e51d266a0f
- Fixed SQL injection in ride/license/get.php (interpolated variable → parameterized query) - Added admin role checks to all 3 mass data endpoints (driver tokens, passenger tokens, phones+tokens) - Added pagination (50/page) to all 4 mass data endpoints - Fixed LIMIT to use placeholders with type binding
94 lines
2.9 KiB
PHP
94 lines
2.9 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
if ($role !== 'admin' && $role !== 'super_admin') {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Unauthorized: Admin access required']);
|
|
exit;
|
|
}
|
|
|
|
$sql = "SELECT
|
|
`driver`.`id`,
|
|
`driver`.`phone`,
|
|
`driver`.`email`,
|
|
`driver`.`gender`,
|
|
`driver`.`status`,
|
|
`driver`.`birthdate`,
|
|
`driver`.`site`,
|
|
`driver`.`first_name`,
|
|
`driver`.`last_name`,
|
|
`driver`.`employmentType`,
|
|
`driver`.`maritalStatus`,
|
|
`driver`.`created_at`,
|
|
`driver`.`updated_at`,
|
|
(
|
|
SELECT COUNT(`driver`.`id`) FROM `driver`
|
|
) AS countPassenger,
|
|
(
|
|
SELECT CAST(AVG(`rating`) AS DECIMAL(10, 2))
|
|
FROM `ratingPassenger`
|
|
WHERE `ratingPassenger`.`driverID` = `driver`.`id`
|
|
) AS ratingPassenger,
|
|
(
|
|
SELECT COUNT(*) FROM `ratingPassenger` WHERE `driverID` = `driver`.`id`
|
|
) AS countDriverRate,
|
|
(
|
|
SELECT COUNT(*) FROM `canecl` WHERE `driverID` = `driver`.`id`
|
|
) AS countPassengerCancel,
|
|
(
|
|
SELECT CAST(AVG(`rating`) AS DECIMAL(10, 2))
|
|
FROM `ratingDriver`
|
|
WHERE `driver_id` = `driver`.`id`
|
|
) AS passengerAverageRating,
|
|
(
|
|
SELECT COUNT(*) FROM `ratingDriver` WHERE `driver_id` = `driver`.`id`
|
|
) AS countPassengerRate,
|
|
(
|
|
SELECT COUNT(*) FROM `ride` WHERE `driver_id` = `driver`.`id`
|
|
) AS countPassengerRide,
|
|
(
|
|
SELECT `token`
|
|
FROM `driverToken`
|
|
WHERE `captain_id` = `driver`.`id`
|
|
LIMIT 1
|
|
) AS passengerToken
|
|
FROM `driver`
|
|
ORDER BY passengerAverageRating DESC
|
|
LIMIT :lim OFFSET :off";
|
|
|
|
$stmt = $con->prepare($sql);
|
|
$page = max(1, (int) filterRequest('page'));
|
|
$limit = 10;
|
|
$offset = ($page - 1) * $limit;
|
|
$stmt->bindValue(':lim', $limit, PDO::PARAM_INT);
|
|
$stmt->bindValue(':off', $offset, PDO::PARAM_INT);
|
|
$stmt->execute();
|
|
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
// فك تشفير الحقول الحساسة
|
|
foreach ($result as &$row) {
|
|
$row['phone'] = $encryptionHelper->decryptData($row['phone']);
|
|
$row['email'] = $encryptionHelper->decryptData($row['email']);
|
|
$row['gender'] = $encryptionHelper->decryptData($row['gender']);
|
|
$row['birthdate'] = $encryptionHelper->decryptData($row['birthdate']);
|
|
$row['site'] = $encryptionHelper->decryptData($row['site']);
|
|
$row['first_name'] = $encryptionHelper->decryptData($row['first_name']);
|
|
$row['last_name'] = $encryptionHelper->decryptData($row['last_name']);
|
|
$row['employmentType'] = $encryptionHelper->decryptData($row['employmentType']);
|
|
$row['maritalStatus'] = $encryptionHelper->decryptData($row['maritalStatus']);
|
|
}
|
|
|
|
$countStmt = $con->query("SELECT COUNT(*) FROM `driver`");
|
|
$total = $countStmt->fetchColumn();
|
|
|
|
if (count($result) > 0) {
|
|
jsonSuccess([
|
|
'data' => $result,
|
|
'total' => (int) $total,
|
|
'page' => $page,
|
|
'pages' => (int) ceil($total / $limit),
|
|
]);
|
|
} else {
|
|
jsonError("No records found");
|
|
}
|
|
?>
|