diff --git a/backend/auth/otp/request.php b/backend/auth/otp/request.php index f136db2..17da587 100644 --- a/backend/auth/otp/request.php +++ b/backend/auth/otp/request.php @@ -123,8 +123,6 @@ if ($sentSuccessfully) { $encryptedOtp = $encryptionHelper->encryptData($otp); $encryptedEmail = !empty($email) ? $encryptionHelper->encryptData($email) : ''; - $expirationTime = date('Y-m-d H:i:s', strtotime('+5 minutes')); - try { if ($user_type === 'admin') { $stmt = $con->prepare("INSERT INTO token_verification_admin (phone_number, token, expiration_time) @@ -138,12 +136,11 @@ if ($sentSuccessfully) { $stmtIns = $con->prepare(" INSERT INTO `phone_verification_service` (`phone_number`, `token_code`, `expiration_time`, `is_verified`, `created_at`) - VALUES (?, ?, ?, 0, NOW()) + VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW()) "); $stmtIns->execute([ $encryptedPhone, - $encryptedOtp, - $expirationTime + $encryptedOtp ]); } elseif ($user_type === 'driver') { if ($context === 'token_change') { @@ -155,12 +152,11 @@ if ($sentSuccessfully) { $stmtIns = $con->prepare(" INSERT INTO `token_verification_driver` (`phone_number`, `token`, `expiration_time`, `verified`, `created_at`) - VALUES (?, ?, ?, 0, NOW()) + VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW()) "); $stmtIns->execute([ $encryptedPhone, - $encryptedOtp, - $expirationTime + $encryptedOtp ]); } else { // Delete old verification attempts @@ -171,14 +167,13 @@ if ($sentSuccessfully) { $stmtIns = $con->prepare(" INSERT INTO `phone_verification` (`phone_number`, `driverId`, `email`, `token_code`, `expiration_time`, `is_verified`, `created_at`) - VALUES (?, ?, ?, ?, ?, 0, NOW()) + VALUES (?, ?, ?, ?, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW()) "); $stmtIns->execute([ $encryptedPhone, $driverId ?: '', $encryptedEmail, - $encryptedOtp, - $expirationTime + $encryptedOtp ]); } } else { @@ -191,12 +186,11 @@ if ($sentSuccessfully) { $stmtIns = $con->prepare(" INSERT INTO `token_verification` (`phone_number`, `token`, `expiration_time`, `verified`, `created_at`) - VALUES (?, ?, ?, 0, NOW()) + VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW()) "); $stmtIns->execute([ $encryptedPhone, - $encryptedOtp, - $expirationTime + $encryptedOtp ]); } else { // Delete old verification attempts @@ -207,12 +201,11 @@ if ($sentSuccessfully) { $stmtIns = $con->prepare(" INSERT INTO `phone_verification_passenger` (`phone_number`, `token`, `expiration_time`, `verified`, `created_at`) - VALUES (?, ?, ?, 0, NOW()) + VALUES (?, ?, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW()) "); $stmtIns->execute([ $encryptedPhone, - $encryptedOtp, - $expirationTime + $encryptedOtp ]); } } diff --git a/backend/core/Security/EncryptionHelper.php b/backend/core/Security/EncryptionHelper.php index 9fae9ba..2ff5e8e 100644 --- a/backend/core/Security/EncryptionHelper.php +++ b/backend/core/Security/EncryptionHelper.php @@ -34,15 +34,6 @@ class EncryptionHelper return self::PREFIX_GCM . base64_encode($iv . $tag . $encrypted); } - // ─── تشفير نص باستخدام AES-256-CBC الحتمي ── - public function encryptDataDeterministic(string $plainText): string - { - $plainText = mb_convert_encoding($plainText, 'UTF-8'); - $padded = $this->addPadding($plainText); - $encrypted = openssl_encrypt($padded, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv); - return base64_encode($encrypted); - } - // ─── فك تشفير نص (يدعم CBC والـ GCM المستقبلي) ─────────── public function decryptData(string $cipherText): string|false {