diff --git a/db/auth_copy_2.sqlite-shm b/db/auth_copy_2.sqlite-shm
index 78e3e8c..147ae44 100644
Binary files a/db/auth_copy_2.sqlite-shm and b/db/auth_copy_2.sqlite-shm differ
diff --git a/db/auth_copy_2.sqlite-wal b/db/auth_copy_2.sqlite-wal
index 7056cfc..17b4465 100644
Binary files a/db/auth_copy_2.sqlite-wal and b/db/auth_copy_2.sqlite-wal differ
diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index fa429b1..7fadaab 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -288,8 +288,8 @@ pub async fn update_password(
     };
 
     let user_row = match conn.query_row(
-        "SELECT password, id FROM users WHERE username = ?1 AND current_password = ?2",
-        params![&payload.username, &payload.current_password],
+        "SELECT password, id FROM users WHERE username = ?1",
+        params![&payload.username],
         |row|{
             let password: String = row.get(0)?;
             let id: i32 = row.get(1)?;
@@ -297,7 +297,7 @@ pub async fn update_password(
         },
     ).optional() {
         Ok(opt) => opt,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error")
+        Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error: {}", e ))
         .into_response(),
     };
     
@@ -307,7 +307,7 @@ pub async fn update_password(
         .into_response(),
     };
     
-    if verify_password( &payload.current_password, &password ) {
+    if !verify_password( &payload.current_password, &password ) {
         return (StatusCode::UNAUTHORIZED, "Invalid Password").into_response()
     };