1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
<?php
/* hitler-clicker
* api for account modification
* © 2025 hitler.rip <git@hitler.rip>
* licensed under AGPLv3-or-later; see LICENSE.md for more information
*/
header('Content-Type: application/json; charset=UTF-8');
try {
$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
} catch(PDOException $e) {
die('{ "status": "database offline" }');
};
$wrkarr = [];
$ifarr = [ "name", "password", "newname", "newpassword" ];
$postjson = json_decode(file_get_contents('php://input'), true);
foreach ($ifarr as $i):
if (isset($postjson[$i])):
$newarr = [
"$i" => "$postjson[$i]",
];
$wrkarr = array_merge($wrkarr, $newarr);
endif;
endforeach;
if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
die('{ "status": "login (name) was not provided.\ncould not attempt to change account." }');
elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
die('{ "status": "password was not provided.\ncould not attempt to change account." }');
else:
$query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?");
$query -> execute([$wrkarr["name"]]);
$found = $query->fetch(PDO::FETCH_ASSOC);
if ($found):
if (!password_verify($wrkarr["password"], $found["password"])):
die('{ "status": "wrong password." }');
else:
if (!isset($wrkarr["newname"]) || trim($wrkarr["newname"]) == ""):
die('{ "status": "new name was not provided.\ncould not attempt to change account." }');
elseif (!isset($wrkarr["newpassword"]) || trim($wrkarr["newpassword"]) == ""):
die('{ "status": "new password was not provided.\ncould not attempt to change account." }');
else:
$query = $pdo->prepare("SELECT name FROM users WHERE name LIKE ?");
$query -> execute([$wrkarr["newname"]]);
$found = $query->fetch(PDO::FETCH_ASSOC);
if ($found && $found["name"] != $wrkarr["name"]):
die('{ "status": "this name is already taken." }');
endif;
$query = $pdo->prepare("UPDATE users SET name = :newname , password = :newpassword WHERE users.name = :name");
$query -> execute([
"newname" => filter_var($wrkarr["newname"]),
"newpassword" => password_hash($wrkarr["newpassword"], PASSWORD_DEFAULT),
"name" => filter_var($wrkarr["name"])
]);
echo '{ "status": "success" }';
endif;
endif;
else:
die('{ "status": "name does not exist in the database." }');
endif;
endif;
?>
|
