From 45bc61c3cb09928e8a160c8e7a4adce92332cf75 Mon Sep 17 00:00:00 2001
From: winter <99384603+hewoicvewse@users.noreply.github.com>
Date: Sat, 31 Dec 2022 14:20:03 +0900
Subject: [PATCH] bug: destroyed

---
 src/endpoints/accounts/loginAccount.cr | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/endpoints/accounts/loginAccount.cr b/src/endpoints/accounts/loginAccount.cr
index bd984fd..f6bced9 100644
--- a/src/endpoints/accounts/loginAccount.cr
+++ b/src/endpoints/accounts/loginAccount.cr
@@ -10,7 +10,7 @@ CrystalGauntlet.endpoints["/accounts/loginGJAccount.php"] = ->(body : String): S
 
   username = params["userName"]
   password = params["password"]
-  result = DATABASE.query_all("select id, password from accounts", as: {Int32, String})
+  result = DATABASE.query_all("select id, password from accounts where username = ?", username, as: {Int32, String})
   if result.size > 0
     account_id, hash = result[0]
     bcrypt = Crypto::Bcrypt::Password.new(hash)