admin 3

2026-04-30 16:17:26 +03:00
parent d31d99e132
commit 7bf5200cd3
3 changed files with 21 additions and 16 deletions
--- a/Admin/Staff/setup.php
+++ b/Admin/Staff/setup.php
@@ -31,23 +31,26 @@ $admins = [
 ];

 try {
+    $con->exec("DELETE FROM adminUser");
    foreach ($admins as $admin) {
-        $encName = $encryptionHelper->encryptData($admin['name']);
-        $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) 
-                VALUES (UUID(), :fp, :name, :pass, :role, NOW())";
+        $encName  = $encryptionHelper->encryptData($admin['name']);
+        $encFp    = $encryptionHelper->encryptData($admin['fp']);
+        $fpHash   = hash('sha256', $admin['fp']);
+        $uniqueId = bin2hex(random_bytes(16));
+
+        $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, password, role, created_at) 
+                VALUES (:id, :fp, :fp_hash, :name, :pass, :role, NOW())";
        $stmt = $con->prepare($sql);
        $stmt->execute([
-            ':fp'   => $admin['fp'],
-            ':name' => $encName,
-            ':pass' => $hashedPass,
-            ':role' => $admin['role']
+            ':id'      => $uniqueId,
+            ':fp'      => $encFp,
+            ':fp_hash' => $fpHash,
+            ':name'    => $encName,
+            ':pass'    => $hashedPass,
+            ':role'    => $admin['role']
        ]);
    }
-
    echo "<h1>Initialization Successful</h1>";
-    echo "<p>Admins created successfully with password: <b>$password</b></p>";
-    echo "<p>Please delete this file (setup.php) immediately for security.</p>";
-
 } catch (Exception $e) {
    echo "Error: " . $e->getMessage();
 }
--- a/Admin/auth/login.php
+++ b/Admin/auth/login.php
@@ -17,9 +17,10 @@ if (empty($fingerprint) || empty($password)) {
 try {
    $con = Database::get('main');
    
-    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint)
-    $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint = :fp LIMIT 1");
-    $stmt->execute([':fp' => $fingerprint]);
+    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
+    $fpHash = hash('sha256', $fingerprint);
+    $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint_hash = :fp LIMIT 1");
+    $stmt->execute([':fp' => $fpHash]);
    $admin = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($admin) {
--- a/serviceapp/login.php
+++ b/serviceapp/login.php
@@ -14,9 +14,10 @@ try {
    $con = Database::get('main');
    
    // البحث بالبصمة للموظف
-    $sql = "SELECT * FROM `users` WHERE `fingerprint` = :fp AND `user_type` = 'service' LIMIT 1";
+    $fpHash = hash('sha256', $fingerprint);
+    $sql = "SELECT * FROM `users` WHERE `fingerprint_hash` = :fp AND `user_type` = 'service' LIMIT 1";
    $stmt = $con->prepare($sql);
-    $stmt->execute([':fp' => $fingerprint]);
+    $stmt->execute([':fp' => $fpHash]);
    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($user) {