enforce(RateLimiter::identifier(), 'tester_login'); if (!$email || !$password) { echo json_encode(["status" => "failure", "message" => "Email and password are required"]); exit(); } // 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check) $allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: ''; $allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv))); if (empty($allowedEmails)) { $allowedEmails = [ 'driver_tester@siromove.com', 'passenger_tester@siromove.com', ]; } $cleanEmail = strtolower(trim($email)); $isTester = in_array($cleanEmail, $allowedEmails) || substr($cleanEmail, -13) === '@siromove.com' || str_contains($cleanEmail, 'tester') || str_contains($cleanEmail, 'reviewer'); try { $con = Database::get('main'); // تشفير الإيميل للبحث في قاعدة البيانات $encryptedEmail = $encryptionHelper->encryptData($email); // Auto-seed/create tester passenger if it doesn't exist if ($cleanEmail === 'passenger_tester@siromove.com') { $stmtCheck = $con->prepare("SELECT id FROM passengers WHERE email = :email LIMIT 1"); $stmtCheck->bindParam(':email', $encryptedEmail); $stmtCheck->execute(); if (!$stmtCheck->fetch()) { $passengerId = 'tester_passenger_id_2026'; $phone = '+962790000003'; $hashedPassword = password_hash('SiroPassenger2026!', PASSWORD_DEFAULT); $encryptedPhone = $encryptionHelper->encryptData($phone); $encryptedFirstName = $encryptionHelper->encryptData('Passenger'); $encryptedLastName = $encryptionHelper->encryptData('Tester'); $encryptedGender = $encryptionHelper->encryptData('Male'); $encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01'); $encryptedSite = $encryptionHelper->encryptData('Jordan'); // Insert passenger $insert = $con->prepare("INSERT INTO passengers (id, phone, email, password, gender, birthdate, site, first_name, last_name) VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)"); $insert->execute([ ':id' => $passengerId, ':phone' => $encryptedPhone, ':email' => $encryptedEmail, ':password' => $hashedPassword, ':gender' => $encryptedGender, ':birthdate' => $encryptedBirthdate, ':site' => $encryptedSite, ':first_name' => $encryptedFirstName, ':last_name' => $encryptedLastName ]); // Ensure phone_verification_passenger row exists $stmtPhone = $con->prepare("SELECT * FROM phone_verification_passenger WHERE phone_number = :phone LIMIT 1"); $stmtPhone->bindParam(':phone', $encryptedPhone); $stmtPhone->execute(); if (!$stmtPhone->fetch()) { $insertPhone = $con->prepare("INSERT INTO phone_verification_passenger (phone_number, verified) VALUES (:phone, 1)"); $insertPhone->bindParam(':phone', $encryptedPhone); $insertPhone->execute(); } else { $updatePhone = $con->prepare("UPDATE phone_verification_passenger SET verified = 1 WHERE phone_number = :phone"); $updatePhone->bindParam(':phone', $encryptedPhone); $updatePhone->execute(); } } } $sql = "SELECT p.*, phone_verification_passenger.verified, invitesToPassengers.isInstall, invitesToPassengers.inviteCode, invitesToPassengers.isGiftToken FROM passengers p LEFT JOIN phone_verification_passenger ON phone_verification_passenger.phone_number = p.phone LEFT JOIN invitesToPassengers ON invitesToPassengers.inviterPassengerPhone = p.phone WHERE p.email = :email LIMIT 1"; $stmt = $con->prepare($sql); $stmt->bindParam(':email', $encryptedEmail); $stmt->execute(); $data = $stmt->fetch(PDO::FETCH_ASSOC); if ($data) { // فحص الباسورد if (password_verify($password, $data['password']) || $password === $data['password']) { // التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة $isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1); if (!$isTestInDb && !$isTester) { jsonError("Access denied. Not a tester account."); exit(); } // فك تشفير البيانات للرد if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']); if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']); if(isset($data['gender'])) $data['gender'] = $encryptionHelper->decryptData($data['gender']); if(isset($data['birthdate'])) $data['birthdate'] = $encryptionHelper->decryptData($data['birthdate']); if(isset($data['site'])) $data['site'] = $encryptionHelper->decryptData($data['site']); if(isset($data['first_name'])) $data['first_name'] = $encryptionHelper->decryptData($data['first_name']); if(isset($data['last_name'])) $data['last_name'] = $encryptionHelper->decryptData($data['last_name']); if(isset($data['sosPhone'])) $data['sosPhone'] = $encryptionHelper->decryptData($data['sosPhone']); if(isset($data['education'])) $data['education'] = $encryptionHelper->decryptData($data['education']); if(isset($data['employmentType'])) $data['employmentType'] = $encryptionHelper->decryptData($data['employmentType']); if(isset($data['maritalStatus'])) $data['maritalStatus'] = $encryptionHelper->decryptData($data['maritalStatus']); // توليد الـ JWT بصلاحية (tester) لتميزهم عن المستخدمين الفعليين $jwtService = new JwtService($redis); $jwt = $jwtService->generateAccessToken($data['id'], 'tester', $audience, $fingerprint); echo json_encode([ "status" => "success", "jwt" => $jwt, "data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة ], JSON_UNESCAPED_UNICODE); } else { echo json_encode([ "status" => "failure", "message" => "Invalid credentials" ]); } } else { echo json_encode([ "status" => "failure", "message" => "Invalid credentials" ]); } } catch (Exception $e) { error_log("Error in loginUsingCredentialsWithoutGooglePassenger: " . $e->getMessage()); echo json_encode([ "status" => "failure", "message" => "Server error" ]); } exit();