T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/ROUTING_RESTORED.md
# โœ… URL ROUTING RESTORED

**Date:** December 2025  
**Status:** FIXED - Username URLs now working

---

## ๐Ÿšจ PROBLEM

The security breach cleanup removed ALL custom URL routing rules from `.htaccess`, breaking:

- โŒ `/drumahon` โ†’ Artist profile by username
- โŒ `/artist/123` โ†’ Artist profile by ID
- โŒ `/track/123` โ†’ Track page by ID

---

## โœ… FIX APPLIED

Added the following routing rules to `.htaccess`:

### 1. Artist Profile by ID
```apache
RewriteRule ^artist/([0-9]+)/?$ artist_profile_clean.php?id=$1 [L,QSA]
```
**Example:** `/artist/123` โ†’ `artist_profile_clean.php?id=123`

### 2. Track Page by ID
```apache
RewriteRule ^track/([0-9]+)/?$ track.php?id=$1 [L,QSA]
```
**Example:** `/track/456` โ†’ `track.php?id=456`

### 3. Username/Custom URL Routing
```apache
RewriteRule ^([a-zA-Z0-9][-a-zA-Z0-9]*)/?$ artist_profile_clean.php?custom_url=$1 [L,QSA]
```
**Example:** `/drumahon` โ†’ `artist_profile_clean.php?custom_url=drumahon`

---

## ๐Ÿ”’ SECURITY PRESERVED

The username routing has safeguards:

1. **Only matches valid usernames** - Alphanumeric + hyphens only
2. **Excludes system directories** - api, auth, utils, admin, assets, etc.
3. **Excludes file extensions** - .php, .html, .css, .js, images, fonts
4. **Checks if file/directory exists first** - Won't override real files

---

## ๐Ÿงช TESTING

### Test 1: Username URL
Go to: `https://soundstudiopro.com/drumahon`
**Expected:** Artist profile page for user "drumahon"

### Test 2: Artist ID URL
Go to: `https://soundstudiopro.com/artist/123`
**Expected:** Artist profile page for user ID 123

### Test 3: Track URL
Go to: `https://soundstudiopro.com/track/456`
**Expected:** Track page for track ID 456

---

## ๐Ÿ“‹ FULL .HTACCESS CHANGES SUMMARY

| Issue | Fix |
|-------|-----|
| API endpoints blocked | โœ… Fixed `api/.htaccess` |
| utils/play_audio.php blocked | โœ… Fixed `utils/.htaccess` |
| Username URLs not working | โœ… Added routing rules |
| Artist profile URLs not working | โœ… Added routing rules |
| Track URLs not working | โœ… Added routing rules |

---

**Status:** โœ… **ALL ROUTING RESTORED - TRY NOW**

CasperSecurity Mini