From e157c8ec121f3f9de4ac03a3ef323ecdc669b00b Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Thu, 25 Jun 2026 01:03:55 +0300
Subject: [PATCH] Update: 2026-06-25 01:03:54

---
 backend/login.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/backend/login.php b/backend/login.php
index 6fb6be8..03e0908 100644
--- a/backend/login.php
+++ b/backend/login.php
@@ -33,7 +33,7 @@ try {
 
     // التحقق من الجهاز من خلال البصمة
     $stmt = $con->prepare('
-        SELECT passengerID, fingerprint
+        SELECT passengerID, fingerPrint
         FROM tokens
         WHERE passengerID = :pid
         LIMIT 1
@@ -42,6 +42,7 @@ try {
     $row = $stmt->fetch();
 
     $fpVerified = false;
+    $fpJustSaved = false;
     if ($row) {
         $fpPepper = getenv('FP_PEPPER') ?: '';
         $storedFp = $row['fingerprint'];
@@ -56,6 +57,16 @@ try {
         } else {
             $fpVerified = hash_equals($storedFp, $fingerprint);
         }
+
+        // إذا كانت البصمة المخزنة فارغة (أول تسجيل دخول بعد التسجيل) نقبل البصمة الجديدة
+        if (!$fpVerified && empty($storedFp) && !empty($fingerprint)) {
+            $fpPepper = getenv('FP_PEPPER') ?: '';
+            $newHash = $fpPepper ? hash('sha256', $fingerprint . $fpPepper) : $fingerprint;
+            $updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
+            $updateStmt->execute([':fp' => $newHash, ':pid' => $passengerId]);
+            $fpVerified = true;
+            $fpJustSaved = true;
+        }
     }
 
     // وقت رد ثابت لمنع Timing Attack