Initial commit: Flutter app + PHP/MySQL backend on Hostinger

Replaces Firebase with a self-hosted PHP/MySQL API served from
winded.prymsolutions.com. Includes full backend (schema, auth, events,
teams, brackets, suggestions, stats, media, file upload) and updated
Flutter repositories and domain models.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

server/api/events/detail.php

@@ -0,0 +1,44 @@
+<?php
+require_once __DIR__ . '/../config/helpers.php';
+cors();
+
+$id     = $_GET['id'] ?? '';
+$method = $_SERVER['REQUEST_METHOD'];
+
+if ($id === '') json_err('Missing id');
+
+$db = db();
+
+if ($method === 'GET') {
+    $stmt = $db->prepare('SELECT * FROM events WHERE id = ?');
+    $stmt->execute([$id]);
+    $row = $stmt->fetch();
+    if (!$row) json_err('Not found', 404);
+    $s = $db->prepare('SELECT COUNT(*) as cnt FROM event_registrations WHERE event_id = ?');
+    $s->execute([$id]);
+    $row['teams_registered'] = (int)$s->fetch()['cnt'];
+    json_ok($row);
+}
+
+if ($method === 'PUT') {
+    require_admin();
+    $b = body();
+    $fields = []; $params = [];
+    foreach (['title','description','category','event_date','location',
+              'registration_deadline','max_teams','is_cancelled','image_url'] as $f) {
+        if (array_key_exists($f, $b)) { $fields[] = "$f = ?"; $params[] = $b[$f]; }
+    }
+    if (empty($fields)) json_err('Nothing to update');
+    $params[] = $id;
+    $db->prepare('UPDATE events SET ' . implode(', ', $fields) . ' WHERE id = ?')->execute($params);
+    json_ok(['updated' => true]);
+}
+
+if ($method === 'DELETE') {
+    require_admin();
+    $db->prepare('DELETE FROM events WHERE id = ?')->execute([$id]);
+    $db->prepare('DELETE FROM event_registrations WHERE event_id = ?')->execute([$id]);
+    json_ok(['deleted' => true]);
+}
+
+json_err('Method not allowed', 405);

server/api/events/index.php

@@ -0,0 +1,43 @@
+<?php
+require_once __DIR__ . '/../config/helpers.php';
+cors();
+
+$method = $_SERVER['REQUEST_METHOD'];
+
+if ($method === 'GET') {
+    $rows = db()->query('SELECT * FROM events ORDER BY event_date ASC')->fetchAll();
+    // Attach registration count per event
+    $db = db();
+    $result = array_map(function ($row) use ($db) {
+        $stmt = $db->prepare('SELECT COUNT(*) as cnt FROM event_registrations WHERE event_id = ?');
+        $stmt->execute([$row['id']]);
+        $row['teams_registered'] = (int)$stmt->fetch()['cnt'];
+        return $row;
+    }, $rows);
+    json_ok(['events' => $result]);
+}
+
+if ($method === 'POST') {
+    require_admin();
+    $b = body();
+    $id = uuid();
+    db()->prepare(
+        'INSERT INTO events (id, title, description, category, event_date, location,
+         registration_deadline, max_teams, is_cancelled, image_url)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
+    )->execute([
+        $id,
+        $b['title']                 ?? '',
+        $b['description']           ?? '',
+        $b['category']              ?? 'pickup',
+        $b['event_date']            ?? date('Y-m-d H:i:s'),
+        $b['location']              ?? '',
+        $b['registration_deadline'] ?? null,
+        (int)($b['max_teams']       ?? 0),
+        (int)($b['is_cancelled']    ?? 0),
+        $b['image_url']             ?? null,
+    ]);
+    json_ok(['id' => $id], 201);
+}
+
+json_err('Method not allowed', 405);

server/api/events/register.php

@@ -0,0 +1,40 @@
+<?php
+require_once __DIR__ . '/../config/helpers.php';
+cors();
+
+$payload  = require_auth();
+$uid      = $payload['uid'];
+$event_id = $_GET['event_id'] ?? (body()['event_id'] ?? '');
+$method   = $_SERVER['REQUEST_METHOD'];
+
+if ($event_id === '') json_err('Missing event_id');
+
+$db = db();
+
+if ($method === 'POST') {
+    try {
+        $db->prepare(
+            'INSERT INTO event_registrations (id, event_id, user_id) VALUES (?, ?, ?)'
+        )->execute([uuid(), $event_id, $uid]);
+    } catch (PDOException $e) {
+        // Unique constraint: already registered — treat as success
+    }
+    json_ok(['registered' => true]);
+}
+
+if ($method === 'DELETE') {
+    $db->prepare(
+        'DELETE FROM event_registrations WHERE event_id = ? AND user_id = ?'
+    )->execute([$event_id, $uid]);
+    json_ok(['unregistered' => true]);
+}
+
+if ($method === 'GET') {
+    $stmt = $db->prepare(
+        'SELECT * FROM event_registrations WHERE event_id = ? AND user_id = ?'
+    );
+    $stmt->execute([$event_id, $uid]);
+    json_ok(['registered' => (bool)$stmt->fetch()]);
+}
+
+json_err('Method not allowed', 405);