Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-12 20:40:40

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-12 20:40:40 +03:00
parent 305ae01d52
commit f907212c57
294 changed files with 3592 additions and 3581 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/auth/captin/error_log
View File

@@ -1,15 +0,0 @@
[21-May-2025 12:28:44 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43
[21-May-2025 21:09:18 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43
[22-May-2025 03:30:03 Europe/Berlin] PHP Fatal error: Uncaught PDOException: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'driver.education' in 'field list' in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php:43
Stack trace:
#0 /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php(43): PDO->prepare('SELECT\n driv...')
#1 {main}
thrown in /home2/seferli1/server.sefer.live/sefer.click/sefer/auth/captin/loginFromGoogle.php on line 43

0
backend/auth/captin/forgetPassword.php
View File

39
backend/auth/captin/getAllDriverSecure.php
View File

@@ -1,39 +0,0 @@
<?php
require_once __DIR__ . '/../../connect.php';
$sql = "
SELECT
`id`,
`phone`,
`email`,
`gender`,
`birthdate`,
`first_name`,
`last_name`,
`sosPhone`
FROM
`passengers`
";
$stmt = $con->prepare($sql);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
// فك تشفير الحقول الحساسة
foreach ($rows as &$row) {
$row['phone'] = $encryptionHelper->decryptData($row['phone']);
$row['email'] = $encryptionHelper->decryptData($row['email']);
$row['gender'] = $encryptionHelper->decryptData($row['gender']);
$row['birthdate'] = $encryptionHelper->decryptData($row['birthdate']);
$row['first_name'] = $encryptionHelper->decryptData($row['first_name']);
$row['last_name'] = $encryptionHelper->decryptData($row['last_name']);
$row['sosPhone'] = $encryptionHelper->decryptData($row['sosPhone']);
}
jsonSuccess($rows);
} else {
jsonError("No wallet record found");
}
?>

0
backend/auth/captin/loginFromGoogle.php Executable file → Normal file
View File

0
backend/auth/captin/loginUsingCredentialsWithoutGoogle.php Executable file → Normal file
View File

132
backend/auth/captin/register.php
View File

@@ -1,132 +0,0 @@
<?php
$allowRegistration = true;
require_once __DIR__ . '/../../connect.php';
try {
/* =========== 1) الحقول الواردة من الـ POST =========== */
$required = ["phone", "password", "first_name", "last_name"];
$optional = [
"id", "email", "gender", "license_type", "national_number",
"name_arabic", "issue_date", "expiry_date", "license_categories",
"address", "licenseIssueDate", "status", "birthdate", "site",
"accountBank", "bankCode", "employmentType",
"maritalStatus", "fullNameMaritial", "expirationDate"
];
$data = [];
// التحقق من الحقول المطلوبة
foreach ($required as $f) {
$val = filterRequest($f);
if ($val === null || $val === '') {
jsonError("Missing required field: $f");
exit;
}
$data[$f] = $val;
}
// قراءة الحقول الاختيارية
foreach ($optional as $f) {
$v = filterRequest($f);
$data[$f] = ($v === null || $v === '' || $v === 'Not specified') ? null : $v;
}
if ($data['email'] === null) {
// phone هنا ما زال خامًا (غير مُشفَّر)
$data['email'] = $data['phone'] . '@intaleqapp.com';
}
/* =========== 2) تشفير الحقول الحسّاسة =========== */
$encryptThese = ["phone", "email", "first_name", "last_name", "name_arabic","gender", "national_number",
"address", "site", "fullNameMaritial"];
foreach ($encryptThese as $f) {
if ($data[$f] !== null) {
$data[$f] = $encryptionHelper->encryptData($data[$f]);
}
}
/* =========== 3) توليد driver ID (id) إذا لم يُرسَل =========== */
/* =========== 4) هَش كلمة المرور =========== */
$data['password_hashed'] = password_hash($data['password'], PASSWORD_DEFAULT);
/* =========== 5) منع التكرار في الهاتف / الإيميل =========== */
$dup = $con->prepare(
"SELECT id FROM driver WHERE phone = :phone OR email = :email"
);
$dup->execute([
':phone' => $data['phone'],
':email' => $data['email']
]);
if ($dup->rowCount() > 0) {
jsonError("Phone or email already registered.");
exit;
}
/* =========== 6) إدخال السجل الجديد =========== */
$sql = "
INSERT INTO driver (
id, phone, email, password, gender, license_type, national_number,
name_arabic, issue_date, expiry_date, license_categories,
address, licenseIssueDate, status, birthdate, site,
first_name, last_name, accountBank, bankCode,
employmentType, maritalStatus, fullNameMaritial, expirationDate,
created_at, updated_at
) VALUES (
:id, :phone, :email, :pwd, :gender, :license_type, :national_number,
:name_arabic, :issue_date, :expiry_date, :license_categories,
:address, :licenseIssueDate, :status, :birthdate, :site,
:first_name, :last_name, :accountBank, :bankCode,
:employmentType, :maritalStatus, :fullNameMaritial, :expirationDate,
NOW(), NOW()
)
";
$ins = $con->prepare($sql);
// خريطة الربط (تطابق تمامًا أسماء الـ placeholders في الـ SQL أعلاه)
$bind = [
'id' => $data['id'],
'phone' => $data['phone'],
'email' => $data['email'],
'pwd' => $data['password_hashed'],
'gender' => $data['gender'],
'license_type' => $data['license_type'],
'national_number' => $data['national_number'],
'name_arabic' => $data['name_arabic'],
'issue_date' => $data['issue_date'],
'expiry_date' => $data['expiry_date'],
'license_categories'=> $data['license_categories']?? 'B',
'address' => $data['address'],
'licenseIssueDate' => $data['licenseIssueDate'],
'status' => $data['status'] ?? 'yet',
'birthdate' => $data['birthdate'],
'site' => $data['site'],
'first_name' => $data['first_name'],
'last_name' => $data['last_name'],
'accountBank' => 'yet',
'bankCode' => 'yet',
'employmentType' => $data['employmentType']?? 'yet',
'maritalStatus' => $data['maritalStatus']?? 'yet',
'fullNameMaritial' => $data['fullNameMaritial']?? 'yet',
'expirationDate' => $data['expirationDate']?? 'yet',
];
foreach ($bind as $key => $value) {
$ins->bindValue(":$key", $value);
}
if ($ins->execute()) {
jsonSuccess($data['id']); // ترجع driver ID
} else {
jsonError("Failed to insert driver record.");
}
} catch (PDOException $e) {
error_log("DriverInsert PDO: " . $e->getMessage());
jsonError("Database error.");
}
?>

140
backend/auth/captin/sendOtpMessageDriver.php
View File

@@ -1,140 +0,0 @@
<?php
require_once __DIR__ . '/../../connect.php';
// استرجاع البيانات من الطلب
$phone_number = filterRequest("phone_number");
$driverId = filterRequest("driverId");
$email = filterRequest("email");
$expiration_time = filterRequest("expiration_time"); // اختياري للمستقبل
// تحقق من وجود رقم الهاتف
if (empty($phone_number)) {
jsonError("Phone number is required");
exit;
}
// Rate Limiting للحماية من هجمات استنزاف الرسائل
if (isset($redis)) {
$redisKey = "otp_limit:driver:$phone_number";
if ($redis->exists($redisKey)) {
jsonError("Please wait before requesting a new OTP.");
exit;
}
$redis->setex($redisKey, 60, "1"); // حظر لمدة 60 ثانية
}
// توليد رمز تحقق مكوّن من 5 أرقام
$token_code = str_pad(random_int(0, 99999), 5, '0', STR_PAD_LEFT);
// تشفير البيانات الحساسة
$encryptedPhone = $encryptionHelper->encryptData($phone_number);
$encryptedToken = $encryptionHelper->encryptData($token_code);
$encryptedEmail = $encryptionHelper->encryptData($email); // اختياري إذا بتحب تشفيره
// التحقق من وجود الرقم مسبقاً في قاعدة البيانات
$sqlCheck = "SELECT * FROM `phone_verification` WHERE `phone_number` = :phone";
$stmtCheck = $con->prepare($sqlCheck);
$stmtCheck->bindParam(":phone", $encryptedPhone);
$stmtCheck->execute();
$success = false;
// إذا كان الرقم موجود → تحديث
if ($stmtCheck->rowCount() > 0) {
$sqlUpdate = "UPDATE `phone_verification`
SET `token_code` = :token,
`expiration_time` = DATE_ADD(NOW(), INTERVAL 5 MINUTE)
WHERE `phone_number` = :phone";
$stmt = $con->prepare($sqlUpdate);
$stmt->bindParam(":token", $encryptedToken);
$stmt->bindParam(":phone", $encryptedPhone);
$stmt->execute();
$success = $stmt->rowCount() > 0;
} else {
// إذا الرقم غير موجود → إدخال جديد
$sqlInsert = "INSERT INTO `phone_verification`
(`phone_number`, `driverId`, `email`, `token_code`, `expiration_time`, `is_verified`, `created_at`)
VALUES
(:phone, :driverId, :email, :token, DATE_ADD(NOW(), INTERVAL 5 MINUTE), 0, NOW())";
$stmt = $con->prepare($sqlInsert);
$stmt->bindParam(":phone", $encryptedPhone);
$stmt->bindParam(":driverId", $driverId);
$stmt->bindParam(":email", $encryptedEmail);
$stmt->bindParam(":token", $encryptedToken);
$stmt->execute();
$success = $stmt->rowCount() > 0;
}
// إذا تم الحفظ بنجاح → أرسل الرمز عبر SMS
if ($success) {
// تحميل بيانات الاتصال بالـ SMS API من المتغيرات البيئية
$username = getenv('SMS_USERNAME');
$password = getenv('SMS_PASSWORD_EGYPT');
$sender = getenv('SMS_SENDER');
if (!$username || !$password || !$sender) {
jsonError("SMS credentials are missing");
exit;
}
$message = "Tripz app code is " . $token_code;
$receiver = $phone_number;
$apiUrl = 'https://sms.kazumi.me/api/sms/send-sms';
$payload = [
'username' => $username,
'password' => $password,
'language' => 'e',
'sender' => $sender,
'receiver' => $receiver,
'message' => $message
];
$jsonPayload = json_encode($payload);
$smsResponse = callAPI("POST", $apiUrl, $jsonPayload);
if ($smsResponse) {
jsonSuccess(null, "Verification code sent and saved successfully");
} else {
jsonError("Code saved, but SMS sending failed");
}
} else {
jsonError("Failed to save verification data");
}
// دالة الاتصال بالـ API
function callAPI($method, $url, $data) {
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"Accept: application/json"
],
CURLOPT_TIMEOUT => 30,
CURLOPT_CONNECTTIMEOUT => 10
]);
$api_raw_response = curl_exec($curl);
if (curl_errno($curl)) {
error_log("cURL Error [".curl_errno($curl)."]: " . curl_error($curl));
curl_close($curl);
return false;
}
curl_close($curl);
$decoded_response = json_decode($api_raw_response, true);
if (json_last_error() !== JSON_ERROR_NONE) {
error_log("Invalid JSON response from SMS API.");
return false;
}
error_log("SMS API response: " . print_r($decoded_response, true));
return $decoded_response;
}
?>

0
backend/auth/captin/updateDriverClaim.php Executable file → Normal file
View File

56
backend/auth/captin/updateDriverSecure.php
View File

@@ -1,56 +0,0 @@
<?php
require_once __DIR__ . '/../../connect.php';
$id = filterRequest("id");
// تحقق من وجود بيانات
if (empty($_POST)) {
jsonError("No passenger data provided for update.");
exit;
}
// الحقول الحساسة التي يجب تشفيرها
$fieldsToEncrypt = ["phone", "email", "gender", "birthdate", "site", "first_name", "last_name", "sosPhone"];
// بناء الحقول والمعاملات
$columnValues = [];
$params = [];
foreach ($fieldsToEncrypt as $field) {
if (isset($_POST[$field])) {
$value = filterRequest($field);
$encryptedValue = $encryptionHelper->encryptData($value);
$columnValues[] = "`$field` = ?";
$params[] = $encryptedValue;
}
}
// تحقق من أن هناك حقول للتحديث
if (empty($columnValues)) {
jsonError("No valid encrypted passenger data provided for update.");
exit;
}
// تركيب جملة SQL
$setClause = implode(", ", $columnValues);
$params[] = $id;
$sql = "UPDATE `passengers` SET $setClause WHERE `id` = ?";
try {
$stmt = $con->prepare($sql);
foreach ($params as $index => $value) {
$stmt->bindValue($index + 1, $value);
}
if ($stmt->execute()) {
jsonSuccess(null, "Passenger data updated successfully with encryption");
} else {
jsonError("Failed to update passenger data");
}
} catch (PDOException $e) {
jsonError("Database error: " . $e->getMessage());
}
?>

0
backend/auth/captin/updateShamCashDriver.php Executable file → Normal file
View File

0
backend/auth/captin/verifyEmail.php
View File

39
backend/auth/captin/verifyOtpDriver.php
View File

@@ -1,39 +0,0 @@
<?php
require_once __DIR__ . '/../../connect.php';
$phone_number = filterRequest("phone_number");
$token_code = filterRequest("token_code");
$encryptedPhone = $encryptionHelper->encryptData($phone_number);
$encryptedToken = $encryptionHelper->encryptData($token_code);
// Check if the phone number and token code match
$sql = "SELECT
`id`,
`phone_number`,
`token_code`,
`expiration_time`,
`is_verified`,
`created_at`
FROM
`phone_verification`
WHERE
`phone_number` = :phone_number AND `token_code` = :token_code -- AND `expiration_time` > NOW()";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone_number', $encryptedPhone, PDO::PARAM_STR);
$stmt->bindParam(':token_code', $encryptedToken, PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch();
if ($result) {
// $id = $result["id"];
$sql = "UPDATE `phone_verification` SET `is_verified` = 1 WHERE `phone_number` = :phone_number";
$stmt = $con->prepare($sql);
$stmt->bindParam(':phone_number', $phone_number, PDO::PARAM_STR);
$stmt->execute();
jsonSuccess($message = "Your phone number has been verified.");
} else {
jsonError($message = "Your phone number could not be verified. Please try again.");
}
?>