fix(security): add .gitignore, remove PEM keys and debug endpoints from tracking
This commit is contained in:
Hamza-Ayed
@@ -1,10 +0,0 @@
|
||||
# 🔒 SECURITY: Block all access to debug files
|
||||
# This directory contains sensitive debugging scripts
|
||||
# DO NOT remove this file in production
|
||||
|
||||
<RequireAll>
|
||||
Require all denied
|
||||
</RequireAll>
|
||||
|
||||
# Alternative for older Apache:
|
||||
# Deny from all
|
||||
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
require_once 'connect.php';
|
||||
|
||||
try {
|
||||
$stmt = $con->query("SELECT phone FROM driver LIMIT 10");
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
foreach ($rows as $row) {
|
||||
echo "Raw: " . $row['phone'] . " | Decrypted: " . $encryptionHelper->decryptData($row['phone']) . "\n";
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
echo "An error occurred.";
|
||||
}
|
||||
?>
|
||||
@@ -1,11 +0,0 @@
|
||||
<?php
|
||||
require_once 'connect.php';
|
||||
|
||||
try {
|
||||
$stmt = $con->query("DESCRIBE users");
|
||||
$cols = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
echo json_encode($cols, JSON_PRETTY_PRINT);
|
||||
} catch (Exception $e) {
|
||||
echo "An error occurred.";
|
||||
}
|
||||
?>
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/connect.php';
|
||||
|
||||
$searchPhone = '0992952235';
|
||||
echo "Searching for: $searchPhone\n";
|
||||
|
||||
$variants = [$searchPhone, '963' . substr($searchPhone, 1), '+963' . substr($searchPhone, 1)];
|
||||
|
||||
foreach ($variants as $v) {
|
||||
echo "Checking variant: $v\n";
|
||||
$enc = $encryptionHelper->encryptData($v);
|
||||
|
||||
$stmt = $con->prepare("SELECT id, phone, first_name FROM driver WHERE phone = ? OR phone = ?");
|
||||
$stmt->execute([$v, $enc]);
|
||||
$res = $stmt->fetch();
|
||||
|
||||
if ($res) {
|
||||
echo "FOUND! ID: {$res['id']}, Name: {$res['first_name']}, Phone in DB: {$res['phone']}\n";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
echo "NOT FOUND in driver table.\n";
|
||||
@@ -1,57 +0,0 @@
|
||||
<?php
|
||||
// env_test.php - أداة مخصصة لاختبار جميع متغيرات البيئة
|
||||
require_once __DIR__ . '/core/bootstrap.php'; // لتحميل الـ .env
|
||||
|
||||
header('Content-Type: text/plain; charset=utf-8');
|
||||
|
||||
echo "=== فحص متغيرات البيئة (Environment Variables) ===\n\n";
|
||||
|
||||
$keysToCheck = [
|
||||
'PASSENGER_SOCKET_URL',
|
||||
'LOCATION_SOCKET_URL',
|
||||
'INTERNAL_SOCKET_KEY_PATH',
|
||||
'SECRET_KEY_PAY_PATH',
|
||||
'SECRET_KEY_HMAC',
|
||||
'allowed1',
|
||||
'allowed2',
|
||||
'passwordnewpassenger',
|
||||
'FP_PEPPER'
|
||||
];
|
||||
|
||||
foreach ($keysToCheck as $key) {
|
||||
$val = getenv($key);
|
||||
if ($val !== false && $val !== '') {
|
||||
// إخفاء جزء من القيم الحساسة مثل كلمات المرور
|
||||
if (strpos(strtolower($key), 'password') !== false || strpos(strtolower($key), 'secret') !== false || strpos(strtolower($key), 'hmac') !== false) {
|
||||
$hiddenVal = substr($val, 0, 3) . '***' . substr($val, -3);
|
||||
echo "[OK] $key = $hiddenVal\n";
|
||||
} else {
|
||||
echo "[OK] $key = $val\n";
|
||||
}
|
||||
} else {
|
||||
echo "[ERROR] $key = (مفقود أو فارغ!)\n";
|
||||
}
|
||||
}
|
||||
|
||||
echo "\n\n=== فحص الملفات المباشرة ===\n\n";
|
||||
|
||||
$filesToCheck = [
|
||||
'/home/siro-api/.internal_socket_key',
|
||||
'/home/siro-api/.secret_key_pay'
|
||||
];
|
||||
|
||||
foreach ($filesToCheck as $file) {
|
||||
if (file_exists($file)) {
|
||||
$content = trim(file_get_contents($file));
|
||||
if (!empty($content)) {
|
||||
$hidden = substr($content, 0, 3) . '***' . substr($content, -3);
|
||||
echo "[OK] File ($file) exists and has content: $hidden\n";
|
||||
} else {
|
||||
echo "[WARNING] File ($file) exists but is EMPTY!\n";
|
||||
}
|
||||
} else {
|
||||
echo "[ERROR] File ($file) DOES NOT EXIST!\n";
|
||||
}
|
||||
}
|
||||
|
||||
echo "\n=== انتهى الفحص ===\n";
|
||||
@@ -1,78 +0,0 @@
|
||||
<?php
|
||||
include 'connect.php';
|
||||
|
||||
// نضمن أن الرد دائماً JSON
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
// 1) قراءة الـ body كـ JSON (من Flutter)
|
||||
$raw = file_get_contents('php://input');
|
||||
$data = json_decode($raw, true);
|
||||
|
||||
if (!is_array($data)) {
|
||||
// fallback لو أرسلت form-data أو x-www-form-urlencoded
|
||||
$data = $_POST;
|
||||
}
|
||||
|
||||
// 2) التحقق من رقم هاتف الأدمن المصرّح له
|
||||
|
||||
// قراءة الأرقام المسموح لها من الـ ENV
|
||||
$phonesRaw = getenv('ADMIN_PHONE_NUMBERS') ?: '';
|
||||
$ALLOWED_TOOL_PHONES = array_values(
|
||||
array_filter(
|
||||
array_map(function ($p) {
|
||||
// إزالة أي رموز غير رقمية (مسافات، +، - إلخ)
|
||||
return preg_replace('/\D+/', '', $p);
|
||||
}, explode(',', $phonesRaw))
|
||||
)
|
||||
);
|
||||
|
||||
// رقم الهاتف القادم من Flutter (parameter جديد)
|
||||
$adminPhoneParam = isset($data['admin_phone'])
|
||||
? preg_replace('/\D+/', '', $data['admin_phone'])
|
||||
: '';
|
||||
|
||||
// إذا لم يُرسل رقم أو لم يكن ضمن القائمة → منع الوصول
|
||||
if ($adminPhoneParam === '' || !in_array($adminPhoneParam, $ALLOWED_TOOL_PHONES, true)) {
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Access denied for this admin phone.',
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// 3) التحقق من بقية المدخلات (action + text)
|
||||
$action = $data['action'] ?? '';
|
||||
$text = trim($data['text'] ?? '');
|
||||
|
||||
if ($text === '' || ($action !== 'encrypt' && $action !== 'decrypt')) {
|
||||
http_response_code(400);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Invalid input: need action=encrypt|decrypt and non-empty text.',
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// 4) تنفيذ التشفير / الفك
|
||||
try {
|
||||
// require_once __DIR__ . '/encrypt_decrypt.php';
|
||||
|
||||
if ($action === 'encrypt') {
|
||||
$result = $encryptionHelper->encryptData($text);
|
||||
} else { // decrypt
|
||||
$result = $encryptionHelper->decryptData($text);
|
||||
}
|
||||
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'action' => $action,
|
||||
'result' => (string) $result,
|
||||
]);
|
||||
} catch (Exception $e) {
|
||||
http_response_code(500);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Operation failed.',
|
||||
]);
|
||||
}
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
require_once 'connect.php';
|
||||
|
||||
echo "--- ADMIN TABLE ---\n";
|
||||
try {
|
||||
$stmt = $con->prepare("SELECT id, name, role FROM admin");
|
||||
$stmt->execute();
|
||||
$admins = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
print_r($admins);
|
||||
} catch (Exception $e) {
|
||||
echo "Error: " . $e->getMessage() . "\n";
|
||||
}
|
||||
|
||||
echo "\n--- DATABASES ---\n";
|
||||
try {
|
||||
$stmt = $con->prepare("SHOW DATABASES");
|
||||
$stmt->execute();
|
||||
$dbs = $stmt->fetchAll(PDO::FETCH_COLUMN);
|
||||
print_r($dbs);
|
||||
} catch (Exception $e) {
|
||||
echo "Error: " . $e->getMessage() . "\n";
|
||||
}
|
||||
?>
|
||||
@@ -1,2 +0,0 @@
|
||||
<?php
|
||||
echo ini_get('error_log');
|
||||
@@ -1,13 +0,0 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../core/bootstrap.php';
|
||||
require_once __DIR__ . '/../functions.php';
|
||||
|
||||
$con = Database::get('main');
|
||||
$lat = 32.11171;
|
||||
$lng = 36.06737;
|
||||
$carType = 'Fixed Price';
|
||||
|
||||
echo "Testing findBestDrivers...\n";
|
||||
$drivers = findBestDrivers($con, $lat, $lng, $carType);
|
||||
print_r($drivers);
|
||||
echo "Done.\n";
|
||||
@@ -1,10 +0,0 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../core/bootstrap.php';
|
||||
$redis = getRedis(); // or however it's connected in bootstrap
|
||||
if (!$redis) {
|
||||
echo "No redis\n"; exit;
|
||||
}
|
||||
$redis->geoadd('geo:rides:waiting', 36.0, 32.0, 'test_ride');
|
||||
$res = $redis->georadius('geo:rides:waiting', 36.0, 32.0, 10, 'km', ['WITHDIST' => true]);
|
||||
print_r($res);
|
||||
echo json_encode($res) . "\n";
|
||||
Reference in New Issue
Block a user