prepare($query); $stmt->execute($params); $user = $stmt->fetch(); if (!$user) json_error('المستخدم غير موجود', 404); $fields = []; $values = []; if (isset($data['name'])) { $fields[] = 'name = ?'; $values[] = \App\Core\Encryption::encrypt($data['name']); } if (isset($data['email'])) { $fields[] = 'email = ?'; $values[] = \App\Core\Encryption::encrypt($data['email']); $fields[] = 'email_hash = ?'; $values[] = hash('sha256', strtolower($data['email'])); } if (isset($data['role'])) { if ($role !== 'super_admin' && $data['role'] === 'super_admin') { json_error('لا يمكنك منح صلاحية مدير النظام', 403); } $fields[] = 'role = ?'; $values[] = $data['role']; } if (isset($data['phone'])) { $phone = preg_replace('/[^0-9+]/', '', $data['phone']); $phone = ltrim($phone, '+'); if (str_starts_with($phone, '07')) { $phone = '962' . substr($phone, 1); } elseif (str_starts_with($phone, '7')) { $phone = '962' . $phone; } $fields[] = 'phone = ?'; $values[] = \App\Core\Encryption::encrypt($phone); $fields[] = 'phone_hash = ?'; $values[] = hash('sha256', $phone); } if (isset($data['is_active'])) { $fields[] = 'is_active = ?'; $values[] = (int) $data['is_active']; } if (empty($fields)) json_error('لا توجد بيانات للتحديث', 422); $fields[] = 'updated_at = NOW()'; $values[] = $id; $sql = "UPDATE users SET " . implode(', ', $fields) . " WHERE id = ?"; $db->prepare($sql)->execute($values); AuditLogger::log('user.updated', 'user', $id, null, ['fields' => array_keys($data)], $decoded); json_success(null, 'تم تحديث بيانات المستخدم بنجاح');