Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-24 16:27:39

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-24 16:27:41 +03:00
parent 3fcc6e76fd
commit f75e456aac
1 changed files with 97 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
backend/auth/otp/verify.php
View File

@@ -57,27 +57,36 @@ try {
}
// 3. Encrypt data to query
$encryptedPhone = $encryptionHelper->encryptData($phone_number);
$encryptedToken = $encryptionHelper->encryptData($token_code);
// 4. Verify based on user type
try {
if ($user_type === 'admin') {
$sql = "SELECT * FROM token_verification_admin
WHERE phone_number = :phone AND token = :token
AND expiration_time >= NOW() AND verified = 0";
WHERE expiration_time >= NOW() AND verified = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($stmt->rowCount() > 0) {
$matchedRow = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRow = $row;
break;
}
}
if ($matchedRow) {
$deviceNumber = filterRequest("device_number") ?? '';
// adminUser stores unencrypted phone
$checkAdmin = $con->prepare("SELECT * FROM adminUser WHERE name = ?");
$checkAdmin->execute([$phone_number]);
$now = date("Y-m-d H:i:s");
// Mark token as verified
$updateToken = $con->prepare("UPDATE token_verification_admin SET verified = 1 WHERE phone_number = ? AND token = ?");
$updateToken->execute([$matchedRow['phone_number'], $matchedRow['token']]);
if ($checkAdmin->rowCount() > 0) {
$update = $con->prepare("UPDATE adminUser SET device_number = ?, updated_at = ? WHERE name = ?");
$update->execute([$deviceNumber, $now, $phone_number]);
@@ -91,19 +100,26 @@ try {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
}
} elseif ($user_type === 'service') {
$sql = "SELECT `id` FROM `phone_verification_service`
WHERE `phone_number` = :phone AND `token_code` = :token
AND `expiration_time` > NOW() AND `is_verified` = 0";
$sql = "SELECT `id`, `phone_number`, `token_code` FROM `phone_verification_service`
WHERE `expiration_time` > NOW() AND `is_verified` = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
$sqlUpdate = "UPDATE `phone_verification_service` SET `is_verified` = 1 WHERE `phone_number` = :phone";
$matchedRowId = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token_code']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRowId = $row['id'];
break;
}
}
if ($matchedRowId) {
$sqlUpdate = "UPDATE `phone_verification_service` SET `is_verified` = 1 WHERE `id` = :id";
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
} else {
@@ -111,47 +127,53 @@ try {
}
} elseif ($user_type === 'driver') {
if ($context === 'token_change') {
$sql = "SELECT `id` FROM `token_verification_driver`
WHERE `phone_number` = :phone
AND `token` = :token
AND `expiration_time` > NOW() AND `verified` = 0";
$sql = "SELECT `id`, `phone_number`, `token` FROM `token_verification_driver`
WHERE `expiration_time` > NOW() AND `verified` = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// Update driver verified status
$sqlUpdate = "UPDATE `token_verification_driver` SET `verified` = 1 WHERE `phone_number` = :phone";
$matchedRowId = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRowId = $row['id'];
break;
}
}
if ($matchedRowId) {
$sqlUpdate = "UPDATE `token_verification_driver` SET `verified` = 1 WHERE `id` = :id";
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
}
} else {
$sql = "SELECT `id` FROM `phone_verification`
WHERE `phone_number` = :phone
AND `token_code` = :token
AND `expiration_time` > NOW() AND `is_verified` = 0";
$sql = "SELECT `id`, `phone_number`, `token_code` FROM `phone_verification`
WHERE `expiration_time` > NOW() AND `is_verified` = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// Update driver is_verified status
$sqlUpdate = "UPDATE `phone_verification` SET `is_verified` = 1 WHERE `phone_number` = :phone";
$matchedRowId = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token_code']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRowId = $row['id'];
break;
}
}
if ($matchedRowId) {
$sqlUpdate = "UPDATE `phone_verification` SET `is_verified` = 1 WHERE `id` = :id";
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
@@ -159,47 +181,53 @@ try {
}
} else {
if ($context === 'token_change') {
$sql = "SELECT `id` FROM `token_verification`
WHERE `phone_number` = :phone
AND `token` = :token
AND `expiration_time` > NOW() AND `verified` = 0";
$sql = "SELECT `id`, `phone_number`, `token` FROM `token_verification`
WHERE `expiration_time` > NOW() AND `verified` = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// Update passenger verified status
$sqlUpdate = "UPDATE `token_verification` SET `verified` = 1 WHERE `phone_number` = :phone";
$matchedRowId = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRowId = $row['id'];
break;
}
}
if ($matchedRowId) {
$sqlUpdate = "UPDATE `token_verification` SET `verified` = 1 WHERE `id` = :id";
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");
}
} else {
$sql = "SELECT `id` FROM `phone_verification_passenger`
WHERE `phone_number` = :phone
AND `token` = :token
AND `expiration_time` > NOW() AND `verified` = 0";
$sql = "SELECT `id`, `phone_number`, `token` FROM `phone_verification_passenger`
WHERE `expiration_time` > NOW() AND `verified` = 0";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
// Update passenger verified status
$sqlUpdate = "UPDATE `phone_verification_passenger` SET `verified` = 1 WHERE `phone_number` = :phone";
$matchedRowId = null;
foreach ($rows as $row) {
$decryptedPhone = $encryptionHelper->decryptData($row['phone_number']);
$decryptedToken = $encryptionHelper->decryptData($row['token']);
if ($decryptedPhone === $phone_number && $decryptedToken === $token_code) {
$matchedRowId = $row['id'];
break;
}
}
if ($matchedRowId) {
$sqlUpdate = "UPDATE `phone_verification_passenger` SET `verified` = 1 WHERE `id` = :id";
$stmtUpd = $con->prepare($sqlUpdate);
$stmtUpd->bindParam(':phone', $encryptedPhone, PDO::PARAM_STR);
$stmtUpd->bindParam(':id', $matchedRowId, PDO::PARAM_INT);
$stmtUpd->execute();
jsonSuccess(null, "Your phone number has been verified.");
} else {
jsonError("Your phone number could not be verified or the code is expired. Please try again.");