From 43d585b2445ed0f8b0a5e213fae9e6b1b83c38ae Mon Sep 17 00:00:00 2001
From: Lncvrt <lncvrtreal@gmail.com>
Date: Sun, 13 Jul 2025 12:01:45 -0700
Subject: [PATCH] Check for username in send chatroom message

---
 database/sendChatroomMessage.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/database/sendChatroomMessage.php b/database/sendChatroomMessage.php
index 4187b4b..b13f978 100644
--- a/database/sendChatroomMessage.php
+++ b/database/sendChatroomMessage.php
@@ -5,7 +5,8 @@ checkClientDatabaseVersion();
 
 $post = getPostData();
 $request_content = $post['content'] ?? '';
-$token = $post['token'] ??  null;
+$token = $post['token'] ?? '';
+$username = $post['username'] ?? '';
 
 if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~]+$/', $request_content)) {
     exitWithMessage(json_encode(["success" => false, "message" => "Invalid content recieved"]));
@@ -13,8 +14,8 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~
 
 $conn = newConnection();
 
-$stmt = $conn->prepare("SELECT * FROM users WHERE token = ?");
-$stmt->bind_param("s", $token);
+$stmt = $conn->prepare("SELECT * FROM users WHERE token = ? AND username = ?");
+$stmt->bind_param("ss", $token, $username);
 $stmt->execute();
 $result = $stmt->get_result();
 $row = $result->fetch_assoc();