Additional security and hardening.

handlers/draw_handler.go

@@ -107,41 +107,3 @@ func Submit(w http.ResponseWriter, r *http.Request) {
 
 	http.Redirect(w, r, "/", http.StatusSeeOther)
 }
-
-func ListDrawsHandler(db *sql.DB) http.HandlerFunc {
-	return helpers.AuthMiddleware(func(w http.ResponseWriter, r *http.Request) {
-		context := helpers.TemplateContext(w, r)
-		draws := []models.DrawSummary{}
-
-		rows, err := db.Query(`
-			SELECT r.id, r.game_type, r.draw_date, r.ball_set, r.machine,
-			       (SELECT COUNT(1) FROM prizes_thunderball p WHERE p.draw_date = r.draw_date) as prize_exists
-			FROM results_thunderball r
-			ORDER BY r.draw_date DESC
-		`)
-		if err != nil {
-			http.Error(w, "Failed to query draws", http.StatusInternalServerError)
-			return
-		}
-		defer rows.Close()
-
-		for rows.Next() {
-			var d models.DrawSummary
-			var prizeFlag int
-			if err := rows.Scan(&d.Id, &d.GameType, &d.DrawDate, &d.BallSet, &d.Machine, &prizeFlag); err != nil {
-				log.Println("⚠️ Draw scan failed:", err)
-				continue
-			}
-			d.PrizeSet = prizeFlag > 0
-			draws = append(draws, d)
-		}
-
-		context["Draws"] = draws
-
-		tmpl := template.Must(template.New("draw_list").Funcs(helpers.TemplateFuncs()).ParseFiles(
-			"templates/layout.html",
-			"templates/admin/draws/list.html",
-		))
-		tmpl.ExecuteTemplate(w, "layout", context)
-	})
-}