Update: 2026-06-16 01:17:28
This commit is contained in:
Hamza-Ayed
@@ -1,68 +1,73 @@
|
||||
<?php
|
||||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
require_once __DIR__ . '/connect.php'; // Ensure this is correct and contains the connection logic
|
||||
// ============================================================
|
||||
// upload_audio.php — رفع ملفات صوتية بشكل آمن
|
||||
// ============================================================
|
||||
|
||||
// Get the audio file from the request
|
||||
$audio_file = $_FILES['audio'];
|
||||
$passengerId = filterRequest("passengerId"); // Ensure this is defined correctly
|
||||
require_once __DIR__ . '/connect.php';
|
||||
|
||||
// Check if the audio file was uploaded successfully
|
||||
if ($audio_file['error'] !== UPLOAD_ERR_OK) {
|
||||
error_log("File upload error: " . $audio_file['error']);
|
||||
echo json_encode(array('status' => 'The audio file was not uploaded successfully.'));
|
||||
exit;
|
||||
}
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
|
||||
// Get the file name and extension of the audio file
|
||||
$audio_name = $audio_file['name'];
|
||||
$audio_extension = pathinfo($audio_name, PATHINFO_EXTENSION);
|
||||
try {
|
||||
// ✅ FIX C-03: إضافة Rate Limiting
|
||||
$limiter = new RateLimiter($redis);
|
||||
$limiter->enforce(RateLimiter::identifier(), 'upload');
|
||||
|
||||
// Check if the audio file is a valid audio format
|
||||
if (!in_array($audio_extension, array('m4a', 'mp3', 'wav'))) {
|
||||
echo json_encode(array('status' => 'The audio file is not a valid format.'));
|
||||
exit;
|
||||
}
|
||||
// Get the audio file from the request
|
||||
if (!isset($_FILES['audio']) || $_FILES['audio']['error'] !== UPLOAD_ERR_OK) {
|
||||
uploadLog("File upload error code: " . ($_FILES['audio']['error'] ?? 'NO_FILE'), 'ERROR');
|
||||
echo json_encode(array('status' => 'The audio file was not uploaded successfully.'));
|
||||
exit;
|
||||
}
|
||||
|
||||
// MIME Type validation using finfo
|
||||
$finfo = finfo_open(FILEINFO_MIME_TYPE);
|
||||
$mime_type = finfo_file($finfo, $audio_file['tmp_name']);
|
||||
finfo_close($finfo);
|
||||
$audio_file = $_FILES['audio'];
|
||||
|
||||
$allowed_mime_types = ['audio/mp4', 'audio/mpeg', 'audio/wav', 'audio/x-m4a'];
|
||||
if (!in_array($mime_type, $allowed_mime_types)) {
|
||||
echo json_encode(array('status' => 'The audio file is not a valid format (MIME mismatch).'));
|
||||
exit;
|
||||
}
|
||||
// Validate MIME type using finfo
|
||||
$finfo = new finfo(FILEINFO_MIME_TYPE);
|
||||
$mime_type = $finfo->file($audio_file['tmp_name']);
|
||||
|
||||
// Generate a new filename using the passenger ID to avoid conflicts
|
||||
$new_filename = $audio_name . '.' . $audio_extension;
|
||||
$allowed_mime_types = ['audio/mp4', 'audio/mpeg', 'audio/wav', 'audio/x-m4a', 'audio/ogg', 'audio/webm'];
|
||||
if (!in_array($mime_type, $allowed_mime_types, true)) {
|
||||
uploadLog("Invalid MIME type: $mime_type", 'WARNING', ['ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown']);
|
||||
echo json_encode(array('status' => 'The audio file is not a valid format (MIME mismatch).'));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Move the audio file to the uploads directory with the new filename
|
||||
$target_dir = "upload_audio/";
|
||||
if (!is_dir($target_dir)) {
|
||||
mkdir($target_dir, 0755, true); // Create directory if it doesn't exist
|
||||
}
|
||||
$target_file = $target_dir . $new_filename;
|
||||
if (!move_uploaded_file($audio_file['tmp_name'], $target_file)) {
|
||||
error_log("Failed to move file to target directory: " . print_r($audio_file, true));
|
||||
echo json_encode(array('status' => 'Failed to move the audio file.'));
|
||||
exit;
|
||||
}
|
||||
// Get extension from MIME type (safe)
|
||||
$ext = match ($mime_type) {
|
||||
'audio/mp4', 'audio/x-m4a' => 'm4a',
|
||||
'audio/mpeg' => 'mp3',
|
||||
'audio/wav' => 'wav',
|
||||
'audio/ogg' => 'ogg',
|
||||
'audio/webm' => 'webm',
|
||||
default => 'bin',
|
||||
};
|
||||
|
||||
// Construct the link to the uploaded audio file dynamically
|
||||
$host = $_SERVER['HTTP_HOST'] ?? 'api.siromove.com';
|
||||
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
|
||||
$base_url = "$protocol://$host/siro/upload_audio/";
|
||||
$linkAudio = $base_url . $new_filename;
|
||||
// ✅ Generate secure random filename to prevent path traversal and overwrite
|
||||
$new_filename = bin2hex(random_bytes(16)) . '.' . $ext;
|
||||
|
||||
// Move the audio file to the uploads directory
|
||||
$target_dir = __DIR__ . "/upload_audio/";
|
||||
if (!is_dir($target_dir)) {
|
||||
mkdir($target_dir, 0750, true);
|
||||
}
|
||||
$target_file = $target_dir . $new_filename;
|
||||
|
||||
// Respond with success and the audio file link
|
||||
echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio));
|
||||
if (!move_uploaded_file($audio_file['tmp_name'], $target_file)) {
|
||||
uploadLog("Failed to move file", 'ERROR', ['error' => print_r($audio_file, true)]);
|
||||
echo json_encode(array('status' => 'Failed to move the audio file.'));
|
||||
exit;
|
||||
}
|
||||
|
||||
// Close the database connection if it was established
|
||||
if (isset($conn)) {
|
||||
mysqli_close($conn);
|
||||
// Construct the link dynamically
|
||||
$host = $_SERVER['HTTP_HOST'] ?? 'api.siromove.com';
|
||||
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https" : "http";
|
||||
$linkAudio = "$protocol://$host/siro/upload_audio/" . $new_filename;
|
||||
|
||||
uploadLog("Audio uploaded successfully: $linkAudio", 'INFO');
|
||||
echo json_encode(array('status' => 'Audio file uploaded successfully.', 'link' => $linkAudio));
|
||||
|
||||
} catch (Exception $e) {
|
||||
error_log("[upload_audio] Error: " . $e->getMessage());
|
||||
echo json_encode(array('status' => 'Server error.'));
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user