first commit

backend/auth/token_passenger/driver/send_otp_driver.php

@@ -0,0 +1,87 @@
+<?php
+// File: send_otp_driver.php   (إصدار بدون RaseelPlus)
+require_once __DIR__ . '/../../../connect.php';
+
+/* 1) توليد رمز التحقق (3 خانات) --------------------------------------------------- */
+$otp      = (string)rand(100, 999);
+$receiver = filterRequest("receiver");
+
+if (empty($receiver)) {
+    jsonError('Phone number is required.');
+    exit();
+}
+
+/* 2) إرسال عبر بوابة الفلاش كول / واتساب ------------------------------ */
+$nabehUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
+$appKey = getenv('NABEH_OTP_APP_KEY');
+
+$payload = [
+    'phone' => $receiver,
+    'device_type' => 'android',
+    'method' => 'whatsapp',
+    'code' => $otp
+];
+
+$ch = curl_init($nabehUrl);
+curl_setopt_array($ch, [
+    CURLOPT_POST => true,
+    CURLOPT_RETURNTRANSFER => true,
+    CURLOPT_POSTFIELDS => json_encode($payload),
+    CURLOPT_HTTPHEADER => [
+        'Content-Type: application/json',
+        "X-App-Key: $appKey"
+    ],
+    CURLOPT_TIMEOUT => 15,
+    CURLOPT_CONNECTTIMEOUT => 5
+]);
+
+$res = curl_exec($ch);
+$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+$error = curl_error($ch);
+curl_close($ch);
+
+if ($error) {
+    error_log("⚠️ [Flash Call OTP Token Driver] Curl Error: $error");
+    jsonError('Failed to connect to OTP service');
+    exit;
+}
+
+$decoded = json_decode((string)$res, true);
+$sentOK = ($httpCode === 200 && ($decoded['success'] ?? false));
+
+if ($sentOK) {
+    /* 3) تشفير البيانات وحفظها في DB ----------------------------------- */
+    $receiver_enc = $encryptionHelper->encryptData($receiver);
+    $otp_enc      = $encryptionHelper->encryptData($otp);
+
+    $exp = date('Y-m-d H:i:s', strtotime('+5 minutes'));
+    $now = date('Y-m-d H:i:s');
+
+    try {
+        // حذف رموز قديمة
+        $con->prepare("DELETE FROM token_verification_driver WHERE phone_number = ?")
+            ->execute([$receiver_enc]);
+
+        $stmt = $con->prepare("
+            INSERT INTO token_verification_driver
+                (phone_number, token, expiration_time, verified, created_at)
+            VALUES (?, ?, ?, 0, ?)
+        ");
+        $stmt->execute([$receiver_enc, $otp_enc, $exp, $now]);
+
+        jsonSuccess(null, 'OTP sent and saved successfully');
+
+    } catch (PDOException $e) {
+        jsonError('OTP sent but failed to save to database');
+    }
+
+} else {
+    $errMsg = $decoded['message'] ?? 'Unknown error';
+    jsonError('Failed to send OTP: ' . $errMsg);
+}
+
+/* -----------------------------------------------------------------------
+ * أبقينا callAPI() فقط إذا كان يُستخدم في ملفات أخرى – احذفه إن شئت.
+ * --------------------------------------------------------------------- */
+function callAPI($method, $url, $data) { /* … */ }
+?>