From 4a6b6d52a3d058bf69147f5ae015e97aaf5e58ad Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Thu, 25 Jun 2026 18:53:08 +0300
Subject: [PATCH] Update: 2026-06-25 18:53:08

---
 backend/Admin/auth/login.php              | 10 +++++-----
 siro_admin/lib/views/auth/login_page.dart |  4 +++-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/backend/Admin/auth/login.php b/backend/Admin/auth/login.php
index 68efe8c..4f41eb0 100644
--- a/backend/Admin/auth/login.php
+++ b/backend/Admin/auth/login.php
@@ -19,7 +19,7 @@ if (empty($fingerprint) || empty($password)) {
 
 // Rate Limiting محسَّن مع Exponential Backoff
 $rateLimiter = new RateLimiter($redis);
-$rateLimiter->enforce(RateLimiter::identifier(), 'login', maxAttempts: 5, windowSeconds: 60);
+$rateLimiter->enforce(RateLimiter::identifier(), 'login');
 
 // تتبع المحاولات الفاشلة لكل حساب لمنع credential stuffing عبر IPs متعددة
 if ($redis && !empty($phone)) {
@@ -34,10 +34,13 @@ if ($redis && !empty($phone)) {
     }
 }
 
+// البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
+$fpHash = hash('sha256', $fingerprint);
+
 // تسجيل محاولة تسجيل الدخول للتدقيق
 $loginAuditData = [
     'ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
-    'fingerprint_hash' => $fpHash ?? null,
+    'fingerprint_hash' => $fpHash,
     'phone_hash' => !empty($phone) ? hash('sha256', $phone) : null,
     'timestamp' => date('Y-m-d H:i:s'),
     'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
@@ -47,9 +50,6 @@ error_log("[LOGIN_AUDIT] " . json_encode($loginAuditData));
 
 try {
     $con = Database::get('main');
-    
-    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
-    $fpHash = hash('sha256', $fingerprint);
     $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint_hash = :fp LIMIT 1");
     $stmt->execute([':fp' => $fpHash]);
     $admin = $stmt->fetch(PDO::FETCH_ASSOC);
diff --git a/siro_admin/lib/views/auth/login_page.dart b/siro_admin/lib/views/auth/login_page.dart
index a01c251..2237336 100644
--- a/siro_admin/lib/views/auth/login_page.dart
+++ b/siro_admin/lib/views/auth/login_page.dart
@@ -50,7 +50,9 @@ class _AdminLoginPageState extends State<AdminLoginPage>
 
     setState(() => _isLoading = true);
 
-    final otpHelper = Get.find<OtpHelper>();
+    final otpHelper = Get.isRegistered<OtpHelper>()
+        ? Get.find<OtpHelper>()
+        : Get.put(OtpHelper(), permanent: true);
     bool success = await otpHelper.loginWithPassword(password, phone);
 
     if (success) {