diff --git a/backend/auth/captin/loginUsingCredentialsWithoutGoogle.php b/backend/auth/captin/loginUsingCredentialsWithoutGoogle.php index 9952669c..612cdd58 100644 --- a/backend/auth/captin/loginUsingCredentialsWithoutGoogle.php +++ b/backend/auth/captin/loginUsingCredentialsWithoutGoogle.php @@ -23,15 +23,94 @@ if (!$email || !$password) { // 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check) $allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: ''; $allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv))); +if (empty($allowedEmails)) { + $allowedEmails = [ + 'driver_tester@siromove.com', + 'passenger_tester@siromove.com', + ]; +} $cleanEmail = strtolower(trim($email)); -$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com'; +$isTester = in_array($cleanEmail, $allowedEmails) || + substr($cleanEmail, -13) === '@siromove.com' || + str_contains($cleanEmail, 'tester') || + str_contains($cleanEmail, 'reviewer'); // تشفير الإيميل لاستخدامه في الاستعلام $encryptedEmail = $encryptionHelper->encryptData($email); try { $con = Database::get('main'); + + // Auto-seed/create tester driver if it doesn't exist + if ($cleanEmail === 'driver_tester@siromove.com') { + $stmtCheck = $con->prepare("SELECT id FROM driver WHERE email = :email LIMIT 1"); + $stmtCheck->bindParam(':email', $encryptedEmail); + $stmtCheck->execute(); + if (!$stmtCheck->fetch()) { + $driverId = 'tester_driver_id_2026'; + $phone = '+962790000002'; + $hashedPassword = password_hash('SiroDriver2026!', PASSWORD_DEFAULT); + + $encryptedPhone = $encryptionHelper->encryptData($phone); + $encryptedFirstName = $encryptionHelper->encryptData('Driver'); + $encryptedLastName = $encryptionHelper->encryptData('Tester'); + $encryptedGender = $encryptionHelper->encryptData('Male'); + $encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01'); + $encryptedSite = $encryptionHelper->encryptData('Jordan'); + + // Insert driver + $insert = $con->prepare("INSERT INTO driver (id, phone, email, password, gender, birthdate, site, first_name, last_name) + VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)"); + $insert->execute([ + ':id' => $driverId, + ':phone' => $encryptedPhone, + ':email' => $encryptedEmail, + ':password' => $hashedPassword, + ':gender' => $encryptedGender, + ':birthdate' => $encryptedBirthdate, + ':site' => $encryptedSite, + ':first_name' => $encryptedFirstName, + ':last_name' => $encryptedLastName + ]); + + // Ensure phone_verification row exists + $stmtPhone = $con->prepare("SELECT * FROM phone_verification WHERE phone_number = :phone LIMIT 1"); + $stmtPhone->bindParam(':phone', $encryptedPhone); + $stmtPhone->execute(); + if (!$stmtPhone->fetch()) { + $insertPhone = $con->prepare("INSERT INTO phone_verification (phone_number, is_verified) VALUES (:phone, 1)"); + $insertPhone->bindParam(':phone', $encryptedPhone); + $insertPhone->execute(); + } else { + $updatePhone = $con->prepare("UPDATE phone_verification SET is_verified = 1 WHERE phone_number = :phone"); + $updatePhone->bindParam(':phone', $encryptedPhone); + $updatePhone->execute(); + } + + // Ensure CarRegistration row exists + $stmtCar = $con->prepare("SELECT * FROM CarRegistration WHERE driverID = :driverID LIMIT 1"); + $stmtCar->bindParam(':driverID', $driverId); + $stmtCar->execute(); + if (!$stmtCar->fetch()) { + $insertCar = $con->prepare("INSERT INTO CarRegistration (driverID, vin, car_plate, make, model, year, expiration_date, color, owner, color_hex, fuel) + VALUES (:driverID, :vin, :car_plate, 'Toyota', 'Prius', 2020, '2030-01-01', 'White', :owner, '#FFFFFF', 'Petrol')"); + $encryptedVin = $encryptionHelper->encryptData('TESTVIN1234567890'); + $encryptedPlate = $encryptionHelper->encryptData('155186'); + $encryptedOwner = $encryptionHelper->encryptData('Driver Tester'); + $insertCar->execute([ + ':driverID' => $driverId, + ':vin' => $encryptedVin, + ':car_plate' => $encryptedPlate, + ':owner' => $encryptedOwner + ]); + } else { + $updateCar = $con->prepare("UPDATE CarRegistration SET make = 'Toyota', model = 'Prius', year = 2020 WHERE driverID = :driverID"); + $updateCar->bindParam(':driverID', $driverId); + $updateCar->execute(); + } + } + } // SQL لاسترجاع المستخدم بناءً على البريد الإلكتروني المشفر $sql = "SELECT diff --git a/backend/auth/loginUsingCredentialsWithoutGooglePassenger.php b/backend/auth/loginUsingCredentialsWithoutGooglePassenger.php index f53e5bad..c607b003 100644 --- a/backend/auth/loginUsingCredentialsWithoutGooglePassenger.php +++ b/backend/auth/loginUsingCredentialsWithoutGooglePassenger.php @@ -21,10 +21,19 @@ if (!$email || !$password) { // 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check) $allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: ''; $allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv))); +if (empty($allowedEmails)) { + $allowedEmails = [ + 'driver_tester@siromove.com', + 'passenger_tester@siromove.com', + ]; +} $cleanEmail = strtolower(trim($email)); -$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com'; +$isTester = in_array($cleanEmail, $allowedEmails) || + substr($cleanEmail, -13) === '@siromove.com' || + str_contains($cleanEmail, 'tester') || + str_contains($cleanEmail, 'reviewer'); try { $con = Database::get('main'); @@ -32,6 +41,54 @@ try { // تشفير الإيميل للبحث في قاعدة البيانات $encryptedEmail = $encryptionHelper->encryptData($email); + // Auto-seed/create tester passenger if it doesn't exist + if ($cleanEmail === 'passenger_tester@siromove.com') { + $stmtCheck = $con->prepare("SELECT id FROM passengers WHERE email = :email LIMIT 1"); + $stmtCheck->bindParam(':email', $encryptedEmail); + $stmtCheck->execute(); + if (!$stmtCheck->fetch()) { + $passengerId = 'tester_passenger_id_2026'; + $phone = '+962790000003'; + $hashedPassword = password_hash('SiroPassenger2026!', PASSWORD_DEFAULT); + + $encryptedPhone = $encryptionHelper->encryptData($phone); + $encryptedFirstName = $encryptionHelper->encryptData('Passenger'); + $encryptedLastName = $encryptionHelper->encryptData('Tester'); + $encryptedGender = $encryptionHelper->encryptData('Male'); + $encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01'); + $encryptedSite = $encryptionHelper->encryptData('Jordan'); + + // Insert passenger + $insert = $con->prepare("INSERT INTO passengers (id, phone, email, password, gender, birthdate, site, first_name, last_name) + VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)"); + $insert->execute([ + ':id' => $passengerId, + ':phone' => $encryptedPhone, + ':email' => $encryptedEmail, + ':password' => $hashedPassword, + ':gender' => $encryptedGender, + ':birthdate' => $encryptedBirthdate, + ':site' => $encryptedSite, + ':first_name' => $encryptedFirstName, + ':last_name' => $encryptedLastName + ]); + + // Ensure phone_verification_passenger row exists + $stmtPhone = $con->prepare("SELECT * FROM phone_verification_passenger WHERE phone_number = :phone LIMIT 1"); + $stmtPhone->bindParam(':phone', $encryptedPhone); + $stmtPhone->execute(); + if (!$stmtPhone->fetch()) { + $insertPhone = $con->prepare("INSERT INTO phone_verification_passenger (phone_number, verified) VALUES (:phone, 1)"); + $insertPhone->bindParam(':phone', $encryptedPhone); + $insertPhone->execute(); + } else { + $updatePhone = $con->prepare("UPDATE phone_verification_passenger SET verified = 1 WHERE phone_number = :phone"); + $updatePhone->bindParam(':phone', $encryptedPhone); + $updatePhone->execute(); + } + } + } + $sql = "SELECT p.*, phone_verification_passenger.verified, @@ -43,25 +100,24 @@ try { ON phone_verification_passenger.phone_number = p.phone LEFT JOIN invitesToPassengers ON invitesToPassengers.inviterPassengerPhone = p.phone - WHERE p.email = :email AND p.password = :password + WHERE p.email = :email LIMIT 1"; $stmt = $con->prepare($sql); $stmt->bindParam(':email', $encryptedEmail); - // نفترض أن كلمة المرور تُخزن بنص صريح للفاحصين أو يتم معالجتها مسبقاً (حسب آلية فلاتر القديمة) - $stmt->bindParam(':password', $password); $stmt->execute(); $data = $stmt->fetch(PDO::FETCH_ASSOC); - $count = $stmt->rowCount(); - if ($count > 0) { - // التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة - $isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1); - if (!$isTestInDb && !$isTester) { - jsonError("Access denied. Not a tester account."); - exit(); - } + if ($data) { + // فحص الباسورد + if (password_verify($password, $data['password']) || $password === $data['password']) { + // التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة + $isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1); + if (!$isTestInDb && !$isTester) { + jsonError("Access denied. Not a tester account."); + exit(); + } // فك تشفير البيانات للرد if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']); if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']); @@ -85,6 +141,12 @@ try { "data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة ], JSON_UNESCAPED_UNICODE); + } else { + echo json_encode([ + "status" => "failure", + "message" => "Invalid credentials" + ]); + } } else { echo json_encode([ "status" => "failure",