Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-09 08:40:31 +03:00
commit d8901e1a87
3161 changed files with 536187 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
backend/auth/token_passenger/driver/send_otp_driver.php Executable file
View File

@@ -0,0 +1,87 @@
<?php
// File: send_otp_driver.php (إصدار بدون RaseelPlus)
require_once __DIR__ . '/../../../connect.php';
/* 1) توليد رمز التحقق (3 خانات) --------------------------------------------------- */
$otp = (string)rand(100, 999);
$receiver = filterRequest("receiver");
if (empty($receiver)) {
jsonError('Phone number is required.');
exit();
}
/* 2) إرسال عبر بوابة الفلاش كول / واتساب ------------------------------ */
$nabehUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
$appKey = getenv('NABEH_OTP_APP_KEY');
$payload = [
'phone' => $receiver,
'device_type' => 'android',
'method' => 'whatsapp',
'code' => $otp
];
$ch = curl_init($nabehUrl);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => json_encode($payload),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
"X-App-Key: $appKey"
],
CURLOPT_TIMEOUT => 15,
CURLOPT_CONNECTTIMEOUT => 5
]);
$res = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
curl_close($ch);
if ($error) {
error_log("⚠️ [Flash Call OTP Token Driver] Curl Error: $error");
jsonError('Failed to connect to OTP service');
exit;
}
$decoded = json_decode((string)$res, true);
$sentOK = ($httpCode === 200 && ($decoded['success'] ?? false));
if ($sentOK) {
/* 3) تشفير البيانات وحفظها في DB ----------------------------------- */
$receiver_enc = $encryptionHelper->encryptData($receiver);
$otp_enc = $encryptionHelper->encryptData($otp);
$exp = date('Y-m-d H:i:s', strtotime('+5 minutes'));
$now = date('Y-m-d H:i:s');
try {
// حذف رموز قديمة
$con->prepare("DELETE FROM token_verification_driver WHERE phone_number = ?")
->execute([$receiver_enc]);
$stmt = $con->prepare("
INSERT INTO token_verification_driver
(phone_number, token, expiration_time, verified, created_at)
VALUES (?, ?, ?, 0, ?)
");
$stmt->execute([$receiver_enc, $otp_enc, $exp, $now]);
jsonSuccess(null, 'OTP sent and saved successfully');
} catch (PDOException $e) {
jsonError('OTP sent but failed to save to database');
}
} else {
$errMsg = $decoded['message'] ?? 'Unknown error';
jsonError('Failed to send OTP: ' . $errMsg);
}
/* -----------------------------------------------------------------------
* أبقينا callAPI() فقط إذا كان يُستخدم في ملفات أخرى احذفه إن شئت.
* --------------------------------------------------------------------- */
function callAPI($method, $url, $data) { /* … */ }
?>

81
backend/auth/token_passenger/driver/verify_otp_driver.php Executable file
View File

@@ -0,0 +1,81 @@
<?php
require_once __DIR__ . '/../../../connect.php';
$phoneNumber = filterRequest("phone_number");
$otp = filterRequest("otp");
if (empty($phoneNumber) || empty($otp)) {
jsonError("Phone number and OTP are required.");
exit();
}
$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
$otp_encrypted = $encryptionHelper->encryptData($otp);
try {
$stmt = $con->prepare("
SELECT * FROM token_verification_driver
WHERE phone_number = ? AND token = ?
");
$stmt->execute([$phoneNumber_encrypted, $otp_encrypted]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
$expiration_time = strtotime($result['expiration_time']);
if (time() <= $expiration_time) {
$con->prepare("UPDATE token_verification_driver SET verified = 1 WHERE id = ?")
->execute([$result['id']]);
$driverStmt = $con->prepare("SELECT id FROM driver WHERE phone = ?");
$driverStmt->execute([$phoneNumber_encrypted]);
$driver = $driverStmt->fetch(PDO::FETCH_ASSOC);
if ($driver) {
$driverID = $driver['id'];
$newToken = filterRequest("token");
$fingerPrint = filterRequest("fingerPrint");
if ($newToken && $fingerPrint) {
$tokenEncrypted = $encryptionHelper->encryptData($newToken);
$checkTokenStmt = $con->prepare("SELECT id FROM driverToken WHERE captain_id = ?");
$checkTokenStmt->execute([$driverID]);
if ($checkTokenStmt->rowCount() > 0) {
$con->prepare("UPDATE driverToken SET token = ?, fingerPrint = ? WHERE captain_id = ?")
->execute([$tokenEncrypted, $fingerPrint, $driverID]);
} else {
$con->prepare("INSERT INTO driverToken (token, fingerPrint, captain_id, created_at) VALUES (?, ?, ?, NOW())")
->execute([$tokenEncrypted, $fingerPrint, $driverID]);
}
$response = [
"message" => "Driver token verified and updated.",
"isRegistered" => true,
"driverID" => $driverID
];
jsonSuccess($response);
} else {
jsonError("Token or fingerprint missing.");
}
} else {
printSuccess([
"message" => "Phone verified, but driver not found.",
"isRegistered" => false
]);
}
} else {
jsonError("OTP expired. Request a new one.");
}
} else {
jsonError("Invalid OTP.");
}
} catch (PDOException $e) {
jsonError("Database error occurred.");
}

86
backend/auth/token_passenger/send_otp.php Executable file
View File

@@ -0,0 +1,86 @@
<?php
// File: send_otp.php (بديل عن النسخة المعتمدة على RaseelPlus)
require_once __DIR__ . '/../../connect.php';
/* 1) توليد رمز التحقق (3 خانات) */
$otp = (string)rand(100, 999);
$receiver = filterRequest("receiver");
if (empty($receiver)) {
jsonError('Phone number is required.');
exit();
}
/* 2) إرسال عبر بوابة الفلاش كول / واتساب */
$nabehUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
$appKey = getenv('NABEH_OTP_APP_KEY');
$payload = [
'phone' => $receiver,
'device_type' => 'android',
'method' => 'whatsapp',
'code' => $otp
];
$ch = curl_init($nabehUrl);
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => json_encode($payload),
CURLOPT_HTTPHEADER => [
'Content-Type: application/json',
"X-App-Key: $appKey"
],
CURLOPT_TIMEOUT => 15,
CURLOPT_CONNECTTIMEOUT => 5
]);
$res = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$error = curl_error($ch);
curl_close($ch);
if ($error) {
error_log("⚠️ [Flash Call OTP Token Passenger] Curl Error: $error");
jsonError('Failed to connect to OTP service');
exit;
}
$decoded = json_decode((string)$res, true);
$sentOK = ($httpCode === 200 && ($decoded['success'] ?? false));
if ($sentOK) {
/* 3) تشفير البيانات وحفظ الرمز في قاعدة البيانات */
$receiver_enc = $encryptionHelper->encryptData($receiver);
$otp_enc = $encryptionHelper->encryptData($otp);
$exp = date('Y-m-d H:i:s', strtotime('+5 minutes'));
$now = date('Y-m-d H:i:s');
try {
$con->prepare("DELETE FROM token_verification WHERE phone_number = ?")
->execute([$receiver_enc]);
$stmt = $con->prepare("
INSERT INTO token_verification
(phone_number, token, expiration_time, verified, created_at)
VALUES (?, ?, ?, 0, ?)
");
$stmt->execute([$receiver_enc, $otp_enc, $exp, $now]);
jsonSuccess(null, 'OTP sent and saved successfully');
} catch (PDOException $e) {
jsonError('OTP sent but failed to save to database');
}
} else {
$errMsg = $decoded['message'] ?? 'Unknown error';
jsonError('Failed to send OTP: ' . $errMsg);
}
/* -----------------------------------------------------------------
* يمكن حذف callAPI() تمامًا إن لم يعد مستخدمًا في أي ملف آخر.
* ---------------------------------------------------------------- */
function callAPI($method, $url, $data) { /* … (أبقِها أو احذفها) */ }
?>

80
backend/auth/token_passenger/verify_otp.php Executable file
View File

@@ -0,0 +1,80 @@
<?php
// File: verify_otp.php (with enhanced logging)
// intaleq_v1/auth/token_passenger
require_once __DIR__ . '/../../connect.php';
// --- Start of Script Execution ---
error_log("--- [verify_otp.php] Script execution started. ---");
$phoneNumber = filterRequest("phone_number");
$otp = filterRequest("otp");
// Log received data for debugging. Be mindful of logging sensitive data in production.
error_log("[verify_otp.php] Received phone_number: $phoneNumber | Received otp: $otp");
if (empty($phoneNumber) || empty($otp)) {
error_log("[verify_otp.php] Error: Phone number or OTP is empty.");
jsonError("Phone number and OTP are required.");
exit();
}
$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
$otp_encrypted = $encryptionHelper->encryptData($otp);
try {
// 1. التحقق من Redis بدلاً من MySQL
if (!$redis) {
jsonError("Security service unavailable");
exit;
}
$cachedOtp = $redis->get("otp:passenger:$phoneNumber");
if ($cachedOtp && $cachedOtp == $otp) {
// ننجح في التحقق ونحذف المفتاح من Redis لمنع استخدامه مرة أخرى (One-time use)
$redis->del("otp:passenger:$phoneNumber");
error_log("[verify_otp.php] OTP verified via Redis for phone: $phoneNumber");
// 2. التحقق من وجود الراكب في قاعدة البيانات
$passengerStmt = $con->prepare("SELECT id FROM passengers WHERE phone = ?");
$passengerStmt->execute([$phoneNumber_encrypted]);
$passenger = $passengerStmt->fetch(PDO::FETCH_ASSOC);
if ($passenger) {
$passengerID = $passenger['id'];
// تحديث التوكن والبصمة إن وجدا
$newToken = filterRequest("token");
$fingerPrint = filterRequest("fingerPrint");
if ($newToken && $fingerPrint) {
$tokenEncrypted = $encryptionHelper->encryptData($newToken);
$updateTokenStmt = $con->prepare("UPDATE tokens SET token = ?, fingerPrint = ? WHERE passengerID = ?");
$updateTokenStmt->execute([$tokenEncrypted, $fingerPrint, $passengerID]);
}
printSuccess([
"message" => "Token verified and updated.",
"isRegistered" => true,
"passengerID" => $passengerID
]);
} else {
printSuccess([
"message" => "Phone verified, passenger not found.",
"isRegistered" => false
]);
}
} else {
error_log("[verify_otp.php] Invalid or expired OTP for phone: $phoneNumber");
jsonError("Invalid or expired OTP.");
}
} catch (Exception $e) {
// Log the detailed database error message for debugging.
error_log("[verify_otp.php] FATAL DATABASE ERROR: " . $e->getMessage());
jsonError("Database error: " . $e->getMessage());
}
?>