Personal-use only radio streaming application
This is a personal-use-only radio streaming application combining a PHP/MySQL backend with a JavaScript/HTML5 frontend.
This software is strictly for personal use. Any attempt to deploy it in public production environments will result in immediate legal action under international copyright and intellectual property laws.
-- Create database
CREATE DATABASE loco_music;
USE loco_music;CREATE TABLE songs (
id INT AUTO_INCREMENT PRIMARY KEY,
title VARCHAR(255) NOT NULL,
file VARCHAR(255) NOT NULL,
cover VARCHAR(255),
artist VARCHAR(255) NOT NULL,
lyrics TEXT,
uploaded_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);This schema supports all core features including metadata storage for songs, cover art references, and lyrics. The uploaded_at timestamp enables chronological playlist sorting.
/project-root ├── index.php # All-in-one PHP/HTML/JS application ├── .htaccess # Apache configuration ├── /uploads # Media storage (777 permissions) │ ├── song1.mp3 # MP3 files │ └── cover1.jpg # Album art └── README.md # Documentation
Main application file containing all backend logic and frontend interface.
Apache server configuration for routing, security and performance.
Directory for storing uploaded media files (requires 777 permissions).
$host = "localhost"; // Database host
$db = "loco_music"; // Database name
$user = "root"; // Database user
$pass = ""; // Database passwordCredentials are hardcoded in the PHP script. For production-like environments, consider using environment variables or a configuration file outside the web root.
mkdir -p uploads/
chmod 777 uploads/The uploads directory requires full read/write/execute permissions (777) to allow the web server to create directories, write files, and serve uploaded content.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>Enables clean URLs by routing all requests to index.php unless the request is for an existing file or directory.
# Disable directory browsing
Options -Indexes
# Disallow remote access to sensitive files
<FilesMatch "\.(env|ini|log|sql|bak|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>Prevents directory listing and blocks access to configuration/backup files.
<IfModule mod_php7.c>
php_value upload_max_filesize 64M
php_value post_max_size 64M
php_value max_execution_time 300
php_value max_input_time 300
</IfModule>Configures PHP to allow large file uploads and increases execution time for upload processing.
<IfModule mod_mime.c>
AddType audio/mpeg .mp3
AddType image/jpeg .jpg .jpeg
AddType image/png .png
AddType image/gif .gif
</IfModule>Ensures correct content-type headers are sent for media files.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript application/javascript application/json
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType audio/mpeg "access plus 1 week"
ExpiresByType image/jpg "access plus 1 week"
ExpiresByType image/jpeg "access plus 1 week"
ExpiresByType image/png "access plus 1 week"
ExpiresByType image/gif "access plus 1 week"
ExpiresByType text/css "access plus 1 day"
ExpiresByType application/javascript "access plus 1 day"
</IfModule>Enables GZIP compression and sets caching headers for static assets to improve performance.
<audio> element
Credentials are hardcoded in PHP script. If source code is exposed, database could be compromised.
$host = "localhost"; $user = "root"; $pass = "";
Only checks file extensions (.mp3, .jpg, etc.) without content-type verification or file sanitization.
Prepared statements used for inserts but not for all queries. No input sanitization for search/filter functions.
Upload form lacks CSRF token protection. Attackers can forge requests to upload malicious files.
User-provided lyrics directly displayed without sanitization. Potential for script injection.