System Security & Features

The Vulnerability: A worker gives their login credentials to a friend so they can clock them in, getting paid without being present.

Hardware Biometrics: Before the "Start Work" payload is executed, the app natively engages the device's LocalAuthentication API (FaceID or Fingerprint) to cryptographically verify identity.

Selfie Fallback (The "Old Phone" solution): If the device lacks biometric hardware, standard PIN fallbacks are rigorously denied. Instead, the system forces the front-facing camera to launch. The user must take a selfie, which is transmitted directly to the Laravel server for Admin auditing.

The Vulnerability: Workers install mock location applications (e.g., Fake GPS, VPN routing) to trick the geofence into thinking they are at the farm.

The Solution: The mobile application explicitly checks the mocked boolean returned by the OS device sensors. If fake coordinates are injected, the API payload is aborted entirely, forbidding the clock-in.

The Vulnerability: A worker clocks in while inside the geofence. They then immediately switch their phone to airplane mode or drive away from the farm, remaining "clocked in" on the server for 8 straight hours.

5-Minute Heartbeats: While a session is active, the mobile app dispatches an encrypted API ping containing the latest GPS coordinates every 5 minutes. The server stamps this as the last_ping_time.

Automated Retribution: A Laravel schedule runs strictly every minute checking the database. If any active session's last_ping_time surpasses the offline tolerance window (e.g., 30 mins), the server force-closes the session definitivey locking out the ghost time—you only pay for verifiable time on the property.

The Vulnerability: Workers "forget" to clock out at the end of the day, accumulating 12 or 14-hour sessions to inflate their paycheck incrementally.

Enforcement: Each Work Zone contains a strict shift_end_time. The server aggressively checks if the current server time has surpassed the zone's shift limit. If so, it instantly clocks out all workers assigned to that zone, sealing financial margins permanently.