Hamza/musadaq-saas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-05-06 21:24:56

Browse Source
This commit is contained in:
Hamza-Ayed
2026-05-06 21:24:56 +03:00
parent 3d4e636fbe
commit dd364fc918
6 changed files with 329 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/modules_app/auth/mobile_request_otp.php
View File

@@ -41,10 +41,14 @@ try {
$stmt->execute([$phoneHash]);
$user = $stmt->fetch();
} catch (\PDOException $e) {
// Fallback to searching by plain phone if phone_hash column doesn't exist
$stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone = ? LIMIT 1");
$stmt->execute([$phone]);
$user = $stmt->fetch();
try {
// Fallback to searching by plain phone if phone_hash column doesn't exist
$stmt = $db->prepare("SELECT id, tenant_id, name, is_active FROM users WHERE phone = ? LIMIT 1");
$stmt->execute([$phone]);
$user = $stmt->fetch();
} catch (\PDOException $fallbackException) {
json_error('حدث خطأ في قاعدة البيانات: ' . $fallbackException->getMessage(), 500);
}
}
if (!$user) {

8
app/modules_app/users/create.php
View File

@@ -30,6 +30,7 @@ if (!in_array($data['role'] ?? '', $allowedRoles, true)) {
$errors = Validator::validate($data, [
'name' => 'required',
'email' => 'required|email',
'phone' => 'required',
'password' => 'required',
'role' => 'required'
]);
@@ -45,6 +46,9 @@ $encryptedName = Encryption::encrypt($data['name']);
$encryptedEmail = Encryption::encrypt($data['email']);
$emailHash = hash('sha256', strtolower($data['email'])); // For fast lookup during login
$encryptedPhone = Encryption::encrypt($data['phone']);
$phoneHash = hash('sha256', preg_replace('/[^0-9+]/', '', $data['phone']));
// 3. Determine Tenant ID
$tenantId = null;
if ($decoded['role'] === 'super_admin') {
@@ -62,13 +66,15 @@ if ($decoded['role'] === 'super_admin') {
// 4. Save to Database
try {
$stmt = $db->prepare("INSERT INTO users (id, tenant_id, name, email, email_hash, password_hash, role, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt = $db->prepare("INSERT INTO users (id, tenant_id, name, email, email_hash, phone, phone_hash, password_hash, role, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([
\App\Core\Database::generateUuid(),
$tenantId,
$encryptedName,
$encryptedEmail,
$emailHash,
$encryptedPhone,
$phoneHash,
password_hash($data['password'], PASSWORD_DEFAULT),
$data['role'],
date('Y-m-d H:i:s')