Update: 2026-06-16 01:17:28

backend/functions.php

@@ -8,7 +8,7 @@ use Firebase\JWT\SignatureInvalidException;
 use Firebase\JWT\BeforeValidException;
 
 
-$INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+$INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
 
 /**
@@ -20,10 +20,37 @@ $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket
  * @param $carType string: نوع الطلب (comfort, speed, Lady...)
  */
 
+function getAllowedSocketUrls(): array {
+    $env = getenv('ALLOWED_SOCKET_URLS');
+    if ($env) {
+        return array_map('trim', explode(',', $env));
+    }
+    // القيم الافتراضية لو لم تكن موجودة في .env
+    return [
+        'http://188.68.36.205:2021',
+        'http://188.68.36.205:3031',
+        'https://location.intaleq.xyz',
+    ];
+}
+
+function isAllowedSocketUrl(string $url): bool {
+    $allowed = getAllowedSocketUrls();
+    foreach ($allowed as $allowedUrl) {
+        if (str_starts_with($url, $allowedUrl)) {
+            return true;
+        }
+    }
+    return false;
+}
+
 function sendToLocationServer($action, $data) {
     // رابط سيرفر اللوكيشن الداخلي أو العام
-    $url = "http://188.68.36.205:2021"; 
-    $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+    $url = "http://188.68.36.205:2021";
+    if (!isAllowedSocketUrl($url)) {
+        error_log("[SSRF_BLOCKED] Attempted connection to: $url");
+        return;
+    }
+    $INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     $postData = [
         'action' => $action,
@@ -44,7 +71,7 @@ function sendToLocationServer($action, $data) {
 function findBestDrivers($con, $lat, $lng, $carType) {
     // 1. الاتصال بـ Redis لجلب الأقرب
     $locationServerUrl = "https://location.intaleq.xyz/api_get_nearby.php";
-    $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+    $INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     $postData = ['lat' => $lat, 'lng' => $lng, 'radius' => 5, 'limit' => 100];
 
@@ -94,42 +121,64 @@ function findBestDrivers($con, $lat, $lng, $carType) {
             JOIN driverToken dt ON dt.captain_id = d.id
             WHERE d.id IN ($placeholders) ";
 
+    // ✅ FIX C-01: استخدام allowlist للـ carType لمنع SQL Injection
     $carType = trim($carType);
+    $allowedCarTypes = ['Comfort', 'Mishwar Vip', 'Scooter', 'Pink Bike', 'Electric', 'Lady', 'Van', 'Awfar Car', 'Fixed Price', 'Speed', 'Rayeh Gai'];
+    if (!in_array($carType, $allowedCarTypes, true)) {
+        $carType = 'Speed';
+    }
+    
+    $sqlParams = [];
     switch ($carType) {
         case 'Comfort': 
-            $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND CAST(TRIM(cr.year) AS UNSIGNED) > 2017 "; 
+            $sql .= " AND cr.vehicle_category_id = ? AND CAST(TRIM(cr.year) AS UNSIGNED) > ? "; 
+            $sqlParams[] = $CAT_CAR;
+            $sqlParams[] = 2017;
             break;
         case 'Mishwar Vip': 
-            $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND CAST(TRIM(cr.year) AS UNSIGNED) > 2020 "; 
+            $sql .= " AND cr.vehicle_category_id = ? AND CAST(TRIM(cr.year) AS UNSIGNED) > ? "; 
+            $sqlParams[] = $CAT_CAR;
+            $sqlParams[] = 2020;
             break;
         case 'Scooter': 
         case 'Pink Bike': 
-            $sql .= " AND cr.vehicle_category_id = $CAT_BIKE "; 
+            $sql .= " AND cr.vehicle_category_id = ? "; 
+            $sqlParams[] = $CAT_BIKE;
             break;
         case 'Electric': 
-            $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND cr.fuel_type_id = $FUEL_ELECTRIC "; 
+            $sql .= " AND cr.vehicle_category_id = ? AND cr.fuel_type_id = ? "; 
+            $sqlParams[] = $CAT_CAR;
+            $sqlParams[] = $FUEL_ELECTRIC;
             break;
         case 'Lady': 
              $femaleHash = 'bQ6yWJ2EVXKZooHdGclvmFiDlZCM8UYeO+ILFjDUvpQ='; 
-             $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND d.gender = '$femaleHash' "; 
+             $sql .= " AND cr.vehicle_category_id = ? AND d.gender = ? "; 
+             $sqlParams[] = $CAT_CAR;
+             $sqlParams[] = $femaleHash;
              break;
         case 'Van': 
-            $sql .= " AND cr.vehicle_category_id = $CAT_VAN "; 
+            $sql .= " AND cr.vehicle_category_id = ? "; 
+            $sqlParams[] = $CAT_VAN;
             break;
         case 'Awfar Car': 
-             $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND CAST(TRIM(cr.year) AS UNSIGNED) > 1995 "; 
+             $sql .= " AND cr.vehicle_category_id = ? AND CAST(TRIM(cr.year) AS UNSIGNED) > ? "; 
+             $sqlParams[] = $CAT_CAR;
+             $sqlParams[] = 1995;
              break;
         case 'Fixed Price':
         case 'Speed':
         case 'Rayeh Gai': 
         default: 
-            $sql .= " AND cr.vehicle_category_id = $CAT_CAR AND CAST(TRIM(cr.year) AS UNSIGNED) > 2000 "; 
+            $sql .= " AND cr.vehicle_category_id = ? AND CAST(TRIM(cr.year) AS UNSIGNED) > ? "; 
+            $sqlParams[] = $CAT_CAR;
+            $sqlParams[] = 2000;
             break;
     }
 
     try {
+        $allParams = array_merge($driverIds, $sqlParams);
         $stmt = $con->prepare($sql);
-        $stmt->execute($driverIds);
+        $stmt->execute($allParams);
         $finalDrivers = $stmt->fetchAll(PDO::FETCH_ASSOC);
 
         // دمج البيانات
@@ -157,9 +206,9 @@ function findBestDrivers($con, $lat, $lng, $carType) {
 }
 // --- دالة مساعدة لمخاطبة سيرفر السائقين (Location Socket) ---
 function notifyDriversRideTaken($rideId, $winnerDriverId) {
-    // رابط سيرفر السائقين الداخلي (نفس البورت المستخدم في driver_socket.php)
     $url = "http://188.68.36.205:2021";
-    $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+    if (!isAllowedSocketUrl($url)) return;
+    $INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     $postData = [
         'action' => 'ride_taken_event', // هذا الأكشن الجديد في السوكيت
@@ -179,9 +228,9 @@ function notifyDriversRideTaken($rideId, $winnerDriverId) {
     curl_close($ch);
 }
 function notifyDriversOnLocationServer($drivers_ids_array, $payload, $rideId = null) {
-    // رابط سيرفر اللوكيشن الخارجي
     $url = "http://188.68.36.205:2021";
-    $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+    if (!isAllowedSocketUrl($url)) return null;
+    $INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     $postData = [
         'action'      => 'dispatch_order', // اسم الحدث المتفق عليه في socket_server.php هناك
@@ -215,9 +264,9 @@ function notifyDriversOnLocationServer($drivers_ids_array, $payload, $rideId = n
  * تخاطب السوكيت الموجود محلياً على نفس السيرفر
  */
 function notifyPassengerOnRideServer($passenger_id, $payload) {
-    // الرابط لسيرفر سوكيت الركاب — IP مباشر لتجاوز مشاكل الجدار الناري والدومين
     $url = "http://188.68.36.205:3031";
-    $INTERNAL_KEY = trim((string)@file_get_contents('/home/siro-api/.internal_socket_key'));
+    if (!isAllowedSocketUrl($url)) return null;
+    $INTERNAL_KEY = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     if (empty($INTERNAL_KEY)) {
         error_log("[SOCKET_CRITICAL] Internal key missing at /home/siro-api/.internal_socket_key");
@@ -263,8 +312,8 @@ function dispatchRideToDrivers($driversData, $rideId, $payloadTemplate, $startNa
     error_log("🚀 [DISPATCH_START] RideID: $rideId | Drivers Count: $countDrivers");
 
     $socketUrl = 'http://188.68.36.205:2021';
-    $internalKeyPath = '/home/siro-api/.internal_socket_key';
-    $internalKey = file_exists($internalKeyPath) ? trim((string)@file_get_contents($internalKeyPath)) : '';
+    if (!isAllowedSocketUrl($socketUrl)) return;
+    $internalKey = function_exists('getInternalSocketKey') ? getInternalSocketKey() : '';
 
     foreach ($driversData as $driver) {
         $driverId = $driver['driver_id'];