Update: 2026-05-06 17:13:24

2026-05-06 17:13:24 +03:00
parent 019bff7e37
commit 3d4e636fbe
2 changed files with 94 additions and 74 deletions
--- a/app/modules_app/auth/mobile_request_otp.php
+++ b/app/modules_app/auth/mobile_request_otp.php
@@ -17,6 +17,7 @@ use App\Middleware\RateLimitMiddleware;
 // Rate limit: 3 OTP requests per minute per IP
 RateLimitMiddleware::check(3, 60);

+try {
    $data = Security::sanitize(input());

    // 1. Validate
@@ -31,11 +32,20 @@ if ($errors) {
    $phone = preg_replace('/[^0-9+]/', '', $data['phone']);
    $phoneHash = hash('sha256', $phone);

-// 2. Find user by phone hash
+    // 2. Find user by phone hash OR plain phone (Support both schemas)
    $db = Database::getInstance();
+    
+    // First, try to find by phone_hash. If it fails, we'll catch it.
+    try {
        $stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone_hash = ? LIMIT 1");
        $stmt->execute([$phoneHash]);
        $user = $stmt->fetch();
+    } catch (\PDOException $e) {
+        // Fallback to searching by plain phone if phone_hash column doesn't exist
+        $stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone = ? LIMIT 1");
+        $stmt->execute([$phone]);
+        $user = $stmt->fetch();
+    }

    if (!$user) {
        // Don't reveal if phone exists — generic message
@@ -53,7 +63,6 @@ $otpHash = password_hash($otp, PASSWORD_DEFAULT);
    $expiresAt = date('Y-m-d H:i:s', time() + 300); // 5 minutes

    // 4. Store OTP in database (or Redis if available)
-// Using a simple approach: store in a cache file per phone
    $cacheDir = STORAGE_PATH . '/cache/otp';
    if (!is_dir($cacheDir)) {
        mkdir($cacheDir, 0755, true);
@@ -93,5 +102,9 @@ if (env('APP_DEBUG', 'false') === 'true') {

    json_success(['whatsapp_debug' => $result], 'إذا كان الرقم مسجلاً، سيتم إرسال رمز التحقق عبر واتساب');

+} catch (\Exception $e) {
+    json_error('Internal Server Error: ' . $e->getMessage(), 500);
+}
+


--- a/musadaq-app/lib/features/auth/controllers/auth_controller.dart
+++ b/musadaq-app/lib/features/auth/controllers/auth_controller.dart
@@ -18,6 +18,10 @@ class AuthController extends GetxController {

  Future<void> requestOtp(String phoneNumber) async {
    try {
+      if (phoneNumber.trim().isEmpty) {
+        AppSnackbar.showError('خطأ', 'الرجاء إدخال رقم الهاتف أولاً');
+        return;
+      }
      isLoading.value = true;
      phone.value = phoneNumber;
      
@@ -31,8 +35,11 @@ class AuthController extends GetxController {
        Get.toNamed(AppRoutes.OTP_VERIFY);
      }
    } on DioException catch (e, stackTrace) {
-      AppLogger.error('OTP Request Failed', e.response?.data, stackTrace);
-      AppSnackbar.showError('خطأ', e.response?.data['message'] ?? 'فشل الاتصال بالخادم');
+      String errorMessage = 'فشل الاتصال بالخادم';
+      if (e.response?.data != null && e.response?.data is Map) {
+        errorMessage = e.response?.data['message'] ?? errorMessage;
+      }
+      AppSnackbar.showError('خطأ', errorMessage);
    } finally {
      isLoading.value = false;
    }