Update: 2026-06-11 19:26:42

2026-06-11 19:26:42 +03:00
parent 727068b668
commit b87477bec4
371 changed files with 67 additions and 14257 deletions
--- a/walletintaleq.intaleq.xyz/v2/main/ride/payment/add.php
+++ b/walletintaleq.intaleq.xyz/v2/main/ride/payment/add.php
@@ -9,33 +9,45 @@ $rideId         = filterRequest("rideId");
 $driverID       = filterRequest("driverID");
 $token          = filterRequest("token");

-// ✅ تحقق من التوكن
-$stmt = $con->prepare("SELECT * FROM payment_tokens WHERE token = :token AND isUsed = FALSE");
-$stmt->execute([ ':token' => $token ]);
-$tokenData = $stmt->fetch();
+try {
+    $con->beginTransaction();

-if ($tokenData) {
-    // ✅ إدخال الدفع بمفتاح قصير وخفيف
-    $sql = "INSERT INTO payments (id, amount, payment_method, passengerID, rideId, driverID)
-            VALUES (UUID_SHORT(), :amount, :payment_method, :passengerID, :rideId, :driverID)";
-    $stmt = $con->prepare($sql);
-    $stmt->execute([
-        ':amount'         => $amount,
-        ':payment_method' => $payment_method,
-        ':passengerID'    => $passengerID,
-        ':rideId'         => $rideId,
-        ':driverID'       => $driverID
-    ]);
+    // ✅ تحقق من التوكن مع قفل السجل (FOR UPDATE) لمنع ثغرة السباق (Race Condition)
+    $stmt = $con->prepare("SELECT * FROM payment_tokens WHERE token = :token AND isUsed = FALSE FOR UPDATE");
+    $stmt->execute([ ':token' => $token ]);
+    $tokenData = $stmt->fetch();

-    if ($stmt->rowCount() > 0) {
-        printSuccess("Payment record created successfully");
+    if ($tokenData) {
+        // ✅ إدخال الدفع بمفتاح قصير وخفيف
+        $sql = "INSERT INTO payments (id, amount, payment_method, passengerID, rideId, driverID)
+                VALUES (UUID_SHORT(), :amount, :payment_method, :passengerID, :rideId, :driverID)";
+        $stmtInsert = $con->prepare($sql);
+        $stmtInsert->execute([
+            ':amount'         => $amount,
+            ':payment_method' => $payment_method,
+            ':passengerID'    => $passengerID,
+            ':rideId'         => $rideId,
+            ':driverID'       => $driverID
+        ]);

-        // ✅ تحديث حالة التوكن
-        $stmt = $con->prepare("UPDATE payment_tokens SET isUsed = TRUE WHERE id = :tokenID");
-        $stmt->execute([ ':tokenID' => $tokenData['id'] ]);
+        if ($stmtInsert->rowCount() > 0) {
+            // ✅ تحديث حالة التوكن
+            $stmtUpdate = $con->prepare("UPDATE payment_tokens SET isUsed = TRUE WHERE id = :tokenID");
+            $stmtUpdate->execute([ ':tokenID' => $tokenData['id'] ]);
+            
+            $con->commit();
+            printSuccess("Payment record created successfully");
+        } else {
+            $con->rollBack();
+            printFailure("Failed to save record");
+        }
    } else {
-        printFailure("Failed to save record");
+        $con->rollBack();
+        printFailure("Invalid or already used token");
    }
-} else {
-    printFailure("Invalid or already used token");
+} catch (Exception $e) {
+    if ($con->inTransaction()) {
+        $con->rollBack();
+    }
+    printFailure("An error occurred: " . $e->getMessage());
 }