Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): wallet balance check with FOR UPDATE, remove user-supplied ID in signup, hardcoded IP to env

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-17 06:53:00 +03:00
parent 3dad979eb5
commit 1d3ea597f4
3 changed files with 43 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/auth/signup.php
View File

@@ -11,7 +11,6 @@ $password = filterRequest("password");
$gender = filterRequest("gender");
$birthdate = filterRequest("birthdate");
$site = filterRequest("site");
$id = filterRequest("id");
// تشفير البيانات الحساسة
$phone = $encryptionHelper->encryptData($phone);
@@ -39,14 +38,13 @@ try {
exit;
}
// إدخال البيانات الجديدة
// إدخال البيانات الجديدة (مع ID تلقائي)
$sql = "INSERT INTO passengers (
id, phone, email, password, gender, birthdate, site, first_name, last_name
) VALUES (
:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name
UUID_SHORT(), :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name
)";
$stmt = $con->prepare($sql);
$stmt->bindParam(":id", $id);
$stmt->bindParam(":phone", $phone);
$stmt->bindParam(":email", $email);
$stmt->bindParam(":password", $hashedPassword);