/** * Logins the user * @return null on success and string containing error message on error. */ public function login() { session_start(); $sql = SqlConnect::getInstance(); $result = $sql->runQuery("SELECT admin, member_id, pass_hash, salt FROM Member where player_tag = '" . $this->player_tag . "';"); if ($result->num_rows == 0) { return "Username does not exist."; } $row = $result->fetch_assoc(); $hash = $row["pass_hash"]; $salt = $row["salt"]; $this->id = $row["member_id"]; $admin = $row["admin"]; echo $admin; // verify that password matches with stored password $success = authUtil::verifyPass(HASHALGO, $hash, $salt, $this->player_tag, $this->password); if ($success) { $_SESSION["id"] = $this->id; $_SESSION["player_tag"] = $this->player_tag; $_SESSION["admin"] = $admin; return NULL; } else { return "Username and password did not match."; } }
<?php $tournament_id = $_GET["tournament_id"]; include_once '../../resources/sqlconnect.php'; $sql = SqlConnect::getInstance(); $sql->runQuery("UPDATE Tournament SET open=0 WHERE tournament_id='{$tournament_id}';"); header('Location: ../tournaments_display.php?tournament_id=' . $tournament_id); die;
/** * Escapes the given string */ public function escape($str) { SqlConnect::getInstance(); return mysqli_real_escape_string($this->connection, $str); }