Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-25 18:53:08

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-25 18:53:08 +03:00
parent 85ff15cabe
commit 4a6b6d52a3
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/Admin/auth/login.php
View File

@@ -19,7 +19,7 @@ if (empty($fingerprint) || empty($password)) {
// Rate Limiting محسَّن مع Exponential Backoff // Rate Limiting محسَّن مع Exponential Backoff
$rateLimiter = new RateLimiter($redis); $rateLimiter = new RateLimiter($redis);
$rateLimiter->enforce(RateLimiter::identifier(), 'login', maxAttempts: 5, windowSeconds: 60); $rateLimiter->enforce(RateLimiter::identifier(), 'login');
// تتبع المحاولات الفاشلة لكل حساب لمنع credential stuffing عبر IPs متعددة // تتبع المحاولات الفاشلة لكل حساب لمنع credential stuffing عبر IPs متعددة
if ($redis && !empty($phone)) { if ($redis && !empty($phone)) {
@@ -34,10 +34,13 @@ if ($redis && !empty($phone)) {
} }
} }
// البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
$fpHash = hash('sha256', $fingerprint);
// تسجيل محاولة تسجيل الدخول للتدقيق // تسجيل محاولة تسجيل الدخول للتدقيق
$loginAuditData = [ $loginAuditData = [
'ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown', 'ip' => $_SERVER['REMOTE_ADDR'] ?? 'unknown',
'fingerprint_hash' => $fpHash ?? null, 'fingerprint_hash' => $fpHash,
'phone_hash' => !empty($phone) ? hash('sha256', $phone) : null, 'phone_hash' => !empty($phone) ? hash('sha256', $phone) : null,
'timestamp' => date('Y-m-d H:i:s'), 'timestamp' => date('Y-m-d H:i:s'),
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown', 'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'unknown',
@@ -47,9 +50,6 @@ error_log("[LOGIN_AUDIT] " . json_encode($loginAuditData));
try { try {
$con = Database::get('main'); $con = Database::get('main');
// البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
$fpHash = hash('sha256', $fingerprint);
$stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint_hash = :fp LIMIT 1"); $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint_hash = :fp LIMIT 1");
$stmt->execute([':fp' => $fpHash]); $stmt->execute([':fp' => $fpHash]);
$admin = $stmt->fetch(PDO::FETCH_ASSOC); $admin = $stmt->fetch(PDO::FETCH_ASSOC);

4
siro_admin/lib/views/auth/login_page.dart
View File

@@ -50,7 +50,9 @@ class _AdminLoginPageState extends State<AdminLoginPage>
setState(() => _isLoading = true); setState(() => _isLoading = true);
final otpHelper = Get.find<OtpHelper>(); final otpHelper = Get.isRegistered<OtpHelper>()
? Get.find<OtpHelper>()
: Get.put(OtpHelper(), permanent: true);
bool success = await otpHelper.loginWithPassword(password, phone); bool success = await otpHelper.loginWithPassword(password, phone);
if (success) { if (success) {