T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/.cursor-server/data/User/History/7d0a14ea/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/.cursor-server/data/User/History/7d0a14ea/TI6F.php
<?php
/**
 * API endpoint to generate signed audio tokens for JavaScript
 * Returns a signed URL for streaming audio
 */

header('Content-Type: application/json');

session_start();
require_once __DIR__ . '/../utils/audio_token.php';
require_once __DIR__ . '/../config/database.php';

// Get parameters
$trackId = $_GET['track_id'] ?? $_POST['track_id'] ?? null;
$variationIndex = isset($_GET['variation']) ? (int)$_GET['variation'] : (isset($_POST['variation']) ? (int)$_POST['variation'] : null);

if (!$trackId || !is_numeric($trackId)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Invalid track ID']);
    exit;
}

// Optional: Verify track exists and is accessible
$pdo = getDBConnection();
if ($pdo) {
    $stmt = $pdo->prepare("SELECT id, is_public, user_id FROM music_tracks WHERE id = ? AND status = 'complete'");
    $stmt->execute([$trackId]);
    $track = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if (!$track) {
        http_response_code(404);
        echo json_encode(['success' => false, 'error' => 'Track not found']);
        exit;
    }
    
    // Check access
    $user_id = $_SESSION['user_id'] ?? null;
    $hasAccess = false;
    
    if ($user_id && $track['user_id'] == $user_id) {
        $hasAccess = true;
    } elseif ($track['is_public'] == 1 || $track['is_public'] === null) {
        $hasAccess = true;
    }
    
    if (!$hasAccess) {
        http_response_code(403);
        echo json_encode(['success' => false, 'error' => 'Access denied']);
        exit;
    }
} else {
    $user_id = $_SESSION['user_id'] ?? null;
}

// CRITICAL: Generate tokens with user/session binding
// Tokens are now bound to the user who generates them - cannot be shared
$session_id = session_id();
$signedUrl = getSignedAudioUrl($trackId, $variationIndex, null, $user_id, $session_id);
$tokenData = generateAudioToken($trackId, $variationIndex, null, $user_id, $session_id);

echo json_encode([
    'success' => true,
    'url' => $signedUrl,
    'token' => $tokenData['token'],
    'expires' => $tokenData['expires'],
    'expires_in' => $tokenData['expires'] - time()
]);

CasperSecurity Mini