diff --git a/database/backported/1.2-beta2/loginAccount.php b/database/backported/1.2-beta2/loginAccount.php index 78dbe23..a9aecf8 100644 --- a/database/backported/1.2-beta2/loginAccount.php +++ b/database/backported/1.2-beta2/loginAccount.php @@ -5,7 +5,7 @@ $conn1 = newConnection(1); $request_username = $_POST['username']; $request_password = $_POST['password']; -$stmt = $conn0->prepare("SELECT id, username, password FROM users WHERE username = ?"); +$stmt = $conn0->prepare("SELECT id, username, password, token FROM users WHERE username = ?"); $stmt->bind_param("s", $request_username); $stmt->execute(); $result = $stmt->get_result(); @@ -18,7 +18,7 @@ if ($result->num_rows > 0) { $login_time = time(); $uid = $row['id']; - $stmt = $conn1->prepare("SELECT token, legacy_high_score, save_data FROM userdata WHERE id = ? LIMIT 1"); + $stmt = $conn1->prepare("SELECT legacy_high_score, save_data FROM userdata WHERE id = ? LIMIT 1"); $stmt->bind_param("i", $uid); $stmt->execute(); $result2 = $stmt->get_result(); @@ -28,7 +28,7 @@ if ($result->num_rows > 0) { $username = $row['username']; $highscore = $row2['legacy_high_score']; - $token = $row2['token']; + $token = $row['token']; $savedata = json_decode($row2['save_data'], true); $icon = $savedata['bird']['icon'] ?? 1; $overlay = $savedata['bird']['overlay'] ?? 0; diff --git a/database/backported/1.2-beta2/syncAccount.php b/database/backported/1.2-beta2/syncAccount.php index ce02114..dad6a33 100644 --- a/database/backported/1.2-beta2/syncAccount.php +++ b/database/backported/1.2-beta2/syncAccount.php @@ -6,8 +6,8 @@ $user_id = $_POST['userID'] ?? 0; $token = $_POST['gameSession'] ?? ''; $high_score = $_POST['highScore'] ?? 0; -$stmt = $conn0->prepare("SELECT * FROM users WHERE id = ?"); -$stmt->bind_param("s", $user_id); +$stmt = $conn0->prepare("SELECT * FROM users WHERE id = ? AND token = ?"); +$stmt->bind_param("ss", $user_id, $token); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows != 1) { @@ -19,8 +19,8 @@ if ($result->num_rows != 1) { $stmt->close(); $user_id = $result->fetch_assoc()["id"]; -$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $token, $user_id); +$stmt = $conn1->prepare("SELECT * FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $user_id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); @@ -31,8 +31,8 @@ if ($result2->num_rows != 1) { exit; } -$updateStmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ? WHERE token = ? AND id = ?"); -$updateStmt->bind_param("isi", $high_score, $token, $user_id); +$updateStmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ? WHERE id = ?"); +$updateStmt->bind_param("ii", $high_score, $user_id); $updateStmt->execute(); $updateStmt->close(); diff --git a/database/backported/1.4.0-beta1/loadAccount.php b/database/backported/1.4.0-beta1/loadAccount.php index 3436fcd..5b72399 100644 --- a/database/backported/1.4.0-beta1/loadAccount.php +++ b/database/backported/1.4.0-beta1/loadAccount.php @@ -11,8 +11,8 @@ if (getClientVersion() == "1.5.0" || getClientVersion() == "1.5.1" || getClientV $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -27,8 +27,8 @@ if ($result->num_rows != 1) { $row = $result->fetch_assoc(); $id = $row["id"]; -$stmt = $conn1->prepare("SELECT save_data, legacy_high_score FROM userdata WHERE id = ? AND token = ? LIMIT 1"); -$stmt->bind_param("is", $id, $token); +$stmt = $conn1->prepare("SELECT save_data, legacy_high_score FROM userdata WHERE id = ? LIMIT 1"); +$stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); diff --git a/database/backported/1.4.0-beta1/saveAccount.php b/database/backported/1.4.0-beta1/saveAccount.php index 306abda..fc0dc44 100644 --- a/database/backported/1.4.0-beta1/saveAccount.php +++ b/database/backported/1.4.0-beta1/saveAccount.php @@ -8,8 +8,8 @@ $request_highScore = $_POST['highScore'] ?? 0; $request_icon = $_POST['icon'] ?? 0; $request_overlay = $_POST['overlay'] ?? 0; -$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); -$stmt->bind_param("s", $request_userName); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $request_userName, $request_gameSession); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -23,8 +23,8 @@ if ($result->num_rows != 1) { $request_uid = $result->fetch_assoc()["id"]; -$stmt = $conn1->prepare("SELECT save_data FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $request_gameSession, $request_uid); +$stmt = $conn1->prepare("SELECT save_data FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $request_uid); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); @@ -43,8 +43,8 @@ $savedata['bird']['icon'] = $request_icon; $savedata['bird']['overlay'] = $request_overlay; $savedata = json_encode($savedata); -$stmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ?, save_data = ? WHERE token = ? AND id = ?"); -$stmt->bind_param("issi", $request_highScore, $savedata, $request_gameSession, $request_uid); +$stmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ?, save_data = ? WHERE id = ?"); +$stmt->bind_param("isi", $request_highScore, $savedata, $request_uid); $stmt->execute(); $stmt->close(); diff --git a/database/backported/1.5.1/sendChatroomMessage.php b/database/backported/1.5.1/sendChatroomMessage.php index 4c138d1..6128227 100644 --- a/database/backported/1.5.1/sendChatroomMessage.php +++ b/database/backported/1.5.1/sendChatroomMessage.php @@ -7,9 +7,10 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ exitWithMessage("-1"); } -$conn = newConnection(1); +$conn0 = newConnection(0); +$conn1 = newConnection(1); -$stmt = $conn->prepare("SELECT id FROM userdata WHERE token = ?"); +$stmt = $conn0->prepare("SELECT id FROM users WHERE token = ?"); $stmt->bind_param("s", $token); $stmt->execute(); $result = $stmt->get_result(); @@ -21,11 +22,12 @@ $id = $row["id"]; $content = base64_encode($request_content); $time = time(); -$stmt = $conn->prepare("INSERT INTO chats (userId, content, timestamp) VALUES (?, ?, ?)"); +$stmt = $conn1->prepare("INSERT INTO chats (userId, content, timestamp) VALUES (?, ?, ?)"); $stmt->bind_param("isi", $id, $content, $time); $stmt->execute(); $stmt->close(); echo encrypt("1"); -$conn->close(); \ No newline at end of file +$conn0->close(); +$conn1->close(); \ No newline at end of file diff --git a/database/backported/1.5/loginAccount.php b/database/backported/1.5/loginAccount.php index 9e111d0..2cee480 100644 --- a/database/backported/1.5/loginAccount.php +++ b/database/backported/1.5/loginAccount.php @@ -8,7 +8,7 @@ $password = $post['password']; $currentHighScore = $post['currentHighScore'] ?? 0; $loginType = $post['loginType'] ?? '0'; -$stmt = $conn0->prepare("SELECT id, username, password FROM users WHERE username = ?"); +$stmt = $conn0->prepare("SELECT id, username, password, token FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); @@ -19,7 +19,7 @@ $row = $result->fetch_assoc(); if (!password_verify($password, $row["password"])) exitWithMessage("-1"); $id = $row['id']; -$stmt = $conn1->prepare("SELECT token, legacy_high_score FROM userdata WHERE id = ?"); +$stmt = $conn1->prepare("SELECT legacy_high_score FROM userdata WHERE id = ?"); $stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); @@ -27,15 +27,11 @@ $stmt->close(); if ($result2->num_rows != 1) exitWithMessage("-1"); $row2 = $result2->fetch_assoc(); -$token = $row2['token']; +$token = $row['token']; $ip = getIPAddress(); -$stmt = $conn0->prepare("UPDATE users SET latest_ip = ? WHERE id = ?"); -$stmt->bind_param("si", $ip, $id); -$stmt->execute(); -$stmt->close(); -$stmt = $conn1->prepare("UPDATE userdata SET token = ? WHERE id = ?"); -$stmt->bind_param("si", $token, $id); +$stmt = $conn0->prepare("UPDATE users SET latest_ip = ?, token = ? WHERE id = ?"); +$stmt->bind_param("ssi", $ip, $token, $id); $stmt->execute(); $stmt->close(); diff --git a/database/backported/1.5/saveAccount.php b/database/backported/1.5/saveAccount.php index 7bb46b9..66a20b5 100644 --- a/database/backported/1.5/saveAccount.php +++ b/database/backported/1.5/saveAccount.php @@ -19,8 +19,8 @@ $overlayColor = [$overlayR, $overlayG, $overlayB]; $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -35,8 +35,8 @@ if ($result->num_rows != 1) { $row = $result->fetch_assoc(); $id = $row["id"]; -$stmt = $conn1->prepare("SELECT save_data FROM userdata WHERE id = ? AND token = ?"); -$stmt->bind_param("is", $id, $token); +$stmt = $conn1->prepare("SELECT save_data FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); @@ -55,12 +55,11 @@ $savedata['bird']['overlay'] = $overlay; $savedata['settings']['colors']['icon'] = $birdColor; if (getClientVersion() == "1.5.2") $savedata['settings']['colors']['overlay'] = $overlayColor; $savedata = json_encode($savedata); -$stmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ?, save_data = ? WHERE id = ? AND token = ?"); +$stmt = $conn1->prepare("UPDATE userdata SET legacy_high_score = ?, save_data = ? WHERE id = ?"); $stmt->bind_param("isis", $highScore, $savedata, - $id, - $token + $id ); $stmt->execute(); $stmt->close(); diff --git a/database/deleteAccountProfileMessage.php b/database/deleteAccountProfileMessage.php index 1716f23..69bd208 100644 --- a/database/deleteAccountProfileMessage.php +++ b/database/deleteAccountProfileMessage.php @@ -9,16 +9,16 @@ $targetId = (int)$post['targetId'] ?? 0; $token = $post['token'] ?? ''; $username = $post['username'] ?? ''; -$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => 'User info not found'])); $user_id = $result->fetch_assoc()["id"]; -$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $token, $user_id); +$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $user_id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); diff --git a/database/deleteChatroomMessage.php b/database/deleteChatroomMessage.php index 24efc60..d3724d8 100644 --- a/database/deleteChatroomMessage.php +++ b/database/deleteChatroomMessage.php @@ -10,8 +10,8 @@ $username = $post['username'] ?? ''; $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? LIMIT 1"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? AND token = ? LIMIT 1"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -20,8 +20,8 @@ if ($result->num_rows != 1) exit; $user_id = $row["id"]; -$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ? LIMIT 1"); -$stmt->bind_param("si", $token, $user_id); +$stmt = $conn1->prepare("SELECT 1 FROM userdata WHERE id = ? LIMIT 1"); +$stmt->bind_param("i", $user_id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); diff --git a/database/editChatroomMessage.php b/database/editChatroomMessage.php index 44e7ef0..2e9c450 100644 --- a/database/editChatroomMessage.php +++ b/database/editChatroomMessage.php @@ -13,8 +13,8 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT id FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -23,8 +23,8 @@ if (!$row) exit; $user_id = $row["id"]; -$stmt2 = $conn1->prepare("SELECT 1 FROM userdata WHERE token = ? AND id = ?"); -$stmt2->bind_param("si", $token, $user_id); +$stmt2 = $conn1->prepare("SELECT 1 FROM userdata WHERE id = ?"); +$stmt2->bind_param("i", $user_id); $stmt2->execute(); $result2 = $stmt2->get_result(); $stmt->close(); diff --git a/database/loadAccount.php b/database/loadAccount.php index 0743bff..297edcd 100644 --- a/database/loadAccount.php +++ b/database/loadAccount.php @@ -20,8 +20,8 @@ $username = $post['username'] ?? ''; $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT id, username FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT id, username FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -36,8 +36,8 @@ if ($result->num_rows != 1) { $row = $result->fetch_assoc(); $id = $row["id"]; -$stmt = $conn1->prepare("SELECT save_data, token FROM userdata WHERE id = ? AND token = ?"); -$stmt->bind_param("is", $id, $token); +$stmt = $conn1->prepare("SELECT save_data FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); @@ -54,7 +54,7 @@ $row2 = $result2->fetch_assoc(); $savedata = json_decode($row2['save_data'], true); $savedata['account']['id'] = $id; $savedata['account']['name'] = $row['username']; -$savedata['account']['session'] = $row2['token']; +$savedata['account']['session'] = $token; echo encrypt(json_encode([ "success" => true, "data" => $savedata diff --git a/database/loginAccount.php b/database/loginAccount.php index a62e463..e3659bb 100644 --- a/database/loginAccount.php +++ b/database/loginAccount.php @@ -27,7 +27,7 @@ $post = getPostData(); $username = $post['username']; $password = $post['password']; -$stmt = $conn0->prepare("SELECT id, username, password FROM users WHERE username = ?"); +$stmt = $conn0->prepare("SELECT id, username, password, token FROM users WHERE username = ?"); $stmt->bind_param("s", $username); $stmt->execute(); $result = $stmt->get_result(); @@ -38,25 +38,13 @@ $row = $result->fetch_assoc(); if (!password_verify($password, $row["password"])) exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"])); $id = $row['id']; - -$stmt = $conn1->prepare("SELECT token FROM userdata WHERE id = ?"); -$stmt->bind_param("i", $id); -$stmt->execute(); -$result2 = $stmt->get_result(); -$stmt->close(); -if ($result2->num_rows != 1) exitWithMessage(json_encode(["success" => false, "message" => "Invalid username or password"])); - -$token = $result2->fetch_assoc()['token']; +$token = $row['token']; $ip = getIPAddress(); $stmt = $conn0->prepare("UPDATE users SET latest_ip = ? WHERE id = ?"); $stmt->bind_param("si", $ip, $id); $stmt->execute(); $stmt->close(); -$stmt = $conn1->prepare("UPDATE userdata SET token = ? WHERE id = ?"); -$stmt->bind_param("si", $token, $id); -$stmt->execute(); -$stmt->close(); $data = ["session" => $token, "username" => $row['username'], "userid" => $id]; diff --git a/database/reportChatroomMessage.php b/database/reportChatroomMessage.php index b132922..58d9eb5 100644 --- a/database/reportChatroomMessage.php +++ b/database/reportChatroomMessage.php @@ -13,8 +13,8 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? LIMIT 1"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ? LIMIT 1"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_assoc(); @@ -23,8 +23,8 @@ $stmt->close(); $user_id = $row["id"]; -$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE id = ? AND token = ? LIMIT 1"); -$stmt2->bind_param("is", $user_id, $token); +$stmt2 = $conn1->prepare("SELECT * FROM userdata WHERE id = ? LIMIT 1"); +$stmt2->bind_param("i", $user_id); $stmt2->execute(); $result2 = $stmt2->get_result(); $row2 = $result2->fetch_assoc(); diff --git a/database/saveAccount.php b/database/saveAccount.php index 9bc4bad..f048505 100644 --- a/database/saveAccount.php +++ b/database/saveAccount.php @@ -40,8 +40,8 @@ try { $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -56,8 +56,8 @@ if ($result->num_rows != 1) { $row = $result->fetch_assoc(); $id = $row["id"]; -$stmt = $conn1->prepare("SELECT id FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $token, $id); +$stmt = $conn1->prepare("SELECT id FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $id); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -69,8 +69,8 @@ if ($result->num_rows != 1) { exit; } -$stmt = $conn1->prepare("UPDATE userdata SET save_data = ? WHERE token = ? AND id = ?"); -$stmt->bind_param("ssi", $savedata, $token, $id); +$stmt = $conn1->prepare("UPDATE userdata SET save_data = ? WHERE id = ?"); +$stmt->bind_param("si", $savedata, $id); $stmt->execute(); $stmt->close(); echo encrypt(json_encode(["success" => true])); diff --git a/database/sendChatroomMessage.php b/database/sendChatroomMessage.php index fe20b39..9f30ad1 100644 --- a/database/sendChatroomMessage.php +++ b/database/sendChatroomMessage.php @@ -18,8 +18,8 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -28,8 +28,8 @@ if (!$row) exitWithMessage(json_encode(["success" => false, "message" => "Invali $id = $row["id"]; -$stmt = $conn1->prepare("SELECT * FROM userdata WHERE id = ? AND token = ?"); -$stmt->bind_param("is", $id, $token); +$stmt = $conn1->prepare("SELECT * FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); diff --git a/database/uploadAccountProfileMessage.php b/database/uploadAccountProfileMessage.php index 84d067c..926fcb5 100644 --- a/database/uploadAccountProfileMessage.php +++ b/database/uploadAccountProfileMessage.php @@ -14,8 +14,8 @@ if (!preg_match('/^[ a-zA-Z0-9!@#\$%\^&\*\(\)_\+\-=\[\]\{\};\':",\.<>\/\?\\\\|`~ $conn0 = newConnection(0); $conn1 = newConnection(1); -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); @@ -23,8 +23,8 @@ if ($result->num_rows != 1) exitWithMessage(json_encode(["success" => false])); $row = $result->fetch_assoc(); $id = $row["id"]; -$stmt = $conn1->prepare("SELECT * FROM userdata WHERE token = ? AND id = ?"); -$stmt->bind_param("si", $token, $id); +$stmt = $conn1->prepare("SELECT * FROM userdata WHERE id = ?"); +$stmt->bind_param("i", $id); $stmt->execute(); $result2 = $stmt->get_result(); $stmt->close(); diff --git a/database/voteAccountProfileMessage.php b/database/voteAccountProfileMessage.php index af34824..c2d004f 100644 --- a/database/voteAccountProfileMessage.php +++ b/database/voteAccountProfileMessage.php @@ -14,8 +14,8 @@ if ($liked !== 0 && $liked !== 1) { exit; } -$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ?"); -$stmt->bind_param("s", $username); +$stmt = $conn0->prepare("SELECT * FROM users WHERE username = ? AND token = ?"); +$stmt->bind_param("ss", $username, $token); $stmt->execute(); $result = $stmt->get_result(); $row = $result->fetch_assoc();