Update: 2026-06-29 15:29:28
This commit is contained in:
Hamza-Ayed
@@ -23,15 +23,94 @@ if (!$email || !$password) {
|
|||||||
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
|
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
|
||||||
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
|
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
|
||||||
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
|
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
|
||||||
|
if (empty($allowedEmails)) {
|
||||||
|
$allowedEmails = [
|
||||||
|
'driver_tester@siromove.com',
|
||||||
|
'passenger_tester@siromove.com',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
$cleanEmail = strtolower(trim($email));
|
$cleanEmail = strtolower(trim($email));
|
||||||
$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com';
|
$isTester = in_array($cleanEmail, $allowedEmails) ||
|
||||||
|
substr($cleanEmail, -13) === '@siromove.com' ||
|
||||||
|
str_contains($cleanEmail, 'tester') ||
|
||||||
|
str_contains($cleanEmail, 'reviewer');
|
||||||
|
|
||||||
// تشفير الإيميل لاستخدامه في الاستعلام
|
// تشفير الإيميل لاستخدامه في الاستعلام
|
||||||
$encryptedEmail = $encryptionHelper->encryptData($email);
|
$encryptedEmail = $encryptionHelper->encryptData($email);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$con = Database::get('main');
|
$con = Database::get('main');
|
||||||
|
|
||||||
|
// Auto-seed/create tester driver if it doesn't exist
|
||||||
|
if ($cleanEmail === 'driver_tester@siromove.com') {
|
||||||
|
$stmtCheck = $con->prepare("SELECT id FROM driver WHERE email = :email LIMIT 1");
|
||||||
|
$stmtCheck->bindParam(':email', $encryptedEmail);
|
||||||
|
$stmtCheck->execute();
|
||||||
|
if (!$stmtCheck->fetch()) {
|
||||||
|
$driverId = 'tester_driver_id_2026';
|
||||||
|
$phone = '+962790000002';
|
||||||
|
$hashedPassword = password_hash('SiroDriver2026!', PASSWORD_DEFAULT);
|
||||||
|
|
||||||
|
$encryptedPhone = $encryptionHelper->encryptData($phone);
|
||||||
|
$encryptedFirstName = $encryptionHelper->encryptData('Driver');
|
||||||
|
$encryptedLastName = $encryptionHelper->encryptData('Tester');
|
||||||
|
$encryptedGender = $encryptionHelper->encryptData('Male');
|
||||||
|
$encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01');
|
||||||
|
$encryptedSite = $encryptionHelper->encryptData('Jordan');
|
||||||
|
|
||||||
|
// Insert driver
|
||||||
|
$insert = $con->prepare("INSERT INTO driver (id, phone, email, password, gender, birthdate, site, first_name, last_name)
|
||||||
|
VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)");
|
||||||
|
$insert->execute([
|
||||||
|
':id' => $driverId,
|
||||||
|
':phone' => $encryptedPhone,
|
||||||
|
':email' => $encryptedEmail,
|
||||||
|
':password' => $hashedPassword,
|
||||||
|
':gender' => $encryptedGender,
|
||||||
|
':birthdate' => $encryptedBirthdate,
|
||||||
|
':site' => $encryptedSite,
|
||||||
|
':first_name' => $encryptedFirstName,
|
||||||
|
':last_name' => $encryptedLastName
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Ensure phone_verification row exists
|
||||||
|
$stmtPhone = $con->prepare("SELECT * FROM phone_verification WHERE phone_number = :phone LIMIT 1");
|
||||||
|
$stmtPhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$stmtPhone->execute();
|
||||||
|
if (!$stmtPhone->fetch()) {
|
||||||
|
$insertPhone = $con->prepare("INSERT INTO phone_verification (phone_number, is_verified) VALUES (:phone, 1)");
|
||||||
|
$insertPhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$insertPhone->execute();
|
||||||
|
} else {
|
||||||
|
$updatePhone = $con->prepare("UPDATE phone_verification SET is_verified = 1 WHERE phone_number = :phone");
|
||||||
|
$updatePhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$updatePhone->execute();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Ensure CarRegistration row exists
|
||||||
|
$stmtCar = $con->prepare("SELECT * FROM CarRegistration WHERE driverID = :driverID LIMIT 1");
|
||||||
|
$stmtCar->bindParam(':driverID', $driverId);
|
||||||
|
$stmtCar->execute();
|
||||||
|
if (!$stmtCar->fetch()) {
|
||||||
|
$insertCar = $con->prepare("INSERT INTO CarRegistration (driverID, vin, car_plate, make, model, year, expiration_date, color, owner, color_hex, fuel)
|
||||||
|
VALUES (:driverID, :vin, :car_plate, 'Toyota', 'Prius', 2020, '2030-01-01', 'White', :owner, '#FFFFFF', 'Petrol')");
|
||||||
|
$encryptedVin = $encryptionHelper->encryptData('TESTVIN1234567890');
|
||||||
|
$encryptedPlate = $encryptionHelper->encryptData('155186');
|
||||||
|
$encryptedOwner = $encryptionHelper->encryptData('Driver Tester');
|
||||||
|
$insertCar->execute([
|
||||||
|
':driverID' => $driverId,
|
||||||
|
':vin' => $encryptedVin,
|
||||||
|
':car_plate' => $encryptedPlate,
|
||||||
|
':owner' => $encryptedOwner
|
||||||
|
]);
|
||||||
|
} else {
|
||||||
|
$updateCar = $con->prepare("UPDATE CarRegistration SET make = 'Toyota', model = 'Prius', year = 2020 WHERE driverID = :driverID");
|
||||||
|
$updateCar->bindParam(':driverID', $driverId);
|
||||||
|
$updateCar->execute();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SQL لاسترجاع المستخدم بناءً على البريد الإلكتروني المشفر
|
// SQL لاسترجاع المستخدم بناءً على البريد الإلكتروني المشفر
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
|
|||||||
@@ -21,10 +21,19 @@ if (!$email || !$password) {
|
|||||||
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
|
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
|
||||||
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
|
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
|
||||||
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
|
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
|
||||||
|
if (empty($allowedEmails)) {
|
||||||
|
$allowedEmails = [
|
||||||
|
'driver_tester@siromove.com',
|
||||||
|
'passenger_tester@siromove.com',
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
$cleanEmail = strtolower(trim($email));
|
$cleanEmail = strtolower(trim($email));
|
||||||
$isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com';
|
$isTester = in_array($cleanEmail, $allowedEmails) ||
|
||||||
|
substr($cleanEmail, -13) === '@siromove.com' ||
|
||||||
|
str_contains($cleanEmail, 'tester') ||
|
||||||
|
str_contains($cleanEmail, 'reviewer');
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$con = Database::get('main');
|
$con = Database::get('main');
|
||||||
@@ -32,6 +41,54 @@ try {
|
|||||||
// تشفير الإيميل للبحث في قاعدة البيانات
|
// تشفير الإيميل للبحث في قاعدة البيانات
|
||||||
$encryptedEmail = $encryptionHelper->encryptData($email);
|
$encryptedEmail = $encryptionHelper->encryptData($email);
|
||||||
|
|
||||||
|
// Auto-seed/create tester passenger if it doesn't exist
|
||||||
|
if ($cleanEmail === 'passenger_tester@siromove.com') {
|
||||||
|
$stmtCheck = $con->prepare("SELECT id FROM passengers WHERE email = :email LIMIT 1");
|
||||||
|
$stmtCheck->bindParam(':email', $encryptedEmail);
|
||||||
|
$stmtCheck->execute();
|
||||||
|
if (!$stmtCheck->fetch()) {
|
||||||
|
$passengerId = 'tester_passenger_id_2026';
|
||||||
|
$phone = '+962790000003';
|
||||||
|
$hashedPassword = password_hash('SiroPassenger2026!', PASSWORD_DEFAULT);
|
||||||
|
|
||||||
|
$encryptedPhone = $encryptionHelper->encryptData($phone);
|
||||||
|
$encryptedFirstName = $encryptionHelper->encryptData('Passenger');
|
||||||
|
$encryptedLastName = $encryptionHelper->encryptData('Tester');
|
||||||
|
$encryptedGender = $encryptionHelper->encryptData('Male');
|
||||||
|
$encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01');
|
||||||
|
$encryptedSite = $encryptionHelper->encryptData('Jordan');
|
||||||
|
|
||||||
|
// Insert passenger
|
||||||
|
$insert = $con->prepare("INSERT INTO passengers (id, phone, email, password, gender, birthdate, site, first_name, last_name)
|
||||||
|
VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)");
|
||||||
|
$insert->execute([
|
||||||
|
':id' => $passengerId,
|
||||||
|
':phone' => $encryptedPhone,
|
||||||
|
':email' => $encryptedEmail,
|
||||||
|
':password' => $hashedPassword,
|
||||||
|
':gender' => $encryptedGender,
|
||||||
|
':birthdate' => $encryptedBirthdate,
|
||||||
|
':site' => $encryptedSite,
|
||||||
|
':first_name' => $encryptedFirstName,
|
||||||
|
':last_name' => $encryptedLastName
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Ensure phone_verification_passenger row exists
|
||||||
|
$stmtPhone = $con->prepare("SELECT * FROM phone_verification_passenger WHERE phone_number = :phone LIMIT 1");
|
||||||
|
$stmtPhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$stmtPhone->execute();
|
||||||
|
if (!$stmtPhone->fetch()) {
|
||||||
|
$insertPhone = $con->prepare("INSERT INTO phone_verification_passenger (phone_number, verified) VALUES (:phone, 1)");
|
||||||
|
$insertPhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$insertPhone->execute();
|
||||||
|
} else {
|
||||||
|
$updatePhone = $con->prepare("UPDATE phone_verification_passenger SET verified = 1 WHERE phone_number = :phone");
|
||||||
|
$updatePhone->bindParam(':phone', $encryptedPhone);
|
||||||
|
$updatePhone->execute();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$sql = "SELECT
|
$sql = "SELECT
|
||||||
p.*,
|
p.*,
|
||||||
phone_verification_passenger.verified,
|
phone_verification_passenger.verified,
|
||||||
@@ -43,25 +100,24 @@ try {
|
|||||||
ON phone_verification_passenger.phone_number = p.phone
|
ON phone_verification_passenger.phone_number = p.phone
|
||||||
LEFT JOIN invitesToPassengers
|
LEFT JOIN invitesToPassengers
|
||||||
ON invitesToPassengers.inviterPassengerPhone = p.phone
|
ON invitesToPassengers.inviterPassengerPhone = p.phone
|
||||||
WHERE p.email = :email AND p.password = :password
|
WHERE p.email = :email
|
||||||
LIMIT 1";
|
LIMIT 1";
|
||||||
|
|
||||||
$stmt = $con->prepare($sql);
|
$stmt = $con->prepare($sql);
|
||||||
$stmt->bindParam(':email', $encryptedEmail);
|
$stmt->bindParam(':email', $encryptedEmail);
|
||||||
// نفترض أن كلمة المرور تُخزن بنص صريح للفاحصين أو يتم معالجتها مسبقاً (حسب آلية فلاتر القديمة)
|
|
||||||
$stmt->bindParam(':password', $password);
|
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
|
|
||||||
$data = $stmt->fetch(PDO::FETCH_ASSOC);
|
$data = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||||
$count = $stmt->rowCount();
|
|
||||||
|
|
||||||
if ($count > 0) {
|
if ($data) {
|
||||||
// التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة
|
// فحص الباسورد
|
||||||
$isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1);
|
if (password_verify($password, $data['password']) || $password === $data['password']) {
|
||||||
if (!$isTestInDb && !$isTester) {
|
// التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة
|
||||||
jsonError("Access denied. Not a tester account.");
|
$isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1);
|
||||||
exit();
|
if (!$isTestInDb && !$isTester) {
|
||||||
}
|
jsonError("Access denied. Not a tester account.");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
// فك تشفير البيانات للرد
|
// فك تشفير البيانات للرد
|
||||||
if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']);
|
if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']);
|
||||||
if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']);
|
if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']);
|
||||||
@@ -85,6 +141,12 @@ try {
|
|||||||
"data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة
|
"data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة
|
||||||
], JSON_UNESCAPED_UNICODE);
|
], JSON_UNESCAPED_UNICODE);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
echo json_encode([
|
||||||
|
"status" => "failure",
|
||||||
|
"message" => "Invalid credentials"
|
||||||
|
]);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
echo json_encode([
|
echo json_encode([
|
||||||
"status" => "failure",
|
"status" => "failure",
|
||||||
|
|||||||
Reference in New Issue
Block a user