Siro/backend/serviceapp/updateDriver.php

<?php
require_once __DIR__ . '/../connect.php';

// Retrieve driverID (allow 'id' or 'driverID')
$driverID = filterRequest("id") ?? filterRequest("driverID");
if (!$driverID) {
    jsonError("Driver ID is required");
    exit;
}

// التحقق من أن المستخدم يملك هذا الحساب أو هو أدمن
$canUpdate = ($role === 'admin' || $role === 'super_admin' || (string)$user_id === (string)$driverID);
if (!$canUpdate) {
    jsonError("Unauthorized: You can only update your own account");
    exit;
}

/* ---------------------------------------------------------
    DRIVER TABLE
--------------------------------------------------------- */
$driverFieldsAllowed = [
    "idn", "phone", "email", "password", "gender", "license_type",
    "national_number", "name_arabic", "issue_date", "expiry_date",
    "license_categories", "address", "licenseIssueDate", "status",
    "birthdate", "site", "first_name", "last_name", "accountBank",
    "bankCode", "employmentType", "maritalStatus", "fullNameMaritial",
    "expirationDate", "created_at", "updated_at"
];

// إزالة الحقول الحساسة من التحديث إذا كان المستخدم ليس أدمن
if ($role !== 'admin' && $role !== 'super_admin') {
    $driverFieldsAllowed = array_diff($driverFieldsAllowed, ['password', 'status', 'email', 'phone']);
}

$encryptedDriverFields = [
    "phone", "email", "password", "national_number","gender", "name_arabic", "first_name",
    "last_name", "birthdate", "site", "maritalStatus", "employmentType", "accountBank", "bankCode"
];

$driverSet = [];
$driverParams = [":id" => $driverID];

foreach ($driverFieldsAllowed as $field) {
    if (isset($_POST[$field]) && $_POST[$field] !== "") {
        $value = filterRequest($field);

        if (in_array($field, $encryptedDriverFields)) {
            $value = $encryptionHelper->encryptData($value);
        }

        $driverSet[] = "`$field` = :$field";
        $driverParams[":$field"] = $value;
    }
}

$driverUpdated = false;
if (!empty($driverSet)) {
    $driverSql = "UPDATE `driver` SET " . implode(", ", $driverSet) . " WHERE `id` = :id";
    $stmt = $con->prepare($driverSql);
    $stmt->execute($driverParams);
    $driverUpdated = $stmt->rowCount() > 0;
}

/* ---------------------------------------------------------
    CAR REGISTRATION TABLE
--------------------------------------------------------- */
$carFieldsAllowed = [
    "id", "vin", "car_plate", "make", "model", "year",
    "expiration_date", "color", "owner", "color_hex", "fuel",
    "isDefault", "created_at", "status"
];

$carSet = [];
$carParams = [":driverID" => $driverID];

foreach ($carFieldsAllowed as $field) {
    if ($field === "id") continue;
    if (isset($_POST[$field]) && $_POST[$field] !== "") {
        $value = filterRequest($field);
        $carSet[] = "`$field` = :$field";
        $carParams[":$field"] = $value;
    }
}

$carUpdated = false;
if (!empty($carSet)) {
    $carSql = "UPDATE `CarRegistration` SET " . implode(", ", $carSet) . " WHERE `driverID` = :driverID";
    $stmtCar = $con->prepare($carSql);
    $stmtCar->execute($carParams);
    $carUpdated = $stmtCar->rowCount() > 0;
}

if ($driverUpdated || $carUpdated) {
    jsonSuccess(null, "Driver & Car updated successfully");
} else {
    jsonError("No changes were applied");
}