T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/api/update_profile.php
<?php
session_start();
header('Content-Type: application/json');

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'Authentication required']);
    exit;
}

// Include database configuration
require_once '../config/database.php';

try {
    $pdo = getDBConnection();
    if (!$pdo) {
        throw new Exception('Database connection failed');
    }

    // Get JSON input
    $input = json_decode(file_get_contents('php://input'), true);
    
    if (!$input) {
        throw new Exception('Invalid JSON input');
    }

    // Get name - use existing name if not provided or empty
    $name = trim($input['name'] ?? '');
    if (empty($name)) {
        // Get existing name from database
        $stmt = $pdo->prepare("SELECT name FROM users WHERE id = ?");
        $stmt->execute([$_SESSION['user_id']]);
        $existing_user = $stmt->fetch();
        if ($existing_user && !empty($existing_user['name'])) {
            $name = $existing_user['name'];
        } else {
            throw new Exception('Artist name is required');
        }
    }

    // Sanitize inputs
    $location = trim($input['location'] ?? '');
    $bio = trim($input['bio'] ?? '');
    $music_style = trim($input['music_style'] ?? '');
    $genres = $input['genres'] ?? [];
    $website = trim($input['website'] ?? '');
    $paypal_me_username = trim($input['paypal_me_username'] ?? '');
    $influences = trim($input['influences'] ?? '');
    $equipment = trim($input['equipment'] ?? '');
    $artist_statement = trim($input['artist_statement'] ?? '');
    $artist_highlights = $input['artist_highlights'] ?? [];
    $achievements = $input['achievements'] ?? [];

    // Validate genres array
    if (!is_array($genres)) {
        $genres = [];
    }
    
    // Normalize genres - trim and filter empty values
    $genres = array_map('trim', $genres);
    $genres = array_filter($genres, function($item) {
        return !empty($item);
    });
    $genres = array_values($genres); // Re-index array
    
    // Validate arrays
    if (!is_array($artist_highlights)) {
        $artist_highlights = [];
    }
    if (!is_array($achievements)) {
        $achievements = [];
    }
    
    // Filter out empty values from arrays
    $artist_highlights = array_filter($artist_highlights, function($item) {
        return !empty(trim($item));
    });
    $achievements = array_filter($achievements, function($item) {
        return !empty(trim($item));
    });
    
    // Validate PayPal.Me username (alphanumeric and hyphens only, lowercase)
    if (!empty($paypal_me_username)) {
        $paypal_me_username = strtolower(trim($paypal_me_username));
        if (!preg_match('/^[a-z0-9-]+$/', $paypal_me_username)) {
            throw new Exception('PayPal.Me username can only contain letters, numbers, and hyphens');
        }
    } else {
        $paypal_me_username = ''; // Ensure empty string, not null
    }
    
    // DEBUG: Log what we're saving
    error_log("Update Profile API - Saving paypal_me_username: " . var_export($paypal_me_username, true));

    // Update user profile
    $stmt = $pdo->prepare("
        UPDATE users 
        SET name = ? 
        WHERE id = ?
    ");
    $stmt->execute([$name, $_SESSION['user_id']]);

    // Check if user_profile exists, if not create it
    $stmt = $pdo->prepare("
        SELECT COUNT(*) as count 
        FROM user_profiles 
        WHERE user_id = ?
    ");
    $stmt->execute([$_SESSION['user_id']]);
    $profileExists = $stmt->fetch()['count'] > 0;

    if ($profileExists) {
        // Update existing profile
        $stmt = $pdo->prepare("
            UPDATE user_profiles 
            SET bio = ?, location = ?, music_style = ?, genres = ?, website = ?, paypal_me_username = ?, 
                influences = ?, equipment = ?, artist_statement = ?, artist_highlights = ?, achievements = ?, 
                updated_at = NOW()
            WHERE user_id = ?
        ");
        $genresJson = !empty($genres) ? json_encode($genres, JSON_UNESCAPED_UNICODE) : '[]';
        $paypalValue = $paypal_me_username ?: '';
        
        // DEBUG: Log before execute
        error_log("Update Profile API - Executing UPDATE with paypal_me_username: " . var_export($paypalValue, true));
        
        $stmt->execute([
            $bio,
            $location,
            $music_style,
            $genresJson,
            $website,
            $paypalValue,
            $influences,
            $equipment,
            $artist_statement,
            json_encode(array_values($artist_highlights)),
            json_encode(array_values($achievements)),
            $_SESSION['user_id']
        ]);
        
        // DEBUG: Verify it was saved
        $verifyStmt = $pdo->prepare("SELECT paypal_me_username FROM user_profiles WHERE user_id = ?");
        $verifyStmt->execute([$_SESSION['user_id']]);
        $verifyResult = $verifyStmt->fetch(PDO::FETCH_ASSOC);
        error_log("Update Profile API - Verified saved paypal_me_username: " . var_export($verifyResult['paypal_me_username'] ?? 'NULL', true));
    } else {
        // Create new profile
        $stmt = $pdo->prepare("
            INSERT INTO user_profiles (user_id, bio, location, music_style, genres, website, paypal_me_username, 
                influences, equipment, artist_statement, artist_highlights, achievements, created_at, updated_at)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(), NOW())
        ");
        $genresJson = !empty($genres) ? json_encode($genres, JSON_UNESCAPED_UNICODE) : '[]';
        $paypalValue = $paypal_me_username ?: '';
        
        // DEBUG: Log before execute
        error_log("Update Profile API - Executing INSERT with paypal_me_username: " . var_export($paypalValue, true));
        
        $stmt->execute([
            $_SESSION['user_id'],
            $bio,
            $location,
            $music_style,
            $genresJson,
            $website,
            $paypalValue,
            $influences,
            $equipment,
            $artist_statement,
            json_encode(array_values($artist_highlights)),
            json_encode(array_values($achievements))
        ]);
        
        // DEBUG: Verify it was saved
        $verifyStmt = $pdo->prepare("SELECT paypal_me_username FROM user_profiles WHERE user_id = ?");
        $verifyStmt->execute([$_SESSION['user_id']]);
        $verifyResult = $verifyStmt->fetch(PDO::FETCH_ASSOC);
        error_log("Update Profile API - Verified saved paypal_me_username: " . var_export($verifyResult['paypal_me_username'] ?? 'NULL', true));
    }

    // Update session with new name
    $_SESSION['user_name'] = $name;

    // Log the update
    error_log("Profile updated for user {$_SESSION['user_id']}: name='$name', location='$location'");

    echo json_encode([
        'success' => true,
        'message' => 'Profile updated successfully',
        'data' => [
            'name' => $name,
            'location' => $location,
            'bio' => $bio,
            'music_style' => $music_style,
            'genres' => $genres
        ]
    ]);

} catch (Exception $e) {
    error_log("Profile update error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode([
        'success' => false,
        'error' => 'Failed to update profile: ' . $e->getMessage()
    ]);
}
?>

CasperSecurity Mini