From 75aeb73f277d2ae9e669f0921de8cae326cfa86e Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Wed, 17 Jun 2026 06:55:36 +0300
Subject: [PATCH] fix(security): fix openssl_sign key resource in MTN initiate,
 add google-services.json to gitignore

---
 .gitignore                                               | 1 +
 .../v2/main/ride/mtn/driver/initiate_payment.php         | 9 ++++++++-
 .../v2/main/ride/mtn/passenger/initiate_payment.php      | 9 ++++++++-
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4a99d9d..63d7ffe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -88,6 +88,7 @@ __pycache__/
 venv/
 
 # --- Firebase ---
+google-services.json
 .google-services.json
 GoogleService-Info.plist
 
diff --git a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
index 15e0596..a8426c5 100755
--- a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php
@@ -22,7 +22,14 @@ $body = json_encode([
 ], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
 
 $hash = hash('sha256', $body, true);
-openssl_sign($hash, $sig, $privateKeyPem, OPENSSL_ALGO_SHA256);
+$pkey = openssl_get_privatekey($privateKeyPem);
+if (!$pkey) {
+    error_log("[MTN Initiate] Failed to load private key");
+    printFailure("Payment configuration error");
+    exit;
+}
+openssl_sign($hash, $sig, $pkey, OPENSSL_ALGO_SHA256);
+openssl_free_key($pkey);
 $xSignature = base64_encode($sig);
 
 $ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate");
diff --git a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
index 15e0596..a8426c5 100755
--- a/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php
@@ -22,7 +22,14 @@ $body = json_encode([
 ], JSON_UNESCAPED_SLASHES|JSON_UNESCAPED_UNICODE);
 
 $hash = hash('sha256', $body, true);
-openssl_sign($hash, $sig, $privateKeyPem, OPENSSL_ALGO_SHA256);
+$pkey = openssl_get_privatekey($privateKeyPem);
+if (!$pkey) {
+    error_log("[MTN Initiate] Failed to load private key");
+    printFailure("Payment configuration error");
+    exit;
+}
+openssl_sign($hash, $sig, $pkey, OPENSSL_ALGO_SHA256);
+openssl_free_key($pkey);
 $xSignature = base64_encode($sig);
 
 $ch = curl_init("{$baseUrl}/pos_web/payment_phone/initiate");