first commit
This commit is contained in:
Hamza-Ayed
86
backend/auth/token_passenger/send_otp.php
Executable file
86
backend/auth/token_passenger/send_otp.php
Executable file
@@ -0,0 +1,86 @@
|
||||
<?php
|
||||
// File: send_otp.php (بديل عن النسخة المعتمدة على RaseelPlus)
|
||||
require_once __DIR__ . '/../../connect.php';
|
||||
|
||||
/* 1) توليد رمز التحقق (3 خانات) */
|
||||
$otp = (string)rand(100, 999);
|
||||
$receiver = filterRequest("receiver");
|
||||
|
||||
if (empty($receiver)) {
|
||||
jsonError('Phone number is required.');
|
||||
exit();
|
||||
}
|
||||
|
||||
/* 2) إرسال عبر بوابة الفلاش كول / واتساب */
|
||||
$nabehUrl = 'https://otp.intaleqapp.com/api/request-otp.php';
|
||||
$appKey = getenv('NABEH_OTP_APP_KEY');
|
||||
|
||||
$payload = [
|
||||
'phone' => $receiver,
|
||||
'device_type' => 'android',
|
||||
'method' => 'whatsapp',
|
||||
'code' => $otp
|
||||
];
|
||||
|
||||
$ch = curl_init($nabehUrl);
|
||||
curl_setopt_array($ch, [
|
||||
CURLOPT_POST => true,
|
||||
CURLOPT_RETURNTRANSFER => true,
|
||||
CURLOPT_POSTFIELDS => json_encode($payload),
|
||||
CURLOPT_HTTPHEADER => [
|
||||
'Content-Type: application/json',
|
||||
"X-App-Key: $appKey"
|
||||
],
|
||||
CURLOPT_TIMEOUT => 15,
|
||||
CURLOPT_CONNECTTIMEOUT => 5
|
||||
]);
|
||||
|
||||
$res = curl_exec($ch);
|
||||
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
$error = curl_error($ch);
|
||||
curl_close($ch);
|
||||
|
||||
if ($error) {
|
||||
error_log("⚠️ [Flash Call OTP Token Passenger] Curl Error: $error");
|
||||
jsonError('Failed to connect to OTP service');
|
||||
exit;
|
||||
}
|
||||
|
||||
$decoded = json_decode((string)$res, true);
|
||||
$sentOK = ($httpCode === 200 && ($decoded['success'] ?? false));
|
||||
|
||||
if ($sentOK) {
|
||||
/* 3) تشفير البيانات وحفظ الرمز في قاعدة البيانات */
|
||||
$receiver_enc = $encryptionHelper->encryptData($receiver);
|
||||
$otp_enc = $encryptionHelper->encryptData($otp);
|
||||
|
||||
$exp = date('Y-m-d H:i:s', strtotime('+5 minutes'));
|
||||
$now = date('Y-m-d H:i:s');
|
||||
|
||||
try {
|
||||
$con->prepare("DELETE FROM token_verification WHERE phone_number = ?")
|
||||
->execute([$receiver_enc]);
|
||||
|
||||
$stmt = $con->prepare("
|
||||
INSERT INTO token_verification
|
||||
(phone_number, token, expiration_time, verified, created_at)
|
||||
VALUES (?, ?, ?, 0, ?)
|
||||
");
|
||||
$stmt->execute([$receiver_enc, $otp_enc, $exp, $now]);
|
||||
|
||||
jsonSuccess(null, 'OTP sent and saved successfully');
|
||||
|
||||
} catch (PDOException $e) {
|
||||
jsonError('OTP sent but failed to save to database');
|
||||
}
|
||||
|
||||
} else {
|
||||
$errMsg = $decoded['message'] ?? 'Unknown error';
|
||||
jsonError('Failed to send OTP: ' . $errMsg);
|
||||
}
|
||||
|
||||
/* -----------------------------------------------------------------
|
||||
* يمكن حذف callAPI() تمامًا إن لم يعد مستخدمًا في أي ملف آخر.
|
||||
* ---------------------------------------------------------------- */
|
||||
function callAPI($method, $url, $data) { /* … (أبقِها أو احذفها) */ }
|
||||
?>
|
||||
Reference in New Issue
Block a user