T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/.cursor-server/data/User/History/47d96dbe/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/.cursor-server/data/User/History/47d96dbe/eNlB.php
<?php
/**
 * Public Comment API
 * POST /radio/api/public/comment.php?station_id=X&track_id=Y
 */

header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit;
}

session_start();
require_once __DIR__ . '/../../config/database.php';

$pdo = getDBConnection();

$station_id = (int)($_GET['station_id'] ?? 0);
$track_id = (int)($_GET['track_id'] ?? 0);

if (!$station_id || !$track_id) {
    http_response_code(400);
    echo json_encode(['error' => 'station_id and track_id are required']);
    exit;
}

// Verify station has public streaming enabled
$stmt = $pdo->prepare("SELECT id FROM radio_stations WHERE id = ? AND public_streaming_enabled = 1");
$stmt->execute([$station_id]);
if (!$stmt->fetch()) {
    http_response_code(403);
    echo json_encode(['error' => 'Station not found or public streaming not enabled']);
    exit;
}

$input = json_decode(file_get_contents('php://input'), true);
$comment_text = trim($input['comment_text'] ?? '');

if (empty($comment_text)) {
    http_response_code(400);
    echo json_encode(['error' => 'comment_text is required']);
    exit;
}

if (strlen($comment_text) > 1000) {
    http_response_code(400);
    echo json_encode(['error' => 'Comment too long (max 1000 characters)']);
    exit;
}

$user_id = $_SESSION['user_id'] ?? null;
$ip_address = $_SERVER['REMOTE_ADDR'] ?? null;
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? null;

$stmt = $pdo->prepare("
    INSERT INTO radio_track_comments (station_id, track_id, user_id, comment_text, ip_address, user_agent)
    VALUES (?, ?, ?, ?, ?, ?)
");

$stmt->execute([$station_id, $track_id, $user_id, $comment_text, $ip_address, $user_agent]);
$comment_id = $pdo->lastInsertId();

$pdo->prepare("UPDATE music_tracks SET radio_comment_count = radio_comment_count + 1 WHERE id = ?")->execute([$track_id]);

$stmt = $pdo->prepare("
    SELECT c.*, u.username, u.profile_image_url
    FROM radio_track_comments c
    LEFT JOIN users u ON c.user_id = u.id
    WHERE c.id = ?
");

$stmt->execute([$comment_id]);
$comment = $stmt->fetch(PDO::FETCH_ASSOC);

echo json_encode([
    'success' => true,
    'comment' => $comment
]);

CasperSecurity Mini