Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-15 19:39:21

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-15 19:39:21 +03:00
parent c472a78416
commit 04943e3d52
23 changed files with 1497 additions and 324 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
backend/ride/rides/add.php
View File

@@ -1,128 +0,0 @@
<?php
require_once __DIR__ . '/../../connect.php';
// 🚀 1. تسجيل بداية الطلب
error_log("🚀 [add_ride.php] Request Started.");
// استلام البيانات
$start_location = filterRequest("start_location");
$end_location = filterRequest("end_location");
$date_raw = filterRequest("date"); // نستلم القيمة الخام
$time_raw = filterRequest("time"); // نستلم القيمة الخام
$endtime_raw = filterRequest("endtime");
$price = filterRequest("price");
$passenger_id = filterRequest("passenger_id");
$driver_id = filterRequest("driver_id");
$status = filterRequest("status");
$price_for_driver = filterRequest("price_for_driver");
$price_for_passenger = filterRequest("price_for_passenger");
$distance = filterRequest("distance");
$carType = filterRequest("carType");
error_log(" [add_ride.php] Data Received. Processing dates...");
// 🛠️ 2. معالجة التواريخ لتناسب MySQL (الحل الجذري للمشكلة)
// تحويل "2025-12-18 09:48:26.805" إلى "2025-12-18" فقط
$date_formatted = date("Y-m-d", strtotime($date_raw));
// تحويل "2025-12-18 09:48:26.810" إلى "09:48:26" فقط
$time_formatted = date("H:i:s", strtotime($time_raw));
// معالجة وقت الانتهاء (قد يكون مدة أو وقت)
// نحاول استخراج الوقت منه، إذا فشل نضعه 00:00:00
$endtime_formatted = date("H:i:s", strtotime($endtime_raw));
if (!$endtime_formatted) {
$endtime_formatted = "00:00:00";
}
// تجهيز مصفوفة البيانات
$data = [
":start_location" => $start_location,
":end_location" => $end_location,
":date" => $date_formatted, // نستخدم الصيغة المعالجة
":time" => $time_formatted, // نستخدم الصيغة المعالجة
":endtime" => $endtime_formatted,
":price" => $price,
":passenger_id" => $passenger_id,
":driver_id" => $driver_id,
":status" => $status,
":carType" => $carType,
":price_for_driver" => $price_for_driver,
":price_for_passenger" => $price_for_passenger,
":distance" => $distance,
];
// تسجيل البيانات التي سيتم إدخالها للتأكد
error_log(" [add_ride.php] Prepared Data: " . json_encode($data));
// ---------------------------------------------------------
// 3. الإضافة في السيرفر المحلي (Main DB)
// ---------------------------------------------------------
$sql = "INSERT INTO `ride` (
`start_location`, `end_location`, `date`, `time`, `endtime`,
`price`, `passenger_id`, `driver_id`, `status`, `carType`,
`price_for_driver`, `price_for_passenger`, `distance`
) VALUES (
:start_location, :end_location, :date, :time, :endtime,
:price, :passenger_id, :driver_id, :status, :carType,
:price_for_driver, :price_for_passenger, :distance
)";
try {
error_log("🔄 [add_ride.php] Inserting into LOCAL DB...");
$stmt = $con->prepare($sql);
$stmt->execute($data);
$insertedId = $con->lastInsertId();
$count = $stmt->rowCount();
error_log("✅ [add_ride.php] Local Insert Success. ID: $insertedId");
if ($count > 0) {
// ---------------------------------------------------------
// 4. الإضافة في سيرفر التتبع (Tracking DB)
// ---------------------------------------------------------
$sqlRemote = "INSERT INTO `ride` (
`id`, `start_location`, `end_location`, `date`, `time`, `endtime`,
`price`, `passenger_id`, `driver_id`, `status`, `carType`,
`price_for_driver`, `price_for_passenger`, `distance`
) VALUES (
:id, :start_location, :end_location, :date, :time, :endtime,
:price, :passenger_id, :driver_id, :status, :carType,
:price_for_driver, :price_for_passenger, :distance
)";
// إضافة الـ ID للمصفوفة
$data[':id'] = $insertedId;
try {
error_log("🔄 [add_ride.php] Inserting into REMOTE DB...");
$stmtRemote = $con_ride->prepare($sqlRemote);
$stmtRemote->execute($data);
error_log("✅ [add_ride.php] Remote Insert Success.");
} catch (PDOException $eRemote) {
// نسجل خطأ الريموت لكن لا نوقف العملية لأن اللوكل تم بنجاح
error_log("⚠️ [add_ride.php] Remote DB Error: " . $eRemote->getMessage());
}
// طباعة النجاح (JSON صحيح)
jsonSuccess($insertedId);
} else {
error_log("❌ [add_ride.php] Failed to insert locally (Rows affected 0).");
jsonError("Failed to save ride information locally");
}
} catch (PDOException $e) {
// تسجيل الخطأ بدقة
error_log("❌ [add_ride.php] SQL Error: " . $e->getMessage());
jsonError("Database Error: " . $e->getMessage());
}
?>

54
backend/ride/rides/add_ride.php
View File

@@ -57,6 +57,7 @@ error_log("[add_ride] Request started. passenger_id=" . ($_POST['passenger_id']
$start_location = filterRequest("start_location");
$end_location = filterRequest("end_location");
$price = filterRequest("price");
$price_token = filterRequest("price_token");
$passenger_id = filterRequest("passenger_id");
$driver_id = filterRequest("driver_id") ?: 0;
$status = filterRequest("status");
@@ -82,6 +83,15 @@ $step2 = filterRequest("step2");
$step3 = filterRequest("step3");
$step4 = filterRequest("step4");
// Helper to compare coordinates (allowing slight GPS precision drift up to ~500m)
function coordsMatch($coordStr1, $coordStr2, $tolerance = 0.005) {
if (empty($coordStr1) || empty($coordStr2)) return false;
$c1 = array_map('floatval', explode(',', $coordStr1));
$c2 = array_map('floatval', explode(',', $coordStr2));
if (count($c1) < 2 || count($c2) < 2) return false;
return (abs($c1[0] - $c2[0]) < $tolerance) && (abs($c1[1] - $c2[1]) < $tolerance);
}
// Validation
if (empty($passenger_id) || empty($start_location) || empty($end_location) || empty($price)) {
error_log("[add_ride] Validation failed — missing required fields.");
@@ -89,6 +99,50 @@ if (empty($passenger_id) || empty($start_location) || empty($end_location) || em
exit;
}
// SECURE PRICE TOKEN VERIFICATION
if (empty($price_token)) {
error_log("[add_ride] Security failed — price_token is missing.");
printFailure("Secure price token is required");
exit;
}
$decrypted = isset($encryptionHelper) ? $encryptionHelper->decryptData($price_token) : false;
if (!$decrypted) {
error_log("[add_ride] Security failed — failed to decrypt price_token.");
printFailure("Invalid or tampered price token");
exit;
}
$tokenData = json_decode($decrypted, true);
if (!$tokenData || !isset($tokenData['expires']) || $tokenData['expires'] < time()) {
error_log("[add_ride] Security failed — token is expired or invalid JSON.");
printFailure("Price token has expired, please request estimation again");
exit;
}
if ($tokenData['passenger_id'] != $passenger_id) {
error_log("[add_ride] Security failed — passenger_id mismatch.");
printFailure("Tampered price token (passenger mismatch)");
exit;
}
if (!coordsMatch($tokenData['start_location'], $start_location) || !coordsMatch($tokenData['end_location'], $end_location)) {
error_log("[add_ride] Security failed — coordinates mismatch. Token: " . ($tokenData['start_location'] . " / " . $tokenData['end_location']) . " Request: " . ($start_location . " / " . $end_location));
printFailure("Tampered price token (route mismatch)");
exit;
}
if (!isset($tokenData['prices'][$carType])) {
error_log("[add_ride] Security failed — car type $carType not found in token.");
printFailure("Invalid car type for this token");
exit;
}
// Securely override pricing from the cryptographically signed token
$price = $tokenData['prices'][$carType]['price'];
$price_for_driver = $tokenData['prices'][$carType]['driver_price'];
$price_for_passenger = $price;
// ── 2. تنسيق التواريخ ─────────────────────────────────────────
$date_formatted = date("Y-m-d");
$time_formatted = date("H:i:s");