diff --git a/Admin/Staff/add.php b/Admin/Staff/add.php new file mode 100644 index 0000000..7dba27e --- /dev/null +++ b/Admin/Staff/add.php @@ -0,0 +1,80 @@ +query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); +if ($adminCount > 0) { + // تفعيل المصادقة هنا لاحقاً لضمان الأمان + // $auth = JwtService::authenticate($redis); + // if ($auth['role'] !== 'super_admin' && $auth['role'] !== 'admin') { + // jsonError("Unauthorized. Only Admins can add staff."); + // exit; + // } +} + +$name = filterRequest("name"); +$phone = filterRequest("phone"); +$email = filterRequest("email"); +$password = filterRequest("password"); +$role = filterRequest("role"); // 'admin' or 'service' +$fingerprint = filterRequest("fingerprint"); +$gender = filterRequest("gender") ?? 'Male'; +$birthdate = filterRequest("birthdate"); + +if (empty($name) || empty($password) || empty($role) || empty($fingerprint)) { + jsonError("Missing required fields (name, password, role, fingerprint)."); + exit; +} + +try { + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); + + // تشفير البيانات الحساسة باستخدام الهيلبر العام من bootstrap + $encName = $encryptionHelper->encryptData($name); + $encPhone = $encryptionHelper->encryptData($phone); + $encEmail = $encryptionHelper->encryptData($email); + + if ($role === 'admin') { + // الإضافة لجدول المديرين + $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) + VALUES (UUID(), :fp, :name, :pass, :role, NOW())"; + $stmt = $con->prepare($sql); + $stmt->execute([ + ':fp' => $fingerprint, + ':name' => $encName, + ':pass' => $hashedPassword, + ':role' => $role + ]); + } else { + // الإضافة لجدول المستخدمين (خدمة العملاء) + $sql = "INSERT INTO users (id, fingerprint, phone, email, gender, password, birthdate, user_type, first_name, created_at) + VALUES (UUID(), :fp, :phone, :email, :gender, :pass, :bdate, 'service', :fname, NOW())"; + $stmt = $con->prepare($sql); + $stmt->execute([ + ':fp' => $fingerprint, + ':phone' => $encPhone, + ':email' => $encEmail, + ':gender' => $gender, + ':pass' => $hashedPassword, + ':bdate' => $birthdate, + ':fname' => $encName + ]); + } + + if ($stmt->rowCount() > 0) { + jsonSuccess("Staff member added successfully."); + } else { + jsonError("Failed to add staff member."); + } + +} catch (Exception $e) { + error_log("[Staff Add Error] " . $e->getMessage()); + jsonError("Server error: " . $e->getMessage()); +} diff --git a/Admin/Staff/setup.php b/Admin/Staff/setup.php new file mode 100644 index 0000000..e91f788 --- /dev/null +++ b/Admin/Staff/setup.php @@ -0,0 +1,53 @@ +query("SELECT COUNT(*) FROM adminUser")->fetchColumn(); +if ($count > 0) { + die("Access Denied: Admin already initialized."); +} + +$password = "123456"; // كلمة المرور المؤقتة +$hashedPass = password_hash($password, PASSWORD_DEFAULT); + +// قائمة بالمسؤولين الأوائل (بصمات أجهزتك) +$admins = [ + [ + 'name' => 'Hamza (iPhone)', + 'fp' => 'D386663E-51E1-4322-B1E2-F469C7E58063_iPhone', // مثال بناءً على وصفك (deviceId_model) + 'role' => 'admin' + ], + [ + 'name' => 'Hamza (MacBook)', + 'fp' => '00008030-001C1D8C3A82802E_MacBook Pro', // مثال للماك بوك + 'role' => 'admin' + ] +]; + +try { + foreach ($admins as $admin) { + $encName = $encryptionHelper->encryptData($admin['name']); + $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) + VALUES (UUID(), :fp, :name, :pass, :role, NOW())"; + $stmt = $con->prepare($sql); + $stmt->execute([ + ':fp' => $admin['fp'], + ':name' => $encName, + ':pass' => $hashedPass, + ':role' => $admin['role'] + ]); + } + + echo "

Initialization Successful

"; + echo "

Admins created successfully with password: $password

"; + echo "

Please delete this file (setup.php) immediately for security.

"; + +} catch (Exception $e) { + echo "Error: " . $e->getMessage(); +} diff --git a/Admin/adminUser/add.php b/Admin/adminUser/add.php index 349a03e..9a1d226 100644 --- a/Admin/adminUser/add.php +++ b/Admin/adminUser/add.php @@ -1,25 +1,46 @@ prepare($sql); -$stmt->bindParam(':deviceNumber', $deviceNumber); -$stmt->bindParam(':name', $name); -$stmt->execute(); +try { + $con = Database::get('main'); + + // Hash the password for security + $hashedPassword = password_hash($password, PASSWORD_DEFAULT); -if ($stmt->rowCount() > 0) { - // Print a success message - jsonSuccess($message = "Admin user data saved successfully"); -} else { - // Print a failure message - jsonError($message = "Failed to save admin user data"); + $sql = "INSERT INTO `adminUser`(`id`, `device_number`, `name`, `password`, `role`) VALUES ( + UUID(), + :deviceNumber, + :name, + :password, + :role + )"; + + $stmt = $con->prepare($sql); + $stmt->execute([ + ':deviceNumber' => $deviceNumber, + ':name' => $name, + ':password' => $hashedPassword, + ':role' => $role + ]); + + if ($stmt->rowCount() > 0) { + jsonSuccess("Admin user data saved successfully"); + } else { + jsonError("Failed to save admin user data"); + } +} catch (Exception $e) { + error_log("[Admin Add Error] " . $e->getMessage()); + jsonError("Database error: " . $e->getMessage()); } ?> + diff --git a/Admin/auth/login.php b/Admin/auth/login.php index 3831646..23a0579 100755 --- a/Admin/auth/login.php +++ b/Admin/auth/login.php @@ -1,26 +1,54 @@ prepare("SELECT * FROM adminUser WHERE device_number = ? AND name = ?"); -$stmt->execute([$device, $phone]); - -if ($stmt->rowCount() > 0) { +try { + $con = Database::get('main'); + + // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint) + $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint = :fp LIMIT 1"); + $stmt->execute([':fp' => $fingerprint]); $admin = $stmt->fetch(PDO::FETCH_ASSOC); - // يمكن لاحقًا توليد توكن أو بيانات أخرى - printSuccess([ - "message" => "تم التحقق بنجاح", - "admin" => $admin, - ]); -} else { - jsonError("بيانات الدخول غير صحيحة أو غير مسجلة."); + if ($admin) { + // التحقق من كلمة المرور الهاش + if (password_verify($password, $admin['password'])) { + + // فك تشفير الاسم للعرض في التطبيق + $admin['name'] = $encryptionHelper->decryptData($admin['name']) ?: $admin['name']; + unset($admin['password']); + + $jwtService = new JwtService($redis); + $role = $admin['role'] ?? 'admin'; + + // توليد توكن الدخول + $jwt = $jwtService->generateAccessToken($admin['id'], $role, $audience); + + printSuccess([ + "message" => "Login successful", + "admin" => $admin, + "jwt" => $jwt, + "expires_in" => 3600 + ]); + } else { + jsonError("كلمة المرور غير صحيحة."); + } + } else { + jsonError("الجهاز غير مسجل كمشرف."); + } +} catch (Exception $e) { + error_log("[Admin Login Error] " . $e->getMessage()); + jsonError("خطأ في السيرفر: " . $e->getMessage()); } \ No newline at end of file diff --git a/intaleq_v1.code-workspace b/intaleq_v1.code-workspace index 1a1c607..7909573 100644 --- a/intaleq_v1.code-workspace +++ b/intaleq_v1.code-workspace @@ -8,6 +8,12 @@ }, { "path": "../../../development/App/intaleq_driver" + }, + { + "path": "../../../development/App/intaleq_admin" + }, + { + "path": "../../../development/App/service_intaleq" } ], "settings": {} diff --git a/serviceapp/login.php b/serviceapp/login.php index 60ae522..9c8c5da 100755 --- a/serviceapp/login.php +++ b/serviceapp/login.php @@ -1,57 +1,56 @@ "failure", - "message" => "Email and password are required." - ]); +if (empty($fingerprint) || empty($password)) { + jsonError("Fingerprint and password are required."); exit(); } -// SQL to check for user with provided email -$sql = "SELECT * FROM `users` WHERE `email` = :email"; +try { + $con = Database::get('main'); + + // البحث بالبصمة للموظف + $sql = "SELECT * FROM `users` WHERE `fingerprint` = :fp AND `user_type` = 'service' LIMIT 1"; + $stmt = $con->prepare($sql); + $stmt->execute([':fp' => $fingerprint]); + $user = $stmt->fetch(PDO::FETCH_ASSOC); -$stmt = $con->prepare($sql); -$stmt->bindParam(':email', $email); -$stmt->execute(); + if ($user) { + // التحقق من كلمة المرور + if (password_verify($password, $user['password'])) { + + // فك تشفير البيانات للعرض في التطبيق + $user['first_name'] = $encryptionHelper->decryptData($user['first_name']) ?: $user['first_name']; + $user['last_name'] = $encryptionHelper->decryptData($user['last_name']) ?: $user['last_name']; + $user['email'] = $encryptionHelper->decryptData($user['email']) ?: $user['email']; + $user['phone'] = $encryptionHelper->decryptData($user['phone']) ?: $user['phone']; -$user = $stmt->fetch(PDO::FETCH_ASSOC); + unset($user['password']); -header('Content-Type: application/json'); // Ensure the response is JSON + // توليد التوكن + $jwtService = new JwtService($redis); + $role = 'service'; + $jwt = $jwtService->generateAccessToken($user['id'], $role, $audience); -if ($user) { - // Verify the password - if ($password=== $user['password']) { - // Password is correct - unset($user['password']); // Remove password from the response - echo json_encode([ - "status" => "success", - "message" => "Login successful", - "data" => $user - ]); + printSuccess([ + "message" => "Login successful", + "data" => $user, + "jwt" => $jwt, + "expires_in" => 3600 + ]); + } else { + jsonError("Incorrect password"); + } } else { - // Password is incorrect - echo json_encode([ - "status" => "failure", - "message" => "Incorrect password", - "password"=>$password, - "password1"=>$user['password'], - ]); + jsonError("الجهاز غير مسجل لموظف خدمة."); } -} else { - // User not found - echo json_encode([ - "status" => "failure", - "message" => "User not found" - ]); +} catch (Exception $e) { + error_log("[ServiceApp Login Error] " . $e->getMessage()); + jsonError("Server error: " . $e->getMessage()); } -$stmt = null; // Close the statement -$con = null; // Close the connection -exit(); // Ensure no further output \ No newline at end of file +exit(); \ No newline at end of file