From 6aa93775be1368338fb99431f40a8df54b703ac3 Mon Sep 17 00:00:00 2001
From: Ziga <ziga.zajc007@gmail.com>
Date: Fri, 24 Feb 2023 16:11:11 +0100
Subject: [PATCH] Resolved an issue in the SQL query responsible for enabling
 and disabling two-factor authentication on Passky Servers utilizing the MySQL
 engine.

---
 server/src/Database.php                    | 4 ++--
 server/src/website/actions/editAccount.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/src/Database.php b/server/src/Database.php
index 21f3f3d..3ffa2b6 100644
--- a/server/src/Database.php
+++ b/server/src/Database.php
@@ -766,7 +766,7 @@ public static function enable2Fa(string $username, string $token) : string{
 		try{
 			$conn = Settings::createConnection();
 
-			$stmt = $conn->prepare('UPDATE users SET "2fa_secret" = :secret, backup_codes = :codes WHERE username = :username');
+			$stmt = $conn->prepare('UPDATE users SET `2fa_secret` = :secret, backup_codes = :codes WHERE username = :username');
 			$stmt->bindParam(':secret', $secret, PDO::PARAM_STR);
 			$stmt->bindParam(':codes', $codes, PDO::PARAM_STR);
 			$stmt->bindParam(':username', $username, PDO::PARAM_STR);
@@ -807,7 +807,7 @@ public static function disable2Fa(string $username, string $token) : string{
 		try{
 			$conn = Settings::createConnection();
 
-			$stmt = $conn->prepare('UPDATE users SET "2fa_secret" = null WHERE username = :username');
+			$stmt = $conn->prepare('UPDATE users SET `2fa_secret` = null WHERE username = :username');
 			$stmt->bindParam(':username', $username, PDO::PARAM_STR);
 			$stmt->execute();
 
diff --git a/server/src/website/actions/editAccount.php b/server/src/website/actions/editAccount.php
index cdc8be1..ee57257 100644
--- a/server/src/website/actions/editAccount.php
+++ b/server/src/website/actions/editAccount.php
@@ -42,7 +42,7 @@
 	}
 
 	if($disable2fa){
-		$stmt = $conn->prepare('UPDATE users SET "2fa_secret" = null, yubico_otp = null, backup_codes = null WHERE username = :username');
+		$stmt = $conn->prepare('UPDATE users SET `2fa_secret` = null, yubico_otp = null, backup_codes = null WHERE username = :username');
 		$stmt->bindParam(':username', $username, PDO::PARAM_STR);
 		$stmt->execute();
 	}