fixed token management

Question.php

@@ -36,7 +36,7 @@ class Question
         $db->query('UPDATE "Games" SET "current_right_answer" = $1, "current_category" = $2 WHERE "ID" = $3',
             array($ca_position, $cid, $uid));
         $this->token = md5(uniqid(rand(), true));
-        $db->query('UPDATE "Games" SET "current_token" = $1 WHERE "ID" = $2', array($this->token, $uid));
+        $db->query('UPDATE "Users" SET "current_token" = $1 WHERE "ID" = $2', array($this->token, $uid));
     }
 
     public static function get_next_question($db, $uid) {

answer.php

@@ -34,7 +34,7 @@ function calculate_points($time) {
 
 $correct_answer = $db->query('SELECT "current_right_answer" FROM "Games" WHERE "ID" = $1', array($uid))
     ['data'][0]['current_right_answer'];
-$correct_token = $db->query('SELECT "current_token" FROM "Games" WHERE "ID" = $1', array($uid))
+$correct_token = $db->query('SELECT "current_token" FROM "Users" WHERE "ID" = $1', array($uid))
     ['data'][0]['current_token'];
 $correct = $correct_answer == $chosen_answer ? true : false;
 $score = $correct_answer == $chosen_answer ? calculate_points($time) : 0;
@@ -44,11 +44,11 @@ if($uid == '') {
     $error = 13102;
 } else if($chosen_answer == -1) {
     $error = 13103;
+} else if($token != $correct_token) {
+    $data = [];
 } else if($db->query('SELECT EXISTS (SELECT 1 FROM "Games" WHERE "ID" = $1)', array($uid))
     ['data'][0]['exists'] == 'f') {
     $error = 13104;
-} else if($token != $correct_token) {
-    $data = [];
 } else {
     //set time and points
     $old_q_count = $db->query('SELECT "answered_questions" FROM "Games" WHERE "ID" = $1',
@@ -94,7 +94,7 @@ if($uid == '') {
             array($uid))['data'][0]['answered_questions'];
         $new_points = round($new_points / $answered_questions);
         $new_user_high = $old_user_high == 0 ? $new_points : round($old_user_high * 0.95 + $new_points * 0.05);
-        $db->query('UPDATE "Users" SET "highscore" = $1 WHERE "ID" = $2', array($new_user_high, $uid));
+        $db->query('UPDATE "Users" SET "highscore" = $1, "current_token" = NULL WHERE "ID" = $2', array($new_user_high, $uid));
         $db->query('DELETE FROM "Games" WHERE "ID" = $1', array($uid));
     }
 }