Files
Siro/backend/auth/loginUsingCredentialsWithoutGooglePassenger.php
2026-06-29 15:29:29 +03:00

165 lines
7.5 KiB
PHP

<?php
// loginUsingCredentialsWithoutGooglePassenger.php
// مسار مخصص لفاحصي التطبيق (الركاب) يعمل بدون JWT Interceptors
require_once __DIR__ . '/../core/bootstrap.php';
$email = filterRequest("email");
$password = filterRequest("password");
$fingerprint = filterRequest('fingerPrint') ?? filterRequest('fingerprint');
$audience = filterRequest('aud') ?: 'siro_passenger';
// 1. تطبيق حد معدل الطلبات (Rate Limiting) للفاحصين: 3 محاولات بالدقيقة لكل IP
$rateLimiter = new RateLimiter($redis);
$rateLimiter->enforce(RateLimiter::identifier(), 'tester_login');
if (!$email || !$password) {
echo json_encode(["status" => "failure", "message" => "Email and password are required"]);
exit();
}
// 2. التحقق من أن الحساب مخصص للفحص فقط (isTest check)
$allowedTesterEmailsEnv = getenv('ALLOWED_TESTER_EMAILS') ?: '';
$allowedEmails = array_filter(array_map('trim', explode(',', $allowedTesterEmailsEnv)));
if (empty($allowedEmails)) {
$allowedEmails = [
'driver_tester@siromove.com',
'passenger_tester@siromove.com',
];
}
$cleanEmail = strtolower(trim($email));
$isTester = in_array($cleanEmail, $allowedEmails) ||
substr($cleanEmail, -13) === '@siromove.com' ||
str_contains($cleanEmail, 'tester') ||
str_contains($cleanEmail, 'reviewer');
try {
$con = Database::get('main');
// تشفير الإيميل للبحث في قاعدة البيانات
$encryptedEmail = $encryptionHelper->encryptData($email);
// Auto-seed/create tester passenger if it doesn't exist
if ($cleanEmail === 'passenger_tester@siromove.com') {
$stmtCheck = $con->prepare("SELECT id FROM passengers WHERE email = :email LIMIT 1");
$stmtCheck->bindParam(':email', $encryptedEmail);
$stmtCheck->execute();
if (!$stmtCheck->fetch()) {
$passengerId = 'tester_passenger_id_2026';
$phone = '+962790000003';
$hashedPassword = password_hash('SiroPassenger2026!', PASSWORD_DEFAULT);
$encryptedPhone = $encryptionHelper->encryptData($phone);
$encryptedFirstName = $encryptionHelper->encryptData('Passenger');
$encryptedLastName = $encryptionHelper->encryptData('Tester');
$encryptedGender = $encryptionHelper->encryptData('Male');
$encryptedBirthdate = $encryptionHelper->encryptData('1990-01-01');
$encryptedSite = $encryptionHelper->encryptData('Jordan');
// Insert passenger
$insert = $con->prepare("INSERT INTO passengers (id, phone, email, password, gender, birthdate, site, first_name, last_name)
VALUES (:id, :phone, :email, :password, :gender, :birthdate, :site, :first_name, :last_name)");
$insert->execute([
':id' => $passengerId,
':phone' => $encryptedPhone,
':email' => $encryptedEmail,
':password' => $hashedPassword,
':gender' => $encryptedGender,
':birthdate' => $encryptedBirthdate,
':site' => $encryptedSite,
':first_name' => $encryptedFirstName,
':last_name' => $encryptedLastName
]);
// Ensure phone_verification_passenger row exists
$stmtPhone = $con->prepare("SELECT * FROM phone_verification_passenger WHERE phone_number = :phone LIMIT 1");
$stmtPhone->bindParam(':phone', $encryptedPhone);
$stmtPhone->execute();
if (!$stmtPhone->fetch()) {
$insertPhone = $con->prepare("INSERT INTO phone_verification_passenger (phone_number, verified) VALUES (:phone, 1)");
$insertPhone->bindParam(':phone', $encryptedPhone);
$insertPhone->execute();
} else {
$updatePhone = $con->prepare("UPDATE phone_verification_passenger SET verified = 1 WHERE phone_number = :phone");
$updatePhone->bindParam(':phone', $encryptedPhone);
$updatePhone->execute();
}
}
}
$sql = "SELECT
p.*,
phone_verification_passenger.verified,
invitesToPassengers.isInstall,
invitesToPassengers.inviteCode,
invitesToPassengers.isGiftToken
FROM passengers p
LEFT JOIN phone_verification_passenger
ON phone_verification_passenger.phone_number = p.phone
LEFT JOIN invitesToPassengers
ON invitesToPassengers.inviterPassengerPhone = p.phone
WHERE p.email = :email
LIMIT 1";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $encryptedEmail);
$stmt->execute();
$data = $stmt->fetch(PDO::FETCH_ASSOC);
if ($data) {
// فحص الباسورد
if (password_verify($password, $data['password']) || $password === $data['password']) {
// التحقق من أن الحساب معلم كحساب فحص في قاعدة البيانات أو البيئة
$isTestInDb = (isset($data['is_test']) && $data['is_test'] == 1) || (isset($data['isTest']) && $data['isTest'] == 1);
if (!$isTestInDb && !$isTester) {
jsonError("Access denied. Not a tester account.");
exit();
}
// فك تشفير البيانات للرد
if(isset($data['phone'])) $data['phone'] = $encryptionHelper->decryptData($data['phone']);
if(isset($data['email'])) $data['email'] = $encryptionHelper->decryptData($data['email']);
if(isset($data['gender'])) $data['gender'] = $encryptionHelper->decryptData($data['gender']);
if(isset($data['birthdate'])) $data['birthdate'] = $encryptionHelper->decryptData($data['birthdate']);
if(isset($data['site'])) $data['site'] = $encryptionHelper->decryptData($data['site']);
if(isset($data['first_name'])) $data['first_name'] = $encryptionHelper->decryptData($data['first_name']);
if(isset($data['last_name'])) $data['last_name'] = $encryptionHelper->decryptData($data['last_name']);
if(isset($data['sosPhone'])) $data['sosPhone'] = $encryptionHelper->decryptData($data['sosPhone']);
if(isset($data['education'])) $data['education'] = $encryptionHelper->decryptData($data['education']);
if(isset($data['employmentType'])) $data['employmentType'] = $encryptionHelper->decryptData($data['employmentType']);
if(isset($data['maritalStatus'])) $data['maritalStatus'] = $encryptionHelper->decryptData($data['maritalStatus']);
// توليد الـ JWT بصلاحية (tester) لتميزهم عن المستخدمين الفعليين
$jwtService = new JwtService($redis);
$jwt = $jwtService->generateAccessToken($data['id'], 'tester', $audience, $fingerprint);
echo json_encode([
"status" => "success",
"jwt" => $jwt,
"data" => [$data] // مطابق لنسق التطبيق الذي يتوقع مصفوفة
], JSON_UNESCAPED_UNICODE);
} else {
echo json_encode([
"status" => "failure",
"message" => "Invalid credentials"
]);
}
} else {
echo json_encode([
"status" => "failure",
"message" => "Invalid credentials"
]);
}
} catch (Exception $e) {
error_log("Error in loginUsingCredentialsWithoutGooglePassenger: " . $e->getMessage());
echo json_encode([
"status" => "failure",
"message" => "Server error"
]);
}
exit();