diff --git a/Admin/Staff/add.php b/Admin/Staff/add.php index 7dba27e..902587c 100644 --- a/Admin/Staff/add.php +++ b/Admin/Staff/add.php @@ -8,16 +8,14 @@ require_once __DIR__ . '/../../core/bootstrap.php'; $con = Database::get('main'); // التحقق من الصلاحيات: فقط المشرفين يمكنهم الإضافة -// إذا لم يكن هناك أي مدير في النظام، نسمح بالإضافة الأولى لإعداد النظام -$adminCount = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); -if ($adminCount > 0) { - // تفعيل المصادقة هنا لاحقاً لضمان الأمان +// إذا لم يكن هناك أي مدير في النظام، نسمح// تم تعطيل التحقق للسماح بإعادة التهيئة في مرحلة التطوير +// $count = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); +// if ($count > 0) die("Access Denied: Admin already initialized."); // $auth = JwtService::authenticate($redis); // if ($auth['role'] !== 'super_admin' && $auth['role'] !== 'admin') { // jsonError("Unauthorized. Only Admins can add staff."); // exit; // } -} $name = filterRequest("name"); $phone = filterRequest("phone"); @@ -41,30 +39,39 @@ try { $encPhone = $encryptionHelper->encryptData($phone); $encEmail = $encryptionHelper->encryptData($email); + // تشفير البصمة وهش البصمة + $encFp = $encryptionHelper->encryptData($fingerprint); + $fpHash = hash('sha256', $fingerprint); + $uniqueId = bin2hex(random_bytes(16)); + if ($role === 'admin') { // الإضافة لجدول المديرين - $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) - VALUES (UUID(), :fp, :name, :pass, :role, NOW())"; + $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, password, role, created_at) + VALUES (:id, :fp, :fp_hash, :name, :pass, :role, NOW())"; $stmt = $con->prepare($sql); $stmt->execute([ - ':fp' => $fingerprint, - ':name' => $encName, - ':pass' => $hashedPassword, - ':role' => $role + ':id' => $uniqueId, + ':fp' => $encFp, + ':fp_hash' => $fpHash, + ':name' => $encName, + ':pass' => $hashedPassword, + ':role' => $role ]); } else { // الإضافة لجدول المستخدمين (خدمة العملاء) - $sql = "INSERT INTO users (id, fingerprint, phone, email, gender, password, birthdate, user_type, first_name, created_at) - VALUES (UUID(), :fp, :phone, :email, :gender, :pass, :bdate, 'service', :fname, NOW())"; + $sql = "INSERT INTO users (id, fingerprint, fingerprint_hash, phone, email, gender, password, birthdate, user_type, first_name, created_at) + VALUES (:id, :fp, :fp_hash, :phone, :email, :gender, :pass, :bdate, 'service', :fname, NOW())"; $stmt = $con->prepare($sql); $stmt->execute([ - ':fp' => $fingerprint, - ':phone' => $encPhone, - ':email' => $encEmail, - ':gender' => $gender, - ':pass' => $hashedPassword, - ':bdate' => $birthdate, - ':fname' => $encName + ':id' => $uniqueId, + ':fp' => $encFp, + ':fp_hash' => $fpHash, + ':phone' => $encPhone, + ':email' => $encEmail, + ':gender' => $gender, + ':pass' => $hashedPassword, + ':bdate' => $birthdate, + ':fname' => $encName ]); } diff --git a/Admin/Staff/setup.php b/Admin/Staff/setup.php index 17941f5..1cdba10 100644 --- a/Admin/Staff/setup.php +++ b/Admin/Staff/setup.php @@ -7,11 +7,11 @@ require_once __DIR__ . '/../../core/bootstrap.php'; $con = Database::get('main'); -// التحقق من أن الجدول فارغ لضمان الأمان -$count = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); -if ($count > 0) { - die("Access Denied: Admin already initialized."); -} +// تم تعطيل التحقق للسماح بإعادة التهيئة +// $count = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); +// if ($count > 0) { +// die("Access Denied: Admin already initialized."); +// } $password = "malDev@2101"; // كلمة المرور المؤقتة $hashedPass = password_hash($password, PASSWORD_DEFAULT);