Initial commit with updated Auth and media ignored

auth/syria/verifyOtp.php

@@ -0,0 +1,93 @@
+<?php
+$allowRegistration = true;
+require_once __DIR__ . '/../../connect.php';
+
+// تسجيل بداية الطلب
+error_log("[Auth_Debug] Start processing phone verification request.");
+
+$phoneNumber = filterRequest("phone_number");
+
+if (!$phoneNumber) {
+    error_log("[Auth_Error] Phone number is missing in the request.");
+    jsonError("Phone number is required");
+    exit();
+}
+
+// تسجيل الرقم (مشفر أو عادي حسب الحاجة، يفضل عدم تسجيله عادي لأسباب الخصوصية لكن هنا للتوضيح)
+error_log("[Auth_Debug] Received phone number (Masked): " . substr($phoneNumber, 0, 7) . "*****");
+
+// تشفير رقم الهاتف
+$phoneNumber_encrypted = $encryptionHelper->encryptData($phoneNumber);
+error_log("[Auth_Debug] Phone number encrypted successfully.");
+
+try {
+    // ✅ 1. حذف أي رموز قديمة لنفس الرقم
+    error_log("[Auth_Step_1] Deleting old verification records for this phone...");
+    
+    $stmtDelete = $con->prepare("DELETE FROM phone_verification_passenger WHERE phone_number = ?");
+    $stmtDelete->execute([$phoneNumber_encrypted]);
+    
+    error_log("[Auth_Step_1] Old records deleted (if any).");
+
+    // ✅ 2. إدخال سجل جديد مع تحقق مباشر (بدون OTP)
+    $now = date('Y-m-d H:i:s');
+    error_log("[Auth_Step_2] Inserting new verified record at: " . $now);
+
+    $stmt = $con->prepare("
+        INSERT INTO phone_verification_passenger (phone_number, token, expiration_time, verified, created_at)
+        VALUES (?, NULL, NULL, 1, ?)
+    ");
+    $stmt->execute([$phoneNumber_encrypted, $now]);
+    
+    error_log("[Auth_Step_2] New record inserted successfully.");
+
+    // ✅ 3. فحص هل الراكب موجود مسبقاً
+    error_log("[Auth_Step_3] Checking if passenger exists in passengers table...");
+
+    $checkPassengerStmt = $con->prepare("
+        SELECT * FROM passengers WHERE phone = ?
+    ");
+    $checkPassengerStmt->execute([$phoneNumber_encrypted]);
+    $passenger = $checkPassengerStmt->fetch(PDO::FETCH_ASSOC);
+
+    if ($passenger) {
+        // ✅ الراكب موجود
+        error_log("[Auth_Result] Passenger Found. ID: " . $passenger['id']);
+
+        printSuccess([
+            "message" => "Passenger already registered.",
+            "isRegistered" => true,
+            "passenger" => [
+                "id" => $passenger['id'],
+                "first_name" => $encryptionHelper->decryptData($passenger['first_name']),
+                "last_name" => $encryptionHelper->decryptData($passenger['last_name']),
+                "email" => $encryptionHelper->decryptData($passenger['email']),
+                "phone" => $phoneNumber
+            ]
+        ]);
+    } else {
+        // ✅ الراكب جديد
+        error_log("[Auth_Result] Passenger Not Found. Treating as new user.");
+
+        printSuccess([
+            "message" => "Phone number verified automatically (no OTP required).",
+            "isRegistered" => false
+        ]);
+    }
+
+} catch (PDOException $e) {
+    // تسجيل الخطأ بالتفصيل في ملف اللوج
+    error_log("[Auth_DB_Exception] Error: " . $e->getMessage() . " | File: " . $e->getFile() . " | Line: " . $e->getLine());
+    
+    // طباعة رسالة الخطأ للمستخدم (يفضل عدم إظهار تفاصيل الـ SQL للمستخدم النهائي لأسباب أمنية)
+    jsonError("Database error occurred. Please contact support.");
+} catch (Exception $e) {
+    // التقاط أي أخطاء عامة أخرى
+    error_log("[Auth_General_Exception] Error: " . $e->getMessage());
+    jsonError("An unexpected error occurred.");
+}
+
+// تسجيل نهاية الطلب
+error_log("[Auth_Debug] Request processing finished.");
+
+?>