authenticate(); $authRole = $auth->role ?? ''; if ($authRole !== 'super_admin' && $authRole !== 'admin') { jsonError("غير مصرح لك. فقط المشرفون يمكنهم إضافة موظفين."); exit; } $name = filterRequest("name"); $phone = filterRequest("phone"); $email = filterRequest("email"); $password = filterRequest("password"); $role = filterRequest("role"); // 'admin' or 'service' $fingerprint = filterRequest("fingerprint") ?: ''; $gender = filterRequest("gender") ?? 'Male'; $birthdate = filterRequest("birthdate") ?? date('Y-m-d'); $site = filterRequest("site") ?? 'main'; if (empty($name) || empty($password) || empty($role)) { jsonError("Missing required fields (name, password, role)."); exit; } try { $hashedPassword = password_hash($password, PASSWORD_DEFAULT); // تشفير البيانات الحساسة $encName = $encryptionHelper->encryptData($name); $encPhone = $encryptionHelper->encryptData($phone); $encEmail = $encryptionHelper->encryptData($email); // تشفير البصمة وهش البصمة (إذا تم إرسالها) $encFp = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : ''; $fpHash = $fingerprint ? hash('sha256', $fingerprint) : ''; $uniqueId = bin2hex(random_bytes(16)); if ($role === 'admin') { // الإضافة لجدول المديرين // التأكد من وجود عمود phone في الجدول (كإجراء احترازي لتجنب الأخطاء إذا لم يكن موجوداً) try { $con->exec("ALTER TABLE adminUser ADD COLUMN phone VARCHAR(255) NULL AFTER name"); } catch (Exception $e) { /* العمود موجود مسبقاً */ } $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, password, role, created_at) VALUES (:id, :fp, :fp_hash, :name, :phone, :pass, :role, NOW())"; $stmt = $con->prepare($sql); $stmt->execute([ ':id' => $uniqueId, ':fp' => $encFp, ':fp_hash' => $fpHash, ':name' => $encName, ':phone' => $encPhone, ':pass' => $hashedPassword, ':role' => $role ]); } else { // الإضافة لجدول المستخدمين (خدمة العملاء) // أضفنا site و last_name (كقيمة افتراضية فارغة إذا لم تتوفر) $sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, last_name, site, created_at) VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, :lname, :site, NOW())"; $stmt = $con->prepare($sql); $stmt->execute([ ':id' => $uniqueId, ':fp' => $encFp, ':fp_hash' => $fpHash, ':phone' => $encPhone, ':email' => $encEmail, ':gender' => $gender, ':pass' => $hashedPassword, ':bdate' => $birthdate, ':fname' => $encName, ':lname' => '', // last_name is empty for now ':site' => $site ]); } if ($stmt->rowCount() > 0) { jsonSuccess("Staff member added successfully."); } else { jsonError("Failed to add staff member."); } } catch (Exception $e) { error_log("[Staff Add Error] " . $e->getMessage()); jsonError("Server error: " . $e->getMessage()); }