 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/utils/ |
<?php
// Fixed Audio files handler - serves audio files securely
session_start();
// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
header('Content-Type: text/plain');
echo "Unauthorized - Please log in";
exit;
}
// Get the task ID from the URL
$taskId = $_GET['id'] ?? '';
if (empty($taskId)) {
http_response_code(400);
header('Content-Type: text/plain');
echo "Missing id parameter";
exit;
}
// Validate task ID format (alphanumeric)
if (!preg_match('/^[a-zA-Z0-9]+$/', $taskId)) {
http_response_code(400);
header('Content-Type: text/plain');
echo "Invalid id format";
exit;
}
// Include database configuration
require_once 'config/database.php';
// Verify the user owns this track
$pdo = getDBConnection();
if (!$pdo) {
http_response_code(500);
header('Content-Type: text/plain');
echo "Database error";
exit;
}
$stmt = $pdo->prepare("SELECT * FROM music_tracks WHERE task_id = ? AND user_id = ? AND status = 'complete'");
$stmt->execute([$taskId, $_SESSION['user_id']]);
$track = $stmt->fetch();
if (!$track) {
http_response_code(404);
header('Content-Type: text/plain');
echo "Track not found or access denied";
exit;
}
$audioUrl = $track['audio_url'];
if (empty($audioUrl)) {
http_response_code(404);
header('Content-Type: text/plain');
echo "No audio URL found for this track";
exit;
}
// SECURITY: If it's a local URL, validate path before serving
if (strpos($audioUrl, '/audio_files/') === 0 || strpos($audioUrl, '/uploads/') === 0) {
// Use file security utility to validate path
require_once __DIR__ . '/../includes/file_security.php';
$audio_validation = validateAudioUrl($audioUrl);
if ($audio_validation['type'] !== 'local' || !$audio_validation['path']) {
// Path validation failed - security violation
error_log("SECURITY: Invalid audio path in audiofiles_fixed.php: " . htmlspecialchars($audioUrl, ENT_QUOTES, 'UTF-8'));
http_response_code(403);
header('Content-Type: text/plain');
echo "Access denied";
exit;
}
$localPath = $audio_validation['path'];
if (file_exists($localPath)) {
$fileSize = filesize($localPath);
$fileType = mime_content_type($localPath);
// Set proper headers
header('Content-Type: ' . $fileType);
header('Content-Length: ' . $fileSize);
header('Accept-Ranges: bytes');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Content-Disposition: inline; filename="' . basename($localPath) . '"');
// Clear any output buffers
while (ob_get_level()) {
ob_end_clean();
}
readfile($localPath);
exit;
} else {
http_response_code(404);
header('Content-Type: text/plain');
echo "Local file not found: " . $localPath;
exit;
}
}
// If it's an API BOX URL, stream it
if (strpos($audioUrl, 'api.box') !== false) {
// Set headers for audio streaming
header('Content-Type: audio/mpeg');
header('Accept-Ranges: bytes');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Content-Disposition: inline; filename="' . $taskId . '.mp3"');
// Clear any output buffers
while (ob_get_level()) {
ob_end_clean();
}
// Stream the audio from API BOX
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $audioUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false); // Stream directly to output
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
curl_setopt($ch, CURLOPT_WRITEFUNCTION, function($ch, $data) {
echo $data;
return strlen($data);
});
$httpCode = curl_exec($ch);
$curlError = curl_error($ch);
curl_close($ch);
if ($httpCode === false || !empty($curlError)) {
http_response_code(500);
header('Content-Type: text/plain');
echo "Failed to stream audio: " . $curlError;
}
exit;
}
// If it's any other HTTP URL, try to stream it
if (strpos($audioUrl, 'http') === 0) {
// Set headers for audio streaming
header('Content-Type: audio/mpeg');
header('Accept-Ranges: bytes');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Content-Disposition: inline; filename="' . $taskId . '.mp3"');
// Clear any output buffers
while (ob_get_level()) {
ob_end_clean();
}
// Stream the audio from external URL
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $audioUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, false); // Stream directly to output
curl_setopt($ch, CURLOPT_TIMEOUT, 60);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36');
curl_setopt($ch, CURLOPT_WRITEFUNCTION, function($ch, $data) {
echo $data;
return strlen($data);
});
$httpCode = curl_exec($ch);
$curlError = curl_error($ch);
curl_close($ch);
if ($httpCode === false || !empty($curlError)) {
http_response_code(500);
header('Content-Type: text/plain');
echo "Failed to stream audio: " . $curlError;
}
exit;
}
// Fallback - try to download and serve
http_response_code(404);
header('Content-Type: text/plain');
echo "Audio not available - unsupported URL format: " . $audioUrl;
?>