T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/api/upload_mastered.php
<?php
/**
 * API Endpoint: Upload Mastered Version
 * Allows track owners to upload a mastered version of their track
 */

session_start();
require_once '../config/database.php';

header('Content-Type: application/json');

// Only accept POST requests
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    echo json_encode(['success' => false, 'error' => 'Method not allowed']);
    exit;
}

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    echo json_encode(['success' => false, 'error' => 'Not authenticated']);
    exit;
}

$user_id = $_SESSION['user_id'];

// Check if user is admin (master upload is admin-only)
$isAdmin = isset($_SESSION['is_admin']) && $_SESSION['is_admin'];
if (!$isAdmin) {
    // Double-check from database
    $pdo = getDBConnection();
    if ($pdo) {
        $stmt = $pdo->prepare("SELECT is_admin FROM users WHERE id = ?");
        $stmt->execute([$user_id]);
        $user = $stmt->fetch(PDO::FETCH_ASSOC);
        $isAdmin = $user && $user['is_admin'];
        // Update session if admin status found
        if ($isAdmin) {
            $_SESSION['is_admin'] = true;
        }
    }
}

if (!$isAdmin) {
    echo json_encode(['success' => false, 'error' => 'Admin access required. Only administrators can upload mastered versions.']);
    exit;
}
$track_id = intval($_POST['track_id'] ?? 0);
$action = $_POST['action'] ?? '';

if ($action !== 'upload_mastered' || !$track_id) {
    echo json_encode(['success' => false, 'error' => 'Invalid request']);
    exit;
}

// Check if file was uploaded
if (!isset($_FILES['mastered_file']) || $_FILES['mastered_file']['error'] !== UPLOAD_ERR_OK) {
    echo json_encode(['success' => false, 'error' => 'No file uploaded or upload error']);
    exit;
}

$file = $_FILES['mastered_file'];

// Validate file type - MP3 only
$allowedTypes = ['audio/mpeg', 'audio/mp3'];
$fileExtension = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));

if (!in_array($file['type'], $allowedTypes) || $fileExtension !== 'mp3') {
    echo json_encode(['success' => false, 'error' => 'Invalid file type. Please upload MP3 files only']);
    exit;
}

// Validate file size (max 50MB)
if ($file['size'] > 50 * 1024 * 1024) {
    echo json_encode(['success' => false, 'error' => 'File size must be less than 50MB']);
    exit;
}

try {
    $pdo = getDBConnection();
    
    // Verify track exists (admins can upload for any track)
    $stmt = $pdo->prepare("SELECT id, user_id, task_id, metadata FROM music_tracks WHERE id = ?");
    $stmt->execute([$track_id]);
    $track = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if (!$track) {
        echo json_encode(['success' => false, 'error' => 'Track not found']);
        exit;
    }
    
    // Admins can upload mastered versions for any track (no ownership check needed)
    
    // Create mastered audio directory
    $masteredDir = '../audio_files/mastered/';
    if (!is_dir($masteredDir)) {
        mkdir($masteredDir, 0755, true);
    }
    
    // Generate filename: track_id_mastered.ext
    $filename = $track_id . '_mastered.' . $fileExtension;
    $filePath = $masteredDir . $filename;
    $webPath = '/audio_files/mastered/' . $filename;
    
    // Move uploaded file
    if (!move_uploaded_file($file['tmp_name'], $filePath)) {
        echo json_encode(['success' => false, 'error' => 'Failed to save file']);
        exit;
    }
    
    // Update track metadata with mastered audio URL
    $metadata = json_decode($track['metadata'] ?? '{}', true) ?: [];
    $metadata['mastered_audio_url'] = $webPath;
    $metadata['mastered_uploaded_at'] = date('Y-m-d H:i:s');
    
    $stmt = $pdo->prepare("UPDATE music_tracks SET metadata = ?, updated_at = NOW() WHERE id = ?");
    $result = $stmt->execute([json_encode($metadata), $track_id]);
    
    if ($result) {
        echo json_encode([
            'success' => true,
            'message' => 'Mastered version uploaded successfully',
            'audio_url' => $webPath
        ]);
    } else {
        // Delete uploaded file if database update failed
        @unlink($filePath);
        echo json_encode(['success' => false, 'error' => 'Failed to update track metadata']);
    }
    
} catch (Exception $e) {
    error_log("Mastered upload error: " . $e->getMessage());
    echo json_encode(['success' => false, 'error' => 'Server error: ' . $e->getMessage()]);
}

CasperSecurity Mini