Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-25 01:15:22

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-25 01:15:22 +03:00
parent e157c8ec12
commit 0c9f89fc60
3 changed files with 12 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/login.php
View File

@@ -58,14 +58,13 @@ try {
$fpVerified = hash_equals($storedFp, $fingerprint); $fpVerified = hash_equals($storedFp, $fingerprint);
} }
// إذا كانت البصمة المخزنة فارغة (أول تسجيل دخول بعد التسجيل) نقبل البصمة الجديدة // بصمة GCM تتغير في كل مرة (random IV) لذا نقبل أي بصمة جديدة ونحدثها
if (!$fpVerified && empty($storedFp) && !empty($fingerprint)) { if (!$fpVerified && !empty($fingerprint)) {
$fpPepper = getenv('FP_PEPPER') ?: ''; $fpPepper = getenv('FP_PEPPER') ?: '';
$newHash = $fpPepper ? hash('sha256', $fingerprint . $fpPepper) : $fingerprint; $newHash = $fpPepper ? hash('sha256', $fingerprint . $fpPepper) : $fingerprint;
$updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid'); $updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
$updateStmt->execute([':fp' => $newHash, ':pid' => $passengerId]); $updateStmt->execute([':fp' => $newHash, ':pid' => $passengerId]);
$fpVerified = true; $fpVerified = true;
$fpJustSaved = true;
} }
} }

25
backend/loginJwtWalletDriver.php
View File

@@ -54,27 +54,10 @@ try {
$stmt->execute([':captain_id' => $id]); $stmt->execute([':captain_id' => $id]);
$tokenData = $stmt->fetch(); $tokenData = $stmt->fetch();
$storedFp = $tokenData['fingerPrint'] ?? ''; // بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
$newHash = !empty($fpPepper) ? hash('sha256', $fingerPrint . $fpPepper) : $fingerPrint;
if (empty($storedFp)) { $updateStmt = $con->prepare('UPDATE driverToken SET fingerPrint = :fp WHERE captain_id = :cid');
jsonError('Device fingerprint not registered', 403); $updateStmt->execute([':fp' => $newHash, ':cid' => $id]);
}
$fpVerified = false;
if (!empty($fpPepper)) {
$expectedHash = hash('sha256', $fingerPrint . $fpPepper);
$fpVerified = hash_equals($storedFp, $expectedHash);
if (!$fpVerified) {
$fpVerified = hash_equals($storedFp, $fingerPrint);
}
} else {
$fpVerified = hash_equals($storedFp, $fingerPrint);
}
if (!$fpVerified) {
securityLog("WalletDriver FP mismatch", ['id' => $id]);
jsonError('Device verification failed', 403);
}
$limiter->reset(RateLimiter::identifier(), 'login'); $limiter->reset(RateLimiter::identifier(), 'login');

8
backend/loginWallet.php
View File

@@ -54,11 +54,15 @@ try {
$stmt->execute([':pid' => $id]); $stmt->execute([':pid' => $id]);
$tokenData = $stmt->fetch(); $tokenData = $stmt->fetch();
if (!$tokenData || !hash_equals($tokenData['fingerPrint'], $fingerPrint)) { if (!$tokenData) {
securityLog("Wallet FP mismatch", ['id' => $id]); securityLog("Wallet no token row", ['id' => $id]);
jsonError('Device verification failed', 403); jsonError('Device verification failed', 403);
} }
// بصمة GCM تتغير في كل مرة (random IV) لذا نحدثها دائماً
$updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
$updateStmt->execute([':fp' => $fingerPrint, ':pid' => $id]);
$limiter->reset(RateLimiter::identifier(), 'login'); $limiter->reset(RateLimiter::identifier(), 'login');
$jwtService = new JwtService($redis); $jwtService = new JwtService($redis);