adding oauth capabilities

app-code/api/auth/check_auth_key.php

@@ -17,7 +17,7 @@ if(mysqli_stmt_num_rows($stmt) == 1){
 	//we now have userid, close stmt
 	mysqli_stmt_close($stmt);
 	
-	$sql="SELECT username, email, telegram_id FROM users WHERE id = ?";
+	$sql="SELECT username, email, telegram_id, user_token FROM users WHERE id = ?";
 	$stmt = mysqli_prepare($conn, $sql);
 	mysqli_stmt_bind_param($stmt, 'i', $user_id);
 	mysqli_stmt_execute($stmt);
@@ -25,7 +25,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
 	$username="";
 	$email="";
 	$telegram="";
-	mysqli_stmt_bind_result($stmt,$username,$email,$telegram);
+	$user_token="";
+	mysqli_stmt_bind_result($stmt,$username,$email,$telegram,$user_token);
 	mysqli_stmt_fetch($stmt);
 	mysqli_stmt_close($stmt);
 	$data=[
@@ -34,7 +35,8 @@ if(mysqli_stmt_num_rows($stmt) == 1){
 		'username'=>$username,
 		'email'=>$email,
 		'telegram_id'=>$telegram,
-		'id'=>$user_id
+		'id'=>$user_id,
+		'user_token'=>$user_token
 	];
 	
 	//remove auth key

app-code/api/login/redirect.php

@@ -60,7 +60,7 @@ else{
 	$username=$_SESSION["username"];
 	$_SESSION["needs_auth"]=false;
 	$_SESSION["logged_in"]=false;
-	$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id FROM users WHERE username = ?";
+	$sql="SELECT auth_method_required_pw, auth_method_required_2fa, auth_method_required_passkey, id, user_token FROM users WHERE username = ?";
 	$stmt = mysqli_prepare($conn, $sql);
 	mysqli_stmt_bind_param($stmt, 's', $username);
 	mysqli_stmt_execute($stmt);
@@ -68,8 +68,9 @@ else{
 	$pw=0;
 	$mfa=0;
 	$passkey=0;
+	$user_token="";
 	if(mysqli_stmt_num_rows($stmt) == 1){
-		mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id);
+		mysqli_stmt_bind_result($stmt, $pw,$mfa,$passkey,$user_id,$user_token);
 		mysqli_stmt_fetch($stmt);
 		$_SESSION["pw_required"] = $pw;
 		$_SESSION["pw_authenticated"] = ($pw == 0) ? 1 : 0; // If $pw is 0, set pw_authenticated to 1
@@ -78,6 +79,7 @@ else{
 		$_SESSION["passkey_required"] = $passkey;
 		$_SESSION["passkey_authenticated"] = ($passkey == 0) ? 1 : 0;
 		$_SESSION["id"]=$user_id;
+		$_SESSION["user_token"]=$user_token;
 		$data=[
 			'message' => 'prepared_start_auth',
 			'redirect' => '/login/'

app-code/api/register/register_user.php

@@ -81,11 +81,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $pepper=bin2hex(random_bytes(32));
     // Hash the password / a salt is added automaticly
     $hashedPassword = password_hash($password.$pepper, PASSWORD_BCRYPT);
+    
+    //random token which is used to auth users even if they change theyr username
+    $user_token=bin2hex(random_bytes(32));
 
     // Insert the user into the database
-    $sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0)";
+    $sql = "INSERT INTO users (username, email, password, telegram_id, pepper, auth_method_enabled_pw, auth_method_required_pw, auth_method_enabled_passkey, auth_method_required_passkey, auth_method_enabled_2fa, auth_method_required_2fa,auth_method_keepmeloggedin_enabled, user_token) VALUES (?, ?, ?, ?, ?, 1, 1,0,0,0,0,0,?)";
     $stmt = mysqli_prepare($conn, $sql);
-    mysqli_stmt_bind_param($stmt, 'sssss', $username, $email, $hashedPassword, $telegram_id, $pepper);
+    mysqli_stmt_bind_param($stmt, 'ssssss', $username, $email, $hashedPassword, $telegram_id, $pepper,$user_token);
     if (mysqli_stmt_execute($stmt)) {
         echo json_encode([
             'success' => true,