Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-09 08:40:31 +03:00
commit d8901e1a87
3161 changed files with 536187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
backend/auth/captin/addCriminalDocuments.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
require_once __DIR__ . '/../../connect.php';
// Sanitize and validate input
$driverId = filterRequest("driverId");
$issueDate = filterRequest("IssueDate");
$inspectionResult = filterRequest("InspectionResult");
// Prepare SQL statement
$sql = "INSERT INTO criminalDocuments (driverId, IssueDate, InspectionResult)
VALUES (:driverId, :issueDate, :inspectionResult)";
try {
$stmt = $con->prepare($sql);
// Bind parameters
$stmt->bindParam(':driverId', $driverId, PDO::PARAM_INT);
$stmt->bindParam(':issueDate', $issueDate, PDO::PARAM_STR);
$stmt->bindParam(':inspectionResult', $inspectionResult, PDO::PARAM_STR);
// Execute the statement
$stmt->execute();
// Check if the insertion was successful
if ($stmt->rowCount() > 0) {
jsonSuccess(null, "Criminal document data saved successfully");
} else {
jsonError("Failed to save criminal document data");
}
} catch (PDOException $e) {
// Log the error and print a generic failure message
error_log("Database Error: " . $e->getMessage());
jsonError("An error occurred while saving the data");
}
?>

60
backend/auth/captin/deletecaptainAccounr.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
require_once __DIR__ . '/../../connect.php';
$id = filterRequest("id");
// يمكن استقبال سبب الحظر من التطبيق أو وضعه كقيمة افتراضية
$reason = "Driver requested deletion (deleteFromHimself)";
// تأكد أن المعرف رقم صحيح
if (!is_numeric($id)) {
jsonError("Invalid ID");
exit();
}
try {
// 1. جلب رقم الهاتف الخاص بالسائق قبل التحديث
// نحتاج الهاتف لإضافته في القائمة السوداء
$stmtPhone = $con->prepare("SELECT phone FROM `driver` WHERE `id` = :id");
$stmtPhone->bindParam(':id', $id, PDO::PARAM_INT);
$stmtPhone->execute();
$driverData = $stmtPhone->fetch(PDO::FETCH_ASSOC);
// التحقق من وجود السائق
if (!$driverData) {
jsonError("Driver not found");
exit();
}
$phone = $driverData['phone'];
// 2. تحديث حالة السائق
$sql = "UPDATE `driver` SET `status` = 'deleteFromHimself' WHERE `id` = :id";
$stmt = $con->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
// 3. الإضافة إلى القائمة السوداء (blacklist_driver)
// نستخدم NOW() لتسجيل الوقت الحالي تلقائياً
// لا نمرر id العمود الأول لأنه غالباً Auto Increment في قاعدة البيانات
$insertSql = "INSERT INTO `blacklist_driver` (`driver_id`, `phone`, `reason`, `created_at`)
VALUES (:driver_id, :phone, :reason, NOW())";
$insertStmt = $con->prepare($insertSql);
$insertStmt->execute([
':driver_id' => $id,
':phone' => $phone,
':reason' => $reason
]);
jsonSuccess(null, "Record marked as deleted and added to blacklist successfully");
} else {
jsonError("Failed to update record or no change made");
}
} catch (PDOException $e) {
// في حال حدوث خطأ في قاعدة البيانات (مثلاً تكرار الإضافة)
jsonError("Database Error: " . $e->getMessage());
}
?>

15
backend/auth/captin/error_log Normal file
View File

@@ -0,0 +1,15 @@
[21-May-2025 12:28:44 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43
[21-May-2025 21:09:18 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43
[22-May-2025 03:30:03 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43

0
backend/auth/captin/forgetPassword.php Normal file
View File

24
backend/auth/captin/getAccount.php Normal file
View File

@@ -0,0 +1,24 @@
<?php
require_once __DIR__ . '/../../connect.php';
$driverID = filterRequest("id");
// تحقق أن المعرف رقم صحيح
if (!is_numeric($driverID)) {
jsonError("Invalid driver ID");
exit();
}
// استخدم bindParam لتفادي حقن SQL
$sql = "SELECT `accountBank` FROM `driver` WHERE `id` = :id";
$stmt = $con->prepare($sql);
$stmt->bindParam(':id', $driverID, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
jsonSuccess($row);
} else {
jsonError("No account bank record found");
}
?>

39
backend/auth/captin/getAllDriverSecure.php Normal file
View File

@@ -0,0 +1,39 @@
<?php
require_once __DIR__ . '/../../connect.php';
$sql = "
SELECT
`id`,
`phone`,
`email`,
`gender`,
`birthdate`,
`first_name`,
`last_name`,
`sosPhone`
FROM
`passengers`
";
$stmt = $con->prepare($sql);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// فك تشفير الحقول الحساسة
foreach ($rows as &$row) {
$row['phone'] = $encryptionHelper->decryptData($row['phone']);
$row['email'] = $encryptionHelper->decryptData($row['email']);
$row['gender'] = $encryptionHelper->decryptData($row['gender']);
$row['birthdate'] = $encryptionHelper->decryptData($row['birthdate']);
$row['first_name'] = $encryptionHelper->decryptData($row['first_name']);
$row['last_name'] = $encryptionHelper->decryptData($row['last_name']);
$row['sosPhone'] = $encryptionHelper->decryptData($row['sosPhone']);
}
jsonSuccess($rows);
} else {
jsonError("No wallet record found");
}
?>

23
backend/auth/captin/getPromptDriverDocumentsEgypt.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
require_once __DIR__ . '/../../connect.php';
// $driverID = filterRequest("id");
$sql = "
SELECT * FROM `promptDriverIDEgypt`";
$stmt = $con->prepare($sql);
$stmt->execute();
if ($stmt->rowCount() > 0) {
// Fetch the record
$row = $stmt->fetchAll(PDO::FETCH_ASSOC);
jsonSuccess($row);
}
else{
// Print a failure message
jsonError($message = "No wallet record found");
}
?>

66
backend/auth/captin/login.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
require_once __DIR__ . '/../../connect.php';
$email = filterRequest('email');
$phone = filterRequest('phone');
$password = filterRequest('password');
// تشفير الحقول المطلوبة قبل الاستعلام
$email = $encryptionHelper->encryptData($email);
$phone = $encryptionHelper->encryptData($phone);
$sql = "SELECT
driver.id,
driver.phone,
driver.email,
driver.password,
driver.gender,
driver.birthdate,
driver.site,
driver.first_name,
driver.last_name,
driver.education,
driver.employmentType,
driver.maritalStatus,
driver.created_at,
driver.updated_at,
email_verifications.verified
FROM
driver
LEFT JOIN email_verifications ON email_verifications.email = driver.email
WHERE
driver.phone = :phone AND driver.email = :email";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':phone', $phone);
$stmt->execute();
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();
if ($count > 0) {
$stored_password = $data[0]['password'];
if (password_verify($password, $stored_password)) {
// فك التشفير للحقول الحساسة
$data[0]['phone'] = $encryptionHelper->decryptData($data[0]['phone']);
$data[0]['email'] = $encryptionHelper->decryptData($data[0]['email']);
$data[0]['gender'] = $encryptionHelper->decryptData($data[0]['gender']);
$data[0]['birthdate'] = $encryptionHelper->decryptData($data[0]['birthdate']);
$data[0]['site'] = $encryptionHelper->decryptData($data[0]['site']);
$data[0]['first_name'] = $encryptionHelper->decryptData($data[0]['first_name']);
$data[0]['last_name'] = $encryptionHelper->decryptData($data[0]['last_name']);
$data[0]['education'] = $encryptionHelper->decryptData($data[0]['education']);
$data[0]['employmentType'] = $encryptionHelper->decryptData($data[0]['employmentType']);
$data[0]['maritalStatus'] = $encryptionHelper->decryptData($data[0]['maritalStatus']);
unset($data[0]['password']); // لا نرجّع الباسورد
jsonSuccess($data);
} else {
jsonError("Incorrect password.");
}
} else {
jsonError("User does not exist.");
}
?>

111
backend/auth/captin/loginFromGoogle.php Executable file
View File

@@ -0,0 +1,111 @@
<?php
// loginFromGoogle.php
require_once __DIR__ . '/../../connect.php';
try {
/* ────────────────────────────────
1) قراءة القيم الأولية
───────────────────────────────── */
// $emailRaw = filterRequest('email'); // البريد القادم من التطبيق (غير مشفَّر)
$driverID = filterRequest('id'); // DriverID المُرسل
// error_log("[Debug] Email (raw): $emailRaw");
error_log("[Debug] DriverID: $driverID");
/* ────────────────────────────────
2) تشفير الإيميل
───────────────────────────────── */
// $emailEnc = $encryptionHelper->encryptData($emailRaw);
// error_log("[Debug] Email (encrypted): $emailEnc");
/* ────────────────────────────────
3) إعداد الاستعلام الموحَّد
───────────────────────────────── */
$sql = "
SELECT
driver.id, driver.phone, driver.email, driver.gender, driver.birthdate,
driver.site, driver.first_name, driver.last_name, driver.bankCode,
driver.accountBank, driver.employmentType,driver.status, driver.maritalStatus,
driver.created_at, driver.updated_at,
phone_verification.is_verified,
CarRegistration.make, CarRegistration.model, CarRegistration.year,
df.is_claimed, inv.isInstall, inv.isGiftToken
FROM driver
LEFT JOIN phone_verification ON phone_verification.phone_number = driver.phone
LEFT JOIN driver_gifts df ON df.driver_id = driver.id
LEFT JOIN CarRegistration ON CarRegistration.driverID = driver.id
LEFT JOIN invites inv ON inv.driverId = driver.id
WHERE
driver.id = :id
-- AND phone_verification.is_verified = '1'
LIMIT 1
";
// error_log("[Debug] queryString:\n$sql");
$stmt = $con->prepare($sql);
// باراميترات الربط
$params = [
//':email' => $emailEnc,
':id' => $driverID,
];
foreach ($params as $k => $v) {
$stmt->bindValue($k, $v);
}
/* ───────── dumpParams (اختياري) ───────── */
ob_start();
$stmt->debugDumpParams();
error_log("[Debug] dumpParams:\n" . ob_get_clean());
/* ────────────────────────────────
4) تنفيذ الاستعلام
───────────────────────────────── */
$stmt->execute();
error_log("[Debug] stmt->rowCount(): " . $stmt->rowCount());
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// error_log("[Debug] Raw fetched JSON: " . json_encode($rows, JSON_UNESCAPED_UNICODE));
if (!$rows) {
jsonError("User does not exist or phone not verified.");
exit;
}
/* ────────────────────────────────
5) فك التشفير للحقول الحسّاسة
───────────────────────────────── */
$data = &$rows[0]; // مرجع لتوفير الذاكرة
$decryptIfNotNull = function($field) use (&$data, $encryptionHelper) {
if (isset($data[$field]) && $data[$field] !== null) {
$data[$field] = $encryptionHelper->decryptData($data[$field]);
}
};
foreach ([
'phone', 'email', 'gender', 'birthdate', 'site',
'first_name', 'last_name'
] as $field) {
$decryptIfNotNull($field);
}
error_log("[Debug] Raw fetched JSON: " . json_encode($rows, JSON_UNESCAPED_UNICODE));
echo json_encode([
"status" => "success",
"count" => 1,
"data" => $rows // نتيجة واحدة فقط
], JSON_UNESCAPED_UNICODE);
} catch (PDOException $e) {
error_log("[PDO ERROR] " . $e->getMessage());
jsonError("Database error: ".$e->getCode());
} catch (Exception $e) {
error_log("[GENERAL ERROR] " . $e->getMessage());
jsonError("Error occurred.");
} finally {
$stmt = null;
$con = null;
}
?>

77
backend/auth/captin/loginUsingCredentialsWithoutGoogle.php Executable file
View File

@@ -0,0 +1,77 @@
<?php
require_once __DIR__ . '/../../connect.php';
$email = filterRequest('email');
$password = filterRequest('password');
// تشفير الإيميل لاستخدامه في الاستعلام
$encryptedEmail = $encryptionHelper->encryptData($email);
// SQL لاسترجاع المستخدم بناءً على البريد الإلكتروني المشفر
$sql = "SELECT
driver.id,
driver.phone,
driver.email,
driver.gender,
driver.birthdate,
driver.site,
driver.first_name,
driver.last_name,
driver.bankCode,
driver.accountBank,
driver.education,
driver.employmentType,
driver.maritalStatus,
driver.created_at,
driver.updated_at,
driver.password,
phone_verification.is_verified,
CarRegistration.make,
CarRegistration.model,
CarRegistration.year
FROM
driver
LEFT JOIN phone_verification ON phone_verification.phone_number = driver.phone
LEFT JOIN CarRegistration ON CarRegistration.driverID = driver.id
WHERE
driver.email = :email AND phone_verification.is_verified = '1'
LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $encryptedEmail);
$stmt->execute();
$data = $stmt->fetch(PDO::FETCH_ASSOC);
if ($data) {
if (password_verify($password, $data['password'])) {
unset($data['password']);
// فك تشفير الحقول الحساسة
$data['phone'] = $encryptionHelper->decryptData($data['phone']);
$data['email'] = $encryptionHelper->decryptData($data['email']);
$data['gender'] = $encryptionHelper->decryptData($data['gender']);
$data['birthdate'] = $encryptionHelper->decryptData($data['birthdate']);
$data['site'] = $encryptionHelper->decryptData($data['site']);
$data['first_name'] = $encryptionHelper->decryptData($data['first_name']);
$data['last_name'] = $encryptionHelper->decryptData($data['last_name']);
$data['education'] = $encryptionHelper->decryptData($data['education']);
$data['employmentType'] = $encryptionHelper->decryptData($data['employmentType']);
$data['maritalStatus'] = $encryptionHelper->decryptData($data['maritalStatus']);
echo json_encode([
"status" => "success",
"data" => $data
]);
} else {
jsonError("Incorrect password.");
}
} else {
jsonError("User does not exist or phone number not verified.");
}
$stmt = null;
$con = null;
exit();
?>

132
backend/auth/captin/register.php Executable file
View File

@@ -0,0 +1,132 @@
<?php
$allowRegistration = true;
require_once __DIR__ . '/../../connect.php';
try {
/* =========== 1) الحقول الواردة من الـ POST =========== */
$required = ["phone", "password", "first_name", "last_name"];
$optional = [
"id", "email", "gender", "license_type", "national_number",
"name_arabic", "issue_date", "expiry_date", "license_categories",
"address", "licenseIssueDate", "status", "birthdate", "site",
"accountBank", "bankCode", "employmentType",
"maritalStatus", "fullNameMaritial", "expirationDate"
];
$data = [];
// التحقق من الحقول المطلوبة
foreach ($required as $f) {
$val = filterRequest($f);
if ($val === null || $val === '') {
jsonError("Missing required field: $f");
exit;
}
$data[$f] = $val;
}
// قراءة الحقول الاختيارية
foreach ($optional as $f) {
$v = filterRequest($f);
$data[$f] = ($v === null || $v === '' || $v === 'Not specified') ? null : $v;
}
if ($data['email'] === null) {
// phone هنا ما زال خامًا (غير مُشفَّر)
$data['email'] = $data['phone'] . '@intaleqapp.com';
}
/* =========== 2) تشفير الحقول الحسّاسة =========== */
$encryptThese = ["phone", "email", "first_name", "last_name", "name_arabic","gender", "national_number",
"address", "site", "fullNameMaritial"];
foreach ($encryptThese as $f) {
if ($data[$f] !== null) {
$data[$f] = $encryptionHelper->encryptData($data[$f]);
}
}
/* =========== 3) توليد driver ID (id) إذا لم يُرسَل =========== */
/* =========== 4) هَش كلمة المرور =========== */
$data['password_hashed'] = password_hash($data['password'], PASSWORD_DEFAULT);
/* =========== 5) منع التكرار في الهاتف / الإيميل =========== */
$dup = $con->prepare(
"SELECT id FROM driver WHERE phone = :phone OR email = :email"
);
$dup->execute([
':phone' => $data['phone'],
':email' => $data['email']
]);
if ($dup->rowCount() > 0) {
jsonError("Phone or email already registered.");
exit;
}
/* =========== 6) إدخال السجل الجديد =========== */
$sql = "
INSERT INTO driver (
id, phone, email, password, gender, license_type, national_number,
name_arabic, issue_date, expiry_date, license_categories,
address, licenseIssueDate, status, birthdate, site,
first_name, last_name, accountBank, bankCode,
employmentType, maritalStatus, fullNameMaritial, expirationDate,
created_at, updated_at
) VALUES (
:id, :phone, :email, :pwd, :gender, :license_type, :national_number,
:name_arabic, :issue_date, :expiry_date, :license_categories,
:address, :licenseIssueDate, :status, :birthdate, :site,
:first_name, :last_name, :accountBank, :bankCode,
:employmentType, :maritalStatus, :fullNameMaritial, :expirationDate,
NOW(), NOW()
)
";
$ins = $con->prepare($sql);
// خريطة الربط (تطابق تمامًا أسماء الـ placeholders في الـ SQL أعلاه)
$bind = [
'id' => $data['id'],
'phone' => $data['phone'],
'email' => $data['email'],
'pwd' => $data['password_hashed'],
'gender' => $data['gender'],
'license_type' => $data['license_type'],
'national_number' => $data['national_number'],
'name_arabic' => $data['name_arabic'],
'issue_date' => $data['issue_date'],
'expiry_date' => $data['expiry_date'],
'license_categories'=> $data['license_categories']?? 'B',
'address' => $data['address'],
'licenseIssueDate' => $data['licenseIssueDate'],
'status' => $data['status'] ?? 'yet',
'birthdate' => $data['birthdate'],
'site' => $data['site'],
'first_name' => $data['first_name'],
'last_name' => $data['last_name'],
'accountBank' => 'yet',
'bankCode' => 'yet',
'employmentType' => $data['employmentType']?? 'yet',
'maritalStatus' => $data['maritalStatus']?? 'yet',
'fullNameMaritial' => $data['fullNameMaritial']?? 'yet',
'expirationDate' => $data['expirationDate']?? 'yet',
];
foreach ($bind as $key => $value) {
$ins->bindValue(":$key", $value);
}
if ($ins->execute()) {
jsonSuccess($data['id']); // ترجع driver ID
} else {
jsonError("Failed to insert driver record.");
}
} catch (PDOException $e) {
error_log("DriverInsert PDO: " . $e->getMessage());
jsonError("Database error.");
}
?>

16
backend/auth/captin/removeAccount.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
require_once __DIR__ . '/../../connect.php';
$id = filterRequest("id");
$sql = "DELETE FROM `passengers` WHERE `id` = :id";
$stmt = $con->prepare($sql);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
jsonSuccess(null, "Passenger deleted successfully.");
} else {
jsonError("Failed to delete passenger.");
}
?>

140
backend/auth/captin/sendOtpMessageDriver.php Executable file
View File

@@ -0,0 +1,140 @@
<?php
require_once __DIR__ . '/../../connect.php';
// استرجاع البيانات من الطلب
$phone_number = filterRequest("phone_number");
$driverId = filterRequest("driverId");
$email = filterRequest("email");
$expiration_time = filterRequest("expiration_time"); // اختياري للمستقبل
// تحقق من وجود رقم الهاتف
if (empty($phone_number)) {
jsonError("Phone number is required");
exit;
}
// Rate Limiting للحماية من هجمات استنزاف الرسائل
if (isset($redis)) {
$redisKey = "otp_limit:driver:$phone_number";
if ($redis->exists($redisKey)) {
jsonError("Please wait before requesting a new OTP.");
exit;
}
$redis->setex($redisKey, 60, "1"); // حظر لمدة 60 ثانية
}
// توليد رمز تحقق مكوّن من 5 أرقام
$token_code = str_pad(random_int(0, 99999), 5, '0', STR_PAD_LEFT);
// تشفير البيانات الحساسة
$encryptedPhone = $encryptionHelper->encryptData($phone_number);
$encryptedToken = $encryptionHelper->encryptData($token_code);
$encryptedEmail = $encryptionHelper->encryptData($email); // اختياري إذا بتحب تشفيره
// التحقق من وجود الرقم مسبقاً في قاعدة البيانات
$sqlCheck = "SELECT * FROM `phone_verification` WHERE `phone_number` = :phone";
$stmtCheck = $con->prepare($sqlCheck);
$stmtCheck->bindParam(":phone", $encryptedPhone);
$stmtCheck->execute();
$success = false;
// إذا كان الرقم موجود → تحديث
if ($stmtCheck->rowCount() > 0) {
$sqlUpdate = "UPDATE `phone_verification`
SET `token_code` = :token,
`expiration_time` = DATE_ADD(NOW(), INTERVAL 5 MINUTE)
WHERE `phone_number` = :phone";
$stmt = $con->prepare($sqlUpdate);
$stmt->bindParam(":token", $encryptedToken);
$stmt->bindParam(":phone", $encryptedPhone);
$stmt->execute();
$success = $stmt->rowCount() > 0;
} else {
// إذا الرقم غير موجود → إدخال جديد
$sqlInsert = "INSERT INTO `phone_verification`
(`phone_number`, `driverId`, `email`, `token_code`, `expiration_time`, `is_verified`, `created_at`)
VALUES
(:phone, :driverId, :email, :token, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW())";
$stmt = $con->prepare($sqlInsert);
$stmt->bindParam(":phone", $encryptedPhone);
$stmt->bindParam(":driverId", $driverId);
$stmt->bindParam(":email", $encryptedEmail);
$stmt->bindParam(":token", $encryptedToken);
$stmt->execute();
$success = $stmt->rowCount() > 0;
}
// إذا تم الحفظ بنجاح → أرسل الرمز عبر SMS
if ($success) {
// تحميل بيانات الاتصال بالـ SMS API من المتغيرات البيئية
$username = getenv('SMS_USERNAME');
$password = getenv('SMS_PASSWORD_EGYPT');
$sender = getenv('SMS_SENDER');
if (!$username || !$password || !$sender) {
jsonError("SMS credentials are missing");
exit;
}
$message = "Tripz app code is " . $token_code;
$receiver = $phone_number;
$apiUrl = 'https://sms.kazumi.me/api/sms/send-sms';
$payload = [
'username' => $username,
'password' => $password,
'language' => 'e',
'sender' => $sender,
'receiver' => $receiver,
'message' => $message
];
$jsonPayload = json_encode($payload);
$smsResponse = callAPI("POST", $apiUrl, $jsonPayload);
if ($smsResponse) {
jsonSuccess(null, "Verification code sent and saved successfully");
} else {
jsonError("Code saved, but SMS sending failed");
}
} else {
jsonError("Failed to save verification data");
}
// دالة الاتصال بالـ API
function callAPI($method, $url, $data) {
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"Accept: application/json"
],
CURLOPT_TIMEOUT => 30,
CURLOPT_CONNECTTIMEOUT => 10
]);
$api_raw_response = curl_exec($curl);
if (curl_errno($curl)) {
error_log("cURL Error [".curl_errno($curl)."]: " . curl_error($curl));
curl_close($curl);
return false;
}
curl_close($curl);
$decoded_response = json_decode($api_raw_response, true);
if (json_last_error() !== JSON_ERROR_NONE) {
error_log("Invalid JSON response from SMS API.");
return false;
}
error_log("SMS API response: " . print_r($decoded_response, true));
return $decoded_response;
}
?>

53
backend/auth/captin/updateAccountBank.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
require_once __DIR__ . '/../../connect.php';
$id = filterRequest("id");
$columnValues = [];
$params = [':id' => $id];
// الحقول التي تحتاج تشفير
$fieldsToEncrypt = [
"phone", "email", "gender", "birthdate", "site",
"first_name", "last_name", "accountBank", "education",
"employmentType", "maritalStatus"
];
// الحقول غير المشفرة
$plainFields = ["status", "bankCode", "updated_at"];
foreach ($_POST as $key => $value) {
$filtered = filterRequest($key);
if ($key === "password") {
// هاش لكلمة المرور
$hashed = password_hash($filtered, PASSWORD_DEFAULT);
$columnValues[] = "`password` = :password";
$params[':password'] = $hashed;
} elseif (in_array($key, $fieldsToEncrypt)) {
$encrypted = $encryptionHelper->encryptData($filtered);
$columnValues[] = "`$key` = :$key";
$params[":$key"] = $encrypted;
} elseif (in_array($key, $plainFields)) {
$columnValues[] = "`$key` = :$key";
$params[":$key"] = $filtered;
}
}
// بناء جملة التحديث
if (empty($columnValues)) {
jsonError("No data provided to update.");
exit;
}
$setClause = implode(", ", $columnValues);
$sql = "UPDATE `driver` SET $setClause WHERE `id` = :id";
$stmt = $con->prepare($sql);
$stmt->execute($params);
if ($stmt->rowCount() > 0) {
jsonSuccess(null, "Driver data updated successfully");
} else {
jsonError("Failed to update driver data");
}
?>

38
backend/auth/captin/updateDriverClaim.php Executable file
View File

@@ -0,0 +1,38 @@
<?php
require_once __DIR__ . '/../../connect.php';
// Sanitize and validate input
$driverId = filterRequest("driverId");
// SQL query to check if a gift already exists for the driver (unclaimed)
$checkSql = "SELECT COUNT(*) FROM driver_gifts WHERE driver_id = :driverId -- AND is_claimed = 0";
try {
$checkStmt = $con->prepare($checkSql);
$checkStmt->bindParam(':driverId', $driverId, PDO::PARAM_INT);
$checkStmt->execute();
$giftExists = $checkStmt->fetchColumn();
if ($giftExists > 0) {
jsonError("Gift already exists for this driver");
exit;
}
// Insert a new claimed gift
$sql = "INSERT INTO driver_gifts (driver_id, gift_description, is_claimed)
VALUES (:driverId, 'new account 300 le', 1)";
$stmt = $con->prepare($sql);
$stmt->bindParam(':driverId', $driverId, PDO::PARAM_INT);
$stmt->execute();
if ($stmt->rowCount() > 0) {
jsonSuccess(null, "Gift data saved successfully");
} else {
jsonError("Failed to save gift data");
}
} catch (PDOException $e) {
error_log("Database Error: " . $e->getMessage());
jsonError("An error occurred while saving the data");
}
?>

56
backend/auth/captin/updateDriverSecure.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
require_once __DIR__ . '/../../connect.php';
$id = filterRequest("id");
// تحقق من وجود بيانات
if (empty($_POST)) {
jsonError("No passenger data provided for update.");
exit;
}
// الحقول الحساسة التي يجب تشفيرها
$fieldsToEncrypt = ["phone", "email", "gender", "birthdate", "site", "first_name", "last_name", "sosPhone"];
// بناء الحقول والمعاملات
$columnValues = [];
$params = [];
foreach ($fieldsToEncrypt as $field) {
if (isset($_POST[$field])) {
$value = filterRequest($field);
$encryptedValue = $encryptionHelper->encryptData($value);
$columnValues[] = "`$field` = ?";
$params[] = $encryptedValue;
}
}
// تحقق من أن هناك حقول للتحديث
if (empty($columnValues)) {
jsonError("No valid encrypted passenger data provided for update.");
exit;
}
// تركيب جملة SQL
$setClause = implode(", ", $columnValues);
$params[] = $id;
$sql = "UPDATE `passengers` SET $setClause WHERE `id` = ?";
try {
$stmt = $con->prepare($sql);
foreach ($params as $index => $value) {
$stmt->bindValue($index + 1, $value);
}
if ($stmt->execute()) {
jsonSuccess(null, "Passenger data updated successfully with encryption");
} else {
jsonError("Failed to update passenger data");
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
}
?>

39
backend/auth/captin/updateShamCashDriver.php Executable file
View File

@@ -0,0 +1,39 @@
<?php
require_once __DIR__ . '/../../connect.php';
// استقبال معرف السائق
$id = filterRequest("id");
// استقبال بيانات شام كاش من التطبيق
$accountBank = filterRequest("accountBank"); // الاسم (مثال: intaleq)
$bankCode = filterRequest("bankCode"); // الكود الطويل (مثال: 80f23afe...)
// التحقق من وصول البيانات المطلوبة
if ($id && $accountBank && $bankCode) {
try {
// 1. تشفير اسم الحساب (حسب القواعد في السكربت السابق accountBank مشفر)
$encryptedAccountBank = $encryptionHelper->encryptData($accountBank);
// 2. كود المحفظة يبقى كما هو (حسب القواعد bankCode غير مشفر)
$plainBankCode = $encryptionHelper->encryptData($bankCode);
// 3. جملة التحديث
$stmt = $con->prepare("UPDATE `driver` SET `accountBank` = ?, `bankCode` = ? WHERE `id` = ?");
$stmt->execute(array($encryptedAccountBank, $plainBankCode, $id));
// التحقق من نجاح العملية
// rowCount > 0 يعني تم التحديث، أحياناً يعطي 0 إذا كانت البيانات هي نفسها لم تتغير
// لذا نرسل نجاح في كلتا الحالتين طالما لم يحدث Error
jsonSuccess(null, "ShamCash info updated successfully");
} catch (PDOException $e) {
// في حال وجود خطأ في قاعدة البيانات
jsonError("Database Error: " . $e->getMessage());
}
} else {
jsonError("Missing required fields: id, accountBank, or bankCode");
}
?>

0
backend/auth/captin/verifyEmail.php Normal file
View File

39
backend/auth/captin/verifyOtpDriver.php Executable file
View File

@@ -0,0 +1,39 @@
<?php
require_once __DIR__ . '/../../connect.php';
$phone_number = filterRequest("phone_number");
$token_code = filterRequest("token_code");
$encryptedPhone = $encryptionHelper->encryptData($phone_number);
$encryptedToken = $encryptionHelper->encryptData($token_code);
// Check if the phone number and token code match
$sql = "SELECT
`id`,
`phone_number`,
`token_code`,
`expiration_time`,
`is_verified`,
`created_at`
FROM
`phone_verification`
WHERE
`phone_number` = :phone_number AND `token_code` = :token_code -- AND `expiration_time` > NOW()";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone_number', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token_code', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
if ($result) {
// $id = $result["id"];
$sql = "UPDATE `phone_verification` SET `is_verified` = 1 WHERE `phone_number` = :phone_number";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone_number', $phone_number, PDO::PARAM_STR);
$stmt->execute();
jsonSuccess($message = "Your phone number has been verified.");
} else {
jsonError($message = "Your phone number could not be verified. Please try again.");
}
?>