Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-09 08:40:31 +03:00
commit d8901e1a87
3161 changed files with 536187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
backend/auth/syria/driver/driver_details.php Executable file
View File

@@ -0,0 +1,49 @@
<?php
require_once __DIR__ . '/../../../connect.php';
$driverId = filterRequest("id");
if (empty($driverId)) {
jsonError("driver_id is required.");
exit;
}
try {
// تفاصيل السائق
$sql = "SELECT * FROM driver WHERE id = :id LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->execute([':id' => $driverId]);
$driver = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$driver) {
jsonError("Driver not found.");
exit;
}
// فك التشفير للحقول الحساسة
foreach ($driver as $k => $v) {
if (in_array($k, ['phone',
'email',
'first_name',
'last_name',
'national_number',
'address','gender','site',
'birthdate',
'name_arabic'])) {
$driver[$k] = $encryptionHelper->decryptData($v);
}
}
// الوثائق
$sql2 = "SELECT doc_type, image_name, link FROM driver_documents WHERE driverID = :id";
$stmt2 = $con->prepare($sql2);
$stmt2->execute([':id' => $driverId]);
$docs = $stmt2->fetchAll(PDO::FETCH_ASSOC);
printSuccess([
"driver" => $driver,
"documents" => $docs
]);
} catch (PDOException $e) {
jsonError("Error: " . $e->getMessage());
}

25
backend/auth/syria/driver/drivers_pending_list.php Executable file
View File

@@ -0,0 +1,25 @@
<?php
require_once __DIR__ . '/../../../connect.php';
$limit = isset($_POST['limit']) ? (int)$_POST['limit'] : (isset($_GET['limit']) ? (int)$_GET['limit'] : 10);
$offset = isset($_POST['offset']) ? (int)$_POST['offset'] : (isset($_GET['offset']) ? (int)$_GET['offset'] : 0);
try {
$sql = "SELECT id, first_name, last_name, phone FROM driver WHERE status <> 'active' ORDER BY id DESC LIMIT :limit OFFSET :offset";
$stmt = $con->prepare($sql);
$stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// فك التشفير
foreach ($rows as &$r) {
$r['phone'] = $encryptionHelper->decryptData($r['phone']);
$r['first_name'] = $encryptionHelper->decryptData($r['first_name']);
$r['last_name'] = $encryptionHelper->decryptData($r['last_name']);
}
jsonSuccess($rows); // يرجع كـ message: [...]
} catch (PDOException $e) {
jsonError("Error: " . $e->getMessage());
}

26
backend/auth/syria/driver/isPhoneVerified.php Executable file
View File

@@ -0,0 +1,26 @@
<?php
require_once __DIR__ . '/../../../connect.php';
$phoneNumber = filterRequest("phone_number");
// تشفير الرقم قبل البحث
$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
try {
// الاستعلام عن السائق حسب رقم الهاتف وحالة التحقق
$stmt = $con->prepare("
SELECT * FROM phone_verification
WHERE phone_number = ? AND is_verified = 1
");
$stmt->execute([$phoneNumber_encrypted]);
$driver = $stmt->fetch(PDO::FETCH_ASSOC);
if ($driver) {
jsonSuccess(null, "Phone number is verified.");
} else {
jsonError("Phone number is not verified or does not exist.");
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
}

391
backend/auth/syria/driver/register_driver_and_car.php Executable file
View File

@@ -0,0 +1,391 @@
<?php
/**
* Endpoint: register_driver_and_car.php
* [MODIFIED] Added vehicle_category_id and fuel_type_id support.
* [MODIFIED] Fixed birthdate logic: Append -01-01 BEFORE encryption.
* [MODIFIED] Added Syrian phone number formatting logic.
*/
//register_driver_and_car.php
$allowRegistration = true;
require_once __DIR__ . '/../../../connect.php';
header('Content-Type: application/json; charset=utf-8');
try {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
jsonError("Invalid method.");
exit;
}
/* ================== General Settings ================== */
$PUBLIC_BASE = "https://intaleq.xyz/driver_docs";
/* ================== 1) Input Fields ================== */
$raw_first_name = null;
$raw_last_name = null;
$required = ["phone", "password", "first_name", "last_name"];
$optional = [
"id","email","gender","license_type","national_number",
"name_arabic","issue_date","expiry_date","license_categories",
"address","licenseIssueDate","status","birthdate","site",
"employmentType","maritalStatus","fullNameMaritial","expirationDate"
];
$carRequired = [
"vin","car_plate","make","model","year","expiration_date",
"color","owner","color_hex","fuel"
];
// حقول اختيارية للسيارة (التصنيف والوقود الرقمي)
// vehicle_category_id, fuel_type_id
$docKeys = [
'driver_license_front',
'driver_license_back',
'car_license_front',
'car_license_back'
];
// Read driver fields
$data = [];
foreach ($required as $f) {
$v = filterRequest($f);
if ($v === null || $v === '') {
jsonError("Missing required field: $f");
exit;
}
$data[$f] = $v;
if ($f === 'first_name') $raw_first_name = $v;
if ($f === 'last_name') $raw_last_name = $v;
}
foreach ($optional as $f) {
$v = filterRequest($f);
$data[$f] = ($v === null || $v === '' || $v === 'Not specified') ? null : $v;
}
/* ================== 🟢 START PHONE FORMATTING LOGIC 🟢 ================== */
if (!empty($data['phone'])) {
$phone = $data['phone'];
// 1. إزالة المسافات والرموز
$phone = preg_replace('/[ \-\(\)\+]/', '', $phone);
$phone = trim($phone);
// 2. توحيد البادئات الدولية
if (strpos($phone, '00963') === 0) {
$phone = substr($phone, 2);
} elseif (strpos($phone, '0963') === 0) {
$phone = substr($phone, 1);
}
// 3. معالجة الحالات الخاصة بالصفر الزائد بعد الرمز الدولي
if (strpos($phone, '96309') === 0) {
$phone = '9639' . substr($phone, 5);
}
elseif (strpos($phone, '9630') === 0) {
$phone = '9639' . substr($phone, 4);
}
// 4. معالجة الأرقام المحلية
elseif (strpos($phone, '09') === 0) {
$phone = '963' . substr($phone, 1);
}
elseif (strpos($phone, '9') === 0 && strlen($phone) == 9) {
$phone = '963' . $phone;
}
elseif (strpos($phone, '0') === 0 && strlen($phone) == 10) {
$phone = '963' . substr($phone, 1);
}
// 5. التأكد من وجود 9 بعد الرمز الدولي
if (strpos($phone, '963') === 0 && strlen($phone) > 3) {
if (strpos($phone, '9639') !== 0) {
$phone = '9639' . substr($phone, 3);
}
}
$data['phone'] = $phone;
}
/* ================== 🔴 END PHONE FORMATTING LOGIC 🔴 ================== */
// تجهيز تاريخ الميلاد قبل التشفير
if (!empty($data['birthdate'])) {
$data['birthdate'] = trim($data['birthdate']);
$data['birthdate'] = $data['birthdate'] . '-01-01';
} else {
$data['birthdate'] = '1970-01-01';
}
// Read car fields
$car = [];
foreach ($carRequired as $f) {
$v = filterRequest($f);
if ($v === null || $v === '') {
jsonError("Missing required field: $f");
exit;
}
$car[$f] = $v;
}
// Read document links
$docUrls = [];
foreach ($docKeys as $k) {
$u = filterRequest($k);
if ($u === null || $u === '') {
jsonError("Missing document URL: $k");
exit;
}
if (!filter_var($u, FILTER_VALIDATE_URL)) {
jsonError("Invalid document URL: $k");
exit;
}
$docUrls[$k] = $u;
}
/* ================== 2) Generate default id/email ================== */
if (empty($data['id'])) {
$data['id'] = 'DRV' . date('YmdHis') . random_int(1000, 9999);
}
if ($data['email'] === null) {
$data['email'] = $data['phone'] . '@intaleqapp.com';
}
/* ================== 3) Encrypt sensitive fields ================== */
$toEncryptDriver = [
"phone","email","first_name","last_name","name_arabic","gender",
"national_number","address","site","fullNameMaritial","birthdate"
];
foreach ($toEncryptDriver as $f) {
if (!empty($data[$f])) {
$data[$f] = $encryptionHelper->encryptData($data[$f]);
}
}
// Encrypt car sensitive data
$car['vin'] = $encryptionHelper->encryptData($car['vin']);
$car['car_plate'] = $encryptionHelper->encryptData($car['car_plate']);
$car['owner'] = $encryptionHelper->encryptData($car['owner']);
/* ================== 4) Hash password (HMAC + password_hash) ================== */
// نقرأ الـ HMAC key من env
$pepper = getenv('SECRET_KEY_HMAC');
// نبني baseString من أكثر من بارامتر
// هنا نستخدم id + phone (بعد ما طبّقنا منطق تنسيق الهاتف)
$baseParts = [
$data['id'],
$data['phone'],
];
// نضيف رقم وطني أو سنة الميلاد إن توفروا (كما في الـ migration)
if (!empty($data['national_number'])) {
$baseParts[] = $data['national_number'];
} elseif (!empty($data['birthdate'])) {
// birthdate حالياً أصبح بصيغة YYYY-01-01
$year = substr($data['birthdate'], 0, 4);
if (preg_match('/^\d{4}$/', $year)) {
$baseParts[] = $year;
}
}
$baseString = implode('|', $baseParts);
// نشتق السر الخام باستخدام HMAC-SHA256 مع SECRET_KEY_HMAC
$rawSecret = hash_hmac('sha256', $baseString, $pepper, true);
// نخزّن فقط الهاش الناتج من password_hash في قاعدة البيانات
$pwdHashed = password_hash($rawSecret, PASSWORD_DEFAULT);
/* ================== 5) Start transaction ================== */
$con->beginTransaction();
/* ================== 6) Check duplicate ================== */
$dup = $con->prepare("SELECT id FROM driver WHERE phone = :p OR email = :e");
$dup->execute([':p' => $data['phone'], ':e' => $data['email']]);
if ($dup->rowCount() > 0) {
$con->rollBack();
jsonError("Phone or email already registered.");
exit;
}
/* ================== 7) Insert Driver ================== */
$sqlDriver = "
INSERT INTO driver (
id, phone, email, password, gender, license_type, national_number,
name_arabic, issue_date, expiry_date, license_categories,
address, licenseIssueDate, status, birthdate, site,
first_name, last_name, accountBank, bankCode,
employmentType, maritalStatus, fullNameMaritial, expirationDate,
created_at, updated_at
) VALUES (
:id, :phone, :email, :pwd, :gender, :license_type, :national_number,
:name_arabic, :issue_date, :expiry_date, :license_categories,
:address, :licenseIssueDate, :status, :birthdate, :site,
:first_name, :last_name, :accountBank, :bankCode,
:employmentType, :maritalStatus, :fullNameMaritial, :expirationDate,
NOW(), NOW()
)
";
$insD = $con->prepare($sqlDriver);
$okD = $insD->execute([
':id' => $data['id'],
':phone' => $data['phone'],
':email' => $data['email'],
':pwd' => $pwdHashed,
':gender' => !empty($data['gender']) ? $data['gender'] : 'Male',
':license_type' => !empty($data['license_type']) ? $data['license_type'] : 'yet',
':national_number' => $data['national_number'],
':name_arabic' => $data['name_arabic'],
':issue_date' => !empty($data['issue_date']) ? $data['issue_date'] : '2020-01-01',
':expiry_date' => !empty($data['expiry_date']) ? $data['expiry_date'] : 'yet',
':license_categories' => !empty($data['license_categories']) ? $data['license_categories'] : 'B',
':address' => $data['address'],
':licenseIssueDate' => !empty($data['licenseIssueDate']) ? $data['licenseIssueDate'] : '2020-01-01',
':status' => !empty($data['status']) ? $data['status'] : 'yet',
':birthdate' => $data['birthdate'],
':site' => !empty($data['site']) ? $data['site'] : 'demascus',
':first_name' => $data['first_name'],
':last_name' => $data['last_name'],
':accountBank' => 'yet',
':bankCode' => 'yet',
':employmentType' => !empty($data['employmentType']) ? $data['employmentType'] : 'yet',
':maritalStatus' => !empty($data['maritalStatus']) ? $data['maritalStatus'] : 'yet',
':fullNameMaritial' => !empty($data['fullNameMaritial']) ? $data['fullNameMaritial'] : 'yet',
':expirationDate' => !empty($data['expirationDate']) ? $data['expirationDate'] : 'yet',
]);
if (!$okD) {
$con->rollBack();
jsonError("Failed to insert driver.");
exit;
}
$driverID = $data['id'];
/* ================== 8) Insert Vehicle ================== */
// ✅ استقبال القيم الجديدة (التصنيف والوقود) مع تعيين افتراضي 1
$vCatID = filterRequest("vehicle_category_id");
$vCatID = ($vCatID !== null && $vCatID !== '') ? $vCatID : 1; // 1 = Car
$fTypeID = filterRequest("fuel_type_id");
$fTypeID = ($fTypeID !== null && $fTypeID !== '') ? $fTypeID : 1; // 1 = Petrol
$hasCar = $con->prepare("SELECT 1 FROM CarRegistration WHERE driverID = :d LIMIT 1");
$hasCar->execute([':d' => $driverID]);
$isDefault = $hasCar->rowCount() === 0 ? 1 : 0;
$sqlCar = "
INSERT INTO CarRegistration (
driverID, vin, car_plate, make, model, year, expiration_date,
color, owner, color_hex, fuel,
vehicle_category_id, fuel_type_id,
isDefault, created_at, status
) VALUES (
:driverID, :vin, :car_plate, :make, :model, :year, :expiration_date,
:color, :owner, :color_hex, :fuel,
:vehicle_category_id, :fuel_type_id,
:isDefault, NOW(), 'yet'
)
";
$insC = $con->prepare($sqlCar);
$okC = $insC->execute([
':driverID' => $driverID,
':vin' => $car['vin'],
':car_plate' => $car['car_plate'],
':make' => $car['make'],
':model' => $car['model'],
':year' => $car['year'],
':expiration_date' => $car['expiration_date'],
':color' => $car['color'],
':owner' => $car['owner'],
':color_hex' => $car['color_hex'],
':fuel' => $car['fuel'], // النص القديم (للتوافق)
':vehicle_category_id' => $vCatID, // ✅ العمود الجديد
':fuel_type_id' => $fTypeID, // ✅ العمود الجديد
':isDefault' => $isDefault,
]);
if (!$okC) {
$con->rollBack();
jsonError("Failed to insert car registration.");
exit;
}
$carRegID = $con->lastInsertId();
/* ================== 9) Store document links ================== */
$insDoc = $con->prepare("
INSERT INTO driver_documents (driverID, doc_type, image_name, link, upload_date)
VALUES (:driverID, :doc_type, :image_name, :link, NOW())
");
foreach ($docKeys as $k) {
$url = $docUrls[$k];
$name = basename(parse_url($url, PHP_URL_PATH) ?? '');
if ($name === '') { $name = $k . '_' . time() . '.jpg'; }
$insDoc->execute([
':driverID' => $driverID,
':doc_type' => $k,
':image_name' => $name,
':link' => $url,
]);
}
/* ================== 10) Commit ================== */
$con->commit();
/* ================== 11) Notification ================== */
try {
$fcmSendUrl = 'https://api.intaleq.xyz/intaleq/ride/firebase/send_fcm.php';
$driverFullName = $raw_first_name . ' ' . $raw_last_name;
$notificationTitle = 'تسجيل سائق جديد';
$notificationBody = "سائق جديد ($driverFullName) سجل برقم ID: $driverID وهو بانتظار المراجعة والتفعيل.";
$notificationPayload = json_encode([
'target' => 'service',
'title' => $notificationTitle,
'body' => $notificationBody,
'isTopic' => true,
'category' => 'new_driver_registration'
]);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $fcmSendUrl);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json; charset=UTF-8']);
curl_setopt($ch, CURLOPT_POSTFIELDS, $notificationPayload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_exec($ch);
curl_close($ch);
} catch (Exception $notifyEx) {
error_log("register_driver_and_car NOTIFY ERROR: " . $notifyEx->getMessage());
}
printSuccess([
'status' => 'success',
'driverID' => $driverID,
'carRegID' => $carRegID,
'documents' => $docUrls
]);
} catch (Exception $e) {
if (isset($con) && $con instanceof PDO && $con->inTransaction()) {
$con->rollBack();
}
error_log("register_driver_and_car ERROR: " . $e->getMessage());
jsonError("Server error: " . $e->getMessage());
} catch (PDOException $e) {
if (isset($con) && $con instanceof PDO && $con->inTransaction()) {
$con->rollBack();
}
error_log("register_driver_and_car PDO: " . $e->getMessage());
jsonError("Database error.");
}
?>

303
backend/auth/syria/driver/register_driver_and_car_signed.php Executable file
View File

@@ -0,0 +1,303 @@
<?php
/**
* Endpoint: register_driver_and_car.php (نسخة محدثة)
* Method: POST (multipart/form-data أو x-www-form-urlencoded)
* الوظيفة: إنشاء سائق + تسجيل مركبة + حفظ روابط الوثائق الموقّعة (من السيرفر السوري)
* ملاحظة: لا نتلقّى ملفات هنا. نتلقى فقط روابط secure_image.php الموقّعة.
*/
$allowRegistration = true;
require_once __DIR__ . '/../../../connect.php';
header('Content-Type: application/json; charset=utf-8');
try {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
jsonError("Invalid method.");
exit;
}
/* ========== إعدادات عامة ========== */
// الدومينات المسموح بها للروابط الموقّعة (السيرفر السوري)
$ALLOWED_SIGNED_HOSTS = [
'syria.intaleq.xyz', // عدّل حسب بيئتك
'applink.syria', // مثال آخر إن كان لديك دومين إضافي
];
// توثيق شكل الروابط: secure_image.php?driver_id=...&doc_type=...&ext=jpg|png|webp&expires=...&signature=...
$allowedDocTypes = [
'driver_license_front',
'driver_license_back',
'car_license_front',
'car_license_back',
];
$allowedExts = ['jpg','png','webp'];
/* ========== 1) جلب الحقول ========== */
$required = ["phone", "password", "first_name", "last_name"];
$optional = [
"id","email","gender","license_type","national_number",
"name_arabic","issue_date","expiry_date","license_categories",
"address","licenseIssueDate","status","birthdate","site",
"employmentType","maritalStatus","fullNameMaritial","expirationDate"
];
// حقول السيارة (مطلوبة)
$carRequired = [
"vin","car_plate","make","model","year","expiration_date",
"color","owner","color_hex","fuel"
];
// روابط الوثائق (مطلوبة)
$docUrlKeys = [
'driver_license_front_url',
'driver_license_back_url',
'car_license_front_url',
'car_license_back_url'
];
$data = [];
foreach ($required as $f) {
$v = filterRequest($f);
if ($v === null || $v === '') {
jsonError("Missing required field: $f");
exit;
}
$data[$f] = $v;
}
foreach ($optional as $f) {
$v = filterRequest($f);
$data[$f] = ($v === null || $v === '' || $v === 'Not specified') ? null : $v;
}
$car = [];
foreach ($carRequired as $f) {
$v = filterRequest($f);
if ($v === null || $v === '') {
jsonError("Missing required field: $f");
exit;
}
$car[$f] = $v;
}
$docUrls = [];
foreach ($docUrlKeys as $k) {
$v = filterRequest($k);
if ($v === null || trim($v) === '') {
jsonError("Missing signed URL: $k");
exit;
}
$docUrls[$k] = trim($v);
}
/* ========== 2) توليد id إذا مفقود + بناء email افتراضي إن لزم ========== */
if (empty($data['id'])) {
$data['id'] = 'DRV' . date('YmdHis') . random_int(1000, 9999);
}
if ($data['email'] === null) {
$data['email'] = $data['phone'] . '@intaleqapp.com';
}
$driverID = $data['id'];
/* ========== 3) تشفير الحقول الحساسة ========== */
$toEncryptDriver = [
"phone","email","first_name","last_name","name_arabic","gender",
"national_number","address","site","fullNameMaritial"
];
foreach ($toEncryptDriver as $f) {
if (!empty($data[$f])) {
$data[$f] = $encryptionHelper->encryptData($data[$f]);
}
}
// حساسات السيارة
$car['vin'] = $encryptionHelper->encryptData($car['vin']);
$car['car_plate'] = $encryptionHelper->encryptData($car['car_plate']);
$car['owner'] = $encryptionHelper->encryptData($car['owner']);
/* ========== 4) هَش كلمة المرور ========== */
$pwdHashed = password_hash(filterRequest('password'), PASSWORD_DEFAULT);
/* ========== 5) بدء معاملة ========== */
$con->beginTransaction();
/* ========== 6) فحص تكرار هاتف/ايميل (المشفّرين) ========== */
$dup = $con->prepare("SELECT id FROM driver WHERE phone = :p OR email = :e");
$dup->execute([':p' => $data['phone'], ':e' => $data['email']]);
if ($dup->rowCount() > 0) {
$con->rollBack();
jsonError("Phone or email already registered.");
exit;
}
/* ========== 7) إدراج السائق ========== */
$sqlDriver = "
INSERT INTO driver (
id, phone, email, password, gender, license_type, national_number,
name_arabic, issue_date, expiry_date, license_categories,
address, licenseIssueDate, status, birthdate, site,
first_name, last_name, accountBank, bankCode,
employmentType, maritalStatus, fullNameMaritial, expirationDate,
created_at, updated_at
) VALUES (
:id, :phone, :email, :pwd, :gender, :license_type, :national_number,
:name_arabic, :issue_date, :expiry_date, :license_categories,
:address, :licenseIssueDate, :status, :birthdate, :site,
:first_name, :last_name, :accountBank, :bankCode,
:employmentType, :maritalStatus, :fullNameMaritial, :expirationDate,
NOW(), NOW()
)
";
$insD = $con->prepare($sqlDriver);
$okD = $insD->execute([
':id' => $driverID,
':phone' => $data['phone'],
':email' => $data['email'],
':pwd' => $pwdHashed,
':gender' => $data['gender'],
':license_type' => $data['license_type'],
':national_number' => $data['national_number'],
':name_arabic' => $data['name_arabic'],
':issue_date' => $data['issue_date'],
':expiry_date' => $data['expiry_date'],
':license_categories'=> !empty($data['license_categories']) ? $data['license_categories'] : 'B',
':address' => $data['address'],
':licenseIssueDate' => $data['licenseIssueDate'],
':status' => !empty($data['status']) ? $data['status'] : 'yet',
':birthdate' => $data['birthdate'],
':site' => $data['site'],
':first_name' => $data['first_name'],
':last_name' => $data['last_name'],
':accountBank' => 'yet',
':bankCode' => 'yet',
':employmentType' => !empty($data['employmentType']) ? $data['employmentType'] : 'yet',
':maritalStatus' => !empty($data['maritalStatus']) ? $data['maritalStatus'] : 'yet',
':fullNameMaritial' => !empty($data['fullNameMaritial']) ? $data['fullNameMaritial'] : 'yet',
':expirationDate' => !empty($data['expirationDate']) ? $data['expirationDate'] : 'yet',
]);
if (!$okD) { $con->rollBack(); jsonError("Failed to insert driver."); exit; }
/* ========== 8) إدراج السيارة ========== */
$hasCar = $con->prepare("SELECT 1 FROM CarRegistration WHERE driverID = :d LIMIT 1");
$hasCar->execute([':d' => $driverID]);
$isDefault = $hasCar->rowCount() === 0 ? 1 : 0;
$sqlCar = "
INSERT INTO CarRegistration (
driverID, vin, car_plate, make, model, year, expiration_date,
color, owner, color_hex, fuel, isDefault, created_at, status
) VALUES (
:driverID, :vin, :car_plate, :make, :model, :year, :expiration_date,
:color, :owner, :color_hex, :fuel, :isDefault, NOW(), 'yet'
)
";
$insC = $con->prepare($sqlCar);
$okC = $insC->execute([
':driverID' => $driverID,
':vin' => $car['vin'],
':car_plate' => $car['car_plate'],
':make' => $car['make'],
':model' => $car['model'],
':year' => $car['year'],
':expiration_date' => $car['expiration_date'],
':color' => $car['color'],
':owner' => $car['owner'],
':color_hex' => $car['color_hex'],
':fuel' => $car['fuel'],
':isDefault' => $isDefault,
]);
if (!$okC) { $con->rollBack(); jsonError("Failed to insert car registration."); exit; }
$carRegID = $con->lastInsertId();
/* ========== 9) التحقّق من الروابط الموقّعة وحفظها ========== */
// دالة مساعدة تتحقّق من شكل الرابط وتستخرج doc_type/ext
$validateSignedUrl = function(string $url) use ($allowedDocTypes, $allowedExts) {
$parts = parse_url($url);
if (!$parts || empty($parts['scheme']) || empty($parts['host']) || empty($parts['path'])) {
throw new Exception("Invalid URL format.");
}
if (!in_array($parts['host'], $ALLOWED_SIGNED_HOSTS, true)) {
throw new Exception("URL host not allowed: {$parts['host']}");
}
if (stripos($parts['path'], 'secure_image.php') === false) {
throw new Exception("URL path not allowed.");
}
if (empty($parts['query'])) {
throw new Exception("URL missing query string.");
}
parse_str($parts['query'], $q);
foreach (['driver_id','doc_type','ext','expires','signature'] as $k) {
if (empty($q[$k])) throw new Exception("URL missing param: $k");
}
if (!in_array($q['doc_type'], $allowedDocTypes, true)) {
throw new Exception("Invalid doc_type in URL.");
}
if (!in_array(strtolower($q['ext']), $allowedExts, true)) {
throw new Exception("Invalid ext in URL.");
}
return [
'doc_type' => $q['doc_type'],
'ext' => strtolower($q['ext']),
// بإمكانك التحقق من driver_id = $driverID إذا تحب تربطهما
'driver_id_in_url' => $q['driver_id'],
];
};
$docsToInsert = []; // [['doc_type'=>..., 'link'=>..., 'image_name'=>...], ...]
foreach ($docUrlKeys as $k) {
$link = $docUrls[$k];
$meta = $validateSignedUrl($link);
// image_name ليس ضروريًا هنا (الرابط موقّع إلى بوابة قراءة)، احفظ doc_type + link فقط
$docsToInsert[] = [
'doc_type' => $meta['doc_type'], // يجب أن يتطابق مع $k منطقيًا
'link' => $link,
'image_name' => $meta['doc_type'] . '.' . $meta['ext'], // اسماً رمزياً فقط
];
}
// إدراج في driver_documents
// CREATE TABLE driver_documents (
// id INT AUTO_INCREMENT PRIMARY KEY,
// driverID VARCHAR(64) NOT NULL,
// doc_type VARCHAR(64) NOT NULL,
// image_name VARCHAR(255) NULL,
// link VARCHAR(1024) NOT NULL,
// upload_date DATETIME NOT NULL,
// INDEX(driverID)
// ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
$insDoc = $con->prepare("
INSERT INTO driver_documents (driverID, doc_type, image_name, link, upload_date)
VALUES (:driverID, :doc_type, :image_name, :link, NOW())
");
foreach ($docsToInsert as $row) {
$insDoc->execute([
':driverID' => $driverID,
':doc_type' => $row['doc_type'],
':image_name' => $row['image_name'],
':link' => $row['link'],
]);
}
/* ========== 10) إنهاء المعاملة ========== */
$con->commit();
printSuccess([
'driverID' => $driverID,
'carRegID' => $carRegID,
'documents' => [
'driver_license_front_url' => $docUrls['driver_license_front_url'],
'driver_license_back_url' => $docUrls['driver_license_back_url'],
'car_license_front_url' => $docUrls['car_license_front_url'],
'car_license_back_url' => $docUrls['car_license_back_url'],
]
]);
} catch (Exception $e) {
if (isset($con) && $con->inTransaction()) { $con->rollBack(); }
error_log("register_driver_and_car ERROR: " . $e->getMessage());
jsonError("Server error: " . $e->getMessage());
} catch (PDOException $e) {
if (isset($con) && $con->inTransaction()) { $con->rollBack(); }
error_log("register_driver_and_car PDO: " . $e->getMessage());
jsonError("Database error.");
}

107
backend/auth/syria/driver/sendWhatsAppDriver.php Executable file
View File

@@ -0,0 +1,107 @@
<?php
require_once __DIR__ . '/../../../connect.php';
//sendWhatsAppDriver.php
error_log("--- [send_otp_driver.php] Started ---");
/**
* فحص البلاك ليست (خاصة بالسائقين)
* - يشفّر الهاتف الخام ويبحث عنه في جدول blacklist_driver
*/
function is_blacklisted_driver(PDO $con, $encryptionHelper, string $phone): bool {
$raw = trim($phone);
$enc_raw = $encryptionHelper->encryptData($raw);
$sql = "SELECT 1 FROM blacklist_driver WHERE phone = :ph LIMIT 1";
$q = $con->prepare($sql);
$q->execute(['ph' => $enc_raw]);
return (bool)$q->fetchColumn();
}
/* 0) استقبل الرقم وتحقق من البلاك ليست */
$receiver = filterRequest("receiver");
if (!$receiver) {
jsonError('Phone number is required.');
error_log("[send_otp_driver.php] Error: phone empty");
exit();
}
if (is_blacklisted_driver($con, $encryptionHelper, $receiver)) {
jsonError('This driver is blacklisted and cannot receive OTP.');
error_log("[send_otp_driver.php] BLOCKED (blacklisted): $receiver");
exit();
}
/* 1) توليد الـ OTP (3 خانات) */
$otp = (string)rand(100, 999);
/* 2) إرسال الرمز عبر بوابة الفلاش كول / واتساب */
$nabehUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
$appKey = getenv('NABEH_OTP_APP_KEY');
$payload = [
'phone' => $receiver,
'device_type' => 'android',
'method' => 'whatsapp',
'code' => $otp
];
$ch = curl_init($nabehUrl);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => json_encode($payload),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
"X-App-Key: $appKey"
],
CURLOPT_TIMEOUT => 15,
CURLOPT_CONNECTTIMEOUT => 5
]);
$res = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
curl_close($ch);
if ($error) {
error_log("⚠️ [Flash Call OTP Driver] Curl Error: $error");
jsonError('Failed to connect to OTP service');
exit;
}
$decoded = json_decode((string)$res, true);
if ($httpCode !== 200 || !($decoded['success'] ?? false)) {
error_log("❌ [Flash Call OTP Driver] Failed response: Code $httpCode | Body: " . (string)$res);
jsonError($decoded['message'] ?? 'Failed to request verification code');
exit;
}
/* 3) حفظ الـ OTP في قاعدة البيانات */
$receiver_enc = $encryptionHelper->encryptData($receiver);
$otp_enc = $encryptionHelper->encryptData($otp);
$exp = date('Y-m-d H:i:s', strtotime('+5 minutes'));
$now = date('Y-m-d H:i:s');
try {
// حذف أي رموز سابقة لنفس الرقم
$con->prepare("DELETE FROM phone_verification WHERE phone_number = ?")
->execute([$receiver_enc]);
$stmt = $con->prepare("
INSERT INTO phone_verification
(phone_number, token_code, expiration_time, is_verified, created_at)
VALUES (?, ?, ?, 0, ?)
");
$stmt->execute([$receiver_enc, $otp_enc, $exp, $now]);
jsonSuccess(null, 'OTP sent and saved successfully');
error_log("[send_otp_driver.php] OTP saved for driver $receiver");
} catch (PDOException $e) {
error_log("[send_otp_driver.php] DB error: ".$e->getMessage());
jsonError('OTP generated but failed to save to database');
}
?>

96
backend/auth/syria/driver/verifyOtp.php Executable file
View File

@@ -0,0 +1,96 @@
<?php
require_once __DIR__ . '/../../../connect.php';
$phoneNumber = filterRequest("phone_number");
$otp = filterRequest("otp");
$email = $phoneNumber . '@intaleqapp.com';
error_log("📥 [verifyOtp.php] Received phone number: $phoneNumber | OTP: $otp");
if (empty($phoneNumber) || empty($otp)) {
jsonError("Phone number and OTP are required.");
exit();
}
// 🔐 تشفير البيانات
$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
$email_encrypted = $encryptionHelper->encryptData($email);
try {
// 🔍 1. التحقق من السجل المخزن في قاعدة البيانات
$stmtSelect = $con->prepare("SELECT * FROM phone_verification WHERE phone_number = ? ORDER BY created_at DESC LIMIT 1");
$stmtSelect->execute([$phoneNumber_encrypted]);
$record = $stmtSelect->fetch(PDO::FETCH_ASSOC);
if (!$record) {
jsonError("Verification session not found. Please request a new code.");
exit();
}
// 🔍 2. فك تشفير ومقارنة الرمز
$decryptedOtp = $encryptionHelper->decryptData($record['token_code']);
if ($decryptedOtp !== $otp) {
jsonError("Invalid verification code.");
exit();
}
// 🔍 3. التحقق من الصلاحية
$now = date('Y-m-d H:i:s');
if ($record['expiration_time'] && $record['expiration_time'] < $now) {
jsonError("Verification code has expired. Please request a new one.");
exit();
}
// 🧹 حذف أي رموز قديمة لنفس الرقم
$con->prepare("DELETE FROM phone_verification WHERE phone_number = ?")
->execute([$phoneNumber_encrypted]);
// 🧾 توليد driverID فريد
$raw = $phoneNumber;
$driverID = substr(md5($raw), 2, 20);
// 🔐 توليد رمز تجريبي (بدون OTP حقيقي لتجنب Null)
$dummyToken = $encryptionHelper->encryptData('AUTO');
// ✅ إدخال سجل تحقق مباشر
$stmt = $con->prepare("
INSERT INTO phone_verification
(phone_number, token_code, email, driverId, expiration_time, is_verified, created_at)
VALUES (?, ?, ?, ?, NULL, 1, ?)
");
$stmt->execute([$phoneNumber_encrypted, $dummyToken, $email_encrypted, $driverID, $now]);
error_log("✅ [verifyOtp.php] Verification record inserted successfully for $phoneNumber");
// 🔍 التحقق إذا السائق موجود مسبقاً
$checkDriverStmt = $con->prepare("SELECT * FROM driver WHERE phone = ?");
$checkDriverStmt->execute([$phoneNumber_encrypted]);
$driver = $checkDriverStmt->fetch(PDO::FETCH_ASSOC);
if ($driver) {
error_log("👤 [verifyOtp.php] Driver already registered. Returning driver info.");
printSuccess([
"message" => "Driver already registered.",
"isRegistered" => true,
"driver" => [
"id" => $driver['id'],
"first_name" => $encryptionHelper->decryptData($driver['first_name']),
"last_name" => $encryptionHelper->decryptData($driver['last_name']),
"email" => $encryptionHelper->decryptData($driver['email']),
"phone" => $phoneNumber
]
]);
} else {
error_log("🆕 [verifyOtp.php] Phone verified. Driver not found.");
printSuccess([
"message" => "Phone number verified successfully.",
"isRegistered" => false,
"driverID" => $driverID
]);
}
} catch (PDOException $e) {
error_log("💥 [verifyOtp.php] PDO ERROR: " . $e->getMessage());
jsonError("Database error: " . $e->getMessage());
}
?>