Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-16 01:17:28

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-16 01:17:29 +03:00
parent 04943e3d52
commit fc58529b09
56 changed files with 1149 additions and 1314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
walletintaleq.intaleq.xyz/v2/main/jwtconnect.php
View File

@@ -9,7 +9,19 @@ loadEnvironment($env_file);
$secretKey = getenv('SECRET_KEY'); // Only need the secret key now
// --- CORS Headers ---
header("Access-Control-Allow-Origin: *"); // Replace * with your Flutter app's origin!
$allowedOrigins = [
'https://walletintaleq.intaleq.xyz',
'https://wallet.siromove.com',
'https://wallet-syria.siromove.com',
'https://wallet-egypt.siromove.com',
'https://wallet-jordan.siromove.com',
];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: $origin");
} else {
header("Access-Control-Allow-Origin: https://walletintaleq.intaleq.xyz");
}
header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); // Adjust as needed
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header('Content-Type: application/json'); // Set content type to JSON

117
walletintaleq.intaleq.xyz/v2/main/loginJwtWalletDriver.php
View File

@@ -1,117 +0,0 @@
<?php
require_once realpath(__DIR__ . '/../vendor/autoload.php');
require_once 'load_env.php';
$env_file = '/home/intaleq-wallet/env/.env';
loadEnvironment($env_file);
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
// Retrieve environment variables
//$secretKey = getenv('SECRET_KEY');
$secretKey = trim(file_get_contents('/home/intaleq-wallet/.secret_key'));
$allowed1 = getenv('allowedWallet1');
$allowed2 = getenv('allowedWallet2');
$issuer = 'Tripz-Wallet';
$allowedAudiences = array_filter([$allowed1, $allowed2]);
$passwordnewpassenger = getenv('passwordnewpassenger');
include "functions.php";
// Validate environment variables
if (empty($secretKey) || empty($passwordnewpassenger) || empty($allowedAudiences)) {
http_response_code(500);
die(json_encode(['error' => 'Server configuration error: Missing environment variables.']));
}
// CORS Headers
header('Content-Type: application/json');
header("Access-Control-Allow-Origin: https://walletintaleq.intaleq.xyz");
header("Access-Control-Allow-Methods: POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
try {
$id = filterRequest('id') ?? '';
$password = filterRequest('password') ?? '';
$audience = filterRequest('aud') ?? '';
$fingerPrint = filterRequest('fingerPrint');
// Input validation
if (empty($id) || empty($password) || empty($audience) || empty($fingerPrint)) {
die(json_encode(['error' => 'Missing required parameters.']));
}
if (!in_array($audience, $allowedAudiences)) {
http_response_code(400);
die(json_encode(['error' => 'Invalid audience']));
}
/*
// Database connection
$dbuser = getenv('USER');
$dbpass = getenv('PASS');
$dbname = getenv('dbname');
$dsn = "mysql:host=localhost;dbname=$dbname;charset=utf8mb4";
$options = [
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
];
$con = new PDO($dsn, $dbuser, $dbpass, $options);
// Fetch token data from database
$stmt = $con->prepare("SELECT `id`, `token`, `captain_id`, `fingerPrint` FROM `driverToken` WHERE `captain_id` = :captain_id");
$stmt->bindParam(':captain_id', $id, PDO::PARAM_STR);
$stmt->execute();
$tokenData = $stmt->fetch(PDO::FETCH_ASSOC);
// 1) يجب وجود سجل
if (!$tokenData) {
http_response_code(403);
die(json_encode(['error' => 'No token record found for this user.']));
}
if (empty($tokenData['fingerPrint']) || !hash_equals($tokenData['fingerPrint'], $fingerPrint)) {
http_response_code(403);
die(json_encode(['error' => 'Device fingerprint verification failed']));
}
*/
// JWT Payload
$payload = [
'user_id' => $id,
'fingerPrint' => $fingerPrint,
'exp' => time() + 60,
'iat' => time(),
'iss' => $issuer,
'aud' => $audience
];
// Ensure secret key is valid before encoding
if (empty($secretKey)) {
throw new Exception("SECRET_KEY is empty.");
}
// Encode JWT
$jwt = JWT::encode($payload, $secretKey, 'HS256');
$hmac = hash_hmac('sha256', $id, getenv('SECRET_KEY_HMAC'));
echo json_encode([
'status' => 'success',
'jwt' => $jwt,
'hmac' => $hmac,
'expires_in' => 60
]);
http_response_code(200);
} catch (Exception $e) {
http_response_code(500);
echo "🔥 Server error: " . $e->getMessage() . "\n";
echo json_encode(['error' => 'An unexpected error occurred.']);
}

2
walletintaleq.intaleq.xyz/v2/main/loginWalletAdmin.php
View File

@@ -20,7 +20,7 @@ $allowedAudiences = array_filter([$allowed1, $allowed2]);
// --- إعداد رؤوس CORS ---
header('Content-Type: application/json');
header("Access-Control-Allow-Origin: *"); // Allow all for admin app or specify domain
header("Access-Control-Allow-Origin: https://walletintaleq.intaleq.xyz"); // Wallet admin only
header("Access-Control-Allow-Methods: POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Device-FP");

10
walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/transfer.php
View File

@@ -80,11 +80,11 @@ try {
}
// 3. Generate unique Tokens and paymentIDs
$paymentID1 = "transfer_" . time() . rand(1000, 9999);
$paymentID2 = "transfer_recv_" . time() . rand(1000, 9999);
$token1 = md5(uniqid("tk1", true));
$token2 = md5(uniqid("tk2", true));
$seferToken = md5(uniqid("sfr", true));
$paymentID1 = "transfer_" . time() . bin2hex(random_bytes(4));
$paymentID2 = "transfer_recv_" . time() . bin2hex(random_bytes(4));
$token1 = bin2hex(random_bytes(32));
$token2 = bin2hex(random_bytes(32));
$seferToken = bin2hex(random_bytes(32));
// 4. Deduct from Sender (payments table)
$deductAmount = -$amount;