Update: 2026-06-16 22:44:11
This commit is contained in:
Hamza-Ayed
@@ -1,58 +1,104 @@
|
||||
<?php
|
||||
/**
|
||||
* driverWallet/add.php — إضافة رصيد لمحفظة السائق
|
||||
*
|
||||
* ═══════════════════════════════════════════════════════════════
|
||||
* SECURITY FIX:
|
||||
* - إضافة التحقق من ملكية الحساب (driverID == JWT user_id)
|
||||
* - لف العملية في Transaction ذرية
|
||||
* - استخدام FOR UPDATE لمنع Race Condition على التوكن
|
||||
* - التحقق من صحة المبلغ
|
||||
* ═══════════════════════════════════════════════════════════════
|
||||
*/
|
||||
|
||||
// Include the database connection file
|
||||
// Include the database connection file (calls authenticateJWT)
|
||||
include "../../connect.php";
|
||||
//ride/driverWallet/add.php
|
||||
// Get the request parameters
|
||||
$driverID = filterRequest("driverID");
|
||||
$paymentID = filterRequest("paymentID");
|
||||
$amount = filterRequest("amount");
|
||||
|
||||
// ── 1. استخراج user_id من JWT المصادق ──────────────────────────
|
||||
$jwtUserId = $decodedToken->user_id ?? $decodedToken->sub ?? null;
|
||||
|
||||
// ── 2. استخراج والتحقق من البيانات ──────────────────────────
|
||||
$driverID = filterRequest("driverID");
|
||||
$paymentID = filterRequest("paymentID");
|
||||
$amount = filterRequest("amount");
|
||||
$paymentMethod = filterRequest("paymentMethod");
|
||||
$token = filterRequest("token");
|
||||
$token = filterRequest("token");
|
||||
|
||||
// Retrieve token details from the database
|
||||
$stmt = $con->prepare("SELECT * FROM payment_tokens WHERE token = :token AND isUsed = FALSE");
|
||||
$stmt->execute(array(
|
||||
':token' => $token
|
||||
));
|
||||
|
||||
$tokenData = $stmt->fetch();
|
||||
|
||||
if ($tokenData) {
|
||||
// Add payment to the driver's wallet table
|
||||
$sql = "INSERT INTO `driverWallet` (
|
||||
`driverID`,
|
||||
`paymentID`,
|
||||
`amount`,
|
||||
`paymentMethod`
|
||||
) VALUES (
|
||||
:driverID,
|
||||
:paymentID,
|
||||
:amount,
|
||||
:paymentMethod
|
||||
);";
|
||||
|
||||
$stmt = $con->prepare($sql);
|
||||
$stmt->execute(array(
|
||||
':driverID' => $driverID,
|
||||
':paymentID' => $paymentID,
|
||||
':amount' => $amount,
|
||||
':paymentMethod' => $paymentMethod
|
||||
));
|
||||
|
||||
if ($stmt->rowCount() > 0) {
|
||||
// Print a success message
|
||||
printSuccess("Record saved successfully");
|
||||
|
||||
// Mark the token as used in the database
|
||||
$stmt = $con->prepare("UPDATE payment_tokens SET isUsed = TRUE WHERE id = :tokenID");
|
||||
$stmt->execute(array(
|
||||
':tokenID' => $tokenData['id']
|
||||
));
|
||||
} else {
|
||||
// Print a failure message
|
||||
printFailure("Failed to save record");
|
||||
}
|
||||
} else {
|
||||
printFailure("Invalid or already used token");
|
||||
if (empty($driverID) || !isset($amount) || empty($paymentMethod) || empty($token)) {
|
||||
printFailure("Missing required parameters");
|
||||
exit;
|
||||
}
|
||||
|
||||
// ── 3. التحقق من ملكية الحساب ────────────────────────────────
|
||||
// السائق المصادق يمكنه فقط إضافة رصيد لمحفظته الشخصية
|
||||
if ($jwtUserId !== null && $driverID !== $jwtUserId) {
|
||||
error_log(sprintf(
|
||||
'⚠️ [SECURITY] Ownership mismatch in add.php | jwt_user=%s | requested_driverID=%s | IP=%s',
|
||||
$jwtUserId, $driverID, $_SERVER['REMOTE_ADDR'] ?? 'unknown'
|
||||
));
|
||||
http_response_code(403);
|
||||
printFailure("Forbidden: You can only modify your own wallet");
|
||||
exit;
|
||||
}
|
||||
|
||||
// ── 4. التحقق من المبلغ ─────────────────────────────────────
|
||||
$amount = floatval($amount);
|
||||
if ($amount <= 0 || $amount > 1000000) {
|
||||
printFailure("Invalid amount");
|
||||
exit;
|
||||
}
|
||||
|
||||
// ── 5. العملية الذرية ─────────────────────────────────────────
|
||||
try {
|
||||
$con->beginTransaction();
|
||||
|
||||
// التحقق من التوكن مع قفل السجل (FOR UPDATE) لمنع Race Condition
|
||||
$stmt = $con->prepare("SELECT * FROM payment_tokens WHERE token = :token AND isUsed = FALSE FOR UPDATE");
|
||||
$stmt->execute([':token' => $token]);
|
||||
$tokenData = $stmt->fetch();
|
||||
|
||||
if ($tokenData) {
|
||||
// إدخال سجل المحفظة
|
||||
$sql = "INSERT INTO `driverWallet` (
|
||||
`driverID`,
|
||||
`paymentID`,
|
||||
`amount`,
|
||||
`paymentMethod`
|
||||
) VALUES (
|
||||
:driverID,
|
||||
:paymentID,
|
||||
:amount,
|
||||
:paymentMethod
|
||||
);";
|
||||
|
||||
$stmt = $con->prepare($sql);
|
||||
$stmt->execute([
|
||||
':driverID' => $driverID,
|
||||
':paymentID' => $paymentID,
|
||||
':amount' => $amount,
|
||||
':paymentMethod' => $paymentMethod
|
||||
]);
|
||||
|
||||
if ($stmt->rowCount() > 0) {
|
||||
// تحديث حالة التوكن
|
||||
$stmt = $con->prepare("UPDATE payment_tokens SET isUsed = TRUE WHERE id = :tokenID");
|
||||
$stmt->execute([':tokenID' => $tokenData['id']]);
|
||||
|
||||
$con->commit();
|
||||
printSuccess("Record saved successfully");
|
||||
} else {
|
||||
$con->rollBack();
|
||||
printFailure("Failed to save record");
|
||||
}
|
||||
} else {
|
||||
$con->rollBack();
|
||||
printFailure("Invalid or already used token");
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
if ($con->inTransaction()) {
|
||||
$con->rollBack();
|
||||
}
|
||||
error_log("[driverWallet/add] " . $e->getMessage());
|
||||
printFailure("An error occurred");
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user