From 50538bc5b9d7685f5e54c2cb0d19152aee2e2b98 Mon Sep 17 00:00:00 2001 From: Hamza-Ayed Date: Tue, 5 May 2026 01:48:24 +0300 Subject: [PATCH] Update: 2026-05-05 01:48:24 --- app/modules_app/invoices/upload.php | 322 +++++++++++++++------------- 1 file changed, 173 insertions(+), 149 deletions(-) diff --git a/app/modules_app/invoices/upload.php b/app/modules_app/invoices/upload.php index 6c1893d..d8620e4 100644 --- a/app/modules_app/invoices/upload.php +++ b/app/modules_app/invoices/upload.php @@ -3,79 +3,90 @@ * Invoice Upload Endpoint (Multi-Tenant & Role-Aware) */ +// تفعيل إظهار الأخطاء برمجياً لهذه الصفحة فقط لضمان عدم وجود فشل صامت +ini_set('display_errors', 0); // اجعلها 1 مؤقتاً إذا استمرت المشكلة لمعرفة الخطأ من السيرفر +error_reporting(E_ALL); + use App\Core\Database; use App\Middleware\AuthMiddleware; use App\Core\AI; use App\Core\Encryption; use App\Middleware\QuotaMiddleware; -// 1. Auth Check -$decoded = AuthMiddleware::check(); -$tenantId = $decoded['tenant_id']; -$userId = $decoded['user_id']; +try { + // 1. Auth Check + $decoded = AuthMiddleware::check(); + $tenantId = $decoded['tenant_id']; + $userId = $decoded['user_id']; -// --- QUOTA CHECK --- -QuotaMiddleware::checkInvoiceQuota($tenantId); -// ------------------- + // --- QUOTA CHECK --- + QuotaMiddleware::checkInvoiceQuota($tenantId); + // ------------------- -$db = Database::getInstance(); + $db = Database::getInstance(); -$allowedRoles = ['admin', 'accountant', 'employee']; -if (!in_array($decoded['role'], $allowedRoles)) { - json_error('غير مصرح لك برفع الفواتير', 403); -} - -// 2. Validate Request -$data = input(); -$companyId = $data['company_id'] ?? null; - -if (!$companyId || !isset($_FILES['invoice'])) { - json_error('رقم الشركة وملف الفاتورة مطلوبان', 422); -} - -// 3. Permission Check -// Everyone (except Super Admin) must belong to the same tenant as the company -$stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); -$stmt->execute([$companyId, $tenantId]); - -if (!$stmt->fetch()) { - json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403); -} - -// 4. Handle File Upload (Step-by-step for permission safety) -$tenantDir = STORAGE_PATH . '/invoices/' . $tenantId; -$companyDir = $tenantDir . '/' . $companyId; -$dateFolder = date('Y-m-d'); -$uploadDir = $companyDir . '/' . $dateFolder . '/'; - -foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) { - if (!is_dir($dir)) { - if (!mkdir($dir, 0777, true)) { - error_log("UPLOAD ERROR: Failed to create directory: " . $dir); - json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500); - } - chmod($dir, 0777); // Force permissions + $allowedRoles = ['admin', 'accountant', 'employee']; + if (!in_array($decoded['role'], $allowedRoles)) { + json_error('غير مصرح لك برفع الفواتير', 403); + exit; } -} -$extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION); -$fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension; -$targetFile = $uploadDir . $fileName; + // 2. Validate Request + // استخدام $_POST للتعامل الآمن مع multipart/form-data + $companyId = $_POST['company_id'] ?? null; + if (!$companyId && function_exists('input')) { + $data = input(); + $companyId = $data['company_id'] ?? null; + } + + if (!$companyId || !isset($_FILES['invoice']) || $_FILES['invoice']['error'] !== UPLOAD_ERR_OK) { + $uploadError = $_FILES['invoice']['error'] ?? 'No File'; + json_error('رقم الشركة وملف الفاتورة مطلوبان، أو حدث خطأ أثناء الرفع (كود الخطأ: ' . $uploadError . ')', 422); + exit; + } + + // 3. Permission Check + $stmt = $db->prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); + $stmt->execute([$companyId, $tenantId]); + + if (!$stmt->fetch()) { + json_error('الوصول مرفوض لهذه الشركة أو رقم الشركة غير صحيح', 403); + exit; + } + + // 4. Handle File Upload + $tenantDir = STORAGE_PATH . '/invoices/' . $tenantId; + $companyDir = $tenantDir . '/' . $companyId; + $dateFolder = date('Y-m-d'); + $uploadDir = $companyDir . '/' . $dateFolder . '/'; + + foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) { + if (!is_dir($dir)) { + if (!mkdir($dir, 0777, true)) { + json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500); + exit; + } + chmod($dir, 0777); + } + } + + $extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION); + $fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension; + $targetFile = $uploadDir . $fileName; + + if (!move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) { + json_error('فشل في نقل الملف المرفوع إلى مسار التخزين', 500); + exit; + } -if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) { // 5. Run AI Extraction $mimeType = $_FILES['invoice']['type']; $fileContent = file_get_contents($targetFile); - if (!$fileContent) { - error_log("UPLOAD ERROR: Failed to read file content: " . $targetFile); - json_error('فشل في قراءة الملف المرفوع', 500); - } $base64Data = base64_encode($fileContent); $extracted = AI::extractInvoiceData($base64Data, $mimeType); if (!$extracted) { - // Still save basic record if AI fails, ensuring all NOT NULL and new columns are met $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); $stmt = $db->prepare(" INSERT INTO invoices ( @@ -86,111 +97,124 @@ if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) { "); $stmt->execute([$invoiceId, $tenantId, $companyId, $userId, $targetFile]); json_success(['id' => $invoiceId], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً'); + exit; // إيقاف التنفيذ إلزامي هنا لمنع الانهيار } - // 6. Save Extracted Data with Encryption - try { - $db->beginTransaction(); + // 6. Save Extracted Data + $db->beginTransaction(); - // 5.5 Duplicate Prevention Check - $supplierTin = $extracted['supplier']['tin'] ?? ''; - $invoiceNum = $extracted['invoice_number'] ?? ''; - $invoiceDate = $extracted['invoice_date'] ?? ''; + $supplierTin = $extracted['supplier']['tin'] ?? ''; + $invoiceNum = $extracted['invoice_number'] ?? ''; + $invoiceDate = $extracted['invoice_date'] ?? ''; - $invoiceHash = null; - if ($supplierTin && $invoiceNum && $invoiceDate) { - $rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate; - $invoiceHash = hash('sha256', strtolower($rawHashString)); + $invoiceHash = null; + if (!empty($supplierTin) && !empty($invoiceNum) && !empty($invoiceDate)) { + $rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate; + $invoiceHash = hash('sha256', strtolower($rawHashString)); - $checkStmt = $db->prepare("SELECT id FROM invoices WHERE company_id = ? AND invoice_hash = ? AND deleted_at IS NULL"); - $checkStmt->execute([$companyId, $invoiceHash]); - if ($checkStmt->fetch()) { - $db->rollBack(); - json_error('هذه الفاتورة تم رفعها مسبقاً لهذه الشركة (رقم الفاتورة مكرر لنفس المورد والتاريخ).', 409); - } + $checkStmt = $db->prepare("SELECT id FROM invoices WHERE company_id = ? AND invoice_hash = ? AND deleted_at IS NULL"); + $checkStmt->execute([$companyId, $invoiceHash]); + if ($checkStmt->fetch()) { + $db->rollBack(); + json_error('هذه الفاتورة تم رفعها مسبقاً لهذه الشركة (رقم الفاتورة مكرر لنفس المورد والتاريخ).', 409); + exit; } + } - $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); + $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); - $stmt = $db->prepare(" - INSERT INTO invoices ( - id, tenant_id, company_id, uploaded_by, original_file_path, status, - invoice_number, invoice_date, invoice_type, invoice_category, - supplier_tin, supplier_name, supplier_address, - buyer_tin, buyer_name, buyer_national_id, - subtotal, tax_amount, discount_total, grand_total, currency_code, - invoice_hash, validation_warnings, - created_at - ) VALUES ( - :id, :tenant_id, :company_id, :uploaded_by, :path, 'extracted', - :num, :date, :type, :cat, :s_tin, :s_name, :s_addr, :b_tin, :b_name, :b_nid, - :sub, :tax, :disc, :total, :cur, - :hash, :warnings, - NOW() - ) + // معالجة القيم الفارغة لمنع انهيار قاعدة البيانات (Strict Mode) + $validDate = (!empty($invoiceDate) && strtotime($invoiceDate)) ? $invoiceDate : null; + $subtotal = is_numeric($extracted['subtotal'] ?? null) ? $extracted['subtotal'] : 0; + $tax = is_numeric($extracted['tax_amount'] ?? null) ? $extracted['tax_amount'] : 0; + $disc = is_numeric($extracted['discount_total'] ?? null) ? $extracted['discount_total'] : 0; + $total = is_numeric($extracted['grand_total'] ?? null) ? $extracted['grand_total'] : 0; + + $stmt = $db->prepare(" + INSERT INTO invoices ( + id, tenant_id, company_id, uploaded_by, original_file_path, status, + invoice_number, invoice_date, invoice_type, invoice_category, + supplier_tin, supplier_name, supplier_address, + buyer_tin, buyer_name, buyer_national_id, + subtotal, tax_amount, discount_total, grand_total, currency_code, + invoice_hash, validation_warnings, + created_at + ) VALUES ( + :id, :tenant_id, :company_id, :uploaded_by, :path, 'extracted', + :num, :date, :type, :cat, :s_tin, :s_name, :s_addr, :b_tin, :b_name, :b_nid, + :sub, :tax, :disc, :total, :cur, + :hash, :warnings, + NOW() + ) + "); + + $stmt->execute([ + 'id' => $invoiceId, + 'tenant_id' => $tenantId, + 'company_id' => $companyId, + 'uploaded_by' => $userId, + 'path' => $targetFile, + 'num' => !empty($invoiceNum) ? $invoiceNum : null, + 'date' => $validDate, + 'type' => !empty($extracted['invoice_type']) ? $extracted['invoice_type'] : 'cash', + 'cat' => !empty($extracted['invoice_category']) ? $extracted['invoice_category'] : 'simplified', + 's_tin' => Encryption::encrypt($supplierTin), + 's_name' => Encryption::encrypt($extracted['supplier']['name'] ?? ''), + 's_addr' => Encryption::encrypt($extracted['supplier']['address'] ?? ''), + 'b_tin' => Encryption::encrypt($extracted['buyer']['tin'] ?? ''), + 'b_name' => Encryption::encrypt($extracted['buyer']['name'] ?? ''), + 'b_nid' => Encryption::encrypt($extracted['buyer']['national_id'] ?? ''), + 'sub' => $subtotal, + 'tax' => $tax, + 'disc' => $disc, + 'total' => $total, + 'cur' => !empty($extracted['currency_code']) ? $extracted['currency_code'] : 'JOD', + 'hash' => $invoiceHash, + 'warnings' => !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null + ]); + + // Save Line Items + if (!empty($extracted['lines']) && is_array($extracted['lines'])) { + $lineStmt = $db->prepare(" + INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total) + VALUES (?, ?, ?, ?, ?, ?, ?, ?) "); - - $stmt->execute([ - 'id' => $invoiceId, - 'tenant_id' => $tenantId, - 'company_id' => $companyId, - 'uploaded_by' => $userId, - 'path' => $targetFile, - 'num' => $extracted['invoice_number'] ?? null, - 'date' => $extracted['invoice_date'] ?? null, - 'type' => $extracted['invoice_type'] ?? 'cash', - 'cat' => $extracted['invoice_category'] ?? 'simplified', - 's_tin' => Encryption::encrypt($extracted['supplier']['tin'] ?? ''), - 's_name' => Encryption::encrypt($extracted['supplier']['name'] ?? ''), - 's_addr' => Encryption::encrypt($extracted['supplier']['address'] ?? ''), - 'b_tin' => Encryption::encrypt($extracted['buyer']['tin'] ?? ''), - 'b_name' => Encryption::encrypt($extracted['buyer']['name'] ?? ''), - 'b_nid' => Encryption::encrypt($extracted['buyer']['national_id'] ?? ''), - 'sub' => $extracted['subtotal'] ?? 0, - 'tax' => $extracted['tax_amount'] ?? 0, - 'disc' => $extracted['discount_total'] ?? 0, - 'total' => $extracted['grand_total'] ?? 0, - 'cur' => $extracted['currency_code'] ?? 'JOD', - 'hash' => $invoiceHash, - 'warnings' => isset($extracted['validation_warnings']) && !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null - ]); - - // Save Line Items - if (!empty($extracted['lines'])) { - $lineStmt = $db->prepare(" - INSERT INTO invoice_lines (id, invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total) - VALUES (?, ?, ?, ?, ?, ?, ?, ?) - "); - foreach ($extracted['lines'] as $item) { - $lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); - $lineStmt->execute([ - $lineId, - $invoiceId, - $item['line_number'] ?? 1, - $item['description'] ?? 'N/A', - $item['quantity'] ?? 1, - $item['unit_price'] ?? 0, - $item['tax_rate'] ?? 0.16, - $item['line_total'] ?? 0 - ]); - } + foreach ($extracted['lines'] as $index => $item) { + $lineId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); + $lineStmt->execute([ + $lineId, + $invoiceId, + $item['line_number'] ?? ($index + 1), + $item['description'] ?? 'بدون وصف', + is_numeric($item['quantity'] ?? null) ? $item['quantity'] : 1, + is_numeric($item['unit_price'] ?? null) ? $item['unit_price'] : 0, + is_numeric($item['tax_rate'] ?? null) ? $item['tax_rate'] : 0.16, + is_numeric($item['line_total'] ?? null) ? $item['line_total'] : 0 + ]); } - - $db->commit(); - - // --- INCREMENT QUOTA --- - QuotaMiddleware::incrementInvoiceUsage($tenantId); - // ----------------------- - - json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح'); - - } catch (\Exception $e) { - $db->rollBack(); - error_log("DB Error during invoice save: " . $e->getMessage()); - json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500); } -} else { - $uploadError = $_FILES['invoice']['error'] ?? 'Unknown'; - error_log("UPLOAD ERROR: move_uploaded_file failed. Error Code: $uploadError. Target: $targetFile. Tmp: " . ($_FILES['invoice']['tmp_name'] ?? 'N/A')); - json_error('Failed to save uploaded file. PHP Error Code: ' . $uploadError, 500); + + $db->commit(); + + // --- INCREMENT QUOTA --- + QuotaMiddleware::incrementInvoiceUsage($tenantId); + // ----------------------- + + json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح'); + exit; + +} catch (\PDOException $e) { + if (isset($db) && $db->inTransaction()) { + $db->rollBack(); + } + error_log("Database Error: " . $e->getMessage()); + json_error('حدث خطأ في قاعدة البيانات: ' . $e->getMessage(), 500); + exit; +} catch (\Throwable $e) { + if (isset($db) && $db->inTransaction()) { + $db->rollBack(); + } + error_log("Critical Error: " . $e->getMessage() . " on line " . $e->getLine()); + json_error('خطأ برمجي حرج: ' . $e->getMessage() . ' في السطر ' . $e->getLine(), 500); + exit; } \ No newline at end of file