1 files changed, 77 insertions, 0 deletions

diff --git a/backend/change.php b/backend/change.php
new file mode 100644
index 0000000..faca0a5
--- /dev/null
+++ b/backend/change.php
@@ -0,0 +1,77 @@
+<?php
+/* hitler-clicker
+ * api for account modification
+ * © 2025 hitler.rip <git@hitler.rip>
+ * licensed under AGPLv3-or-later; see LICENSE.md for more information
+ */
+
+header('Content-Type: application/json; charset=UTF-8');
+
+try {
+	$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
+} catch(PDOException $e) {
+	die('{ "status": "database offline" }');
+};
+
+$wrkarr = [];
+$ifarr = [ "name", "password", "newname", "newpassword" ];
+$postjson = json_decode(file_get_contents('php://input'), true);
+foreach ($ifarr as $i):
+	if (isset($postjson[$i])):
+		$newarr = [
+			"$i" => "$postjson[$i]",
+		];
+		$wrkarr = array_merge($wrkarr, $newarr);
+	endif;
+endforeach;
+
+if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
+	die('{ "status": "login (name) was not provided.\ncould not attempt to change account." }');
+elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
+	die('{ "status": "password was not provided.\ncould not attempt to change account." }');
+else:
+
+	$query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?");
+	$query -> execute([$wrkarr["name"]]);
+	$found = $query->fetch(PDO::FETCH_ASSOC);
+	if ($found):
+
+		if (!password_verify($wrkarr["password"], $found["password"])):
+			die('{ "status": "wrong password." }');
+		else:
+
+			if (!isset($wrkarr["newname"]) || trim($wrkarr["newname"]) == ""):
+				die('{ "status": "new name was not provided.\ncould not attempt to change account." }');
+			elseif (!isset($wrkarr["newpassword"]) || trim($wrkarr["newpassword"]) == ""):
+				die('{ "status": "new password was not provided.\ncould not attempt to change account." }');
+			else:
+
+				$query = $pdo->prepare("SELECT name FROM users WHERE name LIKE ?");
+				$query -> execute([$wrkarr["newname"]]);
+				$found = $query->fetch(PDO::FETCH_ASSOC);
+				if ($found && $found["name"] != $wrkarr["name"]):
+					die('{ "status": "this name is already taken." }');
+				endif;
+
+				$query = $pdo->prepare("UPDATE users SET name = :newname , password = :newpassword WHERE users.name = :name");
+				$query -> execute([
+					"newname" => filter_var($wrkarr["newname"]),
+					"newpassword" => password_hash($wrkarr["newpassword"], PASSWORD_DEFAULT),
+					"name" => filter_var($wrkarr["name"])
+				]);
+
+				echo '{ "status": "success" }';
+
+
+			endif;
+
+
+		endif;
+
+	else:
+		die('{ "status": "name does not exist in the database." }');
+	endif;
+
+endif;
+
+?>