updated to delete player and edit fields

app/blueprints/api.py

@@ -240,8 +240,8 @@ def get_playlist_by_quickconnect():
                 'playlist_version': 0
             }), 403
         
-        # Check if quickconnect matches
-        if player.quickconnect_code != quickconnect_code:
+        # Check if quickconnect matches (using bcrypt verification)
+        if not player.check_quickconnect_code(quickconnect_code):
             log_action('warning', f'Invalid quickconnect code for player: {hostname}')
             return jsonify({
                 'error': 'Invalid quickconnect code',
@@ -430,21 +430,26 @@ def receive_player_feedback():
             return jsonify({'error': 'No data provided'}), 400
         
         player_name = data.get('player_name')
+        hostname = data.get('hostname')  # Also accept hostname
         quickconnect_code = data.get('quickconnect_code')
         
-        if not player_name or not quickconnect_code:
-            return jsonify({'error': 'player_name and quickconnect_code required'}), 400
+        if (not player_name and not hostname) or not quickconnect_code:
+            return jsonify({'error': 'player_name/hostname and quickconnect_code required'}), 400
         
-        # Find player by name and validate quickconnect
-        player = Player.query.filter_by(name=player_name).first()
+        # Find player by hostname first (more reliable), then by name
+        player = None
+        if hostname:
+            player = Player.query.filter_by(hostname=hostname).first()
+        if not player and player_name:
+            player = Player.query.filter_by(name=player_name).first()
         
         if not player:
-            log_action('warning', f'Player feedback from unknown player: {player_name}')
+            log_action('warning', f'Player feedback from unknown player: {player_name or hostname}')
             return jsonify({'error': 'Player not found'}), 404
         
-        # Validate quickconnect code
-        if player.quickconnect_code != quickconnect_code:
-            log_action('warning', f'Invalid quickconnect in feedback from: {player_name}')
+        # Validate quickconnect code (using bcrypt verification)
+        if not player.check_quickconnect_code(quickconnect_code):
+            log_action('warning', f'Invalid quickconnect in feedback from: {player.name} ({player.hostname})')
             return jsonify({'error': 'Invalid quickconnect code'}), 403
         
         # Create feedback record
@@ -466,7 +471,7 @@ def receive_player_feedback():
         
         db.session.commit()
         
-        log_action('info', f'Feedback received from {player_name}: {status} - {message}')
+        log_action('info', f'Feedback received from {player.name} ({player.hostname}): {status} - {message}')
         
         return jsonify({
             'success': True,

app/blueprints/players.py

@@ -228,21 +228,48 @@ def manage_player(player_id: int):
         
         try:
             if action == 'update_credentials':
-                # Update player name, location, orientation
+                # Update player name, location, orientation, and authentication
                 name = request.form.get('name', '').strip()
                 location = request.form.get('location', '').strip()
                 orientation = request.form.get('orientation', 'Landscape')
+                hostname = request.form.get('hostname', '').strip()
+                password = request.form.get('password', '').strip()
+                quickconnect_code = request.form.get('quickconnect_code', '').strip()
                 
                 if not name or len(name) < 3:
                     flash('Player name must be at least 3 characters long.', 'warning')
                     return redirect(url_for('players.manage_player', player_id=player_id))
                 
+                if not hostname or len(hostname) < 3:
+                    flash('Hostname must be at least 3 characters long.', 'warning')
+                    return redirect(url_for('players.manage_player', player_id=player_id))
+                
+                # Check if hostname is taken by another player
+                if hostname != player.hostname:
+                    existing = Player.query.filter_by(hostname=hostname).first()
+                    if existing:
+                        flash(f'Hostname "{hostname}" is already in use by another player.', 'warning')
+                        return redirect(url_for('players.manage_player', player_id=player_id))
+                
+                # Update basic info
                 player.name = name
+                player.hostname = hostname
                 player.location = location or None
                 player.orientation = orientation
+                
+                # Update password if provided
+                if password:
+                    player.set_password(password)
+                    log_action('info', f'Password updated for player "{name}"')
+                
+                # Update quickconnect code if provided
+                if quickconnect_code:
+                    player.set_quickconnect_code(quickconnect_code)
+                    log_action('info', f'QuickConnect code updated for player "{name}" to: {quickconnect_code}')
+                
                 db.session.commit()
                 
-                log_action('info', f'Player "{name}" credentials updated')
+                log_action('info', f'Player "{name}" (hostname: {hostname}) credentials updated')
                 flash(f'Player "{name}" updated successfully.', 'success')
                 
             elif action == 'assign_playlist':