diff --git a/backend/auth/token_passenger/driver/send_otp_driver.php b/backend/auth/token_passenger/driver/send_otp_driver.php index 2e0d5ce..b6c4456 100644 --- a/backend/auth/token_passenger/driver/send_otp_driver.php +++ b/backend/auth/token_passenger/driver/send_otp_driver.php @@ -3,7 +3,7 @@ require_once __DIR__ . '/../../../connect.php'; /* 1) توليد رمز التحقق (3 خانات) --------------------------------------------------- */ -$otp = (string)rand(100, 999); +$otp = (string)random_int(100, 999); $receiver = filterRequest("receiver"); if (empty($receiver)) { @@ -69,6 +69,11 @@ if ($sentOK) { "); $stmt->execute([$receiver_enc, $otp_enc, $exp, $now]); + // Also save to Redis for verify_otp compatibility + if ($redis) { + $redis->setex("otp:driver:$receiver", 300, $otp); + } + jsonSuccess(null, 'OTP sent and saved successfully'); } catch (PDOException $e) { @@ -76,12 +81,6 @@ if ($sentOK) { } } else { - $errMsg = $decoded['message'] ?? 'Unknown error'; - jsonError('Failed to send OTP: ' . $errMsg); + jsonError('Failed to send OTP'); } - -/* ----------------------------------------------------------------------- - * أبقينا callAPI() فقط إذا كان يُستخدم في ملفات أخرى – احذفه إن شئت. - * --------------------------------------------------------------------- */ -function callAPI($method, $url, $data) { /* … */ } ?> \ No newline at end of file diff --git a/backend/auth/token_passenger/send_otp.php b/backend/auth/token_passenger/send_otp.php index 4e0a518..ba7acbd 100644 --- a/backend/auth/token_passenger/send_otp.php +++ b/backend/auth/token_passenger/send_otp.php @@ -3,7 +3,7 @@ require_once __DIR__ . '/../../connect.php'; /* 1) توليد رمز التحقق (3 خانات) */ -$otp = (string)rand(100, 999); +$otp = (string)random_int(100, 999); $receiver = filterRequest("receiver"); if (empty($receiver)) { @@ -50,7 +50,7 @@ $decoded = json_decode((string)$res, true); $sentOK = ($httpCode === 200 && ($decoded['success'] ?? false)); if ($sentOK) { - /* 3) تشفير البيانات وحفظ الرمز في قاعدة البيانات */ + /* 3) حفظ الرمز في Redis + قاعدة البيانات */ $receiver_enc = $encryptionHelper->encryptData($receiver); $otp_enc = $encryptionHelper->encryptData($otp); @@ -58,6 +58,7 @@ if ($sentOK) { $now = date('Y-m-d H:i:s'); try { + // Save to MySQL $con->prepare("DELETE FROM token_verification WHERE phone_number = ?") ->execute([$receiver_enc]); @@ -68,6 +69,11 @@ if ($sentOK) { "); $stmt->execute([$receiver_enc, $otp_enc, $exp, $now]); + // Also save to Redis for verify_otp.php compatibility + if ($redis) { + $redis->setex("otp:passenger:$receiver", 300, $otp); + } + jsonSuccess(null, 'OTP sent and saved successfully'); } catch (PDOException $e) { @@ -76,11 +82,6 @@ if ($sentOK) { } else { $errMsg = $decoded['message'] ?? 'Unknown error'; - jsonError('Failed to send OTP: ' . $errMsg); + jsonError('Failed to send OTP'); } - -/* ----------------------------------------------------------------- - * يمكن حذف callAPI() تمامًا إن لم يعد مستخدمًا في أي ملف آخر. - * ---------------------------------------------------------------- */ -function callAPI($method, $url, $data) { /* … (أبقِها أو احذفها) */ } ?> \ No newline at end of file diff --git a/backend/auth/token_passenger/verify_otp.php b/backend/auth/token_passenger/verify_otp.php index 26bcf3c..72d704e 100644 --- a/backend/auth/token_passenger/verify_otp.php +++ b/backend/auth/token_passenger/verify_otp.php @@ -30,7 +30,7 @@ try { $cachedOtp = $redis->get("otp:passenger:$phoneNumber"); - if ($cachedOtp && $cachedOtp == $otp) { + if ($cachedOtp && $cachedOtp === $otp) { // ننجح في التحقق ونحذف المفتاح من Redis لمنع استخدامه مرة أخرى (One-time use) $redis->del("otp:passenger:$phoneNumber"); diff --git a/backend/core/Security/EncryptionHelper.php b/backend/core/Security/EncryptionHelper.php index 853e92c..2ff5e8e 100644 --- a/backend/core/Security/EncryptionHelper.php +++ b/backend/core/Security/EncryptionHelper.php @@ -64,14 +64,25 @@ class EncryptionHelper } // ─── تشفير/فك تشفير Binary (صور، ملفات) ─────────────── + // تُستخدم الـ GCM مع IV عشوائي (كما في encryptData) public function encryptBinary(string $data): string { - return openssl_encrypt($data, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv); + $iv = random_bytes(self::IV_LEN_GCM); + $tag = ''; + $encrypted = openssl_encrypt($data, self::ALGO_GCM, $this->key, OPENSSL_RAW_DATA, $iv, $tag, "", self::TAG_LEN); + return base64_encode($iv . $tag . $encrypted); } public function decryptBinary(string $data): string|false { - return openssl_decrypt($data, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv); + $raw = base64_decode($data, true); + if ($raw === false || strlen($raw) < self::IV_LEN_GCM + self::TAG_LEN) return false; + + $iv = substr($raw, 0, self::IV_LEN_GCM); + $tag = substr($raw, self::IV_LEN_GCM, self::TAG_LEN); + $cipher = substr($raw, self::IV_LEN_GCM + self::TAG_LEN); + + return openssl_decrypt($cipher, self::ALGO_GCM, $this->key, OPENSSL_RAW_DATA, $iv, $tag); } // --------- دوال الـ Padding للـ CBC ---------- diff --git a/backend/encrypt_decrypt.php b/backend/encrypt_decrypt.php index a34c7b8..a6c5242 100644 --- a/backend/encrypt_decrypt.php +++ b/backend/encrypt_decrypt.php @@ -49,8 +49,9 @@ class EncryptionHelper { public function encryptData($plainText) { $plainText = mb_convert_encoding($plainText, 'UTF-8'); $paddedText = $this->addPadding($plainText); - $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - return base64_encode($encrypted); + $iv = random_bytes(16); + $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + return base64_encode($iv . $encrypted); } public function decryptData($encryptedText) { @@ -61,6 +62,22 @@ class EncryptionHelper { return false; } + // محاولة أولى: استخراج IV عشوائي من أول 16 بايت + if (strlen($decoded) >= 16) { + $iv = substr($decoded, 0, 16); + $payload = substr($decoded, 16); + + $decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + + if ($decrypted !== false) { + $pad = ord($decrypted[strlen($decrypted) - 1]); + if ($pad >= 1 && $pad <= 16) { + return substr($decrypted, 0, -$pad); + } + } + } + + // محاولة ثانية: IV ثابت (للبيانات القديمة) $decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); if ($decrypted === false) { @@ -68,7 +85,6 @@ class EncryptionHelper { return false; } - // Verify padding is valid before removal $pad = ord($decrypted[strlen($decrypted) - 1]); if ($pad < 1 || $pad > 16) { error_log("[ERROR] Invalid padding value ($pad) for decrypted input: $encryptedText"); @@ -95,13 +111,23 @@ class EncryptionHelper { return true; } public function encryptBinary($data) { - $encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - return $encrypted; + $iv = random_bytes(16); + $encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + return $iv . $encrypted; } public function decryptBinary($data) { + if (strlen($data) >= 16) { + $iv = substr($data, 0, 16); + $payload = substr($data, 16); + $decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + if ($decrypted !== false) { + return $decrypted; + } + } + + // للبيانات القديمة ذات IV الثابت $decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - // CRIT-07 FIX: التحقق من فشل openssl_decrypt if ($decrypted === false) { error_log('[CRIT-07] openssl_decrypt failed in decryptBinary'); throw new Exception('Decryption failed'); diff --git a/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php b/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php index 74c14d5..1a3c345 100755 --- a/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php +++ b/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php @@ -41,8 +41,9 @@ class EncryptionHelper { public function encryptData($plainText) { $plainText = mb_convert_encoding($plainText, 'UTF-8'); $paddedText = $this->addPadding($plainText); - $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - return base64_encode($encrypted); + $iv = random_bytes(16); + $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + return base64_encode($iv . $encrypted); } public function decryptData($encryptedText) { @@ -53,6 +54,22 @@ class EncryptionHelper { return false; } + // محاولة أولى: استخراج IV عشوائي من أول 16 بايت + if (strlen($decoded) >= 16) { + $iv = substr($decoded, 0, 16); + $payload = substr($decoded, 16); + + $decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + + if ($decrypted !== false) { + $pad = ord($decrypted[strlen($decrypted) - 1]); + if ($pad >= 1 && $pad <= 16) { + return substr($decrypted, 0, -$pad); + } + } + } + + // محاولة ثانية: IV ثابت (للبيانات القديمة) $decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); if ($decrypted === false) { @@ -60,7 +77,6 @@ class EncryptionHelper { return false; } - // Verify padding is valid before removal $pad = ord($decrypted[strlen($decrypted) - 1]); if ($pad < 1 || $pad > 16) { error_log("[ERROR] Invalid padding value ($pad) for decrypted input: $encryptedText"); @@ -82,13 +98,23 @@ class EncryptionHelper { return true; } public function encryptBinary($data) { - $encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - return $encrypted; + $iv = random_bytes(16); + $encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + return $iv . $encrypted; } public function decryptBinary($data) { + if (strlen($data) >= 16) { + $iv = substr($data, 0, 16); + $payload = substr($data, 16); + $decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv); + if ($decrypted !== false) { + return $decrypted; + } + } + + // للبيانات القديمة ذات IV الثابت $decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv); - // CRIT-07 FIX: التحقق من فشل openssl_decrypt if ($decrypted === false) { error_log('[CRIT-07] openssl_decrypt failed in decryptBinary'); throw new Exception('Decryption failed'); diff --git a/walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php b/walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php index 3d8a655..ce80c13 100644 --- a/walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php +++ b/walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php @@ -3,11 +3,15 @@ include "../../connect.php"; $driverID = filterRequest("driverID"); +if (empty($driverID)) { + printFailure("Driver ID is required"); + exit; +} -$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID='$driverID'"; +$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID = :driverID"; $stmt = $con->prepare($sql); -$stmt->execute(); +$stmt->execute([':driverID' => $driverID]); if ($stmt->rowCount() > 0) { // Print a success message