From a103780a7231a65d29eb4458998ac2fa118cfd1f Mon Sep 17 00:00:00 2001
From: Romain Mallard <romaimallard@gmail.com>
Date: Thu, 15 Jan 2026 15:30:40 +0100
Subject: [PATCH] update passwrod fix

---
 db/auth_copy_2.sqlite-shm | Bin 32768 -> 32768 bytes
 db/auth_copy_2.sqlite-wal | Bin 486192 -> 519152 bytes
 src/utils/auth.rs         |   8 ++++----
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/db/auth_copy_2.sqlite-shm b/db/auth_copy_2.sqlite-shm
index 78e3e8c7ba9ec013e553c0328a549da472130d52..147ae444e33ec049b95c9207a1f0f9e1e91e7955 100644
GIT binary patch
delta 219
zcmZo@U}|V!s+V}A%K!t63=9HwK#mX)|Ic{EyxVfZva3f!jV2#4-CuP3Qd-mnHx*LV
z!^{Sm`yUBF#hDoDHa6a8oUFqrz{>;_V+CS%Am-Sd$kgbt`Ja;zGh_8;LAReAj5R=^
pmrR?#1Zpv}mNQf`)B^cunI?Y-mtd`6sA8xCavw5neitRA3IN4ZMgsr<

delta 194
zcmZo@U}|V!s+V}A%K!pQK+MR%AW#ORg@E{LPiXb7Q>PbQJsN5>`H1O$|1D1fRpS0P
zk*XeO6c~Wa{f`8o!b}WB8yoL4Zf;?!a+o}UNoDgtCn4s|O-!$tHvjSvV1ux}1ZsiA
UE-_915H0~^JY(AYE=ouh0B62N(f|Me

diff --git a/db/auth_copy_2.sqlite-wal b/db/auth_copy_2.sqlite-wal
index 7056cfcc636a4ab55452f440034d7b4f85ef3323..17b4465e66ed69b306d81ca47b8e76e438e564d8 100644
GIT binary patch
delta 589
zcmdmRP4>fe`Gyw87N!>F7M2#)7Pc+y2HDfR*#$VvWV$DRS|gyjUEwq17k)<F>36Nz
zr8%-}vTGBb{Ic6-&Ayx4$vr$c(X3G0#KO!Y$)wCOKfuDE#4lYXDlp12&$~DxFvzGZ
z$tlFLG`TRVBH1_HJuN3BInpsBATlXC)w|p&#j|{}Lq*->fYmD7=ex5PGIMBs?TU#$
z%x4d^R1adQxAVV%cbW^$AeLrYRED}Gx?7Yu<)k>Km<424SZW&ts)Xhl<^~2-Rpt6-
zdY6_OxQ7>nI+nW|=49r&lo=X_M4D82=J}f@8hBKqSen8--Mf^Tm*dP`r}_W8*92})
zC}rNxJAM6hws}rY5djs2`N{67-XY<sNlE3|iADJtfhs{>A>P5kNp7hX<r&GoL8-pE
z-Ug9D$rc$^9+tk@S;jfJ9{yE<d4=JH7MsuW<uHn}GB7X*T|F9VH2H|>ej&*-$Ex4#
z<=XDBi>;B53U+MI-oos_D9R4BgaKyBiB6$Id7n9_Lc>uX5{}HTGX5`{V7VI-j)i3=
z+7V%uWd&81re#?cZu;5T+V1HpruxZ2sbQ(9rd7p`#-;hiJ}!|JVF4!op1!^&g_&+q
U6~0OOdF7P`K^39Mk(bB}03uV?Qvd(}

delta 23
ecmexxU4Fwg*@hOz7N!>F7M2#)7Pc+y2H604KM0Kg

diff --git a/src/utils/auth.rs b/src/utils/auth.rs
index fa429b1..7fadaab 100644
--- a/src/utils/auth.rs
+++ b/src/utils/auth.rs
@@ -288,8 +288,8 @@ pub async fn update_password(
     };
 
     let user_row = match conn.query_row(
-        "SELECT password, id FROM users WHERE username = ?1 AND current_password = ?2",
-        params![&payload.username, &payload.current_password],
+        "SELECT password, id FROM users WHERE username = ?1",
+        params![&payload.username],
         |row|{
             let password: String = row.get(0)?;
             let id: i32 = row.get(1)?;
@@ -297,7 +297,7 @@ pub async fn update_password(
         },
     ).optional() {
         Ok(opt) => opt,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error")
+        Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error: {}", e ))
         .into_response(),
     };
     
@@ -307,7 +307,7 @@ pub async fn update_password(
         .into_response(),
     };
     
-    if verify_password( &payload.current_password, &password ) {
+    if !verify_password( &payload.current_password, &password ) {
         return (StatusCode::UNAUTHORIZED, "Invalid Password").into_response()
     };