Update: 2026-06-25 18:39:01

backend/Admin/Staff/add.php

@@ -32,6 +32,7 @@ $fingerprint = filterRequest("fingerprint") ?: '';
 $gender      = filterRequest("gender") ?? 'Male';
 $birthdate   = filterRequest("birthdate") ?? date('Y-m-d');
 $site        = filterRequest("site") ?? 'main';
+$country     = filterRequest("country") ?? 'Jordan';
 
 if (empty($name) || empty($password) || empty($role)) {
     jsonError("Missing required fields (name, password, role).");
@@ -70,8 +71,8 @@ try {
     } else {
         // الإضافة لجدول المستخدمين (خدمة العملاء)
         // أضفنا site و last_name (كقيمة افتراضية فارغة إذا لم تتوفر)
-        $sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, last_name, site, created_at) 
-                VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, :lname, :site, NOW())";
+        $sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, last_name, site, country, created_at) 
+                VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, :lname, :site, :country, NOW())";
         $stmt = $con->prepare($sql);
         $stmt->execute([
             ':id'      => $uniqueId,
@@ -84,7 +85,8 @@ try {
             ':bdate'   => $birthdate,
             ':fname'   => $encName,
             ':lname'   => '', // last_name is empty for now
-            ':site'    => $site
+            ':site'    => $site,
+            ':country' => $country
         ]);
     }
 

backend/Admin/Staff/add_super_admin.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Admin/Staff/add_super_admin.php
+ * إضافة مشرف عام (Super Admin) — استخدام لمرة واحدة
+ */
+require_once __DIR__ . '/../../core/bootstrap.php';
+
+// $adminKey = filterRequest('admin_key') ?? '';
+// $expected = getenv('MIGRATION_ADMIN_KEY');
+// if (empty($adminKey) || empty($expected) || !hash_equals($expected, $adminKey)) {
+//     http_response_code(403);
+//     exit(json_encode(['error' => 'Access denied. Admin key required.']));
+// }
+
+$con = Database::get('main');
+
+$name        = filterRequest('name')        ?: 'Super Admin';
+$email       = filterRequest('email')       ?: '';
+$phone       = filterRequest('phone')       ?: '';
+$fingerprint = filterRequest('fingerprint') ?: '';
+$password    = filterRequest('password')    ?: bin2hex(random_bytes(8));
+
+try {
+    $hashedPass = password_hash($password, PASSWORD_DEFAULT);
+    $encName    = $encryptionHelper->encryptData($name);
+    $encPhone   = $phone ? $encryptionHelper->encryptData($phone) : '';
+    $encEmail   = $email ? $encryptionHelper->encryptData($email) : '';
+    $encFp      = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : '';
+    $fpHash     = $fingerprint ? hash('sha256', $fingerprint) : '';
+    $uniqueId   = bin2hex(random_bytes(16));
+
+    $check = $con->prepare("SELECT id FROM adminUser WHERE role = 'super_admin' LIMIT 1");
+    $check->execute();
+    if ($check->fetch()) {
+        echo "<h2>⚠️ Super Admin already exists.</h2>";
+        exit;
+    }
+
+    $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, email, password, role, created_at) 
+            VALUES (:id, :fp, :fp_hash, :name, :phone, :email, :pass, 'super_admin', NOW())";
+    $stmt = $con->prepare($sql);
+    $stmt->execute([
+        ':id'       => $uniqueId,
+        ':fp'       => $encFp,
+        ':fp_hash'  => $fpHash,
+        ':name'     => $encName,
+        ':phone'    => $encPhone,
+        ':email'    => $encEmail,
+        ':pass'     => $hashedPass,
+    ]);
+
+    if ($stmt->rowCount() > 0) {
+        echo "<h2>✅ Super Admin created successfully!</h2>";
+        echo "<p><b>ID:</b> $uniqueId</p>";
+        echo "<p><b>Name:</b> $name</p>";
+        echo "<p><b>Password:</b> $password</p>";
+        echo "<p style='color:red;'><b>⚠️ Save this password. Delete this file after use.</b></p>";
+    } else {
+        echo "<h2>❌ Failed to create Super Admin.</h2>";
+    }
+} catch (Exception $e) {
+    echo "<h2>❌ Error: " . htmlspecialchars($e->getMessage()) . "</h2>";
+}

backend/serviceapp/getDriverDetailsForActivate.php

@@ -5,7 +5,7 @@ $driverId = filterRequest("driverId");
 
 $sql = "SELECT d.*, cr.* 
         FROM `driver` d 
-        JOIN `CarRegistration` cr ON cr.driverID = d.id 
+        LEFT JOIN `CarRegistration` cr ON cr.driverID = d.id 
         WHERE d.id = :driverId ";
 
 $stmt = $con->prepare($sql);

backend/serviceapp/getDriverNotCompleteRegistration.php

@@ -7,14 +7,14 @@ $sql = "SELECT
     notesForDriverService.note
 FROM 
     phone_verification
-INNER JOIN -- نستخدم INNER JOIN لضمان جلب من لديهم ملاحظات فقط
+INNER JOIN
     `notesForDriverService` 
 ON 
     `notesForDriverService`.`phone` = `phone_verification`.`phone_number`
 WHERE 
     `notesForDriverService`.`note` != 'delete'
 ORDER BY 
-    `phone_verification`.`created_at` DESC -- الترتيب حسب تاريخ التحقق لأنه العمود الموجود
+    `phone_verification`.`created_at` DESC
 LIMIT 400;
 ";
 
@@ -24,7 +24,6 @@ $stmt->execute();
 if ($stmt->rowCount() > 0) {
     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
-    // فك تشفير أرقام الهواتف فقط للإخراج
    foreach ($rows as &$row) {
         if (!empty($row['phone'])) {
             $row['phone'] = $encryptionHelper->decryptData($row['phone']);
@@ -42,4 +41,3 @@ if ($stmt->rowCount() > 0) {
 } else {
     jsonError("No Phone verified yet found");
 }
-?>

backend/serviceapp/login.php

@@ -105,10 +105,6 @@ try {
                 $expires_in = $ttl;
             }
 
-            // توليد مفتاح HMAC فريد للمستخدم (للتوافق مع CRUD الجديد)
-            $hmacKey = hash_hmac('sha256', (string)$user['id'], getenv('SECRET_KEY_HMAC'));
-
-                // ✅ FIX H-05: لا نعيد مفتاح HMAC أبداً (يُحسب على العميل بنفس المعادلة)
             printSuccess([
                 "message" => "Login successful",
                 "data" => $user,