Update: 2026-06-16 01:17:28

2026-06-16 01:17:29 +03:00
parent 04943e3d52
commit fc58529b09
56 changed files with 1149 additions and 1314 deletions
--- a/backend/serviceapp/getEditorStatsCalls.php
+++ b/backend/serviceapp/getEditorStatsCalls.php
@@ -18,7 +18,6 @@ if (isset($_POST['start_date']) && isset($_POST['end_date'])) {
 }

 // 2. الاستعلام: تجميع عدد الملاحظات لكل موظف في كل يوم
-// نستخدم DATE(createdAt) لتوحيد التوقيت لليوم فقط
 $sql = "
    SELECT 
        DATE(createdAt) as date, 
@@ -27,7 +26,7 @@ $sql = "
    FROM 
        notesForDriverService 
    WHERE 
-        createdAt BETWEEN '$start_date' AND '$end_date 23:59:59'
+        createdAt BETWEEN :start_date AND :end_date
    GROUP BY 
        DATE(createdAt), editor
    ORDER BY 
@@ -35,8 +34,9 @@ $sql = "
 ";

 try {
+    $end_date_full = $end_date . ' 23:59:59';
    $stmt = $con->prepare($sql);
-    $stmt->execute();
+    $stmt->execute([':start_date' => $start_date, ':end_date' => $end_date_full]);
    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if ($data) {
--- a/backend/serviceapp/getEmployeeDriverAfterCallingRegister.php
+++ b/backend/serviceapp/getEmployeeDriverAfterCallingRegister.php
@@ -25,21 +25,20 @@ if (isset($_POST['start_date']) && isset($_POST['end_date'])) {
    $end_date   = date('Y-m-t', strtotime($start_date));
 }

-// الاستعلام: جلب عدد السائقين لكل نوع توظيف خلال الفترة المحددة
 $sql = "SELECT 
            employmentType, 
            COUNT(*) AS `count` 
        FROM 
            `driver` 
        WHERE 
-            DATE(created_at) >= '$start_date' 
-            AND DATE(created_at) <= '$end_date'
+            DATE(created_at) >= :start_date 
+            AND DATE(created_at) <= :end_date
        GROUP BY 
            employmentType";

 try {
    $stmt = $con->prepare($sql);
-    $stmt->execute();
+    $stmt->execute([':start_date' => $start_date, ':end_date' => $end_date]);
    $stats_data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if ($stats_data) {
--- a/backend/serviceapp/getEmployeeStatic.php
+++ b/backend/serviceapp/getEmployeeStatic.php
@@ -12,7 +12,6 @@ $current_month = str_pad($current_month, 2, "0", STR_PAD_LEFT);
 $first_day_of_month = date('Y-m-d', strtotime($current_year . '-' . $current_month . '-01'));
 $last_day_of_month  = date('Y-m-t', strtotime($first_day_of_month));

-// تم تعديل الاستعلام ليستخدم المتغيرات $first_day_of_month و $last_day_of_month
 $sql = "SELECT 
    DATE(d.created_at) AS `date`, 
    d.`maritalStatus` AS NAME, 
@@ -21,23 +20,20 @@ FROM
    `driver` d 
 WHERE 
    d.`maritalStatus` IN ('mayar','masa', 'shahd', 'rama2','rama1') 
-    AND DATE(d.created_at) >= '$first_day_of_month' 
-    AND DATE(d.created_at) <= '$last_day_of_month'
+    AND DATE(d.created_at) >= :first_day 
+    AND DATE(d.created_at) <= :last_day 
 GROUP BY 
    `date`, d.`maritalStatus` 
 ORDER BY 
-    `date` ASC;
-";
+    `date` ASC";

 $stmt = $con->prepare($sql);
-$stmt->execute();
+$stmt->execute([':first_day' => $first_day_of_month, ':last_day' => $last_day_of_month]);
 $passenger_data = $stmt->fetchAll(PDO::FETCH_ASSOC);

 if ($passenger_data) {
-    // طباعة البيانات كـ JSON
-    jsonSuccess($data = $passenger_data);
+    jsonSuccess($passenger_data);
 } else {
-    // طباعة رسالة فشل
-    jsonError($message = "No data found");
+    jsonError("No data found");
 }
 ?>
--- a/backend/serviceapp/getNotesForEmployee.php
+++ b/backend/serviceapp/getNotesForEmployee.php
@@ -5,14 +5,13 @@ require_once __DIR__ . '/../connect.php';
 // إذا لم يتم إرسال تاريخ، نستخدم تاريخ اليوم الحالي
 $filter_date = isset($_POST['date']) ? $_POST['date'] : date('Y-m-d');

-// الاستعلام: جلب كافة الملاحظات لليوم المحدد مرتبة من الأحدث للأقدم
 $sql = "SELECT * FROM `notesForDriverService` 
-        WHERE DATE(`createdAt`) = '$filter_date'
+        WHERE DATE(`createdAt`) = :filter_date
        ORDER BY `createdAt` DESC";

 try {
    $stmt = $con->prepare($sql);
-    $stmt->execute();
+    $stmt->execute([':filter_date' => $filter_date]);
    $notes_data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if ($notes_data) {
--- a/backend/serviceapp/getPassengersStatic.php
+++ b/backend/serviceapp/getPassengersStatic.php
@@ -18,38 +18,40 @@ if (isset($_POST['start_date']) && isset($_POST['end_date'])) {
    $end_date   = date('Y-m-t', strtotime($start_date));
 }

-// 2. جملة SQL المعدلة
+$end_date_full = $end_date . ' 23:59:59';
+
 $sql = "
 WITH RECURSIVE date_series AS (
-    SELECT '$start_date' AS date
+    SELECT :start_date AS date
    UNION ALL
    SELECT DATE_ADD(date, INTERVAL 1 DAY)
    FROM date_series
-    WHERE date < '$end_date'
+    WHERE date < :end_date
 )
 SELECT
    date_series.date AS day,
    
-    -- (passengers) عدد الركاب اليومي
    COALESCE((SELECT COUNT(id) FROM passengers WHERE DATE(passengers.created_at) = date_series.date), 0) AS totalPassengers,
    
-    -- (passengers) الإجمالي للفترة المحددة
    (
        SELECT COUNT(*) 
        FROM passengers 
-        WHERE passengers.created_at BETWEEN '$start_date' AND '$end_date 23:59:59'
+        WHERE passengers.created_at BETWEEN :start_date_total AND :end_date_total
    ) AS totalMonthly

 FROM
    date_series
 GROUP BY date_series.date
-ORDER BY date_series.date ASC; 
-";
-// ملاحظة: جعلت الترتيب ASC (تصاعدي) لأن الرسم البياني يحتاج الأيام من البداية للنهاية
+ORDER BY date_series.date ASC";

 try {
    $stmt = $con->prepare($sql);
-    $stmt->execute();
+    $stmt->execute([
+        ':start_date' => $start_date,
+        ':end_date' => $end_date,
+        ':start_date_total' => $start_date,
+        ':end_date_total' => $end_date_full
+    ]);
    $passenger_data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if ($passenger_data) {
--- a/backend/serviceapp/getRidesStatic.php
+++ b/backend/serviceapp/getRidesStatic.php
@@ -18,24 +18,23 @@ if (isset($_POST['start_date']) && isset($_POST['end_date'])) {
    $end_date   = date('Y-m-t', strtotime($start_date));
 }

-// 2. جملة الـ SQL المعدلة لتعمل مع النطاق الزمني
+$end_date_full = $end_date . ' 23:59:59';
+
 $sql = "
 WITH RECURSIVE date_series AS (
-    SELECT '$start_date' AS date
+    SELECT :start_date AS date
    UNION ALL
    SELECT DATE_ADD(date, INTERVAL 1 DAY)
    FROM date_series
-    WHERE date < '$end_date'
+    WHERE date < :end_date
 )
 SELECT 
    date_series.date AS day, 
-    -- حساب الرحلات المنتهية في هذا اليوم
    COALESCE(SUM(ride.status = 'Finished'), 0) AS totalRides,
    
-    -- حساب الإجمالي للفترة المحددة كاملة (وليس للشهر فقط)
    (SELECT COUNT(*) FROM ride 
-     WHERE ride.created_at >= '$start_date' 
-     AND ride.created_at <= '$end_date 23:59:59'
+     WHERE ride.created_at >= :start_date_total 
+     AND ride.created_at <= :end_date_total
     AND ride.status = 'Finished') AS totalMonthly

 FROM 
@@ -44,16 +43,22 @@ LEFT JOIN
    ride ON DATE(ride.created_at) = date_series.date 
    AND ride.status = 'Finished'
 WHERE 
-    date_series.date >= '$start_date' 
-    AND date_series.date <= '$end_date'
+    date_series.date >= :start_date_where 
+    AND date_series.date <= :end_date_where
 GROUP BY 
    date_series.date
 ORDER BY 
-    date_series.date ASC;
-";
+    date_series.date ASC";

 $stmt = $con->prepare($sql);
-$stmt->execute();
+$stmt->execute([
+    ':start_date' => $start_date,
+    ':end_date' => $end_date,
+    ':start_date_total' => $start_date,
+    ':end_date_total' => $end_date_full,
+    ':start_date_where' => $start_date,
+    ':end_date_where' => $end_date
+]);
 $data = $stmt->fetchAll(PDO::FETCH_ASSOC);

 if ($data) {
--- a/backend/serviceapp/getdriverstotalMonthly.php
+++ b/backend/serviceapp/getdriverstotalMonthly.php
@@ -18,36 +18,33 @@ if (isset($_POST['start_date']) && isset($_POST['end_date'])) {
    $end_date   = date('Y-m-t', strtotime($start_date));
 }

-// 2. جملة SQL المعدلة
+$end_date_full = $end_date . ' 23:59:59';
+
 $sql = "
 WITH RECURSIVE date_series AS (
-    SELECT '$start_date' AS DATE
+    SELECT :start_date AS DATE
    UNION ALL
    SELECT DATE_ADD(DATE, INTERVAL 1 DAY)
    FROM date_series
-    WHERE DATE < '$end_date'
+    WHERE DATE < :end_date
 )
 SELECT
    date_series.date AS day,
    
-    -- [1] إجمالي السائقين (الكلي في النظام)
    (SELECT COUNT(*) FROM driver) AS totalDrivers,

-    -- [2] يومي: عدد السائقين المسجلين
    (
        SELECT COUNT(*)
        FROM driver
        WHERE DATE(driver.created_at) = date_series.date
    ) AS dailyTotalDrivers,

-    -- [3] يومي: عدد السائقين المتصل بهم (notesForDriverService)
    (
        SELECT COUNT(*)
        FROM notesForDriverService
        WHERE DATE(notesForDriverService.createdAt) = date_series.date
    ) AS dailyTotalCallingDrivers,

-    -- [4] يومي: Matching Notes (Join with driver on phone)
    (
        SELECT COUNT(*)
        FROM notesForDriverService n
@@ -55,26 +52,23 @@ SELECT
        WHERE DATE(n.createdAt) = date_series.date
    ) AS dailyMatchingNotes,

-    -- [5] إجمالي الفترة: سائقين
    (
        SELECT COUNT(*)
        FROM driver
-        WHERE driver.created_at BETWEEN '$start_date' AND '$end_date 23:59:59'
+        WHERE driver.created_at BETWEEN :start_date1 AND :end_date1
    ) AS totalMonthlyDrivers,

-    -- [6] إجمالي الفترة: Calling Drivers
    (
        SELECT COUNT(*)
        FROM notesForDriverService
-        WHERE notesForDriverService.createdAt BETWEEN '$start_date' AND '$end_date 23:59:59'
+        WHERE notesForDriverService.createdAt BETWEEN :start_date2 AND :end_date2
    ) AS totalMonthlyCallingDrivers,

-    -- [7] إجمالي الفترة: Matching Notes
    (
        SELECT COUNT(*)
        FROM notesForDriverService n
        JOIN driver d ON n.phone = d.phone
-        WHERE n.createdAt BETWEEN '$start_date' AND '$end_date 23:59:59'
+        WHERE n.createdAt BETWEEN :start_date3 AND :end_date3
    ) AS totalMonthlyMatchingNotes

 FROM
@@ -82,12 +76,20 @@ FROM
 GROUP BY
    date_series.date
 ORDER BY
-    date_series.date ASC;
-";
+    date_series.date ASC";

 try {
    $stmt = $con->prepare($sql);
-    $stmt->execute();
+    $stmt->execute([
+        ':start_date' => $start_date,
+        ':end_date' => $end_date,
+        ':start_date1' => $start_date,
+        ':end_date1' => $end_date_full,
+        ':start_date2' => $start_date,
+        ':end_date2' => $end_date_full,
+        ':start_date3' => $start_date,
+        ':end_date3' => $end_date_full
+    ]);
    $data = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if ($data) {
--- a/backend/serviceapp/login.php
+++ b/backend/serviceapp/login.php
@@ -108,11 +108,11 @@ try {
            // توليد مفتاح HMAC فريد للمستخدم (للتوافق مع CRUD الجديد)
            $hmacKey = hash_hmac('sha256', (string)$user['id'], getenv('SECRET_KEY_HMAC'));

+                // ✅ FIX H-05: لا نعيد مفتاح HMAC أبداً (يُحسب على العميل بنفس المعادلة)
            printSuccess([
                "message" => "Login successful",
                "data" => $user,
                "jwt" => $jwt,
-                "hmac" => $hmacKey,
                "expires_in" => $expires_in
            ]);

@@ -124,8 +124,10 @@ try {
        jsonError("الجهاز أو الحساب غير مسجل. يرجى إدخال البريد الإلكتروني وكلمة المرور إذا كان هذا أول تسجيل دخول لك.");
    }
 } catch (Exception $e) {
-    error_log("[ServiceApp Login Error] " . $e->getMessage());
-    jsonError("Server error: " . $e->getMessage());
+    // ✅ FIX M-02: إخفاء تفاصيل الخطأ في الإنتاج
+    $debugMode = getenv('APP_DEBUG') === 'true';
+    securityLog("[ServiceApp Login Error]", ['msg' => $e->getMessage()]);
+    jsonError($debugMode ? "Server error: " . $e->getMessage() : "Server error. Please try again later.", 500);
 }

 exit();
--- a/backend/serviceapp/web/drivers.html
+++ b/backend/serviceapp/web/drivers.html
@@ -6,7 +6,7 @@
    <title>نظام إدارة المركبات</title>
    <script src="https://cdn.tailwindcss.com"></script>
    <link href="https://fonts.googleapis.com/css2?family=Cairo:wght@300;400;600;700&display=swap" rel="stylesheet">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css" integrity="sha512-iecdLmaskl7CVkqkXNQ/ZH/XLlvWZOJyj7Yy7tcenmpD1ypASozpmT/E0iPtmFIB46ZmdtAc9eNBvH0H/ZpiBw==" crossorigin="anonymous" referrerpolicy="no-referrer">
    <style>
        body { font-family: 'Cairo', sans-serif; background-color: #f8fafc; }
        .skeleton {