Update: 2026-06-16 02:14:34

2026-06-16 02:14:35 +03:00
parent fc58529b09
commit 2c657fa0b4
13 changed files with 100 additions and 31 deletions
--- a/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php
+++ b/walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php
@@ -88,6 +88,11 @@ class EncryptionHelper {

 	public function decryptBinary($data) {
    $decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
+    // CRIT-07 FIX: التحقق من فشل openssl_decrypt
+    if ($decrypted === false) {
+        error_log('[CRIT-07] openssl_decrypt failed in decryptBinary');
+        throw new Exception('Decryption failed');
+    }
    return $decrypted;
 	}
 }
--- a/walletintaleq.intaleq.xyz/v2/main/loginWallet.php
+++ b/walletintaleq.intaleq.xyz/v2/main/loginWallet.php
@@ -36,6 +36,12 @@ header('Content-Type: application/json');
 header("Access-Control-Allow-Origin: https://wallet.sefer.live");  // Replace * with your Flutter app's origin
 header("Access-Control-Allow-Methods: POST, OPTIONS");
 header("Access-Control-Allow-Headers: Content-Type, Authorization");
+// MED FIX: إضافة Security Headers
+header('X-Content-Type-Options: nosniff');
+header('X-Frame-Options: DENY');
+header('Strict-Transport-Security: max-age=31536000; includeSubDomains');
+header("Referrer-Policy: strict-origin-when-cross-origin");
+header("X-XSS-Protection: 1; mode=block");

 // Handle preflight OPTIONS requests
 if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
@@ -123,13 +129,13 @@ $hmac = hash_hmac('sha256', $id, getenv('SECRET_KEY_HMAC'));
 }

 } catch (InvalidArgumentException $e) {
-    // Handle input validation errors
-    http_response_code(400); // Bad Request - Client-side error
-  //  error_log("Input validation error: " . $e->getMessage());  // Log for debugging
-    echo json_encode(['error' => $e->getMessage()]);  // Specific error message
+    // HIGH-05 FIX: لا تكشف رسائل الخطأ من الاستثناءات مباشرة
+    error_log("Input validation error: " . $e->getMessage());
+    http_response_code(400);
+    echo json_encode(['error' => 'Invalid request parameters.']);
 } catch (Exception $e) {
-    // Handle other exceptions (e.g., JWT encoding errors)
-    http_response_code(500); // Internal Server Error
-  //  error_log("Server error: " . $e->getMessage()); // Log for debugging
-    echo json_encode(['error' => 'An unexpected error occurred.']); // Generic message
-}
+    // HIGH-05 FIX: لا تكشف رسائل الخطأ الداخلية
+    error_log("Server error: " . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['error' => 'An unexpected error occurred.']);
+}
--- a/walletintaleq.intaleq.xyz/v2/main/loginWalletAdmin.php
+++ b/walletintaleq.intaleq.xyz/v2/main/loginWalletAdmin.php
@@ -70,14 +70,18 @@ try {
    $user = $stmt->fetch();

    if (!$user) {
-        // إذا لم يكن موجوداً، نتحقق من كلمة السر العامة للأدمن كخيار أخير
-        if ($id === 'admin' && $password === $passwordnewpassenger) {
-            // السماح بالدخول كأدمن عام
-        } else {
-            http_response_code(403);
-            echo json_encode(['error' => 'User not found']);
-            exit;
-        }
+        // ⚠️ CRIT-01 FIX: إزالة backdoor الدخول بكلمة سر plaintext
+        // لا يمكن الدخول إلا عبر مستخدمين مسجلين في قاعدة البيانات
+        http_response_code(403);
+        echo json_encode(['error' => 'User not found']);
+        exit;
+    }
+
+    // التحقق من كلمة السر باستخدام password_verify (آمن)
+    if (!password_verify($password, $user['password'])) {
+        http_response_code(403);
+        echo json_encode(['error' => 'Invalid credentials']);
+        exit;
    }

    // --- إنشاء JWT ---
@@ -102,6 +106,8 @@ try {
    http_response_code(200);

 } catch (Exception $e) {
+    // HIGH-05 FIX: لا تكشف رسائل الخطأ التفصيلية
+    error_log('[loginWalletAdmin] Error: ' . $e->getMessage());
    http_response_code(500);
-    echo json_encode(['error' => 'Unexpected error occurred: ' . $e->getMessage()]);
+    echo json_encode(['error' => 'An internal error occurred. Please try again later.']);
 }
--- a/walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php
@@ -70,6 +70,6 @@ try {
    
 } catch (Exception $e) {
    error_log("Error in cliq verify: " . $e->getMessage());
-    echo json_encode(["status" => "error", "message" => "Server error: " . $e->getMessage()]);
+    echo json_encode(["status" => "error", "message" => "Server error occurred."]);
 }
 ?>
--- a/walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/convertBudgetToPoints.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/convertBudgetToPoints.php
@@ -29,10 +29,10 @@ try {
    }

    // 2. Generate unique tokens
-    $paymentID1 = "budget2pt_" . time() . rand(1000, 9999);
-    $paymentID2 = "pt2budget_" . time() . rand(1000, 9999);
-    $token1 = md5(uniqid("b1", true));
-    $token2 = md5(uniqid("b2", true));
+    $paymentID1 = "budget2pt_" . time() . bin2hex(random_bytes(4));
+    $paymentID2 = "pt2budget_" . time() . bin2hex(random_bytes(4));
+    $token1 = bin2hex(random_bytes(32));
+    $token2 = bin2hex(random_bytes(32));

    // 3. Deduct from budget (payments)
    $deductAmount = -$amount;
@@ -62,6 +62,7 @@ try {

 } catch (Exception $e) {
    $con->rollBack();
-    echo json_encode(['status' => 'error', 'message' => 'Database transaction failed: ' . $e->getMessage()]);
+    error_log('[convertBudgetToPoints] Error: ' . $e->getMessage());
+    echo json_encode(['status' => 'error', 'message' => 'An internal error occurred.']);
 }
 ?>
--- a/walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/transfer.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/transfer.php
@@ -124,6 +124,7 @@ try {

 } catch (Exception $e) {
    $con->rollBack();
-    echo json_encode(['status' => 'error', 'message' => 'Database transaction failed: ' . $e->getMessage()]);
+    error_log('[transfer] Error: ' . $e->getMessage());
+    echo json_encode(['status' => 'error', 'message' => 'An internal error occurred.']);
 }
 ?>