From 856c3c8fdc1141639b33d67b3b4f21b5ae2950c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= <bruno@brn.systems>
Date: Sat, 3 Feb 2024 18:09:48 +0100
Subject: [PATCH] Fix register

---
 lib/account.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/account.php b/lib/account.php
index 42c3eb0..42cac0e 100644
--- a/lib/account.php
+++ b/lib/account.php
@@ -143,21 +143,29 @@ function doRegister($firstname, $lastname, $email, $password, $activation_token)
 {
     global $mysqli, $routerConfig;
     $status = ["Status" => "Fail"];
+
     if (!empty($activation_token) && !empty($email) && !empty($password) && !empty($firstname) && !empty($lastname) && isEmailAvailable($email)) {
         $passwordHash = password_hash($password, PASSWORD_DEFAULT);
-        $stmt = $mysqli->prepare("INSERT INTO Users (FirstName, LastName, Email, PasswordHash, PrivilegeLevel, isActivated, ActivationToken, RegisteredAt) VALUES (?, ?, ?, ?, ?, 1, ?, NOW())");
+
+        $stmt = $mysqli->prepare("UPDATE Users SET FirstName=?, LastName=?, Email=?, PasswordHash=?, PrivilegeLevel=?, isActivated=1, ActivationToken=?, RegisteredAt=NOW() WHERE ActivationToken = ?");
         $privilege_level = $routerConfig["logged_in_default_permission_level"];
+
         /** @noinspection SpellCheckingInspection */
-        $stmt->bind_param("ssssis", $firstname, $lastname, $email, $passwordHash, $privilege_level, $activation_token);
+        $stmt->bind_param("ssssiss", $firstname, $lastname, $email, $passwordHash, $privilege_level, $activation_token, $activation_token);
+
         $stmt->execute();
+
         if ($stmt->affected_rows > 0) {
             $status["Status"] = "Success";
         }
+
         $stmt->close();
     }
+
     return $status;
 }
 
+
 function changePassword($oldPassword, $newPassword): array
 {
     global $mysqli;