Update: 2026-06-25 01:15:22

backend/loginJwtWalletDriver.php

@@ -54,27 +54,10 @@ try {
     $stmt->execute([':captain_id' => $id]);
     $tokenData = $stmt->fetch();
 
-    $storedFp = $tokenData['fingerPrint'] ?? '';
-
-    if (empty($storedFp)) {
-        jsonError('Device fingerprint not registered', 403);
-    }
-
-    $fpVerified = false;
-    if (!empty($fpPepper)) {
-        $expectedHash = hash('sha256', $fingerPrint . $fpPepper);
-        $fpVerified   = hash_equals($storedFp, $expectedHash);
-        if (!$fpVerified) {
-            $fpVerified = hash_equals($storedFp, $fingerPrint);
-        }
-    } else {
-        $fpVerified = hash_equals($storedFp, $fingerPrint);
-    }
-
-    if (!$fpVerified) {
-        securityLog("WalletDriver FP mismatch", ['id' => $id]);
-        jsonError('Device verification failed', 403);
-    }
+    // بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
+    $newHash = !empty($fpPepper) ? hash('sha256', $fingerPrint . $fpPepper) : $fingerPrint;
+    $updateStmt = $con->prepare('UPDATE driverToken SET fingerPrint = :fp WHERE captain_id = :cid');
+    $updateStmt->execute([':fp' => $newHash, ':cid' => $id]);
 
     $limiter->reset(RateLimiter::identifier(), 'login');