Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: 2026-06-25 01:03:54

Browse Source
This commit is contained in:
Hamza-Ayed
2026-06-25 01:03:55 +03:00
parent eeb4e21f87
commit e157c8ec12
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
backend/login.php
View File

@@ -33,7 +33,7 @@ try {
// التحقق من الجهاز من خلال البصمة // التحقق من الجهاز من خلال البصمة
$stmt = $con->prepare(' $stmt = $con->prepare('
SELECT passengerID, fingerprint SELECT passengerID, fingerPrint
FROM tokens FROM tokens
WHERE passengerID = :pid WHERE passengerID = :pid
LIMIT 1 LIMIT 1
@@ -42,6 +42,7 @@ try {
$row = $stmt->fetch(); $row = $stmt->fetch();
$fpVerified = false; $fpVerified = false;
$fpJustSaved = false;
if ($row) { if ($row) {
$fpPepper = getenv('FP_PEPPER') ?: ''; $fpPepper = getenv('FP_PEPPER') ?: '';
$storedFp = $row['fingerprint']; $storedFp = $row['fingerprint'];
@@ -56,6 +57,16 @@ try {
} else { } else {
$fpVerified = hash_equals($storedFp, $fingerprint); $fpVerified = hash_equals($storedFp, $fingerprint);
} }
// إذا كانت البصمة المخزنة فارغة (أول تسجيل دخول بعد التسجيل) نقبل البصمة الجديدة
if (!$fpVerified && empty($storedFp) && !empty($fingerprint)) {
$fpPepper = getenv('FP_PEPPER') ?: '';
$newHash = $fpPepper ? hash('sha256', $fingerprint . $fpPepper) : $fingerprint;
$updateStmt = $con->prepare('UPDATE tokens SET fingerPrint = :fp WHERE passengerID = :pid');
$updateStmt->execute([':fp' => $newHash, ':pid' => $passengerId]);
$fpVerified = true;
$fpJustSaved = true;
}
} }
// وقت رد ثابت لمنع Timing Attack // وقت رد ثابت لمنع Timing Attack