* licensed under AGPLv3-or-later; see LICENSE.md for more information */ header('Content-Type: application/json; charset=UTF-8'); try { $pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa"); } catch(PDOException $e) { die('{ "status": "database offline" }'); }; $wrkarr = []; $ifarr = [ "name", "password", "newname", "newpassword" ]; $postjson = json_decode(file_get_contents('php://input'), true); foreach ($ifarr as $i): if (isset($postjson[$i])): $newarr = [ "$i" => "$postjson[$i]", ]; $wrkarr = array_merge($wrkarr, $newarr); endif; endforeach; if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""): die('{ "status": "login (name) was not provided.\ncould not attempt to change account." }'); elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""): die('{ "status": "password was not provided.\ncould not attempt to change account." }'); else: $query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?"); $query -> execute([$wrkarr["name"]]); $found = $query->fetch(PDO::FETCH_ASSOC); if ($found): if (!password_verify($wrkarr["password"], $found["password"])): die('{ "status": "wrong password." }'); else: if (!isset($wrkarr["newname"]) || trim($wrkarr["newname"]) == ""): die('{ "status": "new name was not provided.\ncould not attempt to change account." }'); elseif (!isset($wrkarr["newpassword"]) || trim($wrkarr["newpassword"]) == ""): die('{ "status": "new password was not provided.\ncould not attempt to change account." }'); else: $query = $pdo->prepare("SELECT name FROM users WHERE name LIKE ?"); $query -> execute([$wrkarr["newname"]]); $found = $query->fetch(PDO::FETCH_ASSOC); if ($found && $found["name"] != $wrkarr["name"]): die('{ "status": "this name is already taken." }'); endif; $query = $pdo->prepare("UPDATE users SET name = :newname , password = :newpassword WHERE users.name = :name"); $query -> execute([ "newname" => filter_var($wrkarr["newname"]), "newpassword" => password_hash($wrkarr["newpassword"], PASSWORD_DEFAULT), "name" => filter_var($wrkarr["name"]) ]); echo '{ "status": "success" }'; endif; endif; else: die('{ "status": "name does not exist in the database." }'); endif; endif; ?>