diff --git a/api.php b/api.php index 80f1370..24c25fe 100644 --- a/api.php +++ b/api.php @@ -10,7 +10,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if($action == "login"){ $uname = $_POST["username"]; $pwd = $_POST["password"]; - $stmt1 = $mysqli->prepare("SELECT Password, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = %s;"); + $stmt1 = $mysqli->prepare("SELECT PWD, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = %s;"); $stmt1->bind_param('s', $uname); $stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv); $stmt1->execute(); @@ -65,7 +65,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if($actionin == "setpassword"){ $oldPWD = $_POST["oldPWD"]; $newPWD = $_POST["newPWD"]; - $stmt4 = $mysqliconn->prepare("SELECT Password FROM Users WHERE ID = %i AND Username = %s;"); + $stmt4 = $mysqliconn->prepare("SELECT PWD FROM Users WHERE ID = %i AND Username = %s;"); $stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]); $stmt4->bind_result($pwdhash); $stmt4->execute(); @@ -73,7 +73,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($stmt4->num_rows > 0){ while ($stmt4->fetch()){ if(password_verify($oldPWD, $pwdhash)){ - $stmt5 = $mysqliconn->prepare("UPDATE Users SET Password=%s WHERE ID = %i;"); + $stmt5 = $mysqliconn->prepare("UPDATE Users SET PWD=%s WHERE ID = %i;"); $newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT); $stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]); $stmt5->execute();