diff --git a/routes/api/all.js b/routes/api/all.js
index 818d8e7..08ab2fe 100644
--- a/routes/api/all.js
+++ b/routes/api/all.js
@@ -32,7 +32,7 @@ export const setup = function (router, con, server) {
                     typeof req.body.auth.appid      !== "number" || 
                     typeof req.body.auth.auth_token !== "string" || 
                     req.body.auth.secret.length     !== 200      || 
-                    req.body.auth.auth_token.length !== 100      ||
+                    req.body.auth.auth_token.length !== 200      ||
                     Buffer.from(req.body.auth.secret,"base64").length !== 150
                 ) {
                     res.status(420).send("invalid authentication object")
@@ -40,7 +40,7 @@ export const setup = function (router, con, server) {
                 } else {
                     //secret    : string(200 chars)
                     //appid     : number
-                    //auth_token: string(100 chars)
+                    //auth_token: string(200 chars)
                     let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
                     con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
                         if(err) throw err;