T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/api/upload_cover_image.php
<?php
session_start();

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'User not authenticated']);
    exit;
}

// Check if file was uploaded
if (!isset($_FILES['cover_image']) || $_FILES['cover_image']['error'] !== UPLOAD_ERR_OK) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'No file uploaded or upload error']);
    exit;
}

$file = $_FILES['cover_image'];

// Validate file type
$allowed_types = ['image/jpeg', 'image/jpg', 'image/png', 'image/gif', 'image/webp'];
if (!in_array($file['type'], $allowed_types)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Invalid file type. Only JPEG, PNG, GIF, and WebP are allowed']);
    exit;
}

// Validate file size (5MB max)
if ($file['size'] > 5 * 1024 * 1024) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'File size must be less than 5MB']);
    exit;
}

// Include database configuration
require_once '../config/database.php';

$pdo = getDBConnection();

try {
    // Create uploads directory if it doesn't exist
    $upload_dir = '../uploads/cover_images/';
    if (!is_dir($upload_dir)) {
        mkdir($upload_dir, 0755, true);
    }
    
    // Generate unique filename
    $file_extension = pathinfo($file['name'], PATHINFO_EXTENSION);
    $filename = 'cover_' . $_SESSION['user_id'] . '_' . time() . '.' . $file_extension;
    $filepath = $upload_dir . $filename;
    
    // Move uploaded file
    if (!move_uploaded_file($file['tmp_name'], $filepath)) {
        throw new Exception('Failed to move uploaded file');
    }
    
    // Update database with cover image path
    $image_url = '/uploads/cover_images/' . $filename;
    
    // Check if user profile exists
    $stmt = $pdo->prepare("SELECT COUNT(*) as count FROM user_profiles WHERE user_id = ?");
    $stmt->execute([$_SESSION['user_id']]);
    $profile_exists = $stmt->fetch()['count'] > 0;
    
    if ($profile_exists) {
        // Update existing profile
        $stmt = $pdo->prepare("UPDATE user_profiles SET cover_image = ? WHERE user_id = ?");
        $stmt->execute([$image_url, $_SESSION['user_id']]);
    } else {
        // Create new profile
        $stmt = $pdo->prepare("INSERT INTO user_profiles (user_id, cover_image) VALUES (?, ?)");
        $stmt->execute([$_SESSION['user_id'], $image_url]);
    }
    
    // Return success response
    echo json_encode([
        'success' => true,
        'data' => [
            'image_url' => $image_url,
            'filename' => $filename
        ]
    ]);
    
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'Server error: ' . $e->getMessage()]);
}
?>

CasperSecurity Mini