Update: 2026-06-27 05:07:43

2026-06-27 05:07:43 +03:00
parent f069f2b24f
commit 7497bdcfae
2 changed files with 50 additions and 43 deletions
--- a/backend/auth/syria/driver/register_driver_and_car.php
+++ b/backend/auth/syria/driver/register_driver_and_car.php
@@ -339,12 +339,30 @@ Therefore, do NOT assume a specific field is on the front or the back of a card.
        $data['email'] = $data['phone'] . '@intaleqapp.com';
    }

-    /* ================== 3) Encrypt sensitive fields ================== */
+    /* ================== 3) Hash password (HMAC + password_hash) ================== */
+    // 🔴 مهم: يجب أن يكون قبل التشفير - يستخدم القيم الخام
+    $pepper = getenv('SECRET_KEY_HMAC');
+    $baseParts = [
+        $data['id'],
+        $data['phone'],
+    ];
+    if (!empty($data['national_number'])) {
+        $baseParts[] = $data['national_number'];
+    } elseif (!empty($data['birthdate'])) {
+        $year = substr($data['birthdate'], 0, 4);
+        if (preg_match('/^\d{4}$/', $year)) {
+            $baseParts[] = $year;
+        }
+    }
+    $baseString = implode('|', $baseParts);
+    $rawSecret  = hash_hmac('sha256', $baseString, $pepper, true);
+    $pwdHashed  = password_hash($rawSecret, PASSWORD_DEFAULT);
+
+    /* ================== 4) Encrypt sensitive fields ================== */
    $toEncryptDriver = [
        "phone","email","first_name","last_name","name_arabic","gender",
        "national_number","address","site","fullNameMaritial","birthdate"
    ];
-      
    foreach ($toEncryptDriver as $f) {
        if (!empty($data[$f])) {
            $data[$f] = $encryptionHelper->encryptData($data[$f]);
@@ -356,37 +374,6 @@ Therefore, do NOT assume a specific field is on the front or the back of a card.
    $car['car_plate'] = $encryptionHelper->encryptData($car['car_plate']);
    $car['owner']     = $encryptionHelper->encryptData($car['owner']);

-    /* ================== 4) Hash password (HMAC + password_hash) ================== */
-
-// نقرأ الـ HMAC key من env
-$pepper = getenv('SECRET_KEY_HMAC');
-
-// نبني baseString من أكثر من بارامتر
-// هنا نستخدم id + phone (بعد ما طبّقنا منطق تنسيق الهاتف)
-$baseParts = [
-    $data['id'],
-    $data['phone'],
-];
-
-// نضيف رقم وطني أو سنة الميلاد إن توفروا (كما في الـ migration)
-if (!empty($data['national_number'])) {
-    $baseParts[] = $data['national_number'];
-} elseif (!empty($data['birthdate'])) {
-    // birthdate حالياً أصبح بصيغة YYYY-01-01
-    $year = substr($data['birthdate'], 0, 4);
-    if (preg_match('/^\d{4}$/', $year)) {
-        $baseParts[] = $year;
-    }
-}
-
-$baseString = implode('|', $baseParts);
-
-// نشتق السر الخام باستخدام HMAC-SHA256 مع SECRET_KEY_HMAC
-$rawSecret = hash_hmac('sha256', $baseString, $pepper, true);
-
-// نخزّن فقط الهاش الناتج من password_hash في قاعدة البيانات
-$pwdHashed = password_hash($rawSecret, PASSWORD_DEFAULT);
-
    /* ================== 5) Start transaction ================== */
    $con->beginTransaction();