If our users want to prevent others from editing the thing, we should make it accessible with only a pin or a password. If we do this, then for every helper php file (add, start, etc) we will need an extra post field or session id to make sure that the person is authorized. The pin/password should be made when the form is made, and only then. If someone can add a pin at any time, bad actors would be able to lock the tournament from everyone.
This should only be implemented when everything else is finished.
Spheroman
commented
4 months ago
If our users want to prevent others from editing the thing, we should make it accessible with only a pin or a password. If we do this, then for every helper php file (add, start, etc) we will need an extra post field or session id to make sure that the person is authorized. The pin/password should be made when the form is made, and only then. If someone can add a pin at any time, bad actors would be able to lock the tournament from everyone.
This should only be implemented when everything else is finished.