Update: 2026-06-26 04:24:20

backend/ride/rides/add_ride.php

@@ -133,8 +133,18 @@ if (!coordsMatch($tokenData['start_location'], $start_location) || !coordsMatch(
     exit;
 }
 
-if (!isset($tokenData['prices'][$carType])) {
+// ✅ FIX P6: خريطة أسماء car types بين التطبيق والـ token
-    error_log("[add_ride] Security failed — car type $carType not found in token.");
+// التطبيق يرسل أسماء عرض (Fixed Price, Scooter...) لكن الـ token يخزن أماً داخلية (Speed, Delivery...)
+$displayToTokenCarType = [
+    'Fixed Price' => 'Speed',
+    'Rayeh Gai'  => 'Speed',
+    'Scooter'    => 'Delivery',
+    'Pink Bike'  => 'Delivery',
+];
+$tokenCarType = isset($displayToTokenCarType[$carType]) ? $displayToTokenCarType[$carType] : $carType;
+
+if (!isset($tokenData['prices'][$tokenCarType])) {
+    error_log("[add_ride] Security failed — car type $carType (token key: $tokenCarType) not found in token.");
     printFailure("Invalid car type for this token");
     exit;
 }
@@ -145,8 +155,8 @@ if (!isset($tokenData['prices'][$carType])) {
 // الإحداثيات كافية للتحقق من سلامة الطلب عبر coordsMatch() أعلاه
 
 // Securely override pricing from the cryptographically signed token
-$price = $tokenData['prices'][$carType]['price'];
+$price = $tokenData['prices'][$tokenCarType]['price'];
-$price_for_driver = $tokenData['prices'][$carType]['driver_price'];
+$price_for_driver = $tokenData['prices'][$tokenCarType]['driver_price'];
 $price_for_passenger = $price;
 
 // ── 2. تنسيق التواريخ ─────────────────────────────────────────