Siro/backend/Admin/Staff/add_super_admin.php

<?php
/**
 * Admin/Staff/add_super_admin.php
 * إضافة مشرف عام (Super Admin) — استخدام لمرة واحدة
 */
require_once __DIR__ . '/../../core/bootstrap.php';

// $adminKey = filterRequest('admin_key') ?? '';
// $expected = getenv('MIGRATION_ADMIN_KEY');
// if (empty($adminKey) || empty($expected) || !hash_equals($expected, $adminKey)) {
//     http_response_code(403);
//     exit(json_encode(['error' => 'Access denied. Admin key required.']));
// }

$con = Database::get('main');

$name        = filterRequest('name')        ?: 'Super Admin';
$email       = filterRequest('email')       ?: '';
$phone       = filterRequest('phone')       ?: '';
$fingerprint = filterRequest('fingerprint') ?: '';
$password    = filterRequest('password')    ?: bin2hex(random_bytes(8));

try {
    $hashedPass = password_hash($password, PASSWORD_DEFAULT);
    $encName    = $encryptionHelper->encryptData($name);
    $encPhone   = $phone ? $encryptionHelper->encryptData($phone) : '';
    $encEmail   = $email ? $encryptionHelper->encryptData($email) : '';
    $encFp      = $fingerprint ? $encryptionHelper->encryptData($fingerprint) : '';
    $fpHash     = $fingerprint ? hash('sha256', $fingerprint) : '';
    $uniqueId   = bin2hex(random_bytes(16));

    $check = $con->prepare("SELECT id FROM adminUser WHERE role = 'super_admin' LIMIT 1");
    $check->execute();
    if ($check->fetch()) {
        echo "<h2>⚠️ Super Admin already exists.</h2>";
        exit;
    }

    $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, phone, email, password, role, created_at) 
            VALUES (:id, :fp, :fp_hash, :name, :phone, :email, :pass, 'super_admin', NOW())";
    $stmt = $con->prepare($sql);
    $stmt->execute([
        ':id'       => $uniqueId,
        ':fp'       => $encFp,
        ':fp_hash'  => $fpHash,
        ':name'     => $encName,
        ':phone'    => $encPhone,
        ':email'    => $encEmail,
        ':pass'     => $hashedPass,
    ]);

    if ($stmt->rowCount() > 0) {
        echo "<h2>✅ Super Admin created successfully!</h2>";
        echo "<p><b>ID:</b> $uniqueId</p>";
        echo "<p><b>Name:</b> $name</p>";
        echo "<p><b>Password:</b> $password</p>";
        echo "<p style='color:red;'><b>⚠️ Save this password. Delete this file after use.</b></p>";
    } else {
        echo "<h2>❌ Failed to create Super Admin.</h2>";
    }
} catch (Exception $e) {
    echo "<h2>❌ Error: " . htmlspecialchars($e->getMessage()) . "</h2>";
}