music_tracks_task_id ON music_tracks(task_id);
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_credit_transactions_user ON credit_transactions(user_id, created_at);
```

---

## 🟢 MEDIUM PRIORITY (Fix This Month)

### 8. **Split Large Files**
**Issue:** Files with 4,000+ lines

**Action Plan:**
```php
// Break artist_profile.php into components:
// - artist_profile_main.php (main logic)
// - artist_profile_ui.php (UI components)
// - artist_profile_api.php (API handlers)
// - artist_profile_forms.php (form handling)

// Break index.php into components:
// - index_main.php (main page)
// - index_hero.php (hero section)
// - index_features.php (features section)
// - index_testimonials.php (testimonials)
```

### 9. **Implement Caching**
**Issue:** No caching system

**Action:**
```php
// Create includes/cache.php
class SimpleCache {
    private $cacheDir = 'cache/';
    private $defaultTTL = 3600; // 1 hour
    
    public function get($key) {
        $file = $this->cacheDir . md5($key) . '.cache';
        if (file_exists($file) && (time() - filemtime($file)) < $this->defaultTTL) {
            return unserialize(file_get_contents($file));
        }
        return null;
    }
    
    public function set($key, $data, $ttl = null) {
        $file = $this->cacheDir . md5($key) . '.cache';
        $ttl = $ttl ?: $this->defaultTTL;
        file_put_contents($file, serialize($data));
        touch($file, time() + $ttl);
    }
}
```

### 10. **Standardize Error Handling**
**Issue:** Inconsistent error handling

**Action:**
```php
// Create includes/error_handler.php
class ErrorHandler {
    public static function handleError($error, $context = '') {
        error_log("Error in {$context}: " . $error);
        
        if (defined('DEBUG_MODE') && DEBUG_MODE) {
            return ['error' => $error, 'debug' => true];
        }
        
        return ['error' => 'An error occurred. Please try again.'];
    }
    
    public static function handleException($exception, $context = '') {
        error_log("Exception in {$context}: " . $exception->getMessage());
        
        if (defined('DEBUG_MODE') && DEBUG_MODE) {
            return ['error' => $exception->getMessage(), 'debug' => true];
        }
        
        return ['error' => 'A system error occurred. Please try again later.'];
    }
}
```

---

## 🔵 LOW PRIORITY (Future Improvements)

### 11. **API Standardization**
**Issue:** Inconsistent API responses

**Action:**
```php
// Create api/response_handler.php
class ApiResponse {
    public static function success($data = null, $message = 'Success') {
        return [
            'success' => true,
            'message' => $message,
            'data' => $data,
            'timestamp' => time()
        ];
    }
    
    public static function error($message = 'Error', $code = 400) {
        return [
            'success' => false,
            'message' => $message,
            'code' => $code,
            'timestamp' => time()
        ];
    }
}
```

### 12. **Audio File Management**
**Issue:** No cleanup mechanism

**Action:**
```php
// Create utils/audio_cleanup.php
function cleanupOldAudioFiles($days = 30) {
    $audioDir = 'audio_files/';
    $cutoff = time() - ($days * 24 * 60 * 60);
    
    $files = glob($audioDir . '*.mp3');
    foreach ($files as $file) {
        if (filemtime($file) < $cutoff) {
            unlink($file);
            error_log("Cleaned up old audio file: " . $file);
        }
    }
}
```

---

## 📊 Implementation Checklist

### 🔴 Critical (Today)
- [ ] Move database credentials to external file
- [ ] Remove all debug/test files
- [ ] Implement log rotation
- [ ] Test database connection with new config

### 🟡 High (This Week)
- [ ] Add security headers to .htaccess
- [ ] Reduce session timeout to 30 minutes
- [ ] Remove duplicate files
- [ ] Add database indexes
- [ ] Test all functionality after changes

### 🟢 Medium (This Month)
- [ ] Split artist_profile.php into components
- [ ] Split index.php into components
- [ ] Implement caching system
- [ ] Standardize error handling
- [ ] Create component documentation

### 🔵 Low (Future)
- [ ] Standardize API responses
- [ ] Implement audio file cleanup
- [ ] Add comprehensive testing
- [ ] Consider framework migration

---

## 🚨 Risk Mitigation

### **Before Making Changes:**
1. **Backup everything**
   ```bash
   tar -czf backup_$(date +%Y%m%d_%H%M%S).tar.gz .
   ```

2. **Test in staging environment**
   - Create staging subdomain
   - Test all changes before production

3. **Monitor after changes**
   - Check error logs
   - Monitor performance
   - Verify functionality

### **Rollback Plan:**
```bash
# If issues occur, restore from backup
tar -xzf backup_YYYYMMDD_HHMMSS.tar.gz
```

---

## 📈 Success Metrics

### **Immediate (Today)**
- [ ] Database credentials secured
- [ ] Debug files removed
- [ ] Log rotation working

### **This Week**
- [ ] Security headers implemented
- [ ] Session timeout reduced
- [ ] Database performance improved

### **This Month**
- [ ] File sizes reduced
- [ ] Caching implemented
- [ ] Error handling standardized

---

**Next Action:** Start with Critical Priority items immediately  
**Estimated Time:** 2-4 hours for critical fixes  
**Risk Level:** Low (with proper backup)

CasperSecurity Mini