From 7bf5200cd3a6a84a4c18a1e0a339fb19277c5f8a Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Thu, 30 Apr 2026 16:17:26 +0300
Subject: [PATCH] admin 3

---
 Admin/Staff/setup.php | 25 ++++++++++++++-----------
 Admin/auth/login.php  |  7 ++++---
 serviceapp/login.php  |  5 +++--
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/Admin/Staff/setup.php b/Admin/Staff/setup.php
index 906127b..17941f5 100644
--- a/Admin/Staff/setup.php
+++ b/Admin/Staff/setup.php
@@ -31,23 +31,26 @@ $admins = [
 ];
 
 try {
+    $con->exec("DELETE FROM adminUser");
     foreach ($admins as $admin) {
-        $encName = $encryptionHelper->encryptData($admin['name']);
-        $sql = "INSERT INTO adminUser (id, fingerprint, name, password, role, created_at) 
-                VALUES (UUID(), :fp, :name, :pass, :role, NOW())";
+        $encName  = $encryptionHelper->encryptData($admin['name']);
+        $encFp    = $encryptionHelper->encryptData($admin['fp']);
+        $fpHash   = hash('sha256', $admin['fp']);
+        $uniqueId = bin2hex(random_bytes(16));
+
+        $sql = "INSERT INTO adminUser (id, fingerprint, fingerprint_hash, name, password, role, created_at) 
+                VALUES (:id, :fp, :fp_hash, :name, :pass, :role, NOW())";
         $stmt = $con->prepare($sql);
         $stmt->execute([
-            ':fp'   => $admin['fp'],
-            ':name' => $encName,
-            ':pass' => $hashedPass,
-            ':role' => $admin['role']
+            ':id'      => $uniqueId,
+            ':fp'      => $encFp,
+            ':fp_hash' => $fpHash,
+            ':name'    => $encName,
+            ':pass'    => $hashedPass,
+            ':role'    => $admin['role']
         ]);
     }
-
     echo "<h1>Initialization Successful</h1>";
-    echo "<p>Admins created successfully with password: <b>$password</b></p>";
-    echo "<p>Please delete this file (setup.php) immediately for security.</p>";
-
 } catch (Exception $e) {
     echo "Error: " . $e->getMessage();
 }
diff --git a/Admin/auth/login.php b/Admin/auth/login.php
index 23a0579..9abd7ae 100755
--- a/Admin/auth/login.php
+++ b/Admin/auth/login.php
@@ -17,9 +17,10 @@ if (empty($fingerprint) || empty($password)) {
 try {
     $con = Database::get('main');
     
-    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint)
-    $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint = :fp LIMIT 1");
-    $stmt->execute([':fp' => $fingerprint]);
+    // البحث عن المشرف باستخدام بصمة الجهاز (Fingerprint Hash)
+    $fpHash = hash('sha256', $fingerprint);
+    $stmt = $con->prepare("SELECT * FROM adminUser WHERE fingerprint_hash = :fp LIMIT 1");
+    $stmt->execute([':fp' => $fpHash]);
     $admin = $stmt->fetch(PDO::FETCH_ASSOC);
 
     if ($admin) {
diff --git a/serviceapp/login.php b/serviceapp/login.php
index 9c8c5da..795387a 100755
--- a/serviceapp/login.php
+++ b/serviceapp/login.php
@@ -14,9 +14,10 @@ try {
     $con = Database::get('main');
     
     // البحث بالبصمة للموظف
-    $sql = "SELECT * FROM `users` WHERE `fingerprint` = :fp AND `user_type` = 'service' LIMIT 1";
+    $fpHash = hash('sha256', $fingerprint);
+    $sql = "SELECT * FROM `users` WHERE `fingerprint_hash` = :fp AND `user_type` = 'service' LIMIT 1";
     $stmt = $con->prepare($sql);
-    $stmt->execute([':fp' => $fingerprint]);
+    $stmt->execute([':fp' => $fpHash]);
     $user = $stmt->fetch(PDO::FETCH_ASSOC);
 
     if ($user) {