T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/create_music_video.php
<?php
session_start();

// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
    header('Location: auth/login_new.php');
    exit;
}

// Check if form was submitted
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: index.php#create');
    exit;
}

require_once 'config/database.php';
require_once 'api_functions.php';
require_once 'includes/translations.php';

$pdo = getDBConnection();
$api = new APIBoxFunctions('63edba40620216c5aa2c04240ac41dbd');

// Get form data
$title = $_POST['title'] ?? 'Untitled Music Video';
$audioUrl = $_POST['audioUrl'] ?? '';
$audioFile = $_FILES['audioFile'] ?? null;
$videoStyle = $_POST['videoStyle'] ?? 'abstract'; // abstract, nature, urban, artistic, etc.
$videoDuration = $_POST['videoDuration'] ?? '30'; // 15, 30, 60 seconds
$videoQuality = $_POST['videoQuality'] ?? '1080p'; // 720p, 1080p, 4K
$visualEffects = $_POST['visualEffects'] ?? 'waveform'; // waveform, particles, geometric, etc.
$colorScheme = $_POST['colorScheme'] ?? 'auto'; // auto, warm, cool, vibrant, etc.

// Validate input
if (empty($audioUrl) && empty($audioFile['name'])) {
    $_SESSION['error'] = 'Please provide an audio file or URL.';
    header('Location: index.php#create');
    exit;
}

// Calculate credit cost
$creditCost = 3; // Music video generation costs more

// Check user credits
$stmt = $pdo->prepare("SELECT credits FROM users WHERE id = ?");
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();

if (!$user || $user['credits'] < $creditCost) {
    error_log("Insufficient credits for user {$_SESSION['user_id']}: has {$user['credits']}, needs $creditCost");
    $_SESSION['error'] = "Insufficient credits. You need $creditCost credits to create a music video. Please purchase credits to continue.";
    header('Location: index.php');
    exit;
}

// Handle file upload if provided
$finalAudioUrl = $audioUrl;
if (!empty($audioFile['name'])) {
    // SECURITY: Enhanced file upload validation
    require_once 'includes/security.php';
    $validation = validateFileUpload($audioFile, ['mp3', 'wav', 'm4a', 'ogg'], 50 * 1024 * 1024); // 50MB max for audio
    
    if (!$validation['valid']) {
        error_log("SECURITY: Invalid audio file upload attempt from user {$_SESSION['user_id']}: " . ($validation['error'] ?? 'unknown error'));
        $_SESSION['error'] = 'Invalid audio file. ' . ($validation['error'] ?? 'Please upload a valid audio file (MP3, WAV, M4A, or OGG).');
        header('Location: index.php#create');
        exit;
    }
    
    $uploadDir = 'uploads/';
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0755, true);
    }
    
    // Use sanitized filename from validation
    $fileName = time() . '_' . $_SESSION['user_id'] . '_' . $validation['filename'];
    $uploadPath = $uploadDir . $fileName;
    
    if (move_uploaded_file($audioFile['tmp_name'], $uploadPath)) {
        $finalAudioUrl = 'https://soundstudiopro.com/' . $uploadPath;
    } else {
        error_log("SECURITY: Failed to move uploaded audio file for user {$_SESSION['user_id']}");
        $_SESSION['error'] = 'Failed to upload audio file.';
        header('Location: index.php#create');
        exit;
    }
}

// Create track record
$temp_task_id = 'music_video_' . time() . '_' . $_SESSION['user_id'] . '_' . uniqid();
$metadata = json_encode([
    'videoStyle' => $videoStyle,
    'videoDuration' => $videoDuration,
    'videoQuality' => $videoQuality,
    'visualEffects' => $visualEffects,
    'colorScheme' => $colorScheme,
    'originalAudioUrl' => $finalAudioUrl
]);

$track_id = $api->createTrackRecord($_SESSION['user_id'], $temp_task_id, $title, 'Music video generation from audio', 'music-video', json_decode($metadata, true));

// Deduct credits
$newCredits = $user['credits'] - $creditCost;
$stmt = $pdo->prepare("UPDATE users SET credits = ? WHERE id = ?");
$stmt->execute([$newCredits, $_SESSION['user_id']]);

// Record credit transaction
$stmt = $pdo->prepare("
    INSERT INTO credit_transactions (user_id, amount, type, description, created_at) 
    VALUES (?, ?, 'usage', 'Music video generation: $title', NOW())
");
$stmt->execute([$_SESSION['user_id'], -$creditCost]);

$_SESSION['credits'] = $newCredits;

// Call the music video generation API
$api_data = [
    'audioUrl' => $finalAudioUrl,
    'videoStyle' => $videoStyle,
    'videoDuration' => $videoDuration,
    'videoQuality' => $videoQuality,
    'visualEffects' => $visualEffects,
    'colorScheme' => $colorScheme,
    'callBackUrl' => 'https://soundstudiopro.com/callback.php'
];

$result = $api->createMusicVideo($api_data);

if (isset($result['error'])) {
    error_log("Music video generation error: " . json_encode($result));
    $_SESSION['success'] = t('success.music_video.started');
} else {
    // Extract task ID from response
    $real_task_id = $result['taskId'] ?? $result['id'] ?? $result['data']['taskId'] ?? $temp_task_id;
    
    // Update track with real task ID
    $stmt = $pdo->prepare("UPDATE music_tracks SET task_id = ? WHERE id = ?");
    $stmt->execute([$real_task_id, $track_id]);
    
    $_SESSION['success'] = t('success.music_video.started');
}

// Redirect back to the create page with success message
header('Location: index.php#create');
exit;
?>

CasperSecurity Mini