Update: 2026-05-04 02:24:10

app/core/AI.php

@@ -23,13 +23,14 @@ class AI
         $prompt = "You are an expert in Jordanian E-Invoicing (UBL 2.1). 
         Extract all data from this invoice image/document into a JSON format.
         
-        Strict Rules:
-        1. Ensure numeric values are numbers, not strings.
-        2. Identify the Supplier TIN (Tax Identification Number) and Buyer TIN (if present).
-        3. Identify if the invoice is 'Cash' or 'Credit'.
-        4. Identify if it is 'Simplified' (B2C) or 'Standard' (B2B).
-        5. Extract line items precisely.
-        6. Return ONLY valid JSON, no markdown formatting.
+        CRITICAL RULES:
+        1. DO NOT TRANSLATE ANY TEXT. Keep the exact original language (if Arabic, keep Arabic).
+        2. ALL numbers and quantities MUST be in Latin numerals (0-9). Do not use Arabic/Indic numerals (٠-٩).
+        3. Identify the Supplier TIN (Tax Identification Number) and Buyer TIN (if present).
+        4. Identify if the invoice is 'Cash' or 'Credit'.
+        5. Identify if it is 'Simplified' (B2C) or 'Standard' (B2B).
+        6. Extract line items precisely.
+        7. Return ONLY valid JSON, no markdown formatting.
         
         Required JSON Structure:
         {

app/modules_app/invoices/file.php

@@ -6,7 +6,22 @@
 use App\Core\Database;
 use App\Middleware\AuthMiddleware;
 
-$decoded = AuthMiddleware::check();
+// Extract token from header OR query string
+$headers = getallheaders();
+$authHeader = $headers['Authorization'] ?? $headers['authorization'] ?? '';
+$token = '';
+
+if (preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
+    $token = $matches[1];
+} elseif (isset($_GET['token'])) {
+    $token = $_GET['token'];
+}
+
+if (!$token) die('Forbidden: No token provided');
+
+$decoded = \App\Core\JWT::decode($token);
+if (!$decoded) die('Forbidden: Invalid token');
+
 $db = Database::getInstance();
 
 $id = input('id');