Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix OTP verification success response payload and restore deterministic encryptData

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-24 23:11:20 +03:00
parent 7b0283473e
commit 2ee3a14c6d
2 changed files with 48 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
backend/auth/otp/verify.php
View File

@@ -174,7 +174,28 @@ try {
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
// Check registration status
$isRegistered = false;
$driverData = null;
$chkStmt = $con->prepare("SELECT id, first_name, last_name, email, phone FROM driver WHERE phone = ?");
$chkStmt->execute([$encryptionHelper->encryptData($phone_number)]);
$driver = $chkStmt->fetch(PDO::FETCH_ASSOC);
if ($driver) {
$isRegistered = true;
$driver['first_name'] = $encryptionHelper->decryptData($driver['first_name']);
$driver['last_name'] = $encryptionHelper->decryptData($driver['last_name']);
$driver['email'] = $encryptionHelper->decryptData($driver['email']);
$driver['phone'] = $encryptionHelper->decryptData($driver['phone']);
$driverData = $driver;
}
jsonSuccess([
"isRegistered" => $isRegistered,
"driver" => $driverData
], "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
}
@@ -228,7 +249,28 @@ try {
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
// Check registration status
$isRegistered = false;
$passengerData = null;
$chkStmt = $con->prepare("SELECT id, first_name, last_name, email, phone FROM passengers WHERE phone = ?");
$chkStmt->execute([$encryptionHelper->encryptData($phone_number)]);
$passenger = $chkStmt->fetch(PDO::FETCH_ASSOC);
if ($passenger) {
$isRegistered = true;
$passenger['first_name'] = $encryptionHelper->decryptData($passenger['first_name']);
$passenger['last_name'] = $encryptionHelper->decryptData($passenger['last_name']);
$passenger['email'] = $encryptionHelper->decryptData($passenger['email']);
$passenger['phone'] = $encryptionHelper->decryptData($passenger['phone']);
$passengerData = $passenger;
}
jsonSuccess([
"isRegistered" => $isRegistered,
"passenger" => $passengerData
], "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
}

9
backend/core/Security/EncryptionHelper.php
View File

@@ -24,14 +24,13 @@ class EncryptionHelper
$this->cbcIv = $cbcIv ?: getenv('initializationVector') ?: str_repeat('0', 16);
}
// ─── تشفير نص باستخدام AES-256-GCM ──
// ─── تشفير نص باستخدام AES-256-CBC الحتمي ──
public function encryptData(string $plainText): string
{
$plainText = mb_convert_encoding($plainText, 'UTF-8');
$iv = random_bytes(self::IV_LEN_GCM);
$tag = '';
$encrypted = openssl_encrypt($plainText, self::ALGO_GCM, $this->key, OPENSSL_RAW_DATA, $iv, $tag, "", self::TAG_LEN);
return self::PREFIX_GCM . base64_encode($iv . $tag . $encrypted);
$padded = $this->addPadding($plainText);
$encrypted = openssl_encrypt($padded, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv);
return base64_encode($encrypted);
}
// ─── فك تشفير نص (يدعم CBC والـ GCM المستقبلي) ───────────