Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-25 18:39:01

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-25 18:39:01 +03:00
parent a4d9d8e74c
commit 9b61bd50c8
11 changed files with 108 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/Admin/Staff/add.php
View File

@@ -32,6 +32,7 @@ $fingerprint = filterRequest("fingerprint") ?: '';
$gender = filterRequest("gender") ?? 'Male';
$birthdate = filterRequest("birthdate") ?? date('Y-m-d');
$site = filterRequest("site") ?? 'main';
$country = filterRequest("country") ?? 'Jordan';
if (empty($name) || empty($password) || empty($role)) {
jsonError("Missing required fields (name, password, role).");
@@ -70,8 +71,8 @@ try {
} else {
// الإضافة لجدول المستخدمين (خدمة العملاء)
// أضفنا site و last_name (كقيمة افتراضية فارغة إذا لم تتوفر)
$sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, last_name, site, created_at)
VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, :lname, :site, NOW())";
$sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, last_name, site, country, created_at)
VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, :lname, :site, :country, NOW())";
$stmt = $con->prepare($sql);
$stmt->execute([
':id' => $uniqueId,
@@ -84,7 +85,8 @@ try {
':bdate' => $birthdate,
':fname' => $encName,
':lname' => '', // last_name is empty for now
':site' => $site
':site' => $site,
':country' => $country
]);
}

63
backend/Admin/Staff/add_super_admin.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
/**
* Admin/Staff/add_super_admin.php
* إضافة مشرف عام (Super Admin) — استخدام لمرة واحدة
*/
require_once __DIR__ . '/../../core/bootstrap.php';
// $adminKey = filterRequest('admin_key') ?? '';
// $expected = getenv('MIGRATION_ADMIN_KEY');
// if (empty($adminKey) || empty($expected) || !hash_equals($expected, $adminKey)) {
// http_response_code(403);
// exit(json_encode(['error' => 'Access denied. Admin key required.']));
// }
$con = Database::get('main');
$name = filterRequest('name') ?: 'Super Admin';
$email = filterRequest('email') ?: '';
$phone = filterRequest('phone') ?: '';
$fingerprint = filterRequest('fingerprint') ?: '';
$password = filterRequest('password') ?: bin2hex(random_bytes(8));
try {
$hashedPass = password_hash($password, PASSWORD_DEFAULT);
$encName = $encryptionHelper->encryptData($name);
$encPhone = $phone ? $encryptionHelper->encryptData($phone) : '';
$encEmail = $email ? $encryptionHelper->encryptData($email) : '';
$encFp = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : '';
$fpHash = $fingerprint ? hash('sha256', $fingerprint) : '';
$uniqueId = bin2hex(random_bytes(16));
$check = $con->prepare("SELECT id FROM adminUser WHERE role = 'super_admin' LIMIT 1");
$check->execute();
if ($check->fetch()) {
echo "<h2>⚠️ Super Admin already exists.</h2>";
exit;
}
$sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, email, password, role, created_at)
VALUES (:id, :fp, :fp_hash, :name, :phone, :email, :pass, 'super_admin', NOW())";
$stmt = $con->prepare($sql);
$stmt->execute([
':id' => $uniqueId,
':fp' => $encFp,
':fp_hash' => $fpHash,
':name' => $encName,
':phone' => $encPhone,
':email' => $encEmail,
':pass' => $hashedPass,
]);
if ($stmt->rowCount() > 0) {
echo "<h2>✅ Super Admin created successfully!</h2>";
echo "<p><b>ID:</b> $uniqueId</p>";
echo "<p><b>Name:</b> $name</p>";
echo "<p><b>Password:</b> $password</p>";
echo "<p style='color:red;'><b>⚠️ Save this password. Delete this file after use.</b></p>";
} else {
echo "<h2>❌ Failed to create Super Admin.</h2>";
}
} catch (Exception $e) {
echo "<h2>❌ Error: " . htmlspecialchars($e->getMessage()) . "</h2>";
}