80 lines
2.9 KiB
PHP
80 lines
2.9 KiB
PHP
<?php
|
|
// File: verify_otp.php (with enhanced logging)
|
|
// siro_v1/auth/token_passenger
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
// --- Start of Script Execution ---
|
|
error_log("--- [verify_otp.php] Script execution started. ---");
|
|
|
|
$phoneNumber = filterRequest("phone_number");
|
|
$otp = filterRequest("otp");
|
|
|
|
// Log received data for debugging. Be mindful of logging sensitive data in production.
|
|
error_log("[verify_otp.php] Received phone_number: $phoneNumber | Received otp: $otp");
|
|
|
|
if (empty($phoneNumber) || empty($otp)) {
|
|
error_log("[verify_otp.php] Error: Phone number or OTP is empty.");
|
|
jsonError("Phone number and OTP are required.");
|
|
exit();
|
|
}
|
|
|
|
$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
|
|
$otp_encrypted = $encryptionHelper->encryptData($otp);
|
|
|
|
try {
|
|
// 1. التحقق من Redis بدلاً من MySQL
|
|
if (!$redis) {
|
|
jsonError("Security service unavailable");
|
|
exit;
|
|
}
|
|
|
|
$cachedOtp = $redis->get("otp:passenger:$phoneNumber");
|
|
|
|
if ($cachedOtp && $cachedOtp === $otp) {
|
|
// ننجح في التحقق ونحذف المفتاح من Redis لمنع استخدامه مرة أخرى (One-time use)
|
|
$redis->del("otp:passenger:$phoneNumber");
|
|
|
|
error_log("[verify_otp.php] OTP verified via Redis for phone: $phoneNumber");
|
|
|
|
// 2. التحقق من وجود الراكب في قاعدة البيانات
|
|
$passengerStmt = $con->prepare("SELECT id FROM passengers WHERE phone = ?");
|
|
$passengerStmt->execute([$phoneNumber_encrypted]);
|
|
$passenger = $passengerStmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($passenger) {
|
|
$passengerID = $passenger['id'];
|
|
|
|
// تحديث التوكن والبصمة إن وجدا
|
|
$newToken = filterRequest("token");
|
|
$fingerPrint = filterRequest("fingerPrint");
|
|
|
|
if ($newToken && $fingerPrint) {
|
|
$tokenEncrypted = $encryptionHelper->encryptData($newToken);
|
|
$updateTokenStmt = $con->prepare("UPDATE tokens SET token = ?, fingerPrint = ? WHERE passengerID = ?");
|
|
$updateTokenStmt->execute([$tokenEncrypted, $fingerPrint, $passengerID]);
|
|
}
|
|
|
|
printSuccess([
|
|
"message" => "Token verified and updated.",
|
|
"isRegistered" => true,
|
|
"passengerID" => $passengerID
|
|
]);
|
|
|
|
} else {
|
|
printSuccess([
|
|
"message" => "Phone verified, passenger not found.",
|
|
"isRegistered" => false
|
|
]);
|
|
}
|
|
|
|
} else {
|
|
error_log("[verify_otp.php] Invalid or expired OTP for phone: $phoneNumber");
|
|
jsonError("Invalid or expired OTP.");
|
|
}
|
|
|
|
} catch (Exception $e) {
|
|
// Log the detailed database error message for debugging.
|
|
error_log("[verify_otp.php] FATAL DATABASE ERROR: " . $e->getMessage());
|
|
jsonError("Database error");
|
|
}
|
|
?>
|