From 8b69c9977625c15a7b010928cee5b9dd53c1c0b5 Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Fri, 15 May 2026 17:55:40 +0300
Subject: [PATCH] Update: 2026-05-15 17:55:39

---
 app/modules_app/invoices/export_excel.php  |  2 +-
 app/modules_app/invoices/verify_public.php |  1 +
 public/index.php                           | 11 +++++++----
 public/shell.php                           |  2 +-
 4 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/app/modules_app/invoices/export_excel.php b/app/modules_app/invoices/export_excel.php
index 8ad344c..bc571d7 100644
--- a/app/modules_app/invoices/export_excel.php
+++ b/app/modules_app/invoices/export_excel.php
@@ -367,7 +367,7 @@ foreach ($invoices as $invIdx => $inv) {
 
     // --- Add Verification QR Code ---
     try {
-        $verifyUrl = "https://musadaq.intaleqapp.com/v.php?id=" . $inv['id'];
+        $verifyUrl = "https://musadaq.intaleqapp.com/verify?id=" . $inv['id'];
         $qrApiUrl = "https://api.qrserver.com/v1/create-qr-code/?size=100x100&data=" . urlencode($verifyUrl);
         $qrData = $downloadUrl($qrApiUrl);
         if ($qrData) {
diff --git a/app/modules_app/invoices/verify_public.php b/app/modules_app/invoices/verify_public.php
index 9ab9fc9..e66a07b 100644
--- a/app/modules_app/invoices/verify_public.php
+++ b/app/modules_app/invoices/verify_public.php
@@ -20,6 +20,7 @@ if (file_exists($envFile)) {
 use App\Core\Database;
 use App\Core\Encryption;
 
+header_remove("Content-Security-Policy");
 header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
 header('Pragma: no-cache');
 header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
diff --git a/public/index.php b/public/index.php
index 5a0b165..b9e7b65 100644
--- a/public/index.php
+++ b/public/index.php
@@ -3,16 +3,19 @@
  * Simple Router & Entry Point
  */
 
+// 1. Load Bootstrap
 require_once __DIR__ . '/../app/bootstrap/init.php';
 
-// Global Request Logging (non-sensitive)
-error_log("Incoming Request: " . ($_SERVER['REQUEST_METHOD'] ?? 'GET') . " " . ($_SERVER['REQUEST_URI'] ?? '/'));
-
+// Public Verification Bypass (Top Priority)
 $uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
 $route = $_GET['route'] ?? str_replace('/api/', '', $uri);
 $route = trim($route, '/');
 
-error_log("Router: Resolved route '{$route}'");
+if ($route === 'verify' || $route === 'v.php') {
+    $id = $_GET['id'] ?? null;
+    require_once APP_PATH . '/modules_app/invoices/verify_public.php';
+    exit;
+}
 
 // Route map: route => [allowed_method, module_file]
 $routes = [
diff --git a/public/shell.php b/public/shell.php
index b127222..11317f8 100644
--- a/public/shell.php
+++ b/public/shell.php
@@ -3039,7 +3039,7 @@
                 getQrSrc(inv) {
                     if (!inv) return '';
                     if (inv.jofotara?.qr_image_uri) return inv.jofotara.qr_image_uri;
-                    const verifyUrl = `https://musadaq.intaleqapp.com/v.php?id=${inv.id}`;
+                    const verifyUrl = `https://musadaq.intaleqapp.com/verify?id=${inv.id}`;
                     const qr = new QRious({ value: verifyUrl, size: 300, level: 'H' });
                     return qr.toDataURL();
                 },