Update: 2026-06-27 05:07:43

2026-06-27 05:07:43 +03:00
parent f069f2b24f
commit 7497bdcfae
2 changed files with 50 additions and 43 deletions
--- a/backend/loginJwtDriver.php
+++ b/backend/loginJwtDriver.php
@@ -48,7 +48,7 @@ try {
    $pepper = getenv('SECRET_KEY_HMAC');

    $stmt = $con->prepare('
-        SELECT id, phone, national_number, email, password
+        SELECT id, phone, national_number, email, password, birthdate
        FROM driver
        WHERE id = :id
        LIMIT 1
@@ -63,21 +63,41 @@ try {
    $decPhone = !empty($driver['phone']) ? $encryptionHelper->decryptData($driver['phone']) : null;
    $decNat   = !empty($driver['national_number']) ? $encryptionHelper->decryptData($driver['national_number']) : null;

-    // ✅ FIX M-04: تسجيل معلومات تشخيصية عند فشل فك التشفير
-    if (empty($decPhone) || empty($decNat)) {
-        securityLog("LoginDriver failed: decryption returned null", [
+    if (empty($decPhone)) {
+        securityLog("LoginDriver failed: phone decryption returned null", [
            'driver_id' => $driver['id'] ?? 'unknown',
-            'has_phone' => !empty($driver['phone']),
-            'has_nat' => !empty($driver['national_number']),
        ]);
        unauthorizedDriver();
    }

-    $baseString = $driver['id'] . '|' . trim($decPhone) . '|' . trim($decNat);
-    $hmacHex    = hash_hmac('sha256', $baseString, $pepper, false);
+    // ── المحاولة الأولى: طريقة جديدة (قيم خام) ─────────────
+    $newParts = [
+        $driver['id'],
+        trim($decPhone),
+    ];
+    if (!empty($decNat)) {
+        $newParts[] = trim($decNat);
+    }
+    $newString = implode('|', $newParts);
+    $newSecret = hash_hmac('sha256', $newString, $pepper, true);

-    if (!password_verify($hmacHex, $driver['password'])) {
-        unauthorizedDriver();
+    if (password_verify($newSecret, $driver['password'])) {
+        // ✅ صح - طريقة جديدة
+    } else {
+        // ── المحاولة الثانية: طريقة قديمة (قيم مشفرة) للتوافق ─
+        $oldParts = [
+            $driver['id'],
+            $encryptionHelper->encryptData(trim($decPhone)),
+        ];
+        if (!empty($decNat)) {
+            $oldParts[] = $encryptionHelper->encryptData(trim($decNat));
+        }
+        $oldString = implode('|', $oldParts);
+        $oldSecret = hash_hmac('sha256', $oldString, $pepper, true);
+
+        if (!password_verify($oldSecret, $driver['password'])) {
+            unauthorizedDriver();
+        }
    }

    $limiter->reset(RateLimiter::identifier(), 'login');