From 458792a3fa59b177a1e0494b40048c5442d30260 Mon Sep 17 00:00:00 2001
From: Tomasz Sidoruk <tomsid@st.amu.edu.pl>
Date: Wed, 19 Oct 2022 22:40:13 +0200
Subject: [PATCH] ok

Signed-off-by: Tomasz Sidoruk <tomsid@st.amu.edu.pl>
---
 backend/Cargo.toml  |    2 +-
 backend/src/main.rs | 4238 +++++++++++++++++++++++--------------------
 2 files changed, 2320 insertions(+), 1920 deletions(-)

diff --git a/backend/Cargo.toml b/backend/Cargo.toml
index 6bdad27..edcd09c 100644
--- a/backend/Cargo.toml
+++ b/backend/Cargo.toml
@@ -14,4 +14,4 @@ serde = "*"
 serde_derive = "*"
 bcrypt = "0.12"
 rand = "0.3.0"
-
+lettre = "0.10.1"
\ No newline at end of file
diff --git a/backend/src/main.rs b/backend/src/main.rs
index 6f4979d..e91261b 100644
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -1,233 +1,1721 @@
-    use std::collections::HashMap;
-    use serde_derive::{Serialize, Deserialize};
-    use mysql::*;
-    use mysql::prelude::*;
-    use std::convert::Infallible;
-    use std::net::SocketAddr;
-    use hyper::{Body, Client, Method, Request, Response, Server, StatusCode};
-    use hyper::service::{make_service_fn, service_fn};
-    use bcrypt::{DEFAULT_COST, hash, verify};
-    use rand::{OsRng, Rng};
-    use serde_json::Map;
-    use std::thread;
-    use std::time::Duration;
-    use tokio::time::sleep;
+use lettre::transport::smtp::authentication::Credentials;
+use lettre::{Message, SmtpTransport, Transport};
+use std::collections::HashMap;
+use serde_derive::{Serialize, Deserialize};
+use mysql::*;
+use mysql::prelude::*;
+use std::convert::Infallible;
+use std::net::SocketAddr;
+use hyper::{Body, Client, Method, Request, Response, Server, StatusCode};
+use hyper::service::{make_service_fn, service_fn};
+use bcrypt::{DEFAULT_COST, hash, verify};
+use rand::{OsRng, Rng};
+use serde_json::Map;
+use std::time::Duration;
+use tokio::time::sleep;
 
-    #[derive(Serialize, Deserialize)]
-    struct SearchResult {
-        name: String,
-        surname: String,
+#[derive(Serialize, Deserialize)]
+struct SearchResult {
+    name: String,
+    surname: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct Proposal {
+    id: i32,
+    ladderid: i32,
+    winner: String,
+    proposer: i32,
+    approver: i32,
+    score: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct pendingApprovals {
+    id: i32,
+    inviter: i32,
+    tournamnet: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct User {
+    id: i32,
+    name: String,
+    surname: String,
+    role: String,
+    login: String,
+    phone: String,
+    mail: String,
+    ranking: i32,
+}
+
+#[derive(Serialize, Deserialize)]
+struct leaderboard {
+    name: String,
+    surname: String,
+    ranking: i32,
+}
+
+#[derive(Serialize, Deserialize)]
+struct ladderRaw {
+    id: i32,
+    inAtype: String,
+    inA: String,
+    inBtype: String,
+    inB: String,
+    winner: String,
+    round: String,
+    scores: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct Registration {
+    id: i32,
+    userid: i32,
+    tournamentid: String,
+    paymenttype: String,
+    paymentstatus: String,
+    paymenttype2: String,
+    paymentstatus2: String,
+    approval: String,
+    partner: i32,
+}
+
+#[derive(Serialize, Deserialize)]
+struct Usera {
+    id: i32,
+    name: String,
+    surname: String,
+    role: String,
+    login: String,
+    phone: String,
+    mail: String,
+    deleted: i32,
+    ranking: i32,
+}
+
+#[derive(Serialize, Deserialize)]
+struct tournament {
+    id: i32,
+    name: String,
+    typeOfLadder: String,
+    pointsForTournament: i32,
+    places: i32,
+    roles: String,
+    creator: i32,
+    approved: i32,
+    state: i32,
+    currentRound: i32,
+    from: String,
+    to: String,
+    place: String,
+    categotry: String,
+    rang: String,
+    entryFee: i32,
+    director: String,
+    phone: String,
+    entriesTo: String,
+    additionalInformations: String,
+    visibility: String,
+}
+
+#[derive(Serialize, Deserialize)]
+struct tournamenta {
+    id: i32,
+    name: String,
+    typeOfLadder: String,
+    pointsForTournament: i32,
+    places: i32,
+    roles: String,
+    creator: i32,
+    approved: i32,
+    deleted: i32,
+    state: i32,
+    currentRound: i32,
+    from: String,
+    to: String,
+    place: String,
+    categotry: String,
+    rang: String,
+    entryFee: i32,
+    director: String,
+    phone: String,
+    entriesTo: String,
+    additionalInformations: String,
+    visibility: String,
+}
+
+thread_local!(static POOL: Pool = Pool::new(Opts::from_url("mysql://*****").unwrap()).unwrap());
+
+async fn hello_world(req: Request<Body>) -> Result<Response<Body>> {
+    let smtp_server = "****";
+    let smtp_username = "****";
+    let smtp_password = "****";
+    let mut response = Response::new(Body::empty());
+    response.headers_mut().insert("Access-Control-Allow-Origin", "*".parse().unwrap());
+    response.headers_mut().insert("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE".parse().unwrap());
+    response.headers_mut().insert("Access-Control-Allow-Headers", "*".parse().unwrap());
+    if req.method() == &Method::OPTIONS {
+        return Ok(response);
     }
+    match (req.method(), req.uri().path()) {
+        (&Method::GET, "/user/byId") => {
+            let query: &str = req.uri().query().unwrap();
+            let mut splited = query.split("=");
 
-    #[derive(Serialize, Deserialize)]
-    struct Proposal {
-        id: i32,
-        ladderid: i32,
-        winner: String,
-        proposer: i32,
-        approver: i32,
-        score: String,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct User {
-        id: i32,
-        name: String,
-        surname: String,
-        role: String,
-        login: String,
-        phone: String,
-        mail: String,
-        ranking: i32,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct leaderboard {
-        name: String,
-        surname: String,
-        ranking: i32,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct ladderRaw {
-        id: i32,
-        inAtype: String,
-        inA: String,
-        inBtype: String,
-        inB: String,
-        winner: String,
-        round: String,
-        scores: String,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct Registration {
-        id: i32,
-        userid: i32,
-        tournamentid: String,
-        paymenttype: String,
-        paymentstatus: String,
-        approval: String,
-        partner: i32
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct Usera {
-        id: i32,
-        name: String,
-        surname: String,
-        role: String,
-        login: String,
-        phone: String,
-        mail: String,
-        deleted: i32,
-        ranking: i32,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct tournament {
-        id: i32,
-        name: String,
-        typeOfLadder: String,
-        pointsForTournament: i32,
-        places: i32,
-        roles: String,
-        creator: i32,
-        approved: i32,
-        state: i32,
-        currentRound: i32,
-        from: String,
-        to: String,
-        place: String,
-        categotry: String,
-        rang: String,
-        entryFee: i32,
-        director: String,
-        phone: String,
-        entriesTo: String,
-        additionalInformations: String,
-        visibility: String,
-    }
-
-    #[derive(Serialize, Deserialize)]
-    struct tournamenta {
-        id: i32,
-        name: String,
-        typeOfLadder: String,
-        pointsForTournament: i32,
-        places: i32,
-        roles: String,
-        creator: i32,
-        approved: i32,
-        deleted: i32,
-        state: i32,
-        currentRound: i32,
-        from: String,
-        to: String,
-        place: String,
-        categotry: String,
-        rang: String,
-        entryFee: i32,
-        director: String,
-        phone: String,
-        entriesTo: String,
-        additionalInformations: String,
-        visibility: String,
-    }
-
-    thread_local!(static POOL: Pool = Pool::new(Opts::from_url("mysql://inz:****!@*****:3306/inz").unwrap()).unwrap());
-
-    async fn hello_world(req: Request<Body>) -> Result<Response<Body>> {
-        let mut response = Response::new(Body::empty());
-        response.headers_mut().insert("Access-Control-Allow-Origin","*".parse().unwrap());
-        response.headers_mut().insert("Access-Control-Allow-Methods","POST, GET, OPTIONS, PUT, DELETE".parse().unwrap());
-        response.headers_mut().insert("Access-Control-Allow-Headers","*".parse().unwrap());
-        if req.method() == &Method::OPTIONS{
-            return Ok(response);
+            let id = splited.next().unwrap();
+            let val = splited.next().unwrap();
+            if id != "id" {
+                *response.body_mut() = "{\"error\":\"id required\"}".into();
+                return Ok(response);
+            }
+            POOL.with(|poola| {
+                let res = poola.get_conn().unwrap()
+                    .exec_map(
+                        "SELECT name, surname FROM users where deleted =0 and id = ? ;", (&val, ),
+                        |(name, surname)| {
+                            SearchResult { name, surname }
+                        },
+                    );
+                *response.body_mut() = serde_json::to_string(&res.unwrap().get(0)).unwrap().into();
+            });
         }
-        match (req.method(), req.uri().path()) {
-            (&Method::GET, "/user/byId") => {
+        (&Method::GET, "/proposals/pending") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    let urow = row.unwrap().unwrap();
+                    let uid: i32 = urow.get(0).unwrap();
+                    let res = poola.get_conn().unwrap()
+                        .exec_map(
+                            "SELECT * FROM inz.winProposals where proposer in (Select id from registrations where ? = userid or ? = partner ) or approver in (Select id from registrations where ? = userid or ? = partner );", (&uid, &uid, &uid, &uid),
+                            |(id, ladderid, winner, proposer, approver, score)| {
+                                Proposal { id, ladderid, winner, proposer, approver, score }
+                            },
+                        );
+                    *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/proposal/approve") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id is required\"}".into();
+                    return Ok(response);
+                }
+                let id = s.get("id").unwrap().to_string();
+
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select  id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    let mut con2 = poola.get_conn().unwrap();
+                    let mut result2 = con2.exec_iter("Select ladderid, winner, score from winProposals where id =?;", (&id, )).unwrap();
+                    let mut it2 = result2.iter().unwrap();
+                    row2 = it2.next();
+                    let mut con3 = poola.get_conn().unwrap();
+                    let mut result3 = con3.exec_iter("Select userid, partner from registrations where id =(Select approver from winProposals where id =?);", (&id, )).unwrap();
+                    let mut it3 = result3.iter().unwrap();
+                    row3 = it3.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+                if row2.is_none() {
+                    *response.status_mut() = StatusCode::BAD_REQUEST;
+                    return Ok(response);
+                }
+                let urow = row.unwrap().unwrap();
+                let urow2 = row2.unwrap().unwrap();
+                let urow3 = row3.unwrap().unwrap();
+                let uid: i32 = urow.get(0).unwrap();
+                let user: i32 = urow3.get(0).unwrap();
+                let partner: i32 = urow3.get(1).unwrap();
+                if !(uid == user || uid == partner) {
+                    *response.status_mut() = StatusCode::BAD_REQUEST;
+                    return Ok(response);
+                }
+                let ladderid: i32 = urow2.get(0).unwrap();
+                let winner: String = urow2.get(1).unwrap();
+                let score: String = urow2.get(2).unwrap();
+                POOL.with(|poola| {
+                    poola.get_conn().unwrap().exec_drop("Update ladder set winner =?, scores=? where id = ?", (winner, score, ladderid)).unwrap();
+                    poola.get_conn().unwrap().exec_drop("delete from winProposals where id = ?", (id, )).unwrap();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::PUT, "/proposal") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                let ladderid = s.get("ladderid").unwrap().to_string();
+
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select  id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    let mut con2 = poola.get_conn().unwrap();
+                    let mut result2 = con2.exec_iter("Select inAtype, inA, inBtype, inB from ladder where deleted = 0 and id =? and winner ='0';", (&ladderid, )).unwrap();
+                    let mut it2 = result2.iter().unwrap();
+                    row2 = it2.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+                if row2.is_none() {
+                    *response.status_mut() = StatusCode::BAD_REQUEST;
+                    return Ok(response);
+                }
+                let urow = row.unwrap().unwrap();
+                let urow2 = row2.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let inAtype: String = urow2.get(0).unwrap();
+                let mut inA: String = urow2.get(1).unwrap();
+                let inBtype: String = urow2.get(2).unwrap();
+                let mut inB: String = urow2.get(3).unwrap();
+                if s.contains_key("score") && s.contains_key("winner") {
+                    if s.get("winner").unwrap() != "A" && s.get("winner").unwrap() != "B" {
+                        *response.body_mut() = "{\"error\":\"winner must be A or B\"}".into();
+                        return Ok(response);
+                    }
+                    if inAtype != "R" {
+                        let mut res3: Option<Result<Row>> = None;
+                        POOL.with(|poola| {
+                            res3 = poola.get_conn().unwrap()
+                                .exec_iter("WITH RECURSIVE menu_tree
+    AS (
+    SELECT if('A' ='A', inAtype, inBtype) as 'type', if('A' ='A', inA, inB) as 'val' from ladder where id =?
+      UNION ALL
+      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
+      FROM menu_tree mn, inz.ladder la
+      WHERE mn.val= la.id and mn.type != 'R'
+    )
+     SELECT * FROM menu_tree where type = 'R'", (&ladderid, ),
+                                ).unwrap().iter().unwrap().next();
+                        });
+                        if !res3.is_none() {
+                            let urow3 = res3.unwrap().unwrap();
+                            inA = urow3.get(1).unwrap();
+                        } else {
+                            *response.status_mut() = StatusCode::BAD_REQUEST;
+                            return Ok(response);
+                        }
+                    }
+                    if inBtype != "R" {
+                        let mut res3: Option<Result<Row>> = None;
+                        POOL.with(|poola| {
+                            res3 = poola.get_conn().unwrap()
+                                .exec_iter("WITH RECURSIVE menu_tree
+    AS (
+    SELECT if('B' ='A', inAtype, inBtype) as 'type', if('B' ='A', inA, inB) as 'val' from ladder where id =?
+      UNION ALL
+      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
+      FROM menu_tree mn, inz.ladder la
+      WHERE mn.val= la.id and mn.type != 'R'
+    )
+     SELECT * FROM menu_tree where type = 'R'", (&ladderid, ),
+                                ).unwrap().iter().unwrap().next();
+                        });
+                        if !res3.is_none() {
+                            let urow3 = res3.unwrap().unwrap();
+                            inB = urow3.get(1).unwrap();
+                        } else {
+                            *response.status_mut() = StatusCode::BAD_REQUEST;
+                            return Ok(response);
+                        }
+                    }
+                    let mut res3: Option<Result<Row>> = None;
+                    let mut res4: Option<Result<Row>> = None;
+                    POOL.with(|poola| {
+                        res3 = poola.get_conn().unwrap()
+                            .exec_iter("SELECT userid, partner FROM inz.registrations where id = ?;", (&inA, ),
+                            ).unwrap().iter().unwrap().next();
+                        res4 = poola.get_conn().unwrap()
+                            .exec_iter("SELECT userid, partner FROM inz.registrations where id = ?;", (&inB, ),
+                            ).unwrap().iter().unwrap().next();
+                    });
+                    let urow3 = res3.unwrap().unwrap();
+                    let urow4 = res4.unwrap().unwrap();
+                    let mut prop = "";
+                    let mut acc = "";
+                    let u1: i32 = urow3.get(0).unwrap();
+                    let u2: i32 = urow3.get(1).unwrap();
+                    let u3: i32 = urow4.get(0).unwrap();
+                    let u4: i32 = urow4.get(1).unwrap();
+                    if u1 == id || u2 == id {
+                        prop = &inA;
+                        acc = &inB;
+                    } else {
+                        if u3 == id || u4 == id {
+                            prop = &inB;
+                            acc = &inA;
+                        } else {
+                            *response.status_mut() = StatusCode::BAD_REQUEST;
+                            return Ok(response);
+                        }
+                    }
+                    POOL.with(|poola| {
+                        let nid = "{\"id\":".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`winProposals`(ladderid, winner, proposer, approver, score) VALUES (?,?,?,?,?);", (&ladderid, s.get("winner"), prop, acc, s.get("score"))).unwrap().last_insert_id().unwrap().to_string() + "\"}";
+                        *response.body_mut() = nid.into();
+                    });
+                } else {
+                    *response.body_mut() = "{\"error\":\"not all fields\"}".into();
+                }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/ladders/solved") => {
+            let query: &str = req.uri().query().unwrap();
+            let mut splited = query.split("=");
+
+            let id = splited.next().unwrap();
+            let val = splited.next().unwrap();
+            if id != "id" {
+                *response.body_mut() = "{\"error\":\"id required\"}".into();
+                return Ok(response);
+            }
+            POOL.with(|poola| {
+                let res = poola.get_conn().unwrap()
+                    .exec_iter(
+                        "SELECT  id, inAtype, inA, inBtype, inB, winner, round, scores from ladder where deleted =0 and id = ?", (val, ),
+                    ).unwrap().iter().unwrap().next();
+                let res2 = poola.get_conn().unwrap()
+                    .exec_iter("WITH RECURSIVE menu_tree
+    AS (
+    SELECT if('A' ='A', inAtype, inBtype) as 'type', if('A' ='A', inA, inB) as 'val' from ladder where id =?
+      UNION ALL
+      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
+      FROM menu_tree mn, inz.ladder la
+      WHERE mn.val= la.id and mn.type != 'R'
+    )
+     SELECT * FROM menu_tree where type = 'R'", (val, ),
+                    ).unwrap().iter().unwrap().next();
+                let res3 = poola.get_conn().unwrap()
+                    .exec_iter("WITH RECURSIVE menu_tree
+    AS (
+    SELECT if('B' ='A', inAtype, inBtype) as 'type', if('B' ='A', inA, inB) as 'val' from ladder where id =?
+      UNION ALL
+      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
+      FROM menu_tree mn, inz.ladder la
+      WHERE mn.val= la.id and mn.type != 'R'
+    )
+     SELECT * FROM menu_tree where type = 'R'", (val, ),
+                    ).unwrap().iter().unwrap().next();
+                let ur = res.unwrap().unwrap();
+                let id1: i32 = ur.get(0).unwrap();
+                let mut inAtype: String = ur.get(1).unwrap();
+                let mut inA: String = ur.get(2).unwrap();
+                let mut inBtype: String = ur.get(3).unwrap();
+                let mut inB: String = ur.get(4).unwrap();
+                let winner: String = ur.get(5).unwrap();
+                let round: String = ur.get(6).unwrap();
+                let scores: String = ur.get(7).unwrap();
+                if !res2.is_none() {
+                    let urow3 = res2.unwrap().unwrap();
+                    inAtype = urow3.get(0).unwrap();
+                    inA = urow3.get(1).unwrap();
+                }
+                if !res3.is_none() {
+                    let urow4 = res3.unwrap().unwrap();
+                    inBtype = urow4.get(0).unwrap();
+                    inB = urow4.get(1).unwrap();
+                }
+                let res = ladderRaw { id: id1, inAtype: inAtype, inA: inA, inBtype: inBtype, inB: inB, winner: winner, round: round, scores: scores };
+                *response.body_mut() = serde_json::to_string(&res).unwrap().into();
+            });
+        }
+        (&Method::GET, "/ladders/raw") => {
+            let query: &str = req.uri().query().unwrap();
+            let mut splited = query.split("=");
+
+            let id = splited.next().unwrap();
+            let val = splited.next().unwrap();
+            if id != "tournamentid" {
+                *response.body_mut() = "{\"error\":\"tournamentid required\"}".into();
+                return Ok(response);
+            }
+            POOL.with(|poola| {
+                let res = poola.get_conn().unwrap()
+                    .exec_map(
+                        "SELECT  id, inAtype, inA, inBtype, inB, winner, round, scores from ladder where deleted =0 and tournamentid = ?", (val, ),
+                        |(id, inAtype, inA, inBtype, inB, winner, round, scores)| {
+                            ladderRaw { id, inAtype, inA, inBtype, inB, winner, round, scores }
+                        },
+                    );
+                *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+            });
+        }
+        (&Method::POST, "/ladder") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id is required\"}".into();
+                    return Ok(response);
+                }
+
+                let mut row: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+
+                let urow = row.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let role: String = urow.get(1).unwrap();
+                let tournamentid = s.get("id");
+                if role == "2" {
+                    POOL.with(|poola| {
+                        let mut con3 = poola.get_conn().unwrap();
+                        let mut result3 = con3.exec_iter("Select creator from tournaments where id = (Select tournamentid from ladder where id =?);", (&tournamentid, )).unwrap();
+                        let mut it3 = result3.iter().unwrap();
+                        row3 = it3.next();
+                    });
+                    let urow3 = row3.unwrap().unwrap();
+                    let creator: i32 = urow3.get(0).unwrap();
+                    if creator != id {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                }
+                POOL.with(|poola| {
+                    if s.contains_key("inAtype") {
+                        if s.get("inAtype").unwrap() != "R" && s.get("inAtype").unwrap() != "W" && s.get("inAtype").unwrap() != "L" {
+                            *response.body_mut() = "{\"error\":\"inAtype must be R, W or L\"}".into();
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update ladder set inAtype =? where id = ? and deleted =0", (s.get("inAtype"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("inBtype") {
+                        if s.get("inBtype").unwrap() != "R" && s.get("inBtype").unwrap() != "W" && s.get("inBtype").unwrap() != "L" {
+                            *response.body_mut() = "{\"error\":\"inBtype must be R, W or L\"}".into();
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update ladder set inBtype =? where id = ? and deleted =0", (s.get("inBtype"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("inA") {
+                        poola.get_conn().unwrap().exec_drop("Update ladder set inA =? where id = ? and deleted =0", (s.get("inA"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("inB") {
+                        poola.get_conn().unwrap().exec_drop("Update ladder set inB =? where id = ? and deleted =0", (s.get("inB"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("winner") {
+                        poola.get_conn().unwrap().exec_drop("Update ladder set winner =? where id = ? and deleted =0", (s.get("winner"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("round") {
+                        poola.get_conn().unwrap().exec_drop("Update ladder set round =? where id = ? and deleted =0", (s.get("round"), &tournamentid)).unwrap();
+                    }
+                    if s.contains_key("scores") {
+                        poola.get_conn().unwrap().exec_drop("Update ladder set scores =? where id = ? and deleted =0", (s.get("scores"), &tournamentid)).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::DELETE, "/ladder") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id is required\"}".into();
+                    return Ok(response);
+                }
+
+                let mut row: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+
+                let urow = row.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let role: String = urow.get(1).unwrap();
+                let tournamentid = s.get("id");
+                if role == "2" {
+                    POOL.with(|poola| {
+                        let mut con3 = poola.get_conn().unwrap();
+                        let mut result3 = con3.exec_iter("Select creator from tournaments where id = (Select tournamentid from ladder where id =?);", (&tournamentid, )).unwrap();
+                        let mut it3 = result3.iter().unwrap();
+                        row3 = it3.next();
+                    });
+                    let urow3 = row3.unwrap().unwrap();
+                    let creator: i32 = urow3.get(0).unwrap();
+                    if creator != id {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                }
+                POOL.with(|poola| {
+                    poola.get_conn().unwrap().exec_drop("Update ladder set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::PUT, "/ladder") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("inAtype") || !s.contains_key("inA") || !s.contains_key("inBtype") || !s.contains_key("inB") || !s.contains_key("round") || !s.contains_key("tournamentid") {
+                    *response.body_mut() = "{\"error\":\"no all fields\"}".into();
+                    return Ok(response);
+                }
+
+                let mut row: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+                let tournamentid = s.get("tournamentid");
+
+                if s.get("inBtype").unwrap() == "R" {
+                    let mut row4: Option<Result<Row>> = None;
+                    POOL.with(|poola| {
+                        let mut con = poola.get_conn().unwrap();
+                        let mut result = con.exec_iter("Select id from registrations where id= ? and informed = 1 and tournamentid =?", (&s.get("inB"), &tournamentid)).unwrap();
+                        let mut it = result.iter().unwrap();
+                        row4 = it.next();
+                    });
+                    if row4.is_none() {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                } else {
+                    if s.get("inBtype").unwrap() == "W" || s.get("inBtype").unwrap() == "L" {
+                        let mut row4: Option<Result<Row>> = None;
+                        POOL.with(|poola| {
+                            let mut con = poola.get_conn().unwrap();
+                            let mut result = con.exec_iter("Select id from ladder where id= ? and tournamentid=?", (&s.get("inB"), &tournamentid)).unwrap();
+                            let mut it = result.iter().unwrap();
+                            row4 = it.next();
+                        });
+                        if row4.is_none() {
+                            *response.status_mut() = StatusCode::NOT_FOUND;
+                            return Ok(response);
+                        }
+                    } else {
+                        *response.body_mut() = "{\"error\":\"inBtype must be R, W or L\"}".into();
+                        return Ok(response);
+                    }
+                }
+                if s.get("inAtype").unwrap() == "R" {
+                    let mut row4: Option<Result<Row>> = None;
+                    POOL.with(|poola| {
+                        let mut con = poola.get_conn().unwrap();
+                        let mut result = con.exec_iter("Select id from registrations where id= ? and informed = 1 and tournamentid=?", (&s.get("inA"), &tournamentid)).unwrap();
+                        let mut it = result.iter().unwrap();
+                        row4 = it.next();
+                    });
+                    if row4.is_none() {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                } else {
+                    if s.get("inAtype").unwrap() == "W" || s.get("inAtype").unwrap() == "L" {
+                        let mut row4: Option<Result<Row>> = None;
+                        POOL.with(|poola| {
+                            let mut con = poola.get_conn().unwrap();
+                            let mut result = con.exec_iter("Select id from ladder where id= ? and tournamentid=?", (&s.get("inA"), &tournamentid)).unwrap();
+                            let mut it = result.iter().unwrap();
+                            row4 = it.next();
+                        });
+                        if row4.is_none() {
+                            *response.status_mut() = StatusCode::NOT_FOUND;
+                            return Ok(response);
+                        }
+                    } else {
+                        *response.body_mut() = "{\"error\":\"inAtype must be R, W or L\"}".into();
+                        return Ok(response);
+                    }
+                }
+                let urow = row.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let role: String = urow.get(1).unwrap();
+                if role == "2" {
+                    POOL.with(|poola| {
+                        let mut con3 = poola.get_conn().unwrap();
+                        let mut result3 = con3.exec_iter("Select creator from tournaments where id = ?;", (&tournamentid, )).unwrap();
+                        let mut it3 = result3.iter().unwrap();
+                        row3 = it3.next();
+                    });
+                    let urow3 = row3.unwrap().unwrap();
+                    let creator: i32 = urow3.get(0).unwrap();
+                    if creator != id {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                }
+                POOL.with(|poola| {
+                    let nid = "{\"id\":".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`ladder`(`inAtype`,`inA`,`inBtype`,`inB`,`winner`,`round`,`scores`,`tournamentid`,`deleted`) VALUES (?,?,?,?,'0',?,'-1',?,0);", (s.get("inAtype"), s.get("inA"), s.get("inBtype"), s.get("inB"), s.get("round"), s.get("tournamentid"))).unwrap().last_insert_id().unwrap().to_string() + "\"}";
+                    *response.body_mut() = nid.into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/leaderboard") => {
+            POOL.with(|poola| {
+                let res = poola.get_conn().unwrap()
+                    .query_map(
+                        "SELECT  name, surname, ranking from users where deleted =0 order by ranking DESC",
+                        |(name, surname, ranking)| {
+                            leaderboard { name, surname, ranking }
+                        },
+                    );
+                *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+            });
+        }
+        (&Method::POST, "/tournament/cancelTournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    let mut conn1 = poola.get_conn().unwrap();
+                    let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
+                    let mut it1 = result1.iter().unwrap();
+                    let row1 = it1.next();
+                    let urow1 = row1.unwrap().unwrap();
+                    let creator: i32 = urow1.get(0).unwrap();
+                    let state: i32 = urow1.get(1).unwrap();
+                    if state == 3 {
+                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                        return;
+                    }
+                    if role == "2" {
+                        if creator != id {
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =4 where id = ?", (&s.get("id"), )).unwrap();
+                    } else {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =4 where id = ?", (&s.get("id"), )).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/tournament/endTournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+
+                let parsed: serde_json::Value = serde_json::from_slice(&byte_stream).unwrap();
+                if parsed.get("id") == None {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    let mut conn1 = poola.get_conn().unwrap();
+                    let mut result1 = conn1.exec_iter("Select creator, state, approved from tournaments where id = ? b", (&parsed.get("id"), )).unwrap();
+                    let mut it1 = result1.iter().unwrap();
+                    let row1 = it1.next();
+                    let urow1 = row1.unwrap().unwrap();
+                    let creator: i32 = urow1.get(0).unwrap();
+                    let state: i32 = urow1.get(1).unwrap();
+                    let approved: i32 = urow1.get(2).unwrap();
+                    if state != 2 {
+                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                        return;
+                    }
+                    if role == "2" {
+                        if creator != id {
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =3 where id = ?", (&parsed.get("id"), )).unwrap();
+                    } else {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =3 where id = ?", (&parsed.get("id"), )).unwrap();
+                    }
+                    if approved == 2 {
+                        let arr: &Vec<serde_json::Value> = parsed.get("results").unwrap().as_array().unwrap();
+                        for i in 0..arr.len() {
+                            let cur: &Map<String, serde_json::Value> = arr.get(i).unwrap().as_object().unwrap();
+                            poola.get_conn().unwrap().exec_drop("Update users set ranking =ranking+? where id = (Select userid from registrations where id = ?) or id = (Select partner from registrations where id = ?)", (&cur.get("points"), &cur.get("rid"), &cur.get("rid"))).unwrap();
+                        }
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/tournament/startTournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    let mut conn1 = poola.get_conn().unwrap();
+                    let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
+                    let mut it1 = result1.iter().unwrap();
+                    let row1 = it1.next();
+                    let urow1 = row1.unwrap().unwrap();
+                    let creator: i32 = urow1.get(0).unwrap();
+                    let state: i32 = urow1.get(1).unwrap();
+                    if state != 1 {
+                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                        return;
+                    }
+                    if role == "2" {
+                        if creator != id {
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =2 where id = ?", (&s.get("id"), )).unwrap();
+                    } else {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =2 where id = ?", (&s.get("id"), )).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/tournament/closeRegistrations") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    let mut conn1 = poola.get_conn().unwrap();
+                    let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
+                    let mut it1 = result1.iter().unwrap();
+                    let row1 = it1.next();
+                    let urow1 = row1.unwrap().unwrap();
+                    let creator: i32 = urow1.get(0).unwrap();
+                    let state: i32 = urow1.get(1).unwrap();
+                    if state != 0 {
+                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                        return;
+                    }
+                    if role == "2" {
+                        if creator != id {
+                            return;
+                        }
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =1 where id = ?", (&s.get("id"), )).unwrap();
+                    } else {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set state =1 where id = ?", (&s.get("id"), )).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/registration/approve") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    if role == "2" {
+                        let mut conn1 = poola.get_conn().unwrap();
+                        let mut result1 = conn1.exec_iter("Select userid,approval,partnerAcceptance,(Select mail from users where users.id = userid),(Select mail from users where users.id = partner) from registrations where id = ?", (&s.get("id"), )).unwrap();
+                        let mut it1 = result1.iter().unwrap();
+                        let row1 = it1.next();
+                        let urow1 = row1.unwrap().unwrap();
+                        let userid: i32 = urow1.get(0).unwrap();
+                        let approval: String = urow1.get(1).unwrap();
+                        let partnerAcceptance: i32 = urow1.get(2).unwrap();
+                        let usermail: String = urow1.get(3).unwrap();
+                        let partnermail: String = urow1.get(4).unwrap();
+                        if userid != id {
+                            return;
+                        }
+                        if approval == "0" && partnerAcceptance == 1 {
+                            poola.get_conn().unwrap().exec_drop("Update registrations set approval ='1' where id = ?", (&s.get("id"), )).unwrap();
+                            let email = Message::builder()
+                                .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                                .to(("Yuin <".to_owned()+&usermail+">").parse().unwrap())
+                                .subject("your registration has been accepted")
+                                .body(String::from("now is time to pay <put your url here>")+s.get("id").unwrap())
+                                .unwrap();
+
+                            let creds = Credentials::new(smtp_username.to_string(), smtp_password.to_string());
+
+                            let mailer = SmtpTransport::relay(smtp_server)
+                                .unwrap()
+                                .credentials(creds)
+                                .build();
+                            match mailer.send(&email) {
+                                Ok(_) => { },
+                                Err(e) => panic!("Could not send email: {:?}", e),
+                                _ => {}
+                            }
+                            let email2 = Message::builder()
+                                .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                                .to(("Yuin <".to_owned()+&partnermail+">").parse().unwrap())
+                                .subject("your registration has been accepted")
+                                .body(String::from("now is time to pay <put your url here>")+s.get("id").unwrap())
+                                .unwrap();
+                            match mailer.send(&email2) {
+                                Ok(_) => { },
+                                Err(e) => panic!("Could not send email: {:?}", e),
+                                _ => {}
+                            }
+                        }
+                    } else {
+                        let mut conn1 = poola.get_conn().unwrap();
+                        let mut result1 = conn1.exec_iter("Select userid,approval,partnerAcceptance,(Select mail from users where users.id = userid),(Select mail from users where users.id = partner) from registrations where id = ?", (&s.get("id"), )).unwrap();
+                        let mut it1 = result1.iter().unwrap();
+                        let row1 = it1.next();
+                        let urow1 = row1.unwrap().unwrap();
+                        let userid: i32 = urow1.get(0).unwrap();
+                        let approval: String = urow1.get(1).unwrap();
+                        let partnerAcceptance: i32 = urow1.get(2).unwrap();
+                        let usermail: String = urow1.get(3).unwrap();
+                        let partnermail: String = urow1.get(4).unwrap();
+                        if approval == "0" && partnerAcceptance == 1 {
+                            poola.get_conn().unwrap().exec_drop("Update registrations set approval ='1' where id = ?", (&s.get("id"), )).unwrap();
+                            let email = Message::builder()
+                                .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                                .to(("Yuin <".to_owned()+&usermail+">").parse().unwrap())
+                                .subject("your registration has been accepted")
+                                .body(String::from("now is time to pay <put your url here>")+s.get("id").unwrap())
+                                .unwrap();
+
+                            let creds = Credentials::new(smtp_username.to_string(), smtp_password.to_string());
+
+                            let mailer = SmtpTransport::relay(smtp_server)
+                                .unwrap()
+                                .credentials(creds)
+                                .build();
+                            match mailer.send(&email) {
+                                Ok(_) => { },
+                                Err(e) => panic!("Could not send email: {:?}", e),
+                                _ => {}
+                            }
+                            let email2 = Message::builder()
+                                .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                                .to(("Yuin <".to_owned()+&partnermail+">").parse().unwrap())
+                                .subject("your registration has been accepted")
+                                .body(String::from("now is time to pay <put your url here>")+s.get("id").unwrap())
+                                .unwrap();
+                            match mailer.send(&email2) {
+                                Ok(_) => { },
+                                Err(e) => panic!("Could not send email: {:?}", e),
+                                _ => {}
+                            }
+                        }
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/registrations") => {
+            if req.headers().contains_key("Authorization") {
                 let query: &str = req.uri().query().unwrap();
                 let mut splited = query.split("=");
-
                 let id = splited.next().unwrap();
                 let val = splited.next().unwrap();
                 if id != "id" {
                     *response.body_mut() = "{\"error\":\"id required\"}".into();
                     return Ok(response);
                 }
-                    POOL.with(|poola| {
-                        let res = poola.get_conn().unwrap()
-                            .exec_map(
-                                "SELECT name, surname FROM users where deleted =0 and id = ? ;", (&val, ),
-                                |(name,surname)| {
-                                    SearchResult { name,surname }
-                                },
-                            );
-                        *response.body_mut() = serde_json::to_string(&res.unwrap().get(0)).unwrap().into();
-                    });
 
-            }
-            (&Method::GET, "/proposals/pending") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id,role from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
                     }
-                    let token = tmp.next().unwrap().to_string();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        let urow = row.unwrap().unwrap();
-                        let uid: i32 = urow.get(0).unwrap();
+
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+                    let role: String = urow.get(1).unwrap();
+                    if role == "1" {
                         let res = poola.get_conn().unwrap()
                             .exec_map(
-                                "SELECT * FROM inz.winProposals where proposer in (Select id from registrations where ? = userid or ? = partner ) or approver in (Select id from registrations where ? = userid or ? = partner );", (&uid, &uid, &uid, &uid),
-                                |(id, ladderid, winner, proposer, approver, score)| {
-                                    Proposal { id, ladderid, winner, proposer, approver, score }
+                                "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`paymenttype2`,`registrations`.`paymentstatus2`,`registrations`.`approval`,`registrations`.`partner`  FROM `inz`.`registrations` where tournamentid= ? and (userid=? or partner =?);", (&val, id, id),
+                                |(id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner)| {
+                                    Registration { id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner }
                                 },
                             );
                         *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/proposal/approve") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id is required\"}".into();
-                        return Ok(response);
-                    }
-                    let id = s.get("id").unwrap().to_string();
+                    } else {
+                        if role == "2" {
+                            let mut conn1 = poola.get_conn().unwrap();
+                            let mut result1 = conn1.exec_iter("Select creator from tournaments where id = ?", (&val, )).unwrap();
+                            let mut it1 = result1.iter().unwrap();
+                            let row1 = it1.next();
+                            let urow1 = row1.unwrap().unwrap();
+                            let userid: i32 = urow1.get(0).unwrap();
+                            if userid != id {
+                                let res = poola.get_conn().unwrap()
+                                    .exec_map(
+                                        "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`paymenttype2`,`registrations`.`paymentstatus2`,`registrations`.`approval`,`registrations`.`partner`  FROM `inz`.`registrations` where tournamentid= ? and (userid=? or partner =?);", (&val, id, id),
+                                        |(id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner)| {
+                                            Registration { id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner }
+                                        },
+                                    );
+                                *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+                                return;
+                            }
 
+
+                            let res = poola.get_conn().unwrap()
+                                .exec_map(
+                                    "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`paymenttype2`,`registrations`.`paymentstatus2`,`registrations`.`approval`,`registrations`.`partner` FROM `inz`.`registrations` where tournamentid= ?;", (&val, ),
+                                    |(id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner)| {
+                                        Registration { id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner }
+                                    },
+                                );
+                            *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+                        } else {
+                            let res = poola.get_conn().unwrap()
+                                .exec_map(
+                                    "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`paymenttype2`,`registrations`.`paymentstatus2`,`registrations`.`approval` ,`registrations`.`partner` FROM `inz`.`registrations` where tournamentid= ?;", (&val, ),
+                                    |(id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner)| {
+                                        Registration { id, userid, tournamentid, paymenttype, paymentstatus,paymenttype2, paymentstatus2, approval, partner }
+                                    },
+                                );
+                            *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+                        }
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/admin/user") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if !s.contains_key("id") {
+                        *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
+                        return;
+                    }
+                    let idi = s.get("id").unwrap();
+                    if s.contains_key("name") {
+                        poola.get_conn().unwrap().exec_drop("Update users set name =? where id = ?", (s.get("name"), idi)).unwrap();
+                    }
+                    if s.contains_key("surname") {
+                        poola.get_conn().unwrap().exec_drop("Update users set surname =? where id = ?", (s.get("surname"), idi)).unwrap();
+                    }
+                    if s.contains_key("password") {
+                        poola.get_conn().unwrap().exec_drop("Update users set password =? where id = ?", (hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap(), idi)).unwrap();
+                    }
+                    if s.contains_key("mail") {
+                        poola.get_conn().unwrap().exec_drop("Update users set mail =? where id = ?", (s.get("mail"), idi)).unwrap();
+                    }
+                    if s.contains_key("phone") {
+                        poola.get_conn().unwrap().exec_drop("Update users set phone =? where id = ?", (s.get("phone"), idi)).unwrap();
+                    }
+                    if s.contains_key("role") {
+                        poola.get_conn().unwrap().exec_drop("Update users set role =? where id = ?", (s.get("role"), idi)).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::DELETE, "/admin/user") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if !s.contains_key("id") {
+                        *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
+                        return;
+                    }
+                    poola.get_conn().unwrap().exec_drop("Update users set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/admin/users") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let res = poola.get_conn().unwrap()
+                        .query_map(
+                            "SELECT `id`, `name`, `surname`, `role`, `login`, `mail`, `phone`,`deleted`, `ranking` from users ",
+                            |(id, name, surname, role, login, mail, phone, deleted, ranking)| {
+                                Usera { id, name, surname, role, login, mail, phone, deleted, ranking }
+                            },
+                        );
+                    *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::DELETE, "/admin/tournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if !s.contains_key("id") {
+                        *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
+                        return;
+                    }
+                    poola.get_conn().unwrap().exec_drop("Update tournaments set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/admin/tournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if !s.contains_key("id") {
+                        *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
+                        return;
+                    }
+                    if s.contains_key("name") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set name =? where id = ?", (s.get("name"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("typeOfLadder") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set typeOfLadder =? where id = ?", (s.get("typeOfLadder"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("pointsForTournament") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set pointsForTournament =? where id = ?", (s.get("pointsForTournament"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("places") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set places =? where id = ?", (s.get("places"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("roles") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set roles =? where id = ?", (s.get("roles"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("currentRound") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set currentRound =? where id = ?", (s.get("currentRound"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("from") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set `from` =? where id = ? ", (s.get("from"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("to") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set `to` =? where id = ? ", (s.get("to"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("place") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set place =? where id = ? ", (s.get("place"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("categotry") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set categotry =? where id = ? ", (s.get("categotry"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("rang") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set rang =? where id = ? ", (s.get("rang"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("entryFee") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set entryFee =? where id = ? ", (s.get("entryFee"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("director") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set director =? where id = ? ", (s.get("director"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("phone") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set phone =? where id = ? ", (s.get("phone"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("entriesTo") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set entriesTo =? where id = ? ", (s.get("entriesTo"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("additionalInformations") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set additionalInformations =? where id = ? ", (s.get("additionalInformations"), &s.get("id"))).unwrap();
+                    }
+                    if s.contains_key("visibility") {
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set visibility =? where id = ? ", (s.get("visibility"), &s.get("id"))).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/admin/tournaments") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let mut row: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let mut res = Vec::new();
+                    poola.get_conn().unwrap()
+                        .query_iter(
+                            "SELECT id, name, typeOfLadder, pointsForTournament, places, roles, creator,approved,deleted, state, currentRound,`from`, `to`, place, categotry, rang, entryFee, director, phone,entriesTo, additionalInformations,visibility from tournaments ",
+                        ).unwrap().for_each(|row| {
+                        let result_set = row.unwrap();
+                        res.push(tournamenta { id: result_set.get(0).unwrap(), name: result_set.get(1).unwrap(), typeOfLadder: result_set.get(2).unwrap(), places: result_set.get(4).unwrap(), roles: result_set.get(5).unwrap(), creator: result_set.get(6).unwrap(), pointsForTournament: result_set.get(3).unwrap(), approved: result_set.get(7).unwrap(), deleted: result_set.get(8).unwrap(), state: result_set.get(9).unwrap(), currentRound: result_set.get(10).unwrap(), from: result_set.get(11).unwrap(), to: result_set.get(12).unwrap(), place: result_set.get(13).unwrap(), categotry: result_set.get(14).unwrap(), rang: result_set.get(15).unwrap(), entryFee: result_set.get(16).unwrap(), director: result_set.get(17).unwrap(), phone: result_set.get(18).unwrap(), entriesTo: result_set.get(19).unwrap(), additionalInformations: result_set.get(20).unwrap(), visibility: result_set.get(21).unwrap() });
+                    });
+
+                    *response.body_mut() = serde_json::to_string(&res).unwrap().into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/admin/approveTurnament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                if s.contains_key("id") {
                     POOL.with(|poola| {
                         let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select  id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                        let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
                         let mut it = result.iter().unwrap();
                         row = it.next();
                         let mut con2 = poola.get_conn().unwrap();
-                        let mut result2 = con2.exec_iter("Select ladderid, winner, score from winProposals where id =?;", (&id, )).unwrap();
+                        let mut result2 = con2.exec_iter("Select approved from tournaments where id =?;", (&s.get("id").unwrap(), )).unwrap();
+                        let mut it2 = result2.iter().unwrap();
+                        row2 = it2.next();
+                    });
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return Ok(response);
+                    }
+                    let urow2 = row2.unwrap().unwrap();
+                    let approved: i32 = urow2.get(0).unwrap();
+                    if approved == 1 {
+                        POOL.with(|poola| {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set approved =2 where id = ?", (s.get("id").unwrap(), )).unwrap();
+                        });
+                    } else {
+                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                        return Ok(response);
+                    }
+                } else {
+                    *response.body_mut() = "{\"error\":\"missing id\"}".into();
+                }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/registration/payedUsingCash") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id") {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    let mut con2 = poola.get_conn().unwrap();
+                    let mut result2 = con2.exec_iter("Select paymenttype,tournamentid from registrations where id =?;", (&s.get("id"), )).unwrap();
+                    let mut it2 = result2.iter().unwrap();
+                    row2 = it2.next();
+                });
+                if row.is_none() {
+                    *response.status_mut() = StatusCode::FORBIDDEN;
+                    return Ok(response);
+                }
+                if row2.is_none() {
+                    *response.status_mut() = StatusCode::NOT_FOUND;
+                    return Ok(response);
+                }
+                let urow = row.unwrap().unwrap();
+                let urow2 = row2.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let role: String = urow.get(1).unwrap();
+                let paymenttype: String = urow2.get(0).unwrap();
+                let tournamentid: String = urow2.get(1).unwrap();
+                if role == "2" {
+                    POOL.with(|poola| {
+                        let mut con3 = poola.get_conn().unwrap();
+                        let mut result3 = con3.exec_iter("Select creator from tournaments where id = ?;", (&tournamentid, )).unwrap();
+                        let mut it3 = result3.iter().unwrap();
+                        row3 = it3.next();
+                    });
+                    let urow3 = row3.unwrap().unwrap();
+                    let creator: i32 = urow3.get(0).unwrap();
+                    if creator != id {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                }
+                if paymenttype == "cash" {
+                    POOL.with(|poola| {
+                        poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='DONE' where id = ?", (&s.get("id"), )).unwrap();
+                    });
+                } else {
+                    *response.status_mut() = StatusCode::BAD_REQUEST;
+                    return Ok(response);
+                }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/registration/paymentstatus") => {
+            if req.headers().contains_key("Authorization") {
+                let query: &str = req.uri().query().unwrap();
+                let mut splited = query.split("=");
+                let id = splited.next().unwrap();
+                let val = splited.next().unwrap();
+                if id != "id" {
+                    *response.body_mut() = "{\"error\":\"id required\"}".into();
+                    return Ok(response);
+                }
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id, role from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let mut con2 = poola.get_conn().unwrap();
+                    let mut result2 = con2.exec_iter("Select paymentstatus, paymentreference, userid, paymenttype, paymentstatus2, paymentreference2, paymenttype2, partner from registrations where id =?;", (&val, )).unwrap();
+                    let mut it2 = result2.iter().unwrap();
+                    row2 = it2.next();
+                });
+                if row2.is_none() {
+                    *response.status_mut() = StatusCode::NOT_FOUND;
+                    return Ok(response);
+                }
+                let urow = row.unwrap().unwrap();
+                let urow2 = row2.unwrap().unwrap();
+                let id: i32 = urow.get(0).unwrap();
+                let role: String = urow.get(1).unwrap();
+                let paymentstatus: String = urow2.get(0).unwrap();
+                let paymentreference: String = urow2.get(1).unwrap();
+                let userid: i32 = urow2.get(2).unwrap();
+                let paymenttype: String = urow2.get(3).unwrap();
+                let paymentstatus2: String = urow2.get(4).unwrap();
+                let paymentreference2: String = urow2.get(5).unwrap();
+                let paymenttype2: String = urow2.get(6).unwrap();
+                let partner: i32 = urow2.get(7).unwrap();
+                if role == "1" || role == "2" {
+                    if userid != id && partner != id {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
+                        return Ok(response);
+                    }
+                }
+                let mut respb= String::from("");
+                if paymentstatus == "PENDING" && paymenttype != "cash" {
+                    if paymenttype == "btc" {
+                        let client = Client::new();
+                        let req = Request::builder()
+                            .method(Method::GET)
+                            .uri("http://****/api/v1/stores/****/invoices/".to_owned() + &paymentreference)
+                            .header("content-type", "application/json")
+                            .header("Authorization", "token *****").body(Body::empty()).unwrap();
+                        let resp = client.request(req).await.unwrap();
+                        let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
+                        let stat: String = parsed.get("status").unwrap().as_str().unwrap().into();
+                        if stat == "New" {
+                            respb = "{\"status\":\"PENDING\"".to_string();
+                        } else {
+                            if stat == "Settled" {
+                                respb ="{\"status\":\"DONE\"".to_string();
+                                POOL.with(|poola| {
+                                    poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='DONE' where id = ?", (val, )).unwrap();
+                                });
+                            } else {
+                                if stat == "Processing" {
+                                    respb="{\"status\":\"PROCESSING\"".to_string();
+                                } else {
+                                    if stat == "Expired" {
+                                        respb="{\"status\":\"EXPIRED\"".to_string();
+                                        POOL.with(|poola| {
+                                            poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='EXPIRED' where id = ?", (val, )).unwrap();
+                                        });
+                                    } else {
+                                        respb="{\"status\":\"".to_owned() + &stat + "\"";
+                                        POOL.with(|poola| {
+                                            poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus =? where id = ?", (stat, val)).unwrap();
+                                        });
+                                    }
+                                }
+                            }
+                        }
+                    }
+                } else {
+                    respb="{\"status\":\"".to_owned() + &paymentstatus + "\"";
+                }
+                if paymentstatus2 == "PENDING" && paymenttype2 != "cash" {
+                    if paymenttype2 == "btc" {
+                        let client = Client::new();
+                        let req = Request::builder()
+                            .method(Method::GET)
+                            .uri("http://****/api/v1/stores/****/invoices/".to_owned() + &paymentreference2)
+                            .header("content-type", "application/json")
+                            .header("Authorization", "token ****").body(Body::empty()).unwrap();
+                        let resp = client.request(req).await.unwrap();
+                        let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
+                        let stat: String = parsed.get("status").unwrap().as_str().unwrap().into();
+                        if stat == "New" {
+                            respb += ",\"status2\":\"PENDING\"}";
+                        } else {
+                            if stat == "Settled" {
+                                respb +=",\"status2\":\"DONE\"}";
+                                POOL.with(|poola| {
+                                    poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 ='DONE' where id = ?", (val, )).unwrap();
+                                });
+                            } else {
+                                if stat == "Processing" {
+                                    respb+=",\"status2\":\"PROCESSING\"}";
+                                } else {
+                                    if stat == "Expired" {
+                                        respb+=",\"status2\":\"EXPIRED\"}";
+                                        POOL.with(|poola| {
+                                            poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 ='EXPIRED' where id = ?", (val, )).unwrap();
+                                        });
+                                    } else {
+                                        respb+= &*(",\"status2\":\"".to_owned() + &stat + "\"}");
+                                        POOL.with(|poola| {
+                                            poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 =? where id = ?", (stat, val)).unwrap();
+                                        });
+                                    }
+                                }
+                            }
+                        }
+                    }
+                } else {
+                    respb+= &*(",\"status2\":\"".to_owned() + &paymentstatus + "\"}");
+                }
+
+                *response.body_mut() = respb.into();
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::PUT, "/registration") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                let mut row: Option<Result<Row>> = None;
+                let mut row2: Option<Result<Row>> = None;
+                let mut row3: Option<Result<Row>> = None;
+                if s.contains_key("tournament") && s.contains_key("partner") {
+                    let tournament = s.get("tournament").unwrap().to_string();
+                    let partner = s.get("partner").unwrap().to_string();
+
+                    POOL.with(|poola| {
+                        let mut con = poola.get_conn().unwrap();
+
+                        let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                        let mut it = result.iter().unwrap();
+                        row = it.next();
+                        let mut con2 = poola.get_conn().unwrap();
+
+                        let mut result2 = con2.exec_iter("Select id, entryFee from tournaments where state = 0 and id =?;", (&tournament, )).unwrap();
                         let mut it2 = result2.iter().unwrap();
                         row2 = it2.next();
                         let mut con3 = poola.get_conn().unwrap();
-                        let mut result3 = con3.exec_iter("Select userid, partner from registrations where id =(Select approver from winProposals where id =?);", (&id, )).unwrap();
+
+                        let mut result3 = con3.exec_iter("SELECT id FROM inz.users where id= ?;", (&partner, )).unwrap();
                         let mut it3 = result3.iter().unwrap();
                         row3 = it3.next();
                     });
@@ -239,1795 +1727,632 @@
                         *response.status_mut() = StatusCode::BAD_REQUEST;
                         return Ok(response);
                     }
-                    let urow = row.unwrap().unwrap();
-                    let urow2 = row2.unwrap().unwrap();
-                    let urow3 = row3.unwrap().unwrap();
-                    let uid: i32 = urow.get(0).unwrap();
-                    let user: i32 = urow3.get(0).unwrap();
-                    let partner: i32 = urow3.get(1).unwrap();
-                    if !(uid == user || uid == partner) {
-                        *response.status_mut() = StatusCode::BAD_REQUEST;
-                        return Ok(response);
-                    }
-                    let ladderid: i32 = urow2.get(0).unwrap();
-                    let winner: String = urow2.get(1).unwrap();
-                    let score: String = urow2.get(2).unwrap();
-                    POOL.with(|poola| {
-                        poola.get_conn().unwrap().exec_drop("Update ladder set winner =?, scores=? where id = ?", (winner, score, ladderid)).unwrap();
-                        poola.get_conn().unwrap().exec_drop("delete from winProposals where id = ?", (id, )).unwrap();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::PUT, "/proposal") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    let ladderid = s.get("ladderid").unwrap().to_string();
-
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select  id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        let mut con2 = poola.get_conn().unwrap();
-                        let mut result2 = con2.exec_iter("Select inAtype, inA, inBtype, inB from ladder where deleted = 0 and id =? and winner ='0';", (&ladderid, )).unwrap();
-                        let mut it2 = result2.iter().unwrap();
-                        row2 = it2.next();
-                    });
-                    if row.is_none() {
-                        *response.status_mut() = StatusCode::FORBIDDEN;
-                        return Ok(response);
-                    }
-                    if row2.is_none() {
-                        *response.status_mut() = StatusCode::BAD_REQUEST;
+                    if row3.is_none() {
+                        *response.status_mut() = StatusCode::NOT_FOUND;
                         return Ok(response);
                     }
                     let urow = row.unwrap().unwrap();
                     let urow2 = row2.unwrap().unwrap();
                     let id: i32 = urow.get(0).unwrap();
-                    let inAtype: String = urow2.get(0).unwrap();
-                    let mut inA: String = urow2.get(1).unwrap();
-                    let inBtype: String = urow2.get(2).unwrap();
-                    let mut inB: String = urow2.get(3).unwrap();
-                    if s.contains_key("score") && s.contains_key("winner") {
-                        if s.get("winner").unwrap() != "A" && s.get("winner").unwrap() != "B" {
-                            *response.body_mut() = "{\"error\":\"winner must be A or B\"}".into();
-                            return Ok(response);
-                        }
-                        if inAtype != "R" {
-                            let mut res3: Option<Result<Row>> = None;
-                            POOL.with(|poola| {
-                                res3 = poola.get_conn().unwrap()
-                                    .exec_iter("WITH RECURSIVE menu_tree
-    AS (
-    SELECT if('A' ='A', inAtype, inBtype) as 'type', if('A' ='A', inA, inB) as 'val' from ladder where id =?
-      UNION ALL
-      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
-      FROM menu_tree mn, inz.ladder la
-      WHERE mn.val= la.id and mn.type != 'R'
-    )
-     SELECT * FROM menu_tree where type = 'R'", (&ladderid, ),
-                                    ).unwrap().iter().unwrap().next();
-                            });
-                            if !res3.is_none() {
-                                let urow3 = res3.unwrap().unwrap();
-                                inA = urow3.get(1).unwrap();
-                            } else {
-                                *response.status_mut() = StatusCode::BAD_REQUEST;
-                                return Ok(response);
-                            }
-                        }
-                        if inBtype != "R" {
-                            let mut res3: Option<Result<Row>> = None;
-                            POOL.with(|poola| {
-                                res3 = poola.get_conn().unwrap()
-                                    .exec_iter("WITH RECURSIVE menu_tree
-    AS (
-    SELECT if('B' ='A', inAtype, inBtype) as 'type', if('B' ='A', inA, inB) as 'val' from ladder where id =?
-      UNION ALL
-      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
-      FROM menu_tree mn, inz.ladder la
-      WHERE mn.val= la.id and mn.type != 'R'
-    )
-     SELECT * FROM menu_tree where type = 'R'", (&ladderid, ),
-                                    ).unwrap().iter().unwrap().next();
-                            });
-                            if !res3.is_none() {
-                                let urow3 = res3.unwrap().unwrap();
-                                inB = urow3.get(1).unwrap();
-                            } else {
-                                *response.status_mut() = StatusCode::BAD_REQUEST;
-                                return Ok(response);
-                            }
-                        }
-                        let mut res3: Option<Result<Row>> = None;
-                        let mut res4: Option<Result<Row>> = None;
-                        POOL.with(|poola| {
-                            res3 = poola.get_conn().unwrap()
-                                .exec_iter("SELECT userid, partner FROM inz.registrations where id = ?;", (&inA, ),
-                                ).unwrap().iter().unwrap().next();
-                            res4 = poola.get_conn().unwrap()
-                                .exec_iter("SELECT userid, partner FROM inz.registrations where id = ?;", (&inB, ),
-                                ).unwrap().iter().unwrap().next();
-                        });
-                        let urow3 = res3.unwrap().unwrap();
-                        let urow4 = res4.unwrap().unwrap();
-                        let mut prop = "";
-                        let mut acc = "";
-                        let u1: i32 = urow3.get(0).unwrap();
-                        let u2: i32 = urow3.get(1).unwrap();
-                        let u3: i32 = urow4.get(0).unwrap();
-                        let u4: i32 = urow4.get(1).unwrap();
-                        if u1 == id || u2 == id {
-                            prop = &inA;
-                            acc = &inB;
-                        } else {
-                            if u3 == id || u4 == id {
-                                prop = &inB;
-                                acc = &inA;
-                            } else {
-                                *response.status_mut() = StatusCode::BAD_REQUEST;
-                                return Ok(response);
-                            }
-                        }
-                        POOL.with(|poola| {
-                            let nid = "{\"id\":".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`winProposals`(ladderid, winner, proposer, approver, score) VALUES (?,?,?,?,?);", (&ladderid, s.get("winner"), prop, acc, s.get("score"))).unwrap().last_insert_id().unwrap().to_string() + "\"}";
-                            *response.body_mut() = nid.into();
-                        });
-                    } else {
-                        *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                    }
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/ladders/solved") => {
-                let query: &str = req.uri().query().unwrap();
-                let mut splited = query.split("=");
-
-                let id = splited.next().unwrap();
-                let val = splited.next().unwrap();
-                if id != "id" {
-                    *response.body_mut() = "{\"error\":\"id required\"}".into();
-                    return Ok(response);
-                }
-                POOL.with(|poola| {
-                    let res = poola.get_conn().unwrap()
-                        .exec_iter(
-                            "SELECT  id, inAtype, inA, inBtype, inB, winner, round, scores from ladder where deleted =0 and id = ?", (val, ),
-                        ).unwrap().iter().unwrap().next();
-                    let res2 = poola.get_conn().unwrap()
-                        .exec_iter("WITH RECURSIVE menu_tree
-    AS (
-    SELECT if('A' ='A', inAtype, inBtype) as 'type', if('A' ='A', inA, inB) as 'val' from ladder where id =?
-      UNION ALL
-      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
-      FROM menu_tree mn, inz.ladder la
-      WHERE mn.val= la.id and mn.type != 'R'
-    )
-     SELECT * FROM menu_tree where type = 'R'", (val, ),
-                        ).unwrap().iter().unwrap().next();
-                    let res3 = poola.get_conn().unwrap()
-                        .exec_iter("WITH RECURSIVE menu_tree
-    AS (
-    SELECT if('B' ='A', inAtype, inBtype) as 'type', if('B' ='A', inA, inB) as 'val' from ladder where id =?
-      UNION ALL
-      SELECT if(mn.type ='W', if(la.winner ='A', inAtype, if(la.winner ='B', la.inBtype, null)), if(la.winner ='A', la.inBtype, if(la.winner ='B', la.inAtype, null))) , if(mn.type ='W', if(la.winner ='A', la.inA, if(la.winner ='B', la.inB, null)), if(la.winner ='A', la.inB, if(la.winner ='B', la.inA, null)))
-      FROM menu_tree mn, inz.ladder la
-      WHERE mn.val= la.id and mn.type != 'R'
-    )
-     SELECT * FROM menu_tree where type = 'R'", (val, ),
-                        ).unwrap().iter().unwrap().next();
-                    let ur = res.unwrap().unwrap();
-                    let id1: i32 = ur.get(0).unwrap();
-                    let mut inAtype: String = ur.get(1).unwrap();
-                    let mut inA: String = ur.get(2).unwrap();
-                    let mut inBtype: String = ur.get(3).unwrap();
-                    let mut inB: String = ur.get(4).unwrap();
-                    let winner: String = ur.get(5).unwrap();
-                    let round: String = ur.get(6).unwrap();
-                    let scores: String = ur.get(7).unwrap();
-                    if !res2.is_none() {
-                        let urow3 = res2.unwrap().unwrap();
-                        inAtype = urow3.get(0).unwrap();
-                        inA = urow3.get(1).unwrap();
-                    }
-                    if !res3.is_none() {
-                        let urow4 = res3.unwrap().unwrap();
-                        inBtype = urow4.get(0).unwrap();
-                        inB = urow4.get(1).unwrap();
-                    }
-                    let res = ladderRaw { id: id1, inAtype: inAtype, inA: inA, inBtype: inBtype, inB: inB, winner: winner, round: round, scores: scores };
-                    *response.body_mut() = serde_json::to_string(&res).unwrap().into();
-                });
-            }
-            (&Method::GET, "/ladders/raw") => {
-                let query: &str = req.uri().query().unwrap();
-                let mut splited = query.split("=");
-
-                let id = splited.next().unwrap();
-                let val = splited.next().unwrap();
-                if id != "tournamentid" {
-                    *response.body_mut() = "{\"error\":\"tournamentid required\"}".into();
-                    return Ok(response);
-                }
-                POOL.with(|poola| {
-                    let res = poola.get_conn().unwrap()
-                        .exec_map(
-                            "SELECT  id, inAtype, inA, inBtype, inB, winner, round, scores from ladder where deleted =0 and tournamentid = ?", (val, ),
-                            |(id, inAtype, inA, inBtype, inB, winner, round, scores)| {
-                                ladderRaw { id, inAtype, inA, inBtype, inB, winner, round, scores }
-                            },
-                        );
-                    *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                });
-            }
-            (&Method::POST, "/ladder") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id is required\"}".into();
-                        return Ok(response);
-                    }
-
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
                     POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                    });
-                    if row.is_none() {
-                        *response.status_mut() = StatusCode::FORBIDDEN;
-                        return Ok(response);
-                    }
-
-                    let urow = row.unwrap().unwrap();
-                    let id: i32 = urow.get(0).unwrap();
-                    let role: String = urow.get(1).unwrap();
-                    let tournamentid = s.get("id");
-                    if role == "2" {
-                        POOL.with(|poola| {
-                            let mut con3 = poola.get_conn().unwrap();
-                            let mut result3 = con3.exec_iter("Select creator from tournaments where id = (Select tournamentid from ladder where id =?);", (&tournamentid, )).unwrap();
-                            let mut it3 = result3.iter().unwrap();
-                            row3 = it3.next();
-                        });
-                        let urow3 = row3.unwrap().unwrap();
-                        let creator: i32 = urow3.get(0).unwrap();
-                        if creator != id {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }
-                    POOL.with(|poola| {
-                        if s.contains_key("inAtype") {
-                            if s.get("inAtype").unwrap() != "R" && s.get("inAtype").unwrap() != "W" && s.get("inAtype").unwrap() != "L" {
-                                *response.body_mut() = "{\"error\":\"inAtype must be R, W or L\"}".into();
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update ladder set inAtype =? where id = ? and deleted =0", (s.get("inAtype"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("inBtype") {
-                            if s.get("inBtype").unwrap() != "R" && s.get("inBtype").unwrap() != "W" && s.get("inBtype").unwrap() != "L" {
-                                *response.body_mut() = "{\"error\":\"inBtype must be R, W or L\"}".into();
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update ladder set inBtype =? where id = ? and deleted =0", (s.get("inBtype"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("inA") {
-                            poola.get_conn().unwrap().exec_drop("Update ladder set inA =? where id = ? and deleted =0", (s.get("inA"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("inB") {
-                            poola.get_conn().unwrap().exec_drop("Update ladder set inB =? where id = ? and deleted =0", (s.get("inB"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("winner") {
-                            poola.get_conn().unwrap().exec_drop("Update ladder set winner =? where id = ? and deleted =0", (s.get("winner"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("round") {
-                            poola.get_conn().unwrap().exec_drop("Update ladder set round =? where id = ? and deleted =0", (s.get("round"), &tournamentid)).unwrap();
-                        }
-                        if s.contains_key("scores") {
-                            poola.get_conn().unwrap().exec_drop("Update ladder set scores =? where id = ? and deleted =0", (s.get("scores"), &tournamentid)).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::DELETE, "/ladder") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id is required\"}".into();
-                        return Ok(response);
-                    }
-
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                    });
-                    if row.is_none() {
-                        *response.status_mut() = StatusCode::FORBIDDEN;
-                        return Ok(response);
-                    }
-
-                    let urow = row.unwrap().unwrap();
-                    let id: i32 = urow.get(0).unwrap();
-                    let role: String = urow.get(1).unwrap();
-                    let tournamentid = s.get("id");
-                    if role == "2" {
-                        POOL.with(|poola| {
-                            let mut con3 = poola.get_conn().unwrap();
-                            let mut result3 = con3.exec_iter("Select creator from tournaments where id = (Select tournamentid from ladder where id =?);", (&tournamentid, )).unwrap();
-                            let mut it3 = result3.iter().unwrap();
-                            row3 = it3.next();
-                        });
-                        let urow3 = row3.unwrap().unwrap();
-                        let creator: i32 = urow3.get(0).unwrap();
-                        if creator != id {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }
-                    POOL.with(|poola| {
-                        poola.get_conn().unwrap().exec_drop("Update ladder set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::PUT, "/ladder") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("inAtype") || !s.contains_key("inA") || !s.contains_key("inBtype") || !s.contains_key("inB") || !s.contains_key("round") || !s.contains_key("tournamentid") {
-                        *response.body_mut() = "{\"error\":\"no all fields\"}".into();
-                        return Ok(response);
-                    }
-
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                    });
-                    if row.is_none() {
-                        *response.status_mut() = StatusCode::FORBIDDEN;
-                        return Ok(response);
-                    }
-                    let tournamentid = s.get("tournamentid");
-
-                    if s.get("inBtype").unwrap() == "R" {
-                        let mut row4: Option<Result<Row>> = None;
-                        POOL.with(|poola| {
-                            let mut con = poola.get_conn().unwrap();
-                            let mut result = con.exec_iter("Select id from registrations where id= ? and paymentstatus = 'DONE' and tournamentid =?", (&s.get("inB"),&tournamentid )).unwrap();
-                            let mut it = result.iter().unwrap();
-                            row4 = it.next();
-                        });
-                        if row4.is_none() {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }else {
-                        if s.get("inBtype").unwrap() == "W" || s.get("inBtype").unwrap() == "L" {
-                            let mut row4: Option<Result<Row>> = None;
-                            POOL.with(|poola| {
-                                let mut con = poola.get_conn().unwrap();
-                                let mut result = con.exec_iter("Select id from ladder where id= ? and tournamentid=?", (&s.get("inB"),&tournamentid )).unwrap();
-                                let mut it = result.iter().unwrap();
-                                row4 = it.next();
-                            });
-                            if row4.is_none() {
-                                *response.status_mut() = StatusCode::NOT_FOUND;
-                                return Ok(response);
-                            }
-                        } else {
-                            *response.body_mut() = "{\"error\":\"inBtype must be R, W or L\"}".into();
-                            return Ok(response);
-                        }
-                    }
-                    if s.get("inAtype").unwrap() == "R" {
-                        let mut row4: Option<Result<Row>> = None;
-                        POOL.with(|poola| {
-                            let mut con = poola.get_conn().unwrap();
-                            let mut result = con.exec_iter("Select id from registrations where id= ? and paymentstatus = 'DONE' and tournamentid=?", (&s.get("inA"),&tournamentid )).unwrap();
-                            let mut it = result.iter().unwrap();
-                            row4 = it.next();
-                        });
-                        if row4.is_none() {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }else {
-                        if s.get("inAtype").unwrap() == "W" || s.get("inAtype").unwrap() == "L" {
-                            let mut row4: Option<Result<Row>> = None;
-                            POOL.with(|poola| {
-                                let mut con = poola.get_conn().unwrap();
-                                let mut result = con.exec_iter("Select id from ladder where id= ? and tournamentid=?", (&s.get("inA"),&tournamentid )).unwrap();
-                                let mut it = result.iter().unwrap();
-                                row4 = it.next();
-                            });
-                            if row4.is_none() {
-                                *response.status_mut() = StatusCode::NOT_FOUND;
-                                return Ok(response);
-                            }
-                        } else {
-                            *response.body_mut() = "{\"error\":\"inAtype must be R, W or L\"}".into();
-                            return Ok(response);
-                        }
-                    }
-                    let urow = row.unwrap().unwrap();
-                    let id: i32 = urow.get(0).unwrap();
-                    let role: String = urow.get(1).unwrap();
-                    if role == "2" {
-                        POOL.with(|poola| {
-                            let mut con3 = poola.get_conn().unwrap();
-                            let mut result3 = con3.exec_iter("Select creator from tournaments where id = ?;", (&tournamentid, )).unwrap();
-                            let mut it3 = result3.iter().unwrap();
-                            row3 = it3.next();
-                        });
-                        let urow3 = row3.unwrap().unwrap();
-                        let creator: i32 = urow3.get(0).unwrap();
-                        if creator != id {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }
-                    POOL.with(|poola| {
-                        let nid = "{\"id\":".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`ladder`(`inAtype`,`inA`,`inBtype`,`inB`,`winner`,`round`,`scores`,`tournamentid`,`deleted`) VALUES (?,?,?,?,'0',?,'-1',?,0);", (s.get("inAtype"), s.get("inA"), s.get("inBtype"), s.get("inB"), s.get("round"), s.get("tournamentid"))).unwrap().last_insert_id().unwrap().to_string() + "\"}";
+                        let nid = "{\"id\":\"".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`registrations`(`userid`,`tournamentid`,`paymenttype`,`paymentstatus`,`approval`,`paymentreference`,`partner`,`partnerAcceptance`,`paymenttype2`,`paymentstatus2`,`paymentreference2`,`informed`)VALUES(?,?,'','NOTSTARTED',0,'',?,0,'','NOTSTARTED','',0);", (id, tournament, partner)).unwrap().last_insert_id().unwrap().to_string() + "\"}";
                         *response.body_mut() = nid.into();
                     });
                 } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    *response.body_mut() = "{\"error\":\"not all fields\"}".into();
                 }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
             }
-            (&Method::GET, "/leaderboard") => {
-                POOL.with(|poola| {
-                    let res = poola.get_conn().unwrap()
-                        .query_map(
-                            "SELECT  name, surname, ranking from users where deleted =0 order by ranking DESC",
-                            |(name, surname, ranking)| {
-                                leaderboard { name, surname, ranking }
-                            },
-                        );
-                    *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                });
-            }
-            (&Method::POST, "/tournament/cancelTournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
+        }
+        (&Method::POST, "/payForRegistration") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap().to_string();
+
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if !s.contains_key("id")||!s.contains_key("paymentmethod") {
+                    *response.body_mut() = "id and paymentmethod is required".into();
+                }else {
+                    let paymentmethod = s.get("paymentmethod").unwrap().to_string();
+                    let rid = s.get("id").unwrap().to_string();
+                    let mut isowner = false;
+                    let mut isinvited = false;
+                    let mut fee = -1;
                     POOL.with(|poola| {
                         let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                        if aa != "Bearer" {
+                            *response.status_mut() = StatusCode::UNAUTHORIZED;
+                            return;
+                        }
+
+                        let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
                         let mut it = result.iter().unwrap();
                         let row = it.next();
                         if row.is_none() {
                             *response.status_mut() = StatusCode::FORBIDDEN;
                             return;
                         }
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        let mut conn1 = poola.get_conn().unwrap();
-                        let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
-                        let mut it1 = result1.iter().unwrap();
-                        let row1 = it1.next();
-                        let urow1 = row1.unwrap().unwrap();
-                        let creator: i32 = urow1.get(0).unwrap();
-                        let state: i32 = urow1.get(1).unwrap();
-                        if state == 3 {
+                        let uid: i32 = row.unwrap().unwrap().get(0).unwrap();
+                        let mut con2 = poola.get_conn().unwrap();
+                        let mut result2 = con2.exec_iter("SELECT id FROM inz.registrations where userid=? and id = ? and approval =1", (&uid, &rid)).unwrap();
+                        let mut it2 = result2.iter().unwrap();
+                        let row2 = it2.next();
+                        if !row2.is_none() {
+                            isowner = true;
+                        }
+                        let mut con3 = poola.get_conn().unwrap();
+                        let mut result3 = con3.exec_iter("SELECT id FROM inz.registrations where partner=? and id = ? and approval =1", (&uid, &rid)).unwrap();
+                        let mut it3 = result3.iter().unwrap();
+                        let row3 = it3.next();
+                        if !row3.is_none() {
+                            isinvited = true;
+                        }
+                        if isowner == false && isinvited == false {
                             *response.status_mut() = StatusCode::BAD_REQUEST;
                             return;
                         }
-                        if role == "2" {
-                            if creator != id {
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =4 where id = ?", (&s.get("id"), )).unwrap();
-                        } else {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =4 where id = ?", (&s.get("id"), )).unwrap();
-                        }
+                        let mut conn4 = poola.get_conn().unwrap();
+                        let mut result4 = conn4.exec_iter("SELECT entryFee FROM inz.tournaments where id = (SELECT tournamentid FROM inz.registrations where id = ?)", (&rid, )).unwrap();
+                        let mut it4 = result4.iter().unwrap();
+                        let row4 = it4.next();
+                        fee = row4.unwrap().unwrap().get(0).unwrap();
                     });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/tournament/endTournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-
-                    let parsed: serde_json::Value = serde_json::from_slice(&byte_stream).unwrap();
-                    if parsed.get("id") == None {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        let mut conn1 = poola.get_conn().unwrap();
-                        let mut result1 = conn1.exec_iter("Select creator, state, approved from tournaments where id = ? b", (&parsed.get("id"), )).unwrap();
-                        let mut it1 = result1.iter().unwrap();
-                        let row1 = it1.next();
-                        let urow1 = row1.unwrap().unwrap();
-                        let creator: i32 = urow1.get(0).unwrap();
-                        let state: i32 = urow1.get(1).unwrap();
-                        let approved: i32 = urow1.get(2).unwrap();
-                        if state != 2 {
-                            *response.status_mut() = StatusCode::BAD_REQUEST;
-                            return;
-                        }
-                        if role == "2" {
-                            if creator != id {
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =3 where id = ?", (&parsed.get("id"), )).unwrap();
-                        } else {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =3 where id = ?", (&parsed.get("id"), )).unwrap();
-                        }
-                        if approved == 2 {
-                            let arr: &Vec<serde_json::Value> = parsed.get("results").unwrap().as_array().unwrap();
-                            for i in 0..arr.len() {
-                                let cur: &Map<String, serde_json::Value> = arr.get(i).unwrap().as_object().unwrap();
-                                poola.get_conn().unwrap().exec_drop("Update users set ranking =ranking+? where id = (Select userid from registrations where id = ?) or id = (Select partner from registrations where id = ?)", (&cur.get("points"), &cur.get("rid"), &cur.get("rid"))).unwrap();
-                            }
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/tournament/startTournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        let mut conn1 = poola.get_conn().unwrap();
-                        let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
-                        let mut it1 = result1.iter().unwrap();
-                        let row1 = it1.next();
-                        let urow1 = row1.unwrap().unwrap();
-                        let creator: i32 = urow1.get(0).unwrap();
-                        let state: i32 = urow1.get(1).unwrap();
-                        if state != 1 {
-                            *response.status_mut() = StatusCode::BAD_REQUEST;
-                            return;
-                        }
-                        if role == "2" {
-                            if creator != id {
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =2 where id = ?", (&s.get("id"), )).unwrap();
-                        } else {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =2 where id = ?", (&s.get("id"), )).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/tournament/closeRegistrations") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        let mut conn1 = poola.get_conn().unwrap();
-                        let mut result1 = conn1.exec_iter("Select creator, state from tournaments where id = ?", (&s.get("id"), )).unwrap();
-                        let mut it1 = result1.iter().unwrap();
-                        let row1 = it1.next();
-                        let urow1 = row1.unwrap().unwrap();
-                        let creator: i32 = urow1.get(0).unwrap();
-                        let state: i32 = urow1.get(1).unwrap();
-                        if state != 0 {
-                            *response.status_mut() = StatusCode::BAD_REQUEST;
-                            return;
-                        }
-                        if role == "2" {
-                            if creator != id {
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =1 where id = ?", (&s.get("id"), )).unwrap();
-                        } else {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set state =1 where id = ?", (&s.get("id"), )).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/registration/approve") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where (role = '2' OR role = '3')AND id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        if role == "2" {
-                            let mut conn1 = poola.get_conn().unwrap();
-                            let mut result1 = conn1.exec_iter("Select userid from registrations where id = ?", (&s.get("id"), )).unwrap();
-                            let mut it1 = result1.iter().unwrap();
-                            let row1 = it1.next();
-                            let urow1 = row1.unwrap().unwrap();
-                            let userid: i32 = urow1.get(0).unwrap();
-                            if userid != id {
-                                return;
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update registrations set approval ='1' where id = ?", (&s.get("id"), )).unwrap();
-                        } else {
-                            poola.get_conn().unwrap().exec_drop("Update registrations set approval ='1' where id = ?", (&s.get("id"), )).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/registrations") => {
-                if req.headers().contains_key("Authorization") {
-                    let query: &str = req.uri().query().unwrap();
-                    let mut splited = query.split("=");
-                    let id = splited.next().unwrap();
-                    let val = splited.next().unwrap();
-                    if id != "id" {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id,role from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-
-                        let urow = row.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let role: String = urow.get(1).unwrap();
-                        if role == "1" {
-                            let res = poola.get_conn().unwrap()
-                                .exec_map(
-                                    "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`approval`,`registrations`.`partner`  FROM `inz`.`registrations` where tournamentid= ? and (userid=? or partner =?);", (&val, id, id),
-                                    |(id, userid, tournamentid, paymenttype, paymentstatus, approval, partner)| {
-                                        Registration { id, userid, tournamentid, paymenttype, paymentstatus, approval, partner }
-                                    },
-                                );
-                            *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                        } else {
-                            if role == "2" {
-                                let mut conn1 = poola.get_conn().unwrap();
-                                let mut result1 = conn1.exec_iter("Select creator from tournaments where id = ?", (&val, )).unwrap();
-                                let mut it1 = result1.iter().unwrap();
-                                let row1 = it1.next();
-                                let urow1 = row1.unwrap().unwrap();
-                                let userid: i32 = urow1.get(0).unwrap();
-                                if userid != id {
-                                    let res = poola.get_conn().unwrap()
-                                        .exec_map(
-                                            "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`approval`,`registrations`.`partner`  FROM `inz`.`registrations` where tournamentid= ? and (userid=? or partner =?);", (&val, id, id),
-                                            |(id, userid, tournamentid, paymenttype, paymentstatus, approval, partner)| {
-                                                Registration { id, userid, tournamentid, paymenttype, paymentstatus, approval, partner }
-                                            },
-                                        );
-                                    *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                                    return;
-                                }
-
-
-                                let res = poola.get_conn().unwrap()
-                                    .exec_map(
-                                        "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`approval`,`registrations`.`partner` FROM `inz`.`registrations` where tournamentid= ?;", (&val, ),
-                                        |(id, userid, tournamentid, paymenttype, paymentstatus, approval, partner)| {
-                                            Registration { id, userid, tournamentid, paymenttype, paymentstatus, approval, partner }
-                                        },
-                                    );
-                                *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                            } else {
-                                let res = poola.get_conn().unwrap()
-                                    .exec_map(
-                                        "SELECT `registrations`.`id`,`registrations`.`userid`,`registrations`.`tournamentid`,`registrations`.`paymenttype`,`registrations`.`paymentstatus`,`registrations`.`approval` ,`registrations`.`partner` FROM `inz`.`registrations` where tournamentid= ?;", (&val, ),
-                                        |(id, userid, tournamentid, paymenttype, paymentstatus, approval, partner)| {
-                                            Registration { id, userid, tournamentid, paymenttype, paymentstatus, approval, partner }
-                                        },
-                                    );
-                                *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                            }
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/admin/user") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if !s.contains_key("id") {
-                            *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
-                            return;
-                        }
-                        let idi = s.get("id").unwrap();
-                        if s.contains_key("name") {
-                            poola.get_conn().unwrap().exec_drop("Update users set name =? where id = ?", (s.get("name"), idi)).unwrap();
-                        }
-                        if s.contains_key("surname") {
-                            poola.get_conn().unwrap().exec_drop("Update users set surname =? where id = ?", (s.get("surname"), idi)).unwrap();
-                        }
-                        if s.contains_key("password") {
-                            poola.get_conn().unwrap().exec_drop("Update users set password =? where id = ?", (hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap(), idi)).unwrap();
-                        }
-                        if s.contains_key("mail") {
-                            poola.get_conn().unwrap().exec_drop("Update users set mail =? where id = ?", (s.get("mail"), idi)).unwrap();
-                        }
-                        if s.contains_key("phone") {
-                            poola.get_conn().unwrap().exec_drop("Update users set phone =? where id = ?", (s.get("phone"), idi)).unwrap();
-                        }
-                        if s.contains_key("role") {
-                            poola.get_conn().unwrap().exec_drop("Update users set role =? where id = ?", (s.get("role"), idi)).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::DELETE, "/admin/user") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if !s.contains_key("id") {
-                            *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
-                            return;
-                        }
-                        poola.get_conn().unwrap().exec_drop("Update users set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/admin/users") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let res = poola.get_conn().unwrap()
-                            .query_map(
-                                "SELECT `id`, `name`, `surname`, `role`, `login`, `mail`, `phone`,`deleted`, `ranking` from users ",
-                                |(id, name, surname, role, login, mail, phone, deleted, ranking)| {
-                                    Usera { id, name, surname, role, login, mail, phone, deleted, ranking }
-                                },
-                            );
-                        *response.body_mut() = serde_json::to_string(&res.unwrap()).unwrap().into();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::DELETE, "/admin/tournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if !s.contains_key("id") {
-                            *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
-                            return;
-                        }
-                        poola.get_conn().unwrap().exec_drop("Update tournaments set deleted =1 where id = ?", (&s.get("id"), )).unwrap();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/admin/tournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if !s.contains_key("id") {
-                            *response.body_mut() = Body::from("{\"error\":\"id is required\"}");
-                            return;
-                        }
-                        if s.contains_key("name") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set name =? where id = ?", (s.get("name"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("typeOfLadder") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set typeOfLadder =? where id = ?", (s.get("typeOfLadder"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("pointsForTournament") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set pointsForTournament =? where id = ?", (s.get("pointsForTournament"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("places") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set places =? where id = ?", (s.get("places"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("roles") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set roles =? where id = ?", (s.get("roles"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("currentRound") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set currentRound =? where id = ?", (s.get("currentRound"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("from") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set `from` =? where id = ? ", (s.get("from"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("to") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set `to` =? where id = ? ", (s.get("to"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("place") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set place =? where id = ? ", (s.get("place"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("categotry") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set categotry =? where id = ? ", (s.get("categotry"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("rang") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set rang =? where id = ? ", (s.get("rang"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("entryFee") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set entryFee =? where id = ? ", (s.get("entryFee"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("director") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set director =? where id = ? ", (s.get("director"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("phone") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set phone =? where id = ? ", (s.get("phone"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("entriesTo") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set entriesTo =? where id = ? ", (s.get("entriesTo"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("additionalInformations") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set additionalInformations =? where id = ? ", (s.get("additionalInformations"), &s.get("id"))).unwrap();
-                        }
-                        if s.contains_key("visibility") {
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set visibility =? where id = ? ", (s.get("visibility"), &s.get("id"))).unwrap();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/admin/tournaments") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let mut row: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let mut res =  Vec::new() ;
-                        poola.get_conn().unwrap()
-                            .query_iter(
-                                "SELECT id, name, typeOfLadder, pointsForTournament, places, roles, creator,approved,deleted, state, currentRound,`from`, `to`, place, categotry, rang, entryFee, director, phone,entriesTo, additionalInformations,visibility from tournaments ",
-                            ).unwrap().for_each(|row| {
-                            let result_set = row.unwrap();
-                            res.push(tournamenta { id: result_set.get(0).unwrap(), name:result_set.get(1).unwrap(), typeOfLadder: result_set.get(2).unwrap(), places:result_set.get(4).unwrap(), roles:result_set.get(5).unwrap(), creator:result_set.get(6).unwrap(), pointsForTournament: result_set.get(3).unwrap(), approved:result_set.get(7).unwrap(), deleted:result_set.get(8).unwrap(), state:result_set.get(9).unwrap(), currentRound:result_set.get(10).unwrap() ,from:result_set.get(11).unwrap(), to:result_set.get(12).unwrap(), place:result_set.get(13).unwrap(), categotry:result_set.get(14).unwrap(), rang:result_set.get(15).unwrap(), entryFee:result_set.get(16).unwrap(), director:result_set.get(17).unwrap(), phone:result_set.get(18).unwrap(), entriesTo:result_set.get(19).unwrap(),additionalInformations:result_set.get(20).unwrap(),visibility:result_set.get(21).unwrap()});
-                        });
-
-                        *response.body_mut() = serde_json::to_string(&res).unwrap().into();
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/admin/approveTurnament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    if s.contains_key("id") {
+                    if paymentmethod == "btc" {
+                        let client = Client::new();
+                        let req = Request::builder()
+                            .method(Method::POST)
+                            .uri("http://****/api/v1/stores/*****/invoices")
+                            .header("content-type", "application/json")
+                            .header("X-Forwarded-Host", "btcpay.dragonmaster.pl")
+                            .header("X-Forwarded-Proto", "https")
+                            .header("Authorization", "token ****")
+                            .body(Body::from("{\"metadata\": {\"orderId\": \"id123\"},\"checkout\": {\"speedPolicy\": \"LowMediumSpeed\",\"redirectURL\":\"https://example.com\"},\"amount\": \"".to_owned() + &*fee.to_string() + "\",\"currency\": \"PLN\"}")).unwrap();
+                        let resp = client.request(req).await.unwrap();
+                        let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
                         POOL.with(|poola| {
-                            let mut con = poola.get_conn().unwrap();
-                            let mut result = con.exec_iter("Select  id from users where role ='3' and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                            let mut it = result.iter().unwrap();
-                            row = it.next();
-                            let mut con2 = poola.get_conn().unwrap();
-                            let mut result2 = con2.exec_iter("Select approved from tournaments where id =?;", (&s.get("id").unwrap(), )).unwrap();
-                            let mut it2 = result2.iter().unwrap();
-                            row2 = it2.next();
+                            let tmp: String = parsed.get("id").unwrap().as_str().unwrap().into();
+                            if isowner {
+                                poola.get_conn().unwrap().exec_iter("Update registrations set paymenttype = 'btc',paymentstatus = 'PENDING', paymentreference=? where id = ? ;", (&tmp, rid)).unwrap();
+                            } else {
+                                poola.get_conn().unwrap().exec_iter("Update registrations set paymenttype2 = 'btc',paymentstatus2 = 'PENDING',paymentreference2=? where id = ? ;", (&tmp, rid)).unwrap();
+                            }
+                            let mut checkout: String = parsed.get("checkoutLink").unwrap().as_str().unwrap().into();
+                            //checkout = checkout.replace("http://10.1.6.101:8082/", "https://btcpay.dragonmaster.pl/");
+                            *response.body_mut() = Body::from("{\"url\":\"".to_owned() + &*checkout + "\"}");
                         });
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return Ok(response);
-                        }
-                        let urow2 = row2.unwrap().unwrap();
-                        let approved: i32 = urow2.get(0).unwrap();
-                        if approved == 1 {
+                    } else {
+                        if paymentmethod == "cash" {
                             POOL.with(|poola| {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set approved =2 where id = ?", (s.get("id").unwrap(), )).unwrap();
-                            });
-                        } else {
-                            *response.status_mut() = StatusCode::BAD_REQUEST;
-                            return Ok(response);
-                        }
-                    } else {
-                        *response.body_mut() = "{\"error\":\"missing id\"}".into();
-                    }
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/registration/payedUsingCash") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    if !s.contains_key("id") {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id, role from users where (role='2' or role='3' )and id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        let mut con2 = poola.get_conn().unwrap();
-                        let mut result2 = con2.exec_iter("Select paymenttype,tournamentid from registrations where id =?;", (&s.get("id"), )).unwrap();
-                        let mut it2 = result2.iter().unwrap();
-                        row2 = it2.next();
-                    });
-                    if row.is_none() {
-                        *response.status_mut() = StatusCode::FORBIDDEN;
-                        return Ok(response);
-                    }
-                    if row2.is_none() {
-                        *response.status_mut() = StatusCode::NOT_FOUND;
-                        return Ok(response);
-                    }
-                    let urow = row.unwrap().unwrap();
-                    let urow2 = row2.unwrap().unwrap();
-                    let id: i32 = urow.get(0).unwrap();
-                    let role: String = urow.get(1).unwrap();
-                    let paymenttype: String = urow2.get(0).unwrap();
-                    let tournamentid: String = urow2.get(1).unwrap();
-                    if role == "2" {
-                        POOL.with(|poola| {
-                            let mut con3 = poola.get_conn().unwrap();
-                            let mut result3 = con3.exec_iter("Select creator from tournaments where id = ?;", (&tournamentid, )).unwrap();
-                            let mut it3 = result3.iter().unwrap();
-                            row3 = it3.next();
-                        });
-                        let urow3 = row3.unwrap().unwrap();
-                        let creator: i32 = urow3.get(0).unwrap();
-                        if creator != id {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }
-                    if paymenttype == "cash" {
-                        POOL.with(|poola| {
-                            poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='DONE' where id = ?", (&s.get("id"), )).unwrap();
-                        });
-                    } else {
-                        *response.status_mut() = StatusCode::BAD_REQUEST;
-                        return Ok(response);
-                    }
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/registration/paymentstatus") => {
-                if req.headers().contains_key("Authorization") {
-                    let query: &str = req.uri().query().unwrap();
-                    let mut splited = query.split("=");
-                    let id = splited.next().unwrap();
-                    let val = splited.next().unwrap();
-                    if id != "id" {
-                        *response.body_mut() = "{\"error\":\"id required\"}".into();
-                        return Ok(response);
-                    }
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id, role from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let mut con2 = poola.get_conn().unwrap();
-                        let mut result2 = con2.exec_iter("Select paymentstatus, paymentreference, userid, paymenttype from registrations where id =?;", (&val, )).unwrap();
-                        let mut it2 = result2.iter().unwrap();
-                        row2 = it2.next();
-                    });
-                    if row2.is_none() {
-                        *response.status_mut() = StatusCode::NOT_FOUND;
-                        return Ok(response);
-                    }
-                    let urow = row.unwrap().unwrap();
-                    let urow2 = row2.unwrap().unwrap();
-                    let id: i32 = urow.get(0).unwrap();
-                    let role: String = urow.get(1).unwrap();
-                    let paymentstatus: String = urow2.get(0).unwrap();
-                    let paymentreference: String = urow2.get(1).unwrap();
-                    let userid: i32 = urow2.get(2).unwrap();
-                    let paymenttype: String = urow2.get(3).unwrap();
-                    if role == "1" || role == "2" {
-                        if userid != id {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                    }
-                    if paymentstatus == "PENDING" && paymenttype != "cash" {
-                        if paymenttype == "btc" {
-                            let client = Client::new();
-                            let req = Request::builder()
-                                .method(Method::GET)
-                                .uri("http://10.1.6.101:8082/api/v1/stores/****/invoices/".to_owned() + &paymentreference)
-                                .header("content-type", "application/json")
-                                .header("Authorization", "token *****").body(Body::empty()).unwrap();
-                            let resp = client.request(req).await.unwrap();
-                            let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
-                            let stat: String = parsed.get("status").unwrap().as_str().unwrap().into();
-                            if stat == "New" {
-                                *response.body_mut() = Body::from("{\"status\":\"PENDING\"}");
-                            } else {
-                                if stat == "Settled" {
-                                    *response.body_mut() = Body::from("{\"status\":\"DONE\"}");
-                                    POOL.with(|poola| {
-                                        poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='DONE' where id = ?", (val, )).unwrap();
-                                    });
+                                if isowner {
+                                    poola.get_conn().unwrap().exec_iter("Update registrations set paymenttype = 'cash',paymentstatus = 'PENDING', paymentreference='N/A' where id = ? ;", (rid, )).unwrap();
                                 } else {
-                                    if stat == "Processing" {
-                                        *response.body_mut() = Body::from("{\"status\":\"PROCESSING\"}");
-                                    } else {
-                                        if stat == "Expired" {
-                                            *response.body_mut() = Body::from("{\"status\":\"EXPIRED\"}");
-                                            POOL.with(|poola| {
-                                                poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus ='EXPIRED' where id = ?", (val, )).unwrap();
-                                            });
-                                        } else {
-                                            *response.body_mut() = Body::from("{\"status\":\"".to_owned() + &stat + "\"}");
-                                            POOL.with(|poola| {
-                                                poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus =? where id = ?", (stat, val)).unwrap();
-                                            });
-                                        }
-                                    }
+                                    poola.get_conn().unwrap().exec_iter("Update registrations set paymenttype2 = 'cash',paymentstatus2 = 'PENDING',paymentreference2='N/A' where id = ? ;", (rid, )).unwrap();
                                 }
-                            }
-                        }
-                    } else {
-                        *response.body_mut() = Body::from("{\"status\":\"".to_owned() + &paymentstatus + "\"}");
-                    }
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::PUT, "/registration") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    let mut row: Option<Result<Row>> = None;
-                    let mut row2: Option<Result<Row>> = None;
-                    let mut row3: Option<Result<Row>> = None;
-                    if s.contains_key("tournament") && s.contains_key("paymentmethod") && s.contains_key("partner") {
-                        let tournament = s.get("tournament").unwrap().to_string();
-                        let partner = s.get("partner").unwrap().to_string();
-
-                        POOL.with(|poola| {
-                            let mut con = poola.get_conn().unwrap();
-
-                            let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                            let mut it = result.iter().unwrap();
-                            row = it.next();
-                            let mut con2 = poola.get_conn().unwrap();
-
-                            let mut result2 = con2.exec_iter("Select id, entryFee from tournaments where state = 0 and id =?;", (&tournament, )).unwrap();
-                            let mut it2 = result2.iter().unwrap();
-                            row2 = it2.next();
-                            let mut con3 = poola.get_conn().unwrap();
-
-                            let mut result3 = con3.exec_iter("SELECT id FROM inz.users where id= ?;", (&partner, )).unwrap();
-                            let mut it3 = result3.iter().unwrap();
-                            row3 = it3.next();
-                        });
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return Ok(response);
-                        }
-                        if row2.is_none() {
-                            *response.status_mut() = StatusCode::BAD_REQUEST;
-                            return Ok(response);
-                        }
-                        if row3.is_none() {
-                            *response.status_mut() = StatusCode::NOT_FOUND;
-                            return Ok(response);
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let urow2 = row2.unwrap().unwrap();
-                        let id: i32 = urow.get(0).unwrap();
-                        let fee: i32 = urow2.get(1).unwrap();
-                        let paymentmethod = s.get("paymentmethod").unwrap().to_string();
-                        if paymentmethod == "btc" {
-                            let client = Client::new();
-                            let req = Request::builder()
-                                .method(Method::POST)
-                                .uri("http://10.1.6.101:8082/api/v1/stores/*****/invoices")
-                                .header("content-type", "application/json")
-                                .header("X-Forwarded-Host", "btcpay.dragonmaster.pl")
-                                .header("X-Forwarded-Proto", "https")
-                                .header("Authorization", "token *****")
-                                .body(Body::from("{\"metadata\": {\"orderId\": \"id123\"},\"checkout\": {\"speedPolicy\": \"LowMediumSpeed\",\"redirectURL\":\"https://example.com\"},\"amount\": \"".to_owned()+ &*fee.to_string() +"\",\"currency\": \"PLN\"}")).unwrap();
-                            let resp = client.request(req).await.unwrap();
-                            let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
-                            POOL.with(|poola| {
-                                let tmp: String = parsed.get("id").unwrap().as_str().unwrap().into();
-                                let nid: String = poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`registrations`(`userid`,`tournamentid`,`paymenttype`,`paymentstatus`,`approval`,`paymentreference`, `partner`)VALUES(?,?,'btc','PENDING',0,?,?);", (id, tournament, &tmp, partner)).unwrap().last_insert_id().unwrap().to_string();
-                                let mut checkout: String = parsed.get("checkoutLink").unwrap().as_str().unwrap().into();
-                                *response.body_mut() = Body::from("{\"id\":\"".to_owned() + &nid + "\",\"url\":\"" + &*checkout + "\"}");
+                                *response.body_mut() = "{}".into();
                             });
                         } else {
-                            if paymentmethod == "cash" {
-                                POOL.with(|poola| {
-                                    let nid = "{\"id\":\"".to_owned() + &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`registrations`(`userid`,`tournamentid`,`paymenttype`,`paymentstatus`,`approval`,`paymentreference`, `partner`)VALUES(?,?,'cash','PENDING',0,'N/A',?);", (id, tournament, partner)).unwrap().last_insert_id().unwrap().to_string() + "\"}";
-                                    *response.body_mut() = nid.into();
-                                });
-                            } else {
-                                *response.body_mut() = "{\"error\":\"bad payment method\"}".into();
-                            }
+                            *response.body_mut() = "{\"error\":\"bad payment method\"}".into();
                         }
-                    } else {
-                        *response.body_mut() = "{\"error\":\"not all fields\"}".into();
                     }
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
                 }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
             }
-            (&Method::POST, "/tournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let role: String = urow.get(0).unwrap();
-                        let id: i32 = urow.get(1).unwrap();
-                        if role == "1" {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if s.contains_key("id") {
-                            let tid = s.get("id").unwrap().to_string();
-                            if role != "3" {
-                                let creator: i32 = poola.get_conn().unwrap().exec_first("Select creator from tournaments where id = ?", (&tid, )).unwrap().unwrap();
-                                if creator != id {
-                                    *response.status_mut() = StatusCode::FORBIDDEN;
-                                    return;
-                                }
-                            }
-                            if s.contains_key("name") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set name =? where id = ? and deleted =0", (s.get("name"), &tid)).unwrap();
-                            }
-                            if s.contains_key("typeOfLadder") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set typeOfLadder =? where id = ? and deleted =0", (s.get("typeOfLadder"), &tid)).unwrap();
-                            }
-                            if s.contains_key("pointsForTournament") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set pointsForTournament =? where id = ? and deleted =0", (s.get("pointsForTournament"), &tid)).unwrap();
-                            }
-                            if s.contains_key("places") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set places =? where id = ? and deleted =0", (s.get("places"), &tid)).unwrap();
-                            }
-                            if s.contains_key("roles") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set roles =? where id = ? and deleted =0", (s.get("roles"), &tid)).unwrap();
-                            }
-                            if s.contains_key("currentRound") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set currentRound =? where id = ? and deleted =0", (s.get("currentRound"), &tid)).unwrap();
-                            }
-                            if s.contains_key("from") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set `from` =? where id = ? and deleted =0", (s.get("from"), &tid)).unwrap();
-                            }
-                            if s.contains_key("to") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set `to` =? where id = ? and deleted =0", (s.get("to"), &tid)).unwrap();
-                            }
-                            if s.contains_key("place") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set place =? where id = ? and deleted =0", (s.get("place"), &tid)).unwrap();
-                            }
-                            if s.contains_key("categotry") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set categotry =? where id = ? and deleted =0", (s.get("categotry"), &tid)).unwrap();
-                            }
-                            if s.contains_key("rang") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set rang =? where id = ? and deleted =0", (s.get("rang"), &tid)).unwrap();
-                            }
-                            if s.contains_key("entryFee") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set entryFee =? where id = ? and deleted =0", (s.get("entryFee"), &tid)).unwrap();
-                            }
-                            if s.contains_key("director") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set director =? where id = ? and deleted =0", (s.get("director"), &tid)).unwrap();
-                            }
-                            if s.contains_key("phone") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set phone =? where id = ? and deleted =0", (s.get("phone"), &tid)).unwrap();
-                            }
-                            if s.contains_key("entriesTo") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set entriesTo =? where id = ? and deleted =0", (s.get("entriesTo"), &tid)).unwrap();
-                            }
-                            if s.contains_key("additionalInformations") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set additionalInformations =? where id = ? and deleted =0", (s.get("additionalInformations"), &tid)).unwrap();
-                            }
-                            if s.contains_key("visibility") {
-                                poola.get_conn().unwrap().exec_drop("Update tournaments set visibility =? where id = ? and deleted =0", (s.get("visibility"), &tid)).unwrap();
-                            }
-
-                            *response.body_mut() = "{}".into();
-                        } else {
-                            *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::DELETE, "/tournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-
-                        let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let role: String = urow.get(0).unwrap();
-                        let id: i32 = urow.get(1).unwrap();
-                        if role == "1" {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if s.contains_key("id") {
-                            let tid = s.get("id").unwrap().to_string();
-                            if role != "3" {
-                                let creator: i32 = poola.get_conn().unwrap().exec_first("Select creator from tournaments where id = ?", (&tid, )).unwrap().unwrap();
-                                if creator != id {
-                                    *response.status_mut() = StatusCode::FORBIDDEN;
-                                    return;
-                                }
-                            }
-                            poola.get_conn().unwrap().exec_drop("Update tournaments set deleted =1 where id = ?", (tid, )).unwrap();
-                            *response.body_mut() = "{}".into();
-                        } else {
-                            *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/tournaments") => {
-                POOL.with(|poola| {
-                    let mut res =  Vec::new() ;
-                    poola.get_conn().unwrap()
-                        .query_iter(
-                            "SELECT id, name, typeOfLadder, pointsForTournament, places, roles, creator,approved, state, currentRound,`from`, `to`, place, categotry, rang, entryFee, director, phone,entriesTo, additionalInformations, visibility from tournaments where deleted =0 order by id desc",
-                        ).unwrap().for_each(|row| {
-                        let result_set = row.unwrap();
-                        res.push(tournament { id:from_value(result_set.get(0).unwrap()), name:from_value(result_set.get(1).unwrap()), typeOfLadder:from_value(result_set.get(2).unwrap()), places:from_value(result_set.get(4).unwrap()), roles:from_value(result_set.get(5).unwrap()), creator:from_value(result_set.get(6).unwrap()), pointsForTournament:from_value(result_set.get(3).unwrap()), approved:from_value(result_set.get(7).unwrap()), state:from_value(result_set.get(8).unwrap()), currentRound:from_value(result_set.get(9).unwrap()),from:from_value(result_set.get(10).unwrap()), to:from_value(result_set.get(11).unwrap()), place:from_value(result_set.get(12).unwrap()), categotry:from_value(result_set.get(13).unwrap()), rang:from_value(result_set.get(14).unwrap()), entryFee:from_value(result_set.get(15).unwrap()), director:from_value(result_set.get(16).unwrap()), phone:from_value(result_set.get(17).unwrap()),entriesTo:from_value(result_set.get(18).unwrap()), additionalInformations:from_value(result_set.get(19).unwrap()),
-                            visibility:from_value( result_set.get(20).unwrap())
-                        });
-                    });
-
-                    *response.body_mut() = serde_json::to_string(&res).unwrap().into();
-                });
-            }
-            (&Method::PUT, "/tournament") => {
-                if req.headers().contains_key("Authorization") {
-                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                    let aa = tmp.next().unwrap();
-                    if aa != "Bearer" {
-                        *response.status_mut() = StatusCode::UNAUTHORIZED;
-                        return Ok(response);
-                    }
-                    let token = tmp.next().unwrap().to_string();
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-
-                        let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        let urow = row.unwrap().unwrap();
-                        let role: String = urow.get(0).unwrap();
-                        let id: i32 = urow.get(1).unwrap();
-                        if role == "1" {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
-                        if s.contains_key("name") && s.contains_key("typeOfLadder") && s.contains_key("pointsForTournament") && s.contains_key("places") && s.contains_key("roles") && s.contains_key("ranked") && s.contains_key("from") && s.contains_key("to") && s.contains_key("place") && s.contains_key("categotry") && s.contains_key("rang") && s.contains_key("entryFee") && s.contains_key("director") && s.contains_key("phone") && s.contains_key("entriesTo")&& s.contains_key("additionalInformations") && s.contains_key("visibility"){
-                            let name = s.get("name").unwrap().to_string();
-                            let type_of_ladder = s.get("typeOfLadder").unwrap().to_string();
-                            let points_for_tournament = s.get("pointsForTournament").unwrap().to_string();
-                            let places = s.get("places").unwrap().to_string();
-                            let roles = s.get("roles").unwrap().to_string();
-                            let mut ranked = s.get("ranked").unwrap().to_string();
-                            if ranked != "0" && ranked != "1" {
-                                ranked = String::from("0");
-                            }
-                            let from = s.get("from").unwrap().to_string();
-                            let to = s.get("to").unwrap().to_string();
-                            let place = s.get("place").unwrap().to_string();
-                            let categotry = s.get("categotry").unwrap().to_string();
-                            let rang = s.get("rang").unwrap().to_string();
-                            let entryFee = s.get("entryFee").unwrap().to_string();
-                            let director = s.get("director").unwrap().to_string();
-                            let phone = s.get("phone").unwrap().to_string();
-                            let entriesTo = s.get("entriesTo").unwrap().to_string();
-                            let visibility = s.get("visibility").unwrap().to_string();
-                            let additionalInformations = s.get("additionalInformations").unwrap().to_string();
-                            let id2 = &poola.get_conn().unwrap().exec_iter("INSERT INTO `inz`.`tournaments`(`name`,`typeOfLadder`,`pointsForTournament`,`places`,`roles`,`creator`,`deleted`,`approved`,`state`,`currentRound`,`from`,`to`,`place`,`categotry`,`rang`,`entryFee`,`director`,`phone`,`entriesTo`,`additionalInformations`,`visibility`) VALUES (?,?,?,?,?,?,0,?,0,0,'1000-01-01 01:01:01','1000-01-01 01:01:01','','','',0,'','','1000-01-01 01:01:01','','TRUE');", (name, type_of_ladder, points_for_tournament, places, roles, id, ranked)).unwrap().last_insert_id().unwrap().to_string();
-                            let _ = &poola.get_conn().unwrap().exec_drop("Update tournaments set `from` =?, `to`=?, `place`=?, `categotry`=?, `rang`=?, `entryFee`=?, `director`=?, `phone`=?, `entriesTo`=?, `additionalInformations`=?, `visibility`=? where id = ?;", (from,to,place,categotry,rang,entryFee,director,phone,entriesTo,additionalInformations,visibility, &id2 )).unwrap();
-                            let str = "{\"id\":".to_owned() + id2 + "}";
-                            *response.body_mut() = str.into();
-                        } else {
-                            *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                        }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::POST, "/user") => {
-                let headers = (&req).headers();
-                let mut tmp = headers.get("Authorization").unwrap().to_str().unwrap().split(" ");
+        }
+        (&Method::GET, "/pendingApprovals") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
                 let aa = tmp.next().unwrap();
                 if aa != "Bearer" {
                     *response.status_mut() = StatusCode::UNAUTHORIZED;
                     return Ok(response);
                 }
                 let token = tmp.next().unwrap().to_string();
-                if req.headers().contains_key("Authorization") {
-                    let byte_stream = hyper::body::to_bytes(req).await.unwrap();
-                    let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW();", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+
+
+                    let mut res = Vec::new();
+                    poola.get_conn().unwrap()
+                        .exec_iter(
+                            "SELECT id, userid, tournamentid from registrations where partner =? and partnerAcceptance = 0", (id, ),
+                        ).unwrap().for_each(|row| {
+                        let result_set = row.unwrap();
+                        res.push(pendingApprovals { id: from_value(result_set.get(0).unwrap()), inviter: from_value(result_set.get(1).unwrap()), tournamnet: from_value(result_set.get(2).unwrap()) });
+                    });
+                    *response.body_mut() = serde_json::to_string(&res).unwrap().into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/acceptInvite") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if(s.contains_key("id")) {
                     POOL.with(|poola| {
                         let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (token, )).unwrap();
+                        let mut result = con.exec_iter("SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW();", (&token, )).unwrap();
                         let mut it = result.iter().unwrap();
                         let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
-                        }
                         let urow = row.unwrap().unwrap();
-                        let idi: i32 = urow.get(0).unwrap();
+                        let id: i32 = urow.get(0).unwrap();
+                        poola.get_conn().unwrap().exec_drop("Update registrations set partnerAcceptance =1 where partner = ? and id = ?", (id, s.get("id").unwrap().to_string())).unwrap();
+                        *response.body_mut() = "{}".into();
+                    });
+                }else{
+                    *response.body_mut() = "id is required".into();
+                }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/rejectInvite") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                if(s.contains_key("id")) {
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW();", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    let urow = row.unwrap().unwrap();
+                    let id: i32 = urow.get(0).unwrap();
+
+                    poola.get_conn().unwrap().exec_drop("delete from registrations where partner = ? and id = ?", (id, s.get("id").unwrap().to_string())).unwrap();
+                    *response.body_mut() = "{}".into();
+                });
+                }else{
+                    *response.body_mut() = "id is required".into();
+                }
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/tournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let role: String = urow.get(0).unwrap();
+                    let id: i32 = urow.get(1).unwrap();
+                    if role == "1" {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if s.contains_key("id") {
+                        let tid = s.get("id").unwrap().to_string();
+                        if role != "3" {
+                            let creator: i32 = poola.get_conn().unwrap().exec_first("Select creator from tournaments where id = ?", (&tid, )).unwrap().unwrap();
+                            if creator != id {
+                                *response.status_mut() = StatusCode::FORBIDDEN;
+                                return;
+                            }
+                        }
                         if s.contains_key("name") {
-                            poola.get_conn().unwrap().exec_drop("Update users set name =? where id = ?", (s.get("name"), idi)).unwrap();
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set name =? where id = ? and deleted =0", (s.get("name"), &tid)).unwrap();
                         }
-                        if s.contains_key("surname") {
-                            poola.get_conn().unwrap().exec_drop("Update users set surname =? where id = ?", (s.get("surname"), idi)).unwrap();
+                        if s.contains_key("typeOfLadder") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set typeOfLadder =? where id = ? and deleted =0", (s.get("typeOfLadder"), &tid)).unwrap();
                         }
-                        if s.contains_key("password") {
-                            poola.get_conn().unwrap().exec_drop("Update users set password =? where id = ?", (hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap(), idi)).unwrap();
+                        if s.contains_key("pointsForTournament") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set pointsForTournament =? where id = ? and deleted =0", (s.get("pointsForTournament"), &tid)).unwrap();
                         }
-                        if s.contains_key("mail") {
-                            poola.get_conn().unwrap().exec_drop("Update users set mail =? where id = ?", (s.get("mail"), idi)).unwrap();
+                        if s.contains_key("places") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set places =? where id = ? and deleted =0", (s.get("places"), &tid)).unwrap();
+                        }
+                        if s.contains_key("roles") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set roles =? where id = ? and deleted =0", (s.get("roles"), &tid)).unwrap();
+                        }
+                        if s.contains_key("currentRound") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set currentRound =? where id = ? and deleted =0", (s.get("currentRound"), &tid)).unwrap();
+                        }
+                        if s.contains_key("from") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set `from` =? where id = ? and deleted =0", (s.get("from"), &tid)).unwrap();
+                        }
+                        if s.contains_key("to") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set `to` =? where id = ? and deleted =0", (s.get("to"), &tid)).unwrap();
+                        }
+                        if s.contains_key("place") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set place =? where id = ? and deleted =0", (s.get("place"), &tid)).unwrap();
+                        }
+                        if s.contains_key("categotry") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set categotry =? where id = ? and deleted =0", (s.get("categotry"), &tid)).unwrap();
+                        }
+                        if s.contains_key("rang") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set rang =? where id = ? and deleted =0", (s.get("rang"), &tid)).unwrap();
+                        }
+                        if s.contains_key("entryFee") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set entryFee =? where id = ? and deleted =0", (s.get("entryFee"), &tid)).unwrap();
+                        }
+                        if s.contains_key("director") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set director =? where id = ? and deleted =0", (s.get("director"), &tid)).unwrap();
                         }
                         if s.contains_key("phone") {
-                            poola.get_conn().unwrap().exec_drop("Update users set phone =? where id = ?", (s.get("phone"), idi)).unwrap();
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set phone =? where id = ? and deleted =0", (s.get("phone"), &tid)).unwrap();
                         }
-                    });
-                } else {
-                    *response.status_mut() = StatusCode::UNAUTHORIZED;
-                }
-            }
-            (&Method::GET, "/user") => {
-                if req.headers().contains_key("Authorization") {
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
-                        let aa = tmp.next().unwrap();
-                        if aa != "Bearer" {
-                            *response.status_mut() = StatusCode::UNAUTHORIZED;
-                            return;
+                        if s.contains_key("entriesTo") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set entriesTo =? where id = ? and deleted =0", (s.get("entriesTo"), &tid)).unwrap();
                         }
-                        let token = tmp.next().unwrap();
-                        let mut result = con.exec_iter("Select * from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if row.is_none() {
-                            *response.status_mut() = StatusCode::FORBIDDEN;
-                            return;
+                        if s.contains_key("additionalInformations") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set additionalInformations =? where id = ? and deleted =0", (s.get("additionalInformations"), &tid)).unwrap();
+                        }
+                        if s.contains_key("visibility") {
+                            poola.get_conn().unwrap().exec_drop("Update tournaments set visibility =? where id = ? and deleted =0", (s.get("visibility"), &tid)).unwrap();
                         }
-                        let urow = row.unwrap().unwrap();
-                        let a = User { id: urow.get(0).unwrap(), name: urow.get(1).unwrap(), surname: urow.get(2).unwrap(), role: urow.get(3).unwrap(), login: urow.get(4).unwrap(), phone: urow.get(7).unwrap(), mail: urow.get(6).unwrap(), ranking: urow.get(8).unwrap() };
 
-                        *response.body_mut() = serde_json::to_string(&a).unwrap().into();
-                    });
-                } else {
+                        *response.body_mut() = "{}".into();
+                    } else {
+                        *response.body_mut() = "{\"error\":\"not all fields\"}".into();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::DELETE, "/tournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
                     *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
                 }
-            }
-            (&Method::PUT, "/user/create") => {
+                let token = tmp.next().unwrap().to_string();
                 let byte_stream = hyper::body::to_bytes(req).await.unwrap();
                 let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                if s.contains_key("username") && s.contains_key("name") && s.contains_key("surname") && s.contains_key("password") && s.contains_key("mail") && s.contains_key("phone") {
-                    let username = s.get("username").unwrap().to_string();
-                    let name = s.get("name").unwrap().to_string();
-                    let surname = s.get("surname").unwrap().to_string();
-                    let password = hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap();
-                    let mail = s.get("mail").unwrap().to_string();
-                    let phone = s.get("phone").unwrap().to_string();
-                    POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut a = con.exec_iter("select `login` from users where login = ?", (&username, )).unwrap();
-                        let it = a.iter().unwrap().next();
-                        if it.is_none() {
-                            poola.get_conn().unwrap().exec_drop("INSERT INTO `inz`.`users`(`name`,`surname`,`role`,`login`,`password`,`mail`,`phone`,`deleted`,`ranking`)VALUES (?,?,1,?,?,?,?,0,0);", (name, surname, username, password, mail, phone)).unwrap();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+
+                    let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let role: String = urow.get(0).unwrap();
+                    let id: i32 = urow.get(1).unwrap();
+                    if role == "1" {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if s.contains_key("id") {
+                        let tid = s.get("id").unwrap().to_string();
+                        if role != "3" {
+                            let creator: i32 = poola.get_conn().unwrap().exec_first("Select creator from tournaments where id = ?", (&tid, )).unwrap().unwrap();
+                            if creator != id {
+                                *response.status_mut() = StatusCode::FORBIDDEN;
+                                return;
+                            }
                         }
-                    });
-                    *response.body_mut() = "{}".into();
-                } else {
-                    *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                }
+                        poola.get_conn().unwrap().exec_drop("Update tournaments set deleted =1 where id = ?", (tid, )).unwrap();
+                        *response.body_mut() = "{}".into();
+                    } else {
+                        *response.body_mut() = "{\"error\":\"not all fields\"}".into();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
             }
-            (&Method::POST, "/user/login") => {
+        }
+        (&Method::GET, "/tournaments") => {
+            POOL.with(|poola| {
+                let mut res = Vec::new();
+                poola.get_conn().unwrap()
+                    .query_iter(
+                        "SELECT id, name, typeOfLadder, pointsForTournament, places, roles, creator,approved, state, currentRound,`from`, `to`, place, categotry, rang, entryFee, director, phone,entriesTo, additionalInformations, visibility from tournaments where deleted =0 order by id desc",
+                    ).unwrap().for_each(|row| {
+                    let result_set = row.unwrap();
+                    res.push(tournament {
+                        id: from_value(result_set.get(0).unwrap()),
+                        name: from_value(result_set.get(1).unwrap()),
+                        typeOfLadder: from_value(result_set.get(2).unwrap()),
+                        places: from_value(result_set.get(4).unwrap()),
+                        roles: from_value(result_set.get(5).unwrap()),
+                        creator: from_value(result_set.get(6).unwrap()),
+                        pointsForTournament: from_value(result_set.get(3).unwrap()),
+                        approved: from_value(result_set.get(7).unwrap()),
+                        state: from_value(result_set.get(8).unwrap()),
+                        currentRound: from_value(result_set.get(9).unwrap()),
+                        from: from_value(result_set.get(10).unwrap()),
+                        to: from_value(result_set.get(11).unwrap()),
+                        place: from_value(result_set.get(12).unwrap()),
+                        categotry: from_value(result_set.get(13).unwrap()),
+                        rang: from_value(result_set.get(14).unwrap()),
+                        entryFee: from_value(result_set.get(15).unwrap()),
+                        director: from_value(result_set.get(16).unwrap()),
+                        phone: from_value(result_set.get(17).unwrap()),
+                        entriesTo: from_value(result_set.get(18).unwrap()),
+                        additionalInformations: from_value(result_set.get(19).unwrap()),
+                        visibility: from_value(result_set.get(20).unwrap()),
+                    });
+                });
+
+                *response.body_mut() = serde_json::to_string(&res).unwrap().into();
+            });
+        }
+        (&Method::PUT, "/tournament") => {
+            if req.headers().contains_key("Authorization") {
+                let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                let aa = tmp.next().unwrap();
+                if aa != "Bearer" {
+                    *response.status_mut() = StatusCode::UNAUTHORIZED;
+                    return Ok(response);
+                }
+                let token = tmp.next().unwrap().to_string();
                 let byte_stream = hyper::body::to_bytes(req).await.unwrap();
                 let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
-                if s.contains_key("username") && s.contains_key("password") {
-                    let username = s.get("username").unwrap().to_string();
-                    let password = s.get("password").unwrap().to_string();
-                    *response.body_mut() = POOL.with(|poola| {
-                        let mut con = poola.get_conn().unwrap();
-                        let mut result = con.exec_iter("SELECT * FROM `inz`.`users` where (login = ? or mail = ?) and `deleted`=0;", (&username, &username)).unwrap();
-                        let mut it = result.iter().unwrap();
-                        let row = it.next();
-                        if !row.is_none() {
-                            let urow = row.unwrap().unwrap();
-                            let pas: String = urow.get(5).unwrap();
-                            let id: i32 = urow.get(0).unwrap();
-                            if verify(&password, &pas).unwrap() {
-                                let mut rand: OsRng = OsRng::new().expect("Error opening random number generator");
-                                if !it.next().is_none() {
-                                    return Body::from("{\"error\":\"wrong username or password\"}");
-                                }
-                                const CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-                                abcdefghijklmnopqrstuvwxyz\
-                                0123456789";
-                                const PASSWORD_LEN: usize = 80;
-                                let password: String = (0..PASSWORD_LEN)
-                                    .map(|_| {
-                                        let idx = rand.gen_range(0, CHARSET.len());
-                                        CHARSET[idx] as char
-                                    })
-                                    .collect();
-                                poola.get_conn().unwrap().exec_drop("DELETE FROM `inz`.`sessions`WHERE user = ?;", (id, )).unwrap();
-                                poola.get_conn().unwrap().exec_drop("INSERT INTO `inz`.`sessions`(`user`,`token`,`expire`)VALUES (?,?,DATE_ADD(NOW(), INTERVAL 30 MINUTE));", (id, &password)).unwrap();
-                                return Body::from("{\"token\":\"".to_owned() + &password + "\"}");
-                            } else {
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+
+                    let mut result = con.exec_iter("Select role, id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let role: String = urow.get(0).unwrap();
+                    let id: i32 = urow.get(1).unwrap();
+                    if role == "1" {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    if s.contains_key("name") && s.contains_key("typeOfLadder") && s.contains_key("pointsForTournament") && s.contains_key("places") && s.contains_key("roles") && s.contains_key("ranked") && s.contains_key("from") && s.contains_key("to") && s.contains_key("place") && s.contains_key("categotry") && s.contains_key("rang") && s.contains_key("entryFee") && s.contains_key("director") && s.contains_key("phone") && s.contains_key("entriesTo") && s.contains_key("additionalInformations") && s.contains_key("visibility") {
+                        let name = s.get("name").unwrap().to_string();
+                        let type_of_ladder = s.get("typeOfLadder").unwrap().to_string();
+                        let points_for_tournament = s.get("pointsForTournament").unwrap().to_string();
+                        let places = s.get("places").unwrap().to_string();
+                        let roles = s.get("roles").unwrap().to_string();
+                        let mut ranked = s.get("ranked").unwrap().to_string();
+                        if ranked != "0" && ranked != "1" {
+                            ranked = String::from("0");
+                        }
+                        let from = s.get("from").unwrap().to_string();
+                        let to = s.get("to").unwrap().to_string();
+                        let place = s.get("place").unwrap().to_string();
+                        let categotry = s.get("categotry").unwrap().to_string();
+                        let rang = s.get("rang").unwrap().to_string();
+                        let entryFee = s.get("entryFee").unwrap().to_string();
+                        let director = s.get("director").unwrap().to_string();
+                        let phone = s.get("phone").unwrap().to_string();
+                        let entriesTo = s.get("entriesTo").unwrap().to_string();
+                        let visibility = s.get("visibility").unwrap().to_string();
+                        let additionalInformations = s.get("additionalInformations").unwrap().to_string();
+                        let mut tr = poola.start_transaction(TxOpts::default()).unwrap();
+
+                        let id2 = &tr.exec_iter("INSERT INTO `inz`.`tournaments`(`name`,`typeOfLadder`,`pointsForTournament`,`places`,`roles`,`creator`,`deleted`,`approved`,`state`,`currentRound`,`from`,`to`,`place`,`categotry`,`rang`,`entryFee`,`director`,`phone`,`entriesTo`,`additionalInformations`,`visibility`) VALUES (?,?,?,?,?,?,0,?,0,0,'1000-01-01 01:01:01','1000-01-01 01:01:01','','','',0,'','','1000-01-01 01:01:01','','TRUE');", (name, type_of_ladder, points_for_tournament, places, roles, id, ranked)).unwrap().last_insert_id().unwrap().to_string();
+                        let _ = &tr.exec_drop("Update tournaments set `from` =?, `to`=?, `place`=?, `categotry`=?, `rang`=?, `entryFee`=?, `director`=?, `phone`=?, `entriesTo`=?, `additionalInformations`=?, `visibility`=? where id = ?;", (from, to, place, categotry, rang, entryFee, director, phone, entriesTo, additionalInformations, visibility, &id2)).unwrap();
+                        tr.commit().unwrap();
+                        let str = "{\"id\":".to_owned() + id2 + "}";
+                        *response.body_mut() = str.into();
+                    } else {
+                        *response.body_mut() = "{\"error\":\"not all fields\"}".into();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::POST, "/user") => {
+            let headers = (&req).headers();
+            let mut tmp = headers.get("Authorization").unwrap().to_str().unwrap().split(" ");
+            let aa = tmp.next().unwrap();
+            if aa != "Bearer" {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+                return Ok(response);
+            }
+            let token = tmp.next().unwrap().to_string();
+            if req.headers().contains_key("Authorization") {
+                let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+                let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("Select id from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let idi: i32 = urow.get(0).unwrap();
+                    if s.contains_key("name") {
+                        poola.get_conn().unwrap().exec_drop("Update users set name =? where id = ?", (s.get("name"), idi)).unwrap();
+                    }
+                    if s.contains_key("surname") {
+                        poola.get_conn().unwrap().exec_drop("Update users set surname =? where id = ?", (s.get("surname"), idi)).unwrap();
+                    }
+                    if s.contains_key("password") {
+                        poola.get_conn().unwrap().exec_drop("Update users set password =? where id = ?", (hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap(), idi)).unwrap();
+                    }
+                    if s.contains_key("mail") {
+                        poola.get_conn().unwrap().exec_drop("Update users set mail =? where id = ?", (s.get("mail"), idi)).unwrap();
+                    }
+                    if s.contains_key("phone") {
+                        poola.get_conn().unwrap().exec_drop("Update users set phone =? where id = ?", (s.get("phone"), idi)).unwrap();
+                    }
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::GET, "/user") => {
+            if req.headers().contains_key("Authorization") {
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut tmp = req.headers().get("Authorization").unwrap().to_str().unwrap().split(" ");
+                    let aa = tmp.next().unwrap();
+                    if aa != "Bearer" {
+                        *response.status_mut() = StatusCode::UNAUTHORIZED;
+                        return;
+                    }
+                    let token = tmp.next().unwrap();
+                    let mut result = con.exec_iter("Select * from users where id =(SELECT user FROM `inz`.`sessions` where token = ? and expire > NOW());", (&token, )).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if row.is_none() {
+                        *response.status_mut() = StatusCode::FORBIDDEN;
+                        return;
+                    }
+                    let urow = row.unwrap().unwrap();
+                    let a = User { id: urow.get(0).unwrap(), name: urow.get(1).unwrap(), surname: urow.get(2).unwrap(), role: urow.get(3).unwrap(), login: urow.get(4).unwrap(), phone: urow.get(7).unwrap(), mail: urow.get(6).unwrap(), ranking: urow.get(8).unwrap() };
+
+                    *response.body_mut() = serde_json::to_string(&a).unwrap().into();
+                });
+            } else {
+                *response.status_mut() = StatusCode::UNAUTHORIZED;
+            }
+        }
+        (&Method::PUT, "/user/create") => {
+            let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+            let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+            if s.contains_key("username") && s.contains_key("name") && s.contains_key("surname") && s.contains_key("password") && s.contains_key("mail") && s.contains_key("phone") {
+                let username = s.get("username").unwrap().to_string();
+                let name = s.get("name").unwrap().to_string();
+                let surname = s.get("surname").unwrap().to_string();
+                let password = hash(s.get("password").unwrap().to_string(), DEFAULT_COST - 6).unwrap();
+                let mail = s.get("mail").unwrap().to_string();
+                let phone = s.get("phone").unwrap().to_string();
+                POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut a = con.exec_iter("select `login` from users where login = ?", (&username, )).unwrap();
+                    let it = a.iter().unwrap().next();
+                    if it.is_none() {
+                        poola.get_conn().unwrap().exec_drop("INSERT INTO `inz`.`users`(`name`,`surname`,`role`,`login`,`password`,`mail`,`phone`,`deleted`,`ranking`)VALUES (?,?,1,?,?,?,?,0,0);", (name, surname, username, password, mail, phone)).unwrap();
+                    }
+                });
+                *response.body_mut() = "{}".into();
+            } else {
+                *response.body_mut() = "{\"error\":\"not all fields\"}".into();
+            }
+        }
+        (&Method::POST, "/user/login") => {
+            let byte_stream = hyper::body::to_bytes(req).await.unwrap();
+            let s: HashMap<String, String> = serde_json::from_slice(&byte_stream).unwrap();
+            if s.contains_key("username") && s.contains_key("password") {
+                let username = s.get("username").unwrap().to_string();
+                let password = s.get("password").unwrap().to_string();
+                *response.body_mut() = POOL.with(|poola| {
+                    let mut con = poola.get_conn().unwrap();
+                    let mut result = con.exec_iter("SELECT * FROM `inz`.`users` where (login = ? or mail = ?) and `deleted`=0;", (&username, &username)).unwrap();
+                    let mut it = result.iter().unwrap();
+                    let row = it.next();
+                    if !row.is_none() {
+                        let urow = row.unwrap().unwrap();
+                        let pas: String = urow.get(5).unwrap();
+                        let id: i32 = urow.get(0).unwrap();
+                        if verify(&password, &pas).unwrap() {
+                            let mut rand: OsRng = OsRng::new().expect("Error opening random number generator");
+                            if !it.next().is_none() {
                                 return Body::from("{\"error\":\"wrong username or password\"}");
                             }
+                            const CHARSET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+                                abcdefghijklmnopqrstuvwxyz\
+                                0123456789";
+                            const PASSWORD_LEN: usize = 80;
+                            let password: String = (0..PASSWORD_LEN)
+                                .map(|_| {
+                                    let idx = rand.gen_range(0, CHARSET.len());
+                                    CHARSET[idx] as char
+                                })
+                                .collect();
+                            poola.get_conn().unwrap().exec_drop("DELETE FROM `inz`.`sessions`WHERE user = ?;", (id, )).unwrap();
+                            poola.get_conn().unwrap().exec_drop("INSERT INTO `inz`.`sessions`(`user`,`token`,`expire`)VALUES (?,?,DATE_ADD(NOW(), INTERVAL 30 MINUTE));", (id, &password)).unwrap();
+                            return Body::from("{\"token\":\"".to_owned() + &password + "\"}");
                         } else {
-                            hash("asd", DEFAULT_COST - 6).unwrap();
                             return Body::from("{\"error\":\"wrong username or password\"}");
                         }
-                    });
-                } else {
-                    *response.body_mut() = "{\"error\":\"not all fields\"}".into();
-                }
+                    } else {
+                        hash("asd", DEFAULT_COST - 6).unwrap();
+                        return Body::from("{\"error\":\"wrong username or password\"}");
+                    }
+                });
+            } else {
+                *response.body_mut() = "{\"error\":\"not all fields\"}".into();
             }
+        }
 
-            _ => {
-                *response.status_mut() = StatusCode::NOT_FOUND;
-            }
-        };
-        Ok(response)
-    }
+        _ => {
+            *response.status_mut() = StatusCode::NOT_FOUND;
+        }
+    };
+    Ok(response)
+}
 
-    #[tokio::main]
-    async fn main() {
-        let addr = SocketAddr::from(([0, 0, 0, 0], 1000));
-        let make_svc = make_service_fn(|_conn| async {
-            Ok::<_, Infallible>(service_fn(hello_world))
-        });
-        let server = Server::bind(&addr).serve(make_svc);
-        tokio::spawn(async move {
-            loop
-            {
-                sleep(Duration::from_secs(60*5)).await;
-                POOL.with(|poola| {
-                    poola.get_conn().unwrap()
-                        .query_iter(
-                            "Select id, paymentreference from registrations where paymentstatus = 'PENDING' and paymenttype ='btc'",
-                        ).unwrap().for_each(|row| {
-                        tokio::spawn(async move {
-                            let result_set = row.unwrap();
-                            let reference: &String = &from_value(result_set.get(1).unwrap());
-                            let id: &String = &from_value(result_set.get(0).unwrap());
+#[tokio::main]
+async fn main() {
+    let addr = SocketAddr::from(([0, 0, 0, 0], 1000));
+    let make_svc = make_service_fn(|_conn| async {
+        Ok::<_, Infallible>(service_fn(hello_world))
+    });
+    let server = Server::bind(&addr).serve(make_svc);
+    tokio::spawn(async move {
+        loop
+        {
+            sleep(Duration::from_secs(60 * 15)).await;
+            POOL.with(|poola| {
+                let mut conn = poola.get_conn().unwrap();
+                conn.query_iter(
+                        "Select id, paymentreference, paymentstatus ,paymentreference2 ,paymentstatus2 from registrations where (paymentstatus = 'PENDING' or paymentstatus2 = 'PENDING') and paymenttype ='btc'",
+                    ).unwrap().for_each(|row| {
+                    tokio::spawn(async move {
+                        let result_set = row.unwrap();
+                        let reference: &String = &from_value(result_set.get(1).unwrap());
+                        let status: &String = &from_value(result_set.get(2).unwrap());
+                        let reference2: &String = &from_value(result_set.get(3).unwrap());
+                        let status2: &String = &from_value(result_set.get(4).unwrap());
+                        let id: &String = &from_value(result_set.get(0).unwrap());
+                        if status == "PENDING" {
                             let client = Client::new();
                             let req = Request::builder()
                                 .method(Method::GET)
-                                .uri("http://10.1.6.101:8082/api/v1/stores/5QsjqLbqHNgiP4GnAqy2apKaTcxWDj7zFFSpNKZGEseR/invoices/".to_owned() + reference)
+                                .uri("http://****/api/v1/stores/****/invoices/".to_owned() + reference)
                                 .header("content-type", "application/json")
-                                .header("Authorization", "token 8b1d0a2a653e9f40ac402dbce66fccb3ccd1b9c5").body(Body::empty()).unwrap();
+                                .header("Authorization", "token *****").body(Body::empty()).unwrap();
                             let resp = client.request(req).await.unwrap();
                             let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
                             let stat: String = parsed.get("status").unwrap().as_str().unwrap().into();
@@ -2050,11 +2375,86 @@
                                     }
                                 }
                             }
-                        });
+                        }
+                        if status2 == "PENDING" {
+                            let client = Client::new();
+                            let req = Request::builder()
+                                .method(Method::GET)
+                                .uri("http://*****/api/v1/stores/****/invoices/".to_owned() + reference2)
+                                .header("content-type", "application/json")
+                                .header("Authorization", "token ****").body(Body::empty()).unwrap();
+                            let resp = client.request(req).await.unwrap();
+                            let parsed: serde_json::Value = serde_json::from_slice(hyper::body::to_bytes(resp.into_body()).await.unwrap().as_ref()).unwrap();
+                            let stat: String = parsed.get("status").unwrap().as_str().unwrap().into();
+                            if stat == "New" {} else {
+                                if stat == "Settled" {
+                                    POOL.with(|poola| {
+                                        poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 ='DONE' where id = ?", (id, )).unwrap();
+                                    });
+                                } else {
+                                    if stat == "Processing" {} else {
+                                        if stat == "Expired" {
+                                            POOL.with(|poola| {
+                                                poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 ='EXPIRED' where id = ?", (id, )).unwrap();
+                                            });
+                                        } else {
+                                            POOL.with(|poola| {
+                                                poola.get_conn().unwrap().exec_drop("Update registrations set paymentstatus2 =? where id = ?", (stat, id)).unwrap();
+                                            });
+                                        }
+                                    }
+                                }
+                            }
+                        }
                     });
                 });
-            }
-        });
+                let smtp_server = "****";
+                let smtp_username = "****";
+                let smtp_password = "****";
+                let smtp_password = "****";
+                let mut conn2 = poola.get_conn().unwrap();
+                conn2.query_iter(
+                    "Select id, (Select mail from users where users.id = userid),(Select mail from users where users.id = partner) from registrations where paymentstatus = 'DONE' and paymentstatus2 = 'DONE' and informed = 1",
+                ).unwrap().for_each(|row| {
+                    let result_set = row.unwrap();
+                    let id: &String = &from_value(result_set.get(0).unwrap());
+                    let usermail: &String = &from_value(result_set.get(1).unwrap());
+                    let partnermail: &String = &from_value(result_set.get(2).unwrap());
+                    let email = Message::builder()
+                        .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                        .to(("Yuin <".to_owned()+&usermail+">").parse().unwrap())
+                        .subject("your registration has payed")
+                        .body(String::from("thank you"))
+                        .unwrap();
+
+                    let creds = Credentials::new(smtp_username.to_string(), smtp_password.to_string());
+
+                    let mailer = SmtpTransport::relay(smtp_server)
+                        .unwrap()
+                        .credentials(creds)
+                        .build();
+                    match mailer.send(&email) {
+                        Ok(_) => { },
+                        Err(e) => panic!("Could not send email: {:?}", e),
+                        _ => {}
+                    }
+                    let email2 = Message::builder()
+                        .from(("NoBody <".to_owned()+smtp_username+">").parse().unwrap())
+                        .to(("Yuin <".to_owned()+&partnermail+">").parse().unwrap())
+                        .subject("your registration has payed")
+                        .body(String::from("thank you"))
+                        .unwrap();
+                    match mailer.send(&email2) {
+                        Ok(_) => { },
+                        Err(e) => panic!("Could not send email: {:?}", e),
+                        _ => {}
+                    }
+                    let mut conn3 = poola.get_conn().unwrap();
+                    conn3.exec_drop("Update registrations set informed =1 where id = ?", (id,)).unwrap();
+                });
+            });
+        }
+    });
     if let Err(e) = server.await {
         eprintln!("server error: {}", e);
     }