Update: 2026-06-26 17:29:23
This commit is contained in:
Hamza-Ayed
@@ -1,63 +0,0 @@
|
||||
<?php
|
||||
/**
|
||||
* Admin/Staff/add_super_admin.php
|
||||
* إضافة مشرف عام (Super Admin) — استخدام لمرة واحدة
|
||||
*/
|
||||
require_once __DIR__ . '/../../core/bootstrap.php';
|
||||
|
||||
// $adminKey = filterRequest('admin_key') ?? '';
|
||||
// $expected = getenv('MIGRATION_ADMIN_KEY');
|
||||
// if (empty($adminKey) || empty($expected) || !hash_equals($expected, $adminKey)) {
|
||||
// http_response_code(403);
|
||||
// exit(json_encode(['error' => 'Access denied. Admin key required.']));
|
||||
// }
|
||||
|
||||
$con = Database::get('main');
|
||||
|
||||
$name = $_GET['name'] ?? filterRequest('name') ?: 'Super Admin';
|
||||
$email = $_GET['email'] ?? filterRequest('email') ?: '';
|
||||
$phone = $_GET['phone'] ?? filterRequest('phone') ?: '';
|
||||
$fingerprint = $_GET['fingerprint'] ?? filterRequest('fingerprint') ?: '';
|
||||
$password = $_GET['password'] ?? filterRequest('password') ?: bin2hex(random_bytes(8));
|
||||
|
||||
try {
|
||||
$hashedPass = password_hash($password, PASSWORD_DEFAULT);
|
||||
$encName = $encryptionHelper->encryptData($name);
|
||||
$encPhone = $phone ? $encryptionHelper->encryptData($phone) : '';
|
||||
$encEmail = $email ? $encryptionHelper->encryptData($email) : '';
|
||||
$encFp = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : '';
|
||||
$fpHash = $fingerprint ? hash('sha256', $fingerprint) : '';
|
||||
$uniqueId = bin2hex(random_bytes(16));
|
||||
|
||||
$check = $con->prepare("SELECT id FROM adminUser WHERE role = 'super_admin' LIMIT 1");
|
||||
$check->execute();
|
||||
if ($check->fetch()) {
|
||||
echo "<h2>⚠️ Super Admin already exists.</h2>";
|
||||
exit;
|
||||
}
|
||||
|
||||
$sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, email, password, role, created_at)
|
||||
VALUES (:id, :fp, :fp_hash, :name, :phone, :email, :pass, 'super_admin', NOW())";
|
||||
$stmt = $con->prepare($sql);
|
||||
$stmt->execute([
|
||||
':id' => $uniqueId,
|
||||
':fp' => $encFp,
|
||||
':fp_hash' => $fpHash,
|
||||
':name' => $encName,
|
||||
':phone' => $encPhone,
|
||||
':email' => $encEmail,
|
||||
':pass' => $hashedPass,
|
||||
]);
|
||||
|
||||
if ($stmt->rowCount() > 0) {
|
||||
echo "<h2>✅ Super Admin created successfully!</h2>";
|
||||
echo "<p><b>ID:</b> $uniqueId</p>";
|
||||
echo "<p><b>Name:</b> $name</p>";
|
||||
echo "<p><b>Password:</b> $password</p>";
|
||||
echo "<p style='color:red;'><b>⚠️ Save this password. Delete this file after use.</b></p>";
|
||||
} else {
|
||||
echo "<h2>❌ Failed to create Super Admin.</h2>";
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
echo "<h2>❌ Error: " . htmlspecialchars($e->getMessage()) . "</h2>";
|
||||
}
|
||||
@@ -7,7 +7,6 @@ error_reporting(E_ALL);
|
||||
|
||||
require_once __DIR__ . '/../../connect.php';
|
||||
|
||||
$driverID = filterRequest("driverID");
|
||||
$invoiceNumber = filterRequest("invoiceNumber");
|
||||
$amount = filterRequest("amount");
|
||||
$date = filterRequest("date");
|
||||
@@ -17,7 +16,7 @@ $linkImage = null;
|
||||
$uploadDate = date("Y-m-d H:i:s");
|
||||
|
||||
// ✅ طباعة بيانات الإدخال للتأكد
|
||||
error_log("[add_invoice.php] 📥 Data received | driverID: $driverID, invoiceNumber: $invoiceNumber, amount: $amount, date: $date");
|
||||
error_log("[add_invoice.php] 📥 Data received | invoiceNumber: $invoiceNumber, amount: $amount, date: $date");
|
||||
|
||||
// التحقق من وجود ملف الصورة
|
||||
if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
|
||||
@@ -43,7 +42,7 @@ if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
|
||||
exit;
|
||||
}
|
||||
|
||||
$new_filename = $invoiceNumber . "_" . $driverID . '.' . $image_extension;
|
||||
$new_filename = $invoiceNumber . '.' . $image_extension;
|
||||
$target_dir = "invoice_images/";
|
||||
$target_file = $target_dir . $new_filename;
|
||||
|
||||
@@ -66,9 +65,9 @@ if (isset($_FILES['image']) && $_FILES['image']['error'] === UPLOAD_ERR_OK) {
|
||||
}
|
||||
|
||||
try {
|
||||
$stmt = $con->prepare("INSERT INTO invoice_records (driverID, invoice_number,name, amount, date, image_link, created_at)
|
||||
VALUES (?, ?, ?,?, ?, ?, ?)");
|
||||
$stmt->execute([$driverID, $invoiceNumber,$name, $amount, $date, $linkImage, $uploadDate]);
|
||||
$stmt = $con->prepare("INSERT INTO invoice_records (invoice_number, name, amount, date, image_link, created_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?)");
|
||||
$stmt->execute([$invoiceNumber, $name, $amount, $date, $linkImage, $uploadDate]);
|
||||
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../../core/bootstrap.php';
|
||||
|
||||
try {
|
||||
$con = Database::get('main');
|
||||
|
||||
// Check if columns already exist to avoid errors
|
||||
$check = $con->query("SHOW COLUMNS FROM adminUser LIKE 'status'");
|
||||
if ($check->rowCount() == 0) {
|
||||
$sql = "ALTER TABLE adminUser
|
||||
ADD COLUMN status ENUM('pending', 'approved', 'suspended', 'rejected') NOT NULL DEFAULT 'pending' AFTER role,
|
||||
ADD COLUMN phone VARCHAR(50) DEFAULT NULL AFTER name,
|
||||
ADD COLUMN email VARCHAR(255) DEFAULT NULL AFTER phone,
|
||||
ADD COLUMN approved_by VARCHAR(64) DEFAULT NULL AFTER status,
|
||||
ADD COLUMN approved_at DATETIME DEFAULT NULL AFTER approved_by";
|
||||
|
||||
$con->exec($sql);
|
||||
|
||||
// Update existing admins to approved and super_admin
|
||||
$con->exec("UPDATE adminUser SET status = 'approved', role = 'super_admin' WHERE id IS NOT NULL");
|
||||
|
||||
echo json_encode(["status" => "success", "message" => "Migration completed successfully."]);
|
||||
} else {
|
||||
echo json_encode(["status" => "success", "message" => "Columns already exist."]);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
echo json_encode(["status" => "error", "message" => "An internal error occurred"]);
|
||||
}
|
||||
@@ -1,128 +0,0 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// Admin/auth/migration_cryptography.php
|
||||
// سكريبت لترحيل التشفير القديم (CBC) إلى التشفير الجديد (AES-256-GCM)
|
||||
// يمكن تشغيله عبر الـ CLI أو المتصفح (بصلاحيات مسؤول).
|
||||
// ============================================================
|
||||
|
||||
require_once __DIR__ . '/../../connect.php';
|
||||
|
||||
echo "Starting Cryptography Migration to AES-256-GCM...\n";
|
||||
ob_flush(); flush();
|
||||
|
||||
$tables = [
|
||||
'driver' => [
|
||||
'phone', 'email', 'gender', 'birthdate', 'site',
|
||||
'first_name', 'last_name', 'accountBank', 'education',
|
||||
'employmentType', 'maritalStatus', 'national_number',
|
||||
'name_arabic', 'address'
|
||||
],
|
||||
'passengers' => [
|
||||
'phone', 'email', 'gender', 'birthdate',
|
||||
'first_name', 'last_name', 'token'
|
||||
],
|
||||
'CarRegistration' => [
|
||||
'vin', 'car_plate', 'owner', 'address'
|
||||
],
|
||||
'carPlateEdit' => [
|
||||
'carPlate', 'owner'
|
||||
],
|
||||
'phone_verification' => [
|
||||
'phone_number'
|
||||
],
|
||||
'phone_verification_passenger' => [
|
||||
'phone_number'
|
||||
],
|
||||
'driverToken' => [
|
||||
'token'
|
||||
],
|
||||
'passengerToken' => [
|
||||
'token'
|
||||
],
|
||||
'mishwari' => [
|
||||
'phone', 'gender', 'name', 'name_english', 'car_plate', 'token', 'education', 'national_number', 'age'
|
||||
],
|
||||
'rate_app' => [
|
||||
'email', 'phone'
|
||||
],
|
||||
'admins' => [
|
||||
'name', 'phone', 'email', 'fp'
|
||||
],
|
||||
'driver_assurance' => [
|
||||
'assured', 'health_insurance_provider'
|
||||
],
|
||||
'blacklist_drivers' => [
|
||||
'phone'
|
||||
],
|
||||
'blacklist_passengers' => [
|
||||
'phone'
|
||||
],
|
||||
'feedBack' => [
|
||||
'feedBack'
|
||||
]
|
||||
];
|
||||
|
||||
$totalUpdated = 0;
|
||||
|
||||
foreach ($tables as $table => $columns) {
|
||||
echo "Processing table: $table ...\n";
|
||||
ob_flush(); flush();
|
||||
|
||||
try {
|
||||
$sql = "SELECT `id`, `" . implode("`, `", $columns) . "` FROM `$table`";
|
||||
$stmt = $con->query($sql);
|
||||
if (!$stmt) {
|
||||
echo "Skipped $table (Not found or missing columns).\n";
|
||||
continue;
|
||||
}
|
||||
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
} catch (Exception $e) {
|
||||
echo "An internal error occurred" . "\n";
|
||||
continue;
|
||||
}
|
||||
|
||||
$tableUpdatedCount = 0;
|
||||
|
||||
foreach ($rows as $row) {
|
||||
$id = $row['id'];
|
||||
$needsUpdate = false;
|
||||
$updateValues = [];
|
||||
$params = [':id' => $id];
|
||||
|
||||
foreach ($columns as $col) {
|
||||
$value = $row[$col];
|
||||
|
||||
// تحقق إذا كان الحقل يحتوي على قيمة وإذا لم يكن مشفر بالنظام الجديد
|
||||
if (!empty($value) && strpos($value, 'GCM:') !== 0) {
|
||||
// محاولة فك التشفير القديم (CBC)
|
||||
try {
|
||||
$decrypted = $encryptionHelper->decryptData($value);
|
||||
if ($decrypted !== false && $decrypted !== '') {
|
||||
// إعادة التشفير (سيستخدم GCM الآن)
|
||||
$newEncrypted = $encryptionHelper->encryptData($decrypted);
|
||||
$updateValues[] = "`$col` = :$col";
|
||||
$params[":$col"] = $newEncrypted;
|
||||
$needsUpdate = true;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
error_log("Failed to migrate $col for ID $id in $table: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($needsUpdate) {
|
||||
$setClause = implode(", ", $updateValues);
|
||||
$updateSql = "UPDATE `$table` SET $setClause WHERE `id` = :id";
|
||||
$updateStmt = $con->prepare($updateSql);
|
||||
$updateStmt->execute($params);
|
||||
$tableUpdatedCount++;
|
||||
}
|
||||
}
|
||||
|
||||
echo "Finished $table. Updated rows: $tableUpdatedCount\n";
|
||||
$totalUpdated += $tableUpdatedCount;
|
||||
ob_flush(); flush();
|
||||
}
|
||||
|
||||
echo "Migration completed! Total rows updated: $totalUpdated\n";
|
||||
?>
|
||||
Reference in New Issue
Block a user