Update: 2026-05-03 20:45:16

app/modules_app/auth/login.php

@@ -44,7 +44,7 @@ $token = JWT::encode($payload, $secret);
 
 // 4. Update Refresh Token (Simple stored in DB as requested)
 $refreshToken = bin2hex(random_bytes(32));
-$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
 $stmt->execute([$refreshToken, $user['id']]);
 
 json_success([

app/modules_app/auth/logout.php

@@ -12,7 +12,7 @@ $userId = $decoded['user_id'];
 
 // 2. Invalidate Refresh Token
 $db = Database::getInstance();
-$stmt = $db->prepare("UPDATE users SET refresh_token = NULL WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = NULL WHERE id = ?");
 $stmt->execute([$userId]);
 
 json_success(null, 'تم تسجيل الخروج بنجاح');

app/modules_app/auth/refresh.php

@@ -14,7 +14,7 @@ if (!$refreshToken) {
 }
 
 $db = Database::getInstance();
-$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token = ? LIMIT 1");
+$stmt = $db->prepare("SELECT * FROM users WHERE refresh_token_hash = ? LIMIT 1");
 $stmt->execute([$refreshToken]);
 $user = $stmt->fetch();
 
@@ -32,7 +32,7 @@ $payload = [
 $newToken = JWT::encode($payload, $secret);
 $newRefreshToken = bin2hex(random_bytes(32));
 
-$stmt = $db->prepare("UPDATE users SET refresh_token = ? WHERE id = ?");
+$stmt = $db->prepare("UPDATE users SET refresh_token_hash = ? WHERE id = ?");
 $stmt->execute([$newRefreshToken, $user['id']]);
 
 json_success([