Update: 2026-06-25 18:39:01

backend/Admin/Staff/add_super_admin.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Admin/Staff/add_super_admin.php
+ * إضافة مشرف عام (Super Admin) — استخدام لمرة واحدة
+ */
+require_once __DIR__ . '/../../core/bootstrap.php';
+
+// $adminKey = filterRequest('admin_key') ?? '';
+// $expected = getenv('MIGRATION_ADMIN_KEY');
+// if (empty($adminKey) || empty($expected) || !hash_equals($expected, $adminKey)) {
+//     http_response_code(403);
+//     exit(json_encode(['error' => 'Access denied. Admin key required.']));
+// }
+
+$con = Database::get('main');
+
+$name        = filterRequest('name')        ?: 'Super Admin';
+$email       = filterRequest('email')       ?: '';
+$phone       = filterRequest('phone')       ?: '';
+$fingerprint = filterRequest('fingerprint') ?: '';
+$password    = filterRequest('password')    ?: bin2hex(random_bytes(8));
+
+try {
+    $hashedPass = password_hash($password, PASSWORD_DEFAULT);
+    $encName    = $encryptionHelper->encryptData($name);
+    $encPhone   = $phone ? $encryptionHelper->encryptData($phone) : '';
+    $encEmail   = $email ? $encryptionHelper->encryptData($email) : '';
+    $encFp      = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : '';
+    $fpHash     = $fingerprint ? hash('sha256', $fingerprint) : '';
+    $uniqueId   = bin2hex(random_bytes(16));
+
+    $check = $con->prepare("SELECT id FROM adminUser WHERE role = 'super_admin' LIMIT 1");
+    $check->execute();
+    if ($check->fetch()) {
+        echo "<h2>⚠️ Super Admin already exists.</h2>";
+        exit;
+    }
+
+    $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, email, password, role, created_at) 
+            VALUES (:id, :fp, :fp_hash, :name, :phone, :email, :pass, 'super_admin', NOW())";
+    $stmt = $con->prepare($sql);
+    $stmt->execute([
+        ':id'       => $uniqueId,
+        ':fp'       => $encFp,
+        ':fp_hash'  => $fpHash,
+        ':name'     => $encName,
+        ':phone'    => $encPhone,
+        ':email'    => $encEmail,
+        ':pass'     => $hashedPass,
+    ]);
+
+    if ($stmt->rowCount() > 0) {
+        echo "<h2>✅ Super Admin created successfully!</h2>";
+        echo "<p><b>ID:</b> $uniqueId</p>";
+        echo "<p><b>Name:</b> $name</p>";
+        echo "<p><b>Password:</b> $password</p>";
+        echo "<p style='color:red;'><b>⚠️ Save this password. Delete this file after use.</b></p>";
+    } else {
+        echo "<h2>❌ Failed to create Super Admin.</h2>";
+    }
+} catch (Exception $e) {
+    echo "<h2>❌ Error: " . htmlspecialchars($e->getMessage()) . "</h2>";
+}