Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-25 01:15:22

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-25 01:15:22 +03:00
parent e157c8ec12
commit 0c9f89fc60
3 changed files with 12 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/loginWallet.php
View File

@@ -54,11 +54,15 @@ try {
$stmt->execute([':pid' => $id]);
$tokenData = $stmt->fetch();
if (!$tokenData || !hash_equals($tokenData['fingerPrint'], $fingerPrint)) {
securityLog("Wallet FP mismatch", ['id' => $id]);
if (!$tokenData) {
securityLog("Wallet no token row", ['id' => $id]);
jsonError('Device verification failed', 403);
}
// بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
$updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
$updateStmt->execute([':fp' => $fingerPrint, ':pid' => $id]);
$limiter->reset(RateLimiter::identifier(), 'login');
$jwtService = new JwtService($redis);