Update: 2026-06-29 15:29:28

This commit is contained in:
Hamza-Ayed
2026-06-29 15:29:29 +03:00
parent 5ab863edf1
commit 2da943e745
2 changed files with 154 additions and 13 deletions

View File

@@ -21,10 +21,19 @@ if (!$email || !$password) {
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
if (empty($allowedEmails)) {
$allowedEmails = [
'driver_tester@siromove.com',
'passenger_tester@siromove.com',
];
}
$cleanEmail = strtolower(trim($email));
$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com';
$isTester = in_array($cleanEmail, $allowedEmails) ||
substr($cleanEmail, -13) === '@siromove.com' ||
str_contains($cleanEmail, 'tester') ||
str_contains($cleanEmail, 'reviewer');
try {
$con = Database::get('main');
@@ -32,6 +41,54 @@ try {
// تشفير الإيميل للبحث في قاعدة البيانات
$encryptedEmail = $encryptionHelper->encryptData($email);
// Auto-seed/create tester passenger if it doesn't exist
if ($cleanEmail === 'passenger_tester@siromove.com') {
$stmtCheck = $con->prepare("SELECT id FROM passengers WHERE email = :email LIMIT 1");
$stmtCheck->bindParam(':email', $encryptedEmail);
$stmtCheck->execute();
if (!$stmtCheck->fetch()) {
$passengerId = 'tester_passenger_id_2026';
$phone = '+962790000003';
$hashedPassword = password_hash('SiroPassenger2026!', PASSWORD_DEFAULT);
$encryptedPhone = $encryptionHelper->encryptData($phone);
$encryptedFirstName = $encryptionHelper->encryptData('Passenger');
$encryptedLastName = $encryptionHelper->encryptData('Tester');
$encryptedGender = $encryptionHelper->encryptData('Male');
$encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01');
$encryptedSite = $encryptionHelper->encryptData('Jordan');
// Insert passenger
$insert = $con->prepare("INSERT INTO passengers (id, phone, email, password, gender, birthdate, site, first_name, last_name)
VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)");
$insert->execute([
':id' => $passengerId,
':phone' => $encryptedPhone,
':email' => $encryptedEmail,
':password' => $hashedPassword,
':gender' => $encryptedGender,
':birthdate' => $encryptedBirthdate,
':site' => $encryptedSite,
':first_name' => $encryptedFirstName,
':last_name' => $encryptedLastName
]);
// Ensure phone_verification_passenger row exists
$stmtPhone = $con->prepare("SELECT * FROM phone_verification_passenger WHERE phone_number = :phone LIMIT 1");
$stmtPhone->bindParam(':phone', $encryptedPhone);
$stmtPhone->execute();
if (!$stmtPhone->fetch()) {
$insertPhone = $con->prepare("INSERT INTO phone_verification_passenger (phone_number, verified) VALUES (:phone, 1)");
$insertPhone->bindParam(':phone', $encryptedPhone);
$insertPhone->execute();
} else {
$updatePhone = $con->prepare("UPDATE phone_verification_passenger SET verified = 1 WHERE phone_number = :phone");
$updatePhone->bindParam(':phone', $encryptedPhone);
$updatePhone->execute();
}
}
}
$sql = "SELECT
p.*,
phone_verification_passenger.verified,
@@ -43,25 +100,24 @@ try {
ON phone_verification_passenger.phone_number = p.phone
LEFT JOIN invitesToPassengers
ON invitesToPassengers.inviterPassengerPhone = p.phone
WHERE p.email = :email AND p.password = :password
WHERE p.email = :email
LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $encryptedEmail);
// نفترض أن كلمة المرور تُخزن بنص صريح للفاحصين أو يتم معالجتها مسبقاً (حسب آلية فلاتر القديمة)
$stmt->bindParam(':password', $password);
$stmt->execute();
$data = $stmt->fetch(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if ($count > 0) {
// التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة
$isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1);
if (!$isTestInDb && !$isTester) {
jsonError("Access denied. Not a tester account.");
exit();
}
if ($data) {
// فحص الباسورد
if (password_verify($password, $data['password']) || $password === $data['password']) {
// التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة
$isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1);
if (!$isTestInDb && !$isTester) {
jsonError("Access denied. Not a tester account.");
exit();
}
// فك تشفير البيانات للرد
if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']);
if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']);
@@ -85,6 +141,12 @@ try {
"data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة
], JSON_UNESCAPED_UNICODE);
} else {
echo json_encode([
"status" => "failure",
"message" => "Invalid credentials"
]);
}
} else {
echo json_encode([
"status" => "failure",