admin 1

Admin/Staff/add.php

@@ -0,0 +1,80 @@
+<?php
+/**
+ * Admin/Staff/add.php
+ * إضافة موظف جديد (أدمن أو خدمة عملاء) مع تشفير البيانات وحفظ بصمة الجهاز
+ */
+require_once __DIR__ . '/../../core/bootstrap.php';
+
+$con = Database::get('main');
+
+// التحقق من الصلاحيات: فقط المشرفين يمكنهم الإضافة
+// إذا لم يكن هناك أي مدير في النظام، نسمح بالإضافة الأولى لإعداد النظام
+$adminCount = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn();
+if ($adminCount > 0) {
+    // تفعيل المصادقة هنا لاحقاً لضمان الأمان
+    // $auth = JwtService::authenticate($redis);
+    // if ($auth['role'] !== 'super_admin' && $auth['role'] !== 'admin') {
+    //     jsonError("Unauthorized. Only Admins can add staff.");
+    //     exit;
+    // }
+}
+
+$name        = filterRequest("name");
+$phone       = filterRequest("phone");
+$email       = filterRequest("email");
+$password    = filterRequest("password");
+$role        = filterRequest("role"); // 'admin' or 'service'
+$fingerprint = filterRequest("fingerprint");
+$gender      = filterRequest("gender") ?? 'Male';
+$birthdate   = filterRequest("birthdate");
+
+if (empty($name) || empty($password) || empty($role) || empty($fingerprint)) {
+    jsonError("Missing required fields (name, password, role, fingerprint).");
+    exit;
+}
+
+try {
+    $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
+
+    // تشفير البيانات الحساسة باستخدام الهيلبر العام من bootstrap
+    $encName  = $encryptionHelper->encryptData($name);
+    $encPhone = $encryptionHelper->encryptData($phone);
+    $encEmail = $encryptionHelper->encryptData($email);
+
+    if ($role === 'admin') {
+        // الإضافة لجدول المديرين
+        $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) 
+                VALUES (UUID(), :fp, :name, :pass, :role, NOW())";
+        $stmt = $con->prepare($sql);
+        $stmt->execute([
+            ':fp'   => $fingerprint,
+            ':name' => $encName,
+            ':pass' => $hashedPassword,
+            ':role' => $role
+        ]);
+    } else {
+        // الإضافة لجدول المستخدمين (خدمة العملاء)
+        $sql = "INSERT INTO users (id, fingerprint, phone, email, gender, password, birthdate, user_type, first_name, created_at) 
+                VALUES (UUID(), :fp, :phone, :email, :gender, :pass, :bdate, 'service', :fname, NOW())";
+        $stmt = $con->prepare($sql);
+        $stmt->execute([
+            ':fp'    => $fingerprint,
+            ':phone' => $encPhone,
+            ':email' => $encEmail,
+            ':gender' => $gender,
+            ':pass'  => $hashedPassword,
+            ':bdate' => $birthdate,
+            ':fname' => $encName
+        ]);
+    }
+
+    if ($stmt->rowCount() > 0) {
+        jsonSuccess("Staff member added successfully.");
+    } else {
+        jsonError("Failed to add staff member.");
+    }
+
+} catch (Exception $e) {
+    error_log("[Staff Add Error] " . $e->getMessage());
+    jsonError("Server error: " . $e->getMessage());
+}

Admin/Staff/setup.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * Admin/Staff/setup.php
+ * سكربت إعداد المسؤول الأول (Super Admin)
+ * يستخدم لمرة واحدة فقط عندما تكون الجداول فارغة
+ */
+require_once __DIR__ . '/../../core/bootstrap.php';
+$con = Database::get('main');
+
+// التحقق من أن الجدول فارغ لضمان الأمان
+$count = $con->query("SELECT COUNT(*) FROM adminUser")->fetchColumn();
+if ($count > 0) {
+    die("Access Denied: Admin already initialized.");
+}
+
+$password = "123456"; // كلمة المرور المؤقتة
+$hashedPass = password_hash($password, PASSWORD_DEFAULT);
+
+// قائمة بالمسؤولين الأوائل (بصمات أجهزتك)
+$admins = [
+    [
+        'name' => 'Hamza (iPhone)',
+        'fp'   => 'D386663E-51E1-4322-B1E2-F469C7E58063_iPhone', // مثال بناءً على وصفك (deviceId_model)
+        'role' => 'admin'
+    ],
+    [
+        'name' => 'Hamza (MacBook)',
+        'fp'   => '00008030-001C1D8C3A82802E_MacBook Pro', // مثال للماك بوك
+        'role' => 'admin'
+    ]
+];
+
+try {
+    foreach ($admins as $admin) {
+        $encName = $encryptionHelper->encryptData($admin['name']);
+        $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) 
+                VALUES (UUID(), :fp, :name, :pass, :role, NOW())";
+        $stmt = $con->prepare($sql);
+        $stmt->execute([
+            ':fp'   => $admin['fp'],
+            ':name' => $encName,
+            ':pass' => $hashedPass,
+            ':role' => $admin['role']
+        ]);
+    }
+
+    echo "<h1>Initialization Successful</h1>";
+    echo "<p>Admins created successfully with password: <b>$password</b></p>";
+    echo "<p>Please delete this file (setup.php) immediately for security.</p>";
+
+} catch (Exception $e) {
+    echo "Error: " . $e->getMessage();
+}

Admin/adminUser/add.php

@@ -1,25 +1,46 @@
 <?php
-require_once __DIR__ . '/../../connect.php';
+require_once __DIR__ . '/../../core/bootstrap.php';
 
-$deviceNumber = filterRequest("deviceNumber"); // Assuming you'll get deviceNumber as input
+$deviceNumber = filterRequest("deviceNumber");
 $name = filterRequest("name");
+$password = filterRequest("password");
+$role = filterRequest("role") ?? 'admin';
 
-$sql = "INSERT INTO `adminUser`(`id`, `device_number`, `name`) VALUES (
+if (empty($name) || empty($password)) {
-  UUID(),
+    jsonError("Name and password are required.");
-  :deviceNumber,
+    exit;
-  :name
+}
-)";
 
-$stmt = $con->prepare($sql);
+try {
-$stmt->bindParam(':deviceNumber', $deviceNumber);
+    $con = Database::get('main');
-$stmt->bindParam(':name', $name);
-$stmt->execute();
     
-if ($stmt->rowCount() > 0) {
+    // Hash the password for security
-  // Print a success message
+    $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-  jsonSuccess($message = "Admin user data saved successfully");
+
-} else {
+    $sql = "INSERT INTO `adminUser`(`id`, `device_number`, `name`, `password`, `role`) VALUES (
-  // Print a failure message
+      UUID(),
-  jsonError($message = "Failed to save admin user data");
+      :deviceNumber,
+      :name,
+      :password,
+      :role
+    )";
+
+    $stmt = $con->prepare($sql);
+    $stmt->execute([
+        ':deviceNumber' => $deviceNumber,
+        ':name' => $name,
+        ':password' => $hashedPassword,
+        ':role' => $role
+    ]);
+
+    if ($stmt->rowCount() > 0) {
+      jsonSuccess("Admin user data saved successfully");
+    } else {
+      jsonError("Failed to save admin user data");
+    }
+} catch (Exception $e) {
+    error_log("[Admin Add Error] " . $e->getMessage());
+    jsonError("Database error: " . $e->getMessage());
 }
 ?>
+

Admin/auth/login.php

@@ -1,26 +1,54 @@
 <?php
-//login.php
+/**
-require_once __DIR__ . '/../../connect.php';
+ * Admin/auth/login.php
+ * تسجيل دخول المشرفين باستخدام البصمة وكلمة المرور المشفرة
+ */
+require_once __DIR__ . '/../../core/bootstrap.php';
 
-$device = filterRequest("device_number");
+$fingerprint = filterRequest('fingerprint');
-$phone  = filterRequest("phone_number");
+$password    = filterRequest('password');
+$audience    = filterRequest('aud') ?? 'admin';
 
-if (empty($device) || empty($phone)) {
+if (empty($fingerprint) || empty($password)) {
-    jsonError("device_number أو phone_number مفقود");
+    jsonError("Fingerprint and password are required.");
     exit;
 }
 
-$stmt = $con->prepare("SELECT * FROM adminUser WHERE device_number = ? AND name = ?");
+try {
-$stmt->execute([$device, $phone]);
+    $con = Database::get('main');
     
-if ($stmt->rowCount() > 0) {
+    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint)
+    $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint = :fp LIMIT 1");
+    $stmt->execute([':fp' => $fingerprint]);
     $admin = $stmt->fetch(PDO::FETCH_ASSOC);
 
-    // يمكن لاحقًا توليد توكن أو بيانات أخرى
+    if ($admin) {
-    printSuccess([
+        // التحقق من كلمة المرور الهاش
-        "message" => "تم التحقق بنجاح",
+        if (password_verify($password, $admin['password'])) {
-        "admin" => $admin,
+            
-    ]);
+            // فك تشفير الاسم للعرض في التطبيق
-} else {
+            $admin['name'] = $encryptionHelper->decryptData($admin['name']) ?: $admin['name'];
-    jsonError("بيانات الدخول غير صحيحة أو غير مسجلة.");
+            unset($admin['password']);
+
+            $jwtService = new JwtService($redis);
+            $role = $admin['role'] ?? 'admin';
+            
+            // توليد توكن الدخول
+            $jwt = $jwtService->generateAccessToken($admin['id'], $role, $audience);
+
+            printSuccess([
+                "message" => "Login successful",
+                "admin" => $admin,
+                "jwt" => $jwt,
+                "expires_in" => 3600
+            ]);
+        } else {
+            jsonError("كلمة المرور غير صحيحة.");
+        }
+    } else {
+        jsonError("الجهاز غير مسجل كمشرف.");
+    }
+} catch (Exception $e) {
+    error_log("[Admin Login Error] " . $e->getMessage());
+    jsonError("خطأ في السيرفر: " . $e->getMessage());
 }

intaleq_v1.code-workspace

@@ -8,6 +8,12 @@
 		},
 		{
 			"path": "../../../development/App/intaleq_driver"
+		},
+		{
+			"path": "../../../development/App/intaleq_admin"
+		},
+		{
+			"path": "../../../development/App/service_intaleq"
 		}
 	],
 	"settings": {}

serviceapp/login.php

@@ -1,57 +1,56 @@
 <?php
-require_once __DIR__ . '/../connect.php';
+require_once __DIR__ . '/../core/bootstrap.php';
 
-// Get email and password from the request
+$fingerprint = filterRequest('fingerprint');
-$email = filterRequest('email');
 $password = filterRequest('password');
+$audience = filterRequest('aud') ?? 'service';
 
-// Check if email and password are provided
+if (empty($fingerprint) || empty($password)) {
-if (empty($email) || empty($password)) {
+    jsonError("Fingerprint and password are required.");
-    echo json_encode([
-        "status" => "failure",
-        "message" => "Email and password are required."
-    ]);
     exit();
 }
 
-// SQL to check for user with provided email
+try {
-$sql = "SELECT * FROM `users` WHERE `email` = :email";
+    $con = Database::get('main');
     
-$stmt = $con->prepare($sql);
+    // البحث بالبصمة للموظف
-$stmt->bindParam(':email', $email);
+    $sql = "SELECT * FROM `users` WHERE `fingerprint` = :fp AND `user_type` = 'service' LIMIT 1";
-$stmt->execute();
+    $stmt = $con->prepare($sql);
+    $stmt->execute([':fp' => $fingerprint]);
+    $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
-$user = $stmt->fetch(PDO::FETCH_ASSOC);
+    if ($user) {
+        // التحقق من كلمة المرور
+        if (password_verify($password, $user['password'])) {
             
-header('Content-Type: application/json'); // Ensure the response is JSON
+            // فك تشفير البيانات للعرض في التطبيق
+            $user['first_name'] = $encryptionHelper->decryptData($user['first_name']) ?: $user['first_name'];
+            $user['last_name']  = $encryptionHelper->decryptData($user['last_name']) ?: $user['last_name'];
+            $user['email']      = $encryptionHelper->decryptData($user['email']) ?: $user['email'];
+            $user['phone']      = $encryptionHelper->decryptData($user['phone']) ?: $user['phone'];
 
-if ($user) {
+            unset($user['password']);
-    // Verify the password
+
-    if ($password=== $user['password']) {
+            // توليد التوكن
-        // Password is correct
+            $jwtService = new JwtService($redis);
-        unset($user['password']); // Remove password from the response
+            $role = 'service';
-        echo json_encode([
+            $jwt = $jwtService->generateAccessToken($user['id'], $role, $audience);
-            "status" => "success",
+
-            "message" => "Login successful",
+            printSuccess([
-            "data" => $user
+                "message" => "Login successful",
-        ]);
+                "data" => $user,
+                "jwt" => $jwt,
+                "expires_in" => 3600
+            ]);
+        } else {
+            jsonError("Incorrect password");
+        }
     } else {
-        // Password is incorrect
+        jsonError("الجهاز غير مسجل لموظف خدمة.");
-        echo json_encode([
-            "status" => "failure",
-            "message" => "Incorrect password",
-            "password"=>$password,
-            "password1"=>$user['password'],
-        ]);
     }
-} else {
+} catch (Exception $e) {
-    // User not found
+    error_log("[ServiceApp Login Error] " . $e->getMessage());
-    echo json_encode([
+    jsonError("Server error: " . $e->getMessage());
-        "status" => "failure",
-        "message" => "User not found"
-    ]);
 }
 
-$stmt = null; // Close the statement
+exit();
-$con = null;  // Close the connection
-exit();       // Ensure no further output