T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/api/add_comment.php
<?php
require_once '../config/database.php';
session_start();

header('Content-Type: application/json');

// Only allow POST requests
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'error' => 'Method not allowed']);
    exit;
}

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'User must be logged in']);
    exit;
}

// Get JSON input
$input = json_decode(file_get_contents('php://input'), true);
$track_id = $input['track_id'] ?? null;
$comment = trim($input['comment'] ?? '');

if (!$track_id) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Track ID is required']);
    exit;
}

if (empty($comment)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Comment cannot be empty']);
    exit;
}

if (strlen($comment) > 1000) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Comment too long (max 1000 characters)']);
    exit;
}

try {
    $pdo = getDBConnection();
    
    // Add the comment
    $stmt = $pdo->prepare("INSERT INTO track_comments (track_id, user_id, comment, created_at) VALUES (?, ?, ?, NOW())");
    $stmt->execute([$track_id, $_SESSION['user_id'], $comment]);
    
    echo json_encode(['success' => true]);
    
} catch (Exception $e) {
    error_log("Error adding comment: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'Internal server error']);
}
?>

CasperSecurity Mini