diff --git a/Lab2/__pycache__/database_helper.cpython-310.pyc b/Lab2/__pycache__/database_helper.cpython-310.pyc
index adb1fc481d008e3961a353b6de73c0183b481ad2..3550a2af235fb8d1abfe683389d03be3c07d2c65 100644
Binary files a/Lab2/__pycache__/database_helper.cpython-310.pyc and b/Lab2/__pycache__/database_helper.cpython-310.pyc differ
diff --git a/Lab2/__pycache__/server.cpython-310.pyc b/Lab2/__pycache__/server.cpython-310.pyc
index 6c064d338417cf4b6e71c129cd25d4444cad19d5..82e18c8df79c6d8b9169717568d9d4daa15f5fab 100644
Binary files a/Lab2/__pycache__/server.cpython-310.pyc and b/Lab2/__pycache__/server.cpython-310.pyc differ
diff --git a/Lab2/database.db b/Lab2/database.db
index 54ebaacbed664a2c1e4e273e1e464e8ab799fc61..200ab061884f9664250abd85b76ba217a03f11f5 100644
Binary files a/Lab2/database.db and b/Lab2/database.db differ
diff --git a/Lab2/database_helper.py b/Lab2/database_helper.py
index 9c812170bf3e2b227e510656d4bfa15b1e08ffd2..0cac71e6f95fea1b8da016bc6cba0ebf759ccd3e 100644
--- a/Lab2/database_helper.py
+++ b/Lab2/database_helper.py
@@ -111,3 +111,13 @@ def get_data_email(email):
         return None
     except:
         return None
+
+
+def change_password(email, newpassword):
+    try:
+        sql = "UPDATE USERS SET password = 'newpassword1' WHERE email = 'cbdgsdsd11mail.com';"
+        get_db().execute(sql)
+        get_db().commit()
+        return True
+    except:
+        return False
diff --git a/Lab2/server.py b/Lab2/server.py
index bc7ad6523b1b7355af03d115e537f03ae3f07ddf..c718b1cb0a006bee6575af1ba45b4889d9d4fc67 100644
--- a/Lab2/server.py
+++ b/Lab2/server.py
@@ -82,8 +82,13 @@ def sign_out():
 def change_password():
     data = request.get_json()
     if('token' in data and 'oldPassword' in data and 'newPassword' in data):
-        return True
-        #return "", 204
+        if database_helper.is_online(data['token']):
+            email = database_helper.tokenToEmail(data['token'])
+            #check old password is good
+            if database_helper.change_password(email, data['newPassword']):
+                return "", 204
+        else:
+            return "", 401
     else:
         return "", 400
 
@@ -94,7 +99,7 @@ def get_user_data_token(token):
     if email:
         return get_user_data_email(token, email)
     else:
-        return "", 403
+        return "", 401
 
 
 @app.route("/account/get/data/<token>/<email>", methods = ['GET'])
@@ -108,14 +113,13 @@ def get_user_data_email(token, email):
                 "gender": data[2],
                 "city": data[3],
                 "country": data[4],
-                "email": data[5],
-                "password": data[6],
+                "email": data[5]
             }
             return jsonify(value), 200
         else:
             return "", 404
     else:
-        return "", 403
+        return "", 401
 
 def generate_token():
     characters = string.ascii_letters + string.digits