From 2ee3a14c6d1fcad4a8bccabb5154d2320e5505cf Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Wed, 24 Jun 2026 23:11:20 +0300 Subject: [PATCH] Fix OTP verification success response payload and restore deterministic encryptData --- backend/auth/otp/verify.php | 46 +++++++++++++++++++++- backend/core/Security/EncryptionHelper.php | 9 ++--- 2 files changed, 48 insertions(+), 7 deletions(-) diff --git a/backend/auth/otp/verify.php b/backend/auth/otp/verify.php index ce20afb..22b0649 100644 --- a/backend/auth/otp/verify.php +++ b/backend/auth/otp/verify.php @@ -174,7 +174,28 @@ try { $stmtUpd = $con->prepare($sqlUpdate); $stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT); $stmtUpd->execute(); - jsonSuccess(null, "Your phone number has been verified."); + + // Check registration status + $isRegistered = false; + $driverData = null; + + $chkStmt = $con->prepare("SELECT id, first_name, last_name, email, phone FROM driver WHERE phone = ?"); + $chkStmt->execute([$encryptionHelper->encryptData($phone_number)]); + $driver = $chkStmt->fetch(PDO::FETCH_ASSOC); + + if ($driver) { + $isRegistered = true; + $driver['first_name'] = $encryptionHelper->decryptData($driver['first_name']); + $driver['last_name'] = $encryptionHelper->decryptData($driver['last_name']); + $driver['email'] = $encryptionHelper->decryptData($driver['email']); + $driver['phone'] = $encryptionHelper->decryptData($driver['phone']); + $driverData = $driver; + } + + jsonSuccess([ + "isRegistered" => $isRegistered, + "driver" => $driverData + ], "Your phone number has been verified."); } else { jsonError("Your phone number could not be verified or the code is expired. Please try again."); } @@ -228,7 +249,28 @@ try { $stmtUpd = $con->prepare($sqlUpdate); $stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT); $stmtUpd->execute(); - jsonSuccess(null, "Your phone number has been verified."); + + // Check registration status + $isRegistered = false; + $passengerData = null; + + $chkStmt = $con->prepare("SELECT id, first_name, last_name, email, phone FROM passengers WHERE phone = ?"); + $chkStmt->execute([$encryptionHelper->encryptData($phone_number)]); + $passenger = $chkStmt->fetch(PDO::FETCH_ASSOC); + + if ($passenger) { + $isRegistered = true; + $passenger['first_name'] = $encryptionHelper->decryptData($passenger['first_name']); + $passenger['last_name'] = $encryptionHelper->decryptData($passenger['last_name']); + $passenger['email'] = $encryptionHelper->decryptData($passenger['email']); + $passenger['phone'] = $encryptionHelper->decryptData($passenger['phone']); + $passengerData = $passenger; + } + + jsonSuccess([ + "isRegistered" => $isRegistered, + "passenger" => $passengerData + ], "Your phone number has been verified."); } else { jsonError("Your phone number could not be verified or the code is expired. Please try again."); } diff --git a/backend/core/Security/EncryptionHelper.php b/backend/core/Security/EncryptionHelper.php index 2ff5e8e..86e73e3 100644 --- a/backend/core/Security/EncryptionHelper.php +++ b/backend/core/Security/EncryptionHelper.php @@ -24,14 +24,13 @@ class EncryptionHelper $this->cbcIv = $cbcIv ?: getenv('initializationVector') ?: str_repeat('0', 16); } - // ─── تشفير نص باستخدام AES-256-GCM ── + // ─── تشفير نص باستخدام AES-256-CBC الحتمي ── public function encryptData(string $plainText): string { $plainText = mb_convert_encoding($plainText, 'UTF-8'); - $iv = random_bytes(self::IV_LEN_GCM); - $tag = ''; - $encrypted = openssl_encrypt($plainText, self::ALGO_GCM, $this->key, OPENSSL_RAW_DATA, $iv, $tag, "", self::TAG_LEN); - return self::PREFIX_GCM . base64_encode($iv . $tag . $encrypted); + $padded = $this->addPadding($plainText); + $encrypted = openssl_encrypt($padded, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv); + return base64_encode($encrypted); } // ─── فك تشفير نص (يدعم CBC والـ GCM المستقبلي) ───────────