Initial commit with updated Auth and media ignored

migration/get_all_fingerprints.php

@@ -0,0 +1,57 @@
+<?php
+// ═══════════════════════════════════════════════════════════════
+// get_all_fingerprints.php — جلب كل البصمات للترحيل
+// ───────────────────────────────────────────────────────────────
+// ⚠️ يُستخدم مرة واحدة فقط ثم يُحذف من السيرفر
+// محمي بـ admin_key لمنع الوصول العشوائي
+// ═══════════════════════════════════════════════════════════════
+
+
+require_once __DIR__ . '/../get_connect.php';
+//include 'functions.php';
+
+header('Content-Type: application/json');
+header('Access-Control-Allow-Origin: https://intaleqapp.com');
+header('Access-Control-Allow-Methods: POST, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+// ── التحقق من admin_key ────────────────────────────────────────
+$adminKey         = filterRequest('admin_key') ?? '';
+$expectedAdminKey = getenv('MIGRATION_ADMIN_KEY'); // أضفه في .env
+
+if (empty($adminKey) || !hash_equals($expectedAdminKey, $adminKey)) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Forbidden']);
+    exit;
+}
+
+try {
+    // جلب كل البصمات من جدول tokens
+    // نجيب passengerID + fingerPrint فقط — لا نعطي بيانات حساسة أخرى
+    $stmt = $con->prepare('
+        SELECT passengerID, fingerPrint, "passenger" AS userType
+        FROM tokens
+        WHERE fingerPrint IS NOT NULL
+          AND fingerPrint != ""
+        ORDER BY passengerID
+    ');
+    $stmt->execute();
+    $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    echo json_encode([
+        'status' => 'success',
+        'count'  => count($rows),
+        'data'   => $rows,
+    ]);
+    http_response_code(200);
+
+} catch (Exception $e) {
+    error_log('❌ [get_all_fingerprints] ' . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['error' => 'Server error']);
+}