From bc35319f3cd47c60d2a9337020b2451fb5c24a7d Mon Sep 17 00:00:00 2001
From: Hamza-Ayed <hamzaayedflutter@gmail.com>
Date: Sun, 3 May 2026 20:45:16 +0300
Subject: [PATCH] Update: 2026-05-03 20:45:16

---
 app/bootstrap/init.php           | 24 ++++++++++++++++++++----
 app/modules_app/auth/login.php   |  2 +-
 app/modules_app/auth/logout.php  |  2 +-
 app/modules_app/auth/refresh.php |  4 ++--
 4 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/app/bootstrap/init.php b/app/bootstrap/init.php
index be06923..3a50d6b 100644
--- a/app/bootstrap/init.php
+++ b/app/bootstrap/init.php
@@ -17,10 +17,26 @@ require_once APP_PATH . '/bootstrap/env.php';
 require_once APP_PATH . '/helpers/helpers.php';
 
 // 4. Core Classes (Manual autoload for simplicity)
-require_once APP_PATH . '/core/Database.php';
-require_once APP_PATH . '/core/JWT.php';
-require_once APP_PATH . '/core/Security.php';
-require_once APP_PATH . '/core/Validator.php';
+spl_autoload_register(function ($class) {
+    $prefix = 'App\\';
+    $base_dir = APP_PATH . '/';
+    
+    $len = strlen($prefix);
+    if (strncmp($prefix, $class, $len) !== 0) return;
+    
+    $relative_class = substr($class, $len);
+    
+    // Normalize path to lowercase for directories, keep filename case
+    $parts = explode('\\', $relative_class);
+    $filename = array_pop($parts) . '.php';
+    $dir = strtolower(implode('/', $parts));
+    
+    $file = $base_dir . ($dir ? $dir . '/' : '') . $filename;
+    
+    if (file_exists($file)) {
+        require $file;
+    }
+});
 
 // 5. Response Utility
 require_once APP_PATH . '/bootstrap/response.php';
diff --git a/app/modules_app/auth/login.php b/app/modules_app/auth/login.php
index 9c562f1..de5baa7 100644
--- a/app/modules_app/auth/login.php
+++ b/app/modules_app/auth/login.php
@@ -44,7 +44,7 @@ $token = JWT::encode($payload, $secret);
 
 // 4. Update Refresh Token (Simple stored in DB as requested)
 $refreshToken = bin2hex(random_bytes(32));
-$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
 $stmt->execute([$refreshToken, $user['id']]);
 
 json_success([
diff --git a/app/modules_app/auth/logout.php b/app/modules_app/auth/logout.php
index df1c34b..3377e63 100644
--- a/app/modules_app/auth/logout.php
+++ b/app/modules_app/auth/logout.php
@@ -12,7 +12,7 @@ $userId = $decoded['user_id'];
 
 // 2. Invalidate Refresh Token
 $db = Database::getInstance();
-$stmt = $db->prepare("UPDATE users SET refresh_token = NULL WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = NULL WHERE id = ?");
 $stmt->execute([$userId]);
 
 json_success(null, 'تم تسجيل الخروج بنجاح');
diff --git a/app/modules_app/auth/refresh.php b/app/modules_app/auth/refresh.php
index b6d6ed0..a0ed6aa 100644
--- a/app/modules_app/auth/refresh.php
+++ b/app/modules_app/auth/refresh.php
@@ -14,7 +14,7 @@ if (!$refreshToken) {
 }
 
 $db = Database::getInstance();
-$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1");
+$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token_hash = ? LIMIT 1");
 $stmt->execute([$refreshToken]);
 $user = $stmt->fetch();
 
@@ -32,7 +32,7 @@ $payload = [
 $newToken = JWT::encode($payload, $secret);
 $newRefreshToken = bin2hex(random_bytes(32));
 
-$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
 $stmt->execute([$newRefreshToken, $user['id']]);
 
 json_success([