Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-06 17:13:24

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-06 17:13:24 +03:00
parent 019bff7e37
commit 3d4e636fbe
2 changed files with 94 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/modules_app/auth/mobile_request_otp.php
View File

@@ -17,6 +17,7 @@ use App\Middleware\RateLimitMiddleware;
// Rate limit: 3 OTP requests per minute per IP // Rate limit: 3 OTP requests per minute per IP
RateLimitMiddleware::check(3, 60); RateLimitMiddleware::check(3, 60);
try {
$data = Security::sanitize(input()); $data = Security::sanitize(input());
// 1. Validate // 1. Validate
@@ -31,11 +32,20 @@ if ($errors) {
$phone = preg_replace('/[^0-9+]/', '', $data['phone']); $phone = preg_replace('/[^0-9+]/', '', $data['phone']);
$phoneHash = hash('sha256', $phone); $phoneHash = hash('sha256', $phone);
// 2. Find user by phone hash // 2. Find user by phone hash OR plain phone (Support both schemas)
$db = Database::getInstance(); $db = Database::getInstance();
// First, try to find by phone_hash. If it fails, we'll catch it.
try {
$stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone_hash = ? LIMIT 1"); $stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone_hash = ? LIMIT 1");
$stmt->execute([$phoneHash]); $stmt->execute([$phoneHash]);
$user = $stmt->fetch(); $user = $stmt->fetch();
} catch (\PDOException $e) {
// Fallback to searching by plain phone if phone_hash column doesn't exist
$stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone = ? LIMIT 1");
$stmt->execute([$phone]);
$user = $stmt->fetch();
}
if (!$user) { if (!$user) {
// Don't reveal if phone exists — generic message // Don't reveal if phone exists — generic message
@@ -53,7 +63,6 @@ $otpHash = password_hash($otp, PASSWORD_DEFAULT);
$expiresAt = date('Y-m-d H:i:s', time() + 300); // 5 minutes $expiresAt = date('Y-m-d H:i:s', time() + 300); // 5 minutes
// 4. Store OTP in database (or Redis if available) // 4. Store OTP in database (or Redis if available)
// Using a simple approach: store in a cache file per phone
$cacheDir = STORAGE_PATH . '/cache/otp'; $cacheDir = STORAGE_PATH . '/cache/otp';
if (!is_dir($cacheDir)) { if (!is_dir($cacheDir)) {
mkdir($cacheDir, 0755, true); mkdir($cacheDir, 0755, true);
@@ -93,5 +102,9 @@ if (env('APP_DEBUG', 'false') === 'true') {
json_success(['whatsapp_debug' => $result], 'إذا كان الرقم مسجلاً، سيتم إرسال رمز التحقق عبر واتساب'); json_success(['whatsapp_debug' => $result], 'إذا كان الرقم مسجلاً، سيتم إرسال رمز التحقق عبر واتساب');
} catch (\Exception $e) {
json_error('Internal Server Error: ' . $e->getMessage(), 500);
}

11
musadaq-app/lib/features/auth/controllers/auth_controller.dart
View File

@@ -18,6 +18,10 @@ class AuthController extends GetxController {
Future<void> requestOtp(String phoneNumber) async { Future<void> requestOtp(String phoneNumber) async {
try { try {
if (phoneNumber.trim().isEmpty) {
AppSnackbar.showError('خطأ', 'الرجاء إدخال رقم الهاتف أولاً');
return;
}
isLoading.value = true; isLoading.value = true;
phone.value = phoneNumber; phone.value = phoneNumber;
@@ -31,8 +35,11 @@ class AuthController extends GetxController {
Get.toNamed(AppRoutes.OTP_VERIFY); Get.toNamed(AppRoutes.OTP_VERIFY);
} }
} on DioException catch (e, stackTrace) { } on DioException catch (e, stackTrace) {
AppLogger.error('OTP Request Failed', e.response?.data, stackTrace); String errorMessage = 'فشل الاتصال بالخادم';
AppSnackbar.showError('خطأ', e.response?.data['message'] ?? 'فشل الاتصال بالخادم'); if (e.response?.data != null && e.response?.data is Map) {
errorMessage = e.response?.data['message'] ?? errorMessage;
}
AppSnackbar.showError('خطأ', errorMessage);
} finally { } finally {
isLoading.value = false; isLoading.value = false;
} }