How do I allow website visitors to submit playable audio directly to my site?

[levilucas]

I'm starting a music promo website(wordpress) and I want to give my authorized users the ability to post their music that's playable on my site. They fill out a form with basic info, attach the audio file, submit, and an audio player of their submission appears on a page dedicated to all audio submissions.

At the moment, the best I can do is the post info goes to my email and I do it all manually. How would I set it up so that the form submission generates the audio player and posts to my site automatically?

I've looked all over but I'm not seeing help for what I need. I'm fairly new to anything coding, so any help or a point in the right direction would be greatly appreciated.

[requinix]

This is a pretty basic database + file upload idea. People upload files to your server. You store information in a database. The site loads the information and displays it on its pages.

You should start with researching how those things work. Allowing uploads is also risky because you have to be absolutely sure the files are legitimate music files and not, say, PHP scripts or viruses.

Speaking of legitimate, keep in mind people will upload music that isn't their own, and if your site gets even remotely popular than certain entities will take a disliking to that.

[levilucas]

Sorry, I think I need to be more clear! I can grasp writing the script allowing users to post to my site. I'm just not sure how I would write it to generate the audio player.

Also, I was simply going to have the file types limited to just audio files(MP3 and WAV) so that should protect me well enough from possible attacks, correct?

And as far as legitimacy goes, I've looked at the Terms of Use of other similar sites and mirrored them for mine to cover the legal aspect and I would definitely require uploaders to agree to all terms before upload.

I appreciate the help and any further help!

[requinix]

38 minutes ago, levilucas said:

Sorry, I think I need to be more clear! I can grasp writing the script allowing users to post to my site. I'm just not sure how I would write it to generate the audio player.

The audio player isn't a PHP matter. You do whatever you want to do in order to play the file. Like a <audio>. Somewhere in there you will have to tell the player where the media actually is, so that's what you would change when creating a player for the uploaded files.

Quote

Also, I was simply going to have the file types limited to just audio files(MP3 and WAV) so that should protect me well enough from possible attacks, correct?

Naturally. The question is how you actually do that. How do you know what type of file it is? Checking the file "type" (as seen in $_FILES) isn't safe because anybody can make that value say anything they want. Checking the file extension isn't enough because then people could upload whatever files they wanted as long as they were named *.mp3 or *.wav - the audio player wouldn't work, no, but the file would still be out there on your server for anyone to get at.

You have to really check the file. In depth. Like by running it through ffmpeg for transcoding (maybe you want to also keep a low quality 30-second sample?) beyond simply verifying the file is, in fact, audio. And totally reject it if it's not valid.