diff --git a/backend/main.go b/backend/main.go
index 7cf81ae..cf54c0b 100644
--- a/backend/main.go
+++ b/backend/main.go
@@ -1308,30 +1308,30 @@ func connect() {
 				"result": result,
 			})
 
-		case "check-qr":
-			var count int
-			err := db.QueryRow("SELECT COUNT(esignid) AS result FROM esign WHERE SUBSTR(signature, 36) = ?", data).Scan(&count)
-			if err != nil {
-				c.AbortWithError(http.StatusBadRequest, err)
-				c.String(http.StatusBadRequest, err.Error())
-				return
-			}
-			if count > 0 {
-				err := db.QueryRow("SELECT IFNULL(e.employeename, '') AS result FROM esign es JOIN employee e ON es.employeeid = e.employeeid WHERE SUBSTR(signature, 36) = ?", data).Scan(&result)
-				if err != nil {
-					c.AbortWithError(http.StatusBadRequest, err)
-					c.String(http.StatusBadRequest, err.Error())
-					return
-				}
+			// case "check-qr":
+			// 	var count int
+			// 	err := db.QueryRow("SELECT COUNT(esignid) AS result FROM esign WHERE SUBSTR(signature, 36) = ?", data).Scan(&count)
+			// 	if err != nil {
+			// 		c.AbortWithError(http.StatusBadRequest, err)
+			// 		c.String(http.StatusBadRequest, err.Error())
+			// 		return
+			// 	}
+			// 	if count > 0 {
+			// 		err := db.QueryRow("SELECT IFNULL(e.employeename, '') AS result FROM esign es JOIN employee e ON es.employeeid = e.employeeid WHERE SUBSTR(signature, 36) = ?", data).Scan(&result)
+			// 		if err != nil {
+			// 			c.AbortWithError(http.StatusBadRequest, err)
+			// 			c.String(http.StatusBadRequest, err.Error())
+			// 			return
+			// 		}
 
-				c.JSON(http.StatusOK, gin.H{
-					"result": result,
-				})
-			} else {
-				c.JSON(http.StatusBadRequest, gin.H{
-					"result": count.toString(),
-				})
-			}
+			// 		c.JSON(http.StatusOK, gin.H{
+			// 			"result": result,
+			// 		})
+			// 	} else {
+			// 		c.JSON(http.StatusBadRequest, gin.H{
+			// 			"result": count,
+			// 		})
+			// 	}
 
 		}
 	})
@@ -1975,5 +1975,93 @@ func connect() {
 		}
 	})
 
+	router.POST("/api/update-name", middleware.TokenChecker(), func(c *gin.Context) {
+		type NewnameData struct {
+			Data  int    `json:"data"`  //employeeid
+			Data2 string `json:"data2"` //new name
+		}
+		var newnameData NewnameData
+		if err := c.ShouldBindJSON(&newnameData); err != nil {
+			c.String(http.StatusBadRequest, "Invalid request body")
+			return
+		}
+
+		c.Writer.Header().Set("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Set("X-DNS-Prefetch-Control", "off")
+		c.Writer.Header().Set("X-Frame-Options", "DENY")
+		c.Writer.Header().Set("X-Download-Options", "noopen")
+		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+
+		dbpost, err := db.Prepare("UPDATE employee SET employeename = ? WHERE employeeid = ?")
+		if err != nil {
+			c.AbortWithError(http.StatusInternalServerError, err)
+			c.String(http.StatusInternalServerError, "Internal Server Error")
+			return
+		}
+		defer dbpost.Close()
+
+		exec, err := dbpost.Exec(newnameData.Data2, newnameData.Data)
+		if err != nil {
+			panic(err.Error())
+		}
+
+		affect, err := exec.RowsAffected()
+		if err != nil {
+			panic(err.Error())
+		}
+
+		if affect > 0 {
+			c.String(http.StatusOK, "Success on Changing Name")
+		} else {
+			c.String(http.StatusInternalServerError, "Failed on Changing Name")
+		}
+
+	})
+
+	router.POST("/api/update-password", middleware.TokenChecker(), func(c *gin.Context) {
+		type NewnameData struct {
+			Data  int    `json:"data"`  //employeeid
+			Data2 string `json:"data2"` //new password
+		}
+		var newnameData NewnameData
+		if err := c.ShouldBindJSON(&newnameData); err != nil {
+			c.String(http.StatusBadRequest, "Invalid request body")
+			return
+		}
+
+		c.Writer.Header().Set("X-XSS-Protection", "1; mode=block")
+		c.Writer.Header().Set("X-Content-Type-Options", "nosniff")
+		c.Writer.Header().Set("X-DNS-Prefetch-Control", "off")
+		c.Writer.Header().Set("X-Frame-Options", "DENY")
+		c.Writer.Header().Set("X-Download-Options", "noopen")
+		c.Writer.Header().Set("Referrer-Policy", "no-referrer")
+
+		dbpost, err := db.Prepare("UPDATE esign SET password = ? WHERE employeeid = ?")
+		if err != nil {
+			c.AbortWithError(http.StatusInternalServerError, err)
+			c.String(http.StatusInternalServerError, "Internal Server Error")
+			return
+		}
+		defer dbpost.Close()
+
+		exec, err := dbpost.Exec(newnameData.Data2, newnameData.Data)
+		if err != nil {
+			panic(err.Error())
+		}
+
+		affect, err := exec.RowsAffected()
+		if err != nil {
+			panic(err.Error())
+		}
+
+		if affect > 0 {
+			c.String(http.StatusOK, "Success on Changing Password")
+		} else {
+			c.String(http.StatusInternalServerError, "Failed on Changing Password")
+		}
+
+	})
+
 	router.Run(":4320")
 }