Added password protection to ajax requests and admin site

.idea/jsLibraryMappings.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project version="4">
   <component name="JavaScriptLibraryMappings">
-    <file url="PROJECT" libraries="{@types/jquery-countdown, jquery-3.3.1}" />
+    <file url="PROJECT" libraries="{jquery-3.3.1, jquery-confirm}" />
     <includedPredefinedLibrary name="HTTP Response Handler" />
   </component>
 </project>

.idea/site-accueil-insa.iml

@@ -6,5 +6,7 @@
     <orderEntry type="sourceFolder" forTests="false" />
     <orderEntry type="library" name="jquery-3.3.1" level="application" />
     <orderEntry type="library" name="@types/jquery-countdown" level="application" />
+    <orderEntry type="library" name="jquery-3.3.1" level="application" />
+    <orderEntry type="library" name="jquery-confirm" level="application" />
   </component>
 </module>

admin/.htaccess

@@ -1 +1,5 @@
-Options -Indexes
+AuthName "MDP ?"
+AuthType Basic
+#AuthUserFile /home/keplyx/Web/site-accueil-insa/includes/.htpassajax
+AuthUserFile /home_clubs/accueil_insa/public_html/includes/.htpassajax #production only
+require valid-user

ajax/read/index.php

@@ -0,0 +1,51 @@
+<?php
+require_once '../../classes/dao.php';
+
+
+if (isset($_GET['function'])) {
+    if ($_GET['function'] == "get_scores")
+        get_scores();
+    elseif ($_GET['function'] == "get_map_info")
+        get_map_info();
+    elseif ($_GET['function'] == "get_activities_of_day")
+        get_activities_of_day();
+} else
+    show_error();
+
+function get_scores() {
+    if (isset($_GET['team'])) {
+        header('Content-Type: application/json');
+        $dao = new Dao('../');
+        echo json_encode($dao->get_score_team($_GET['team']));
+    } else {
+        show_error();
+    }
+}
+
+function get_map_info() {
+    if (isset($_GET['selector'])) {
+        header('Content-Type: application/json');
+        $dao = new Dao('../');
+        echo json_encode($dao->get_map_info($_GET['selector']));
+    } else {
+        show_error();
+    }
+}
+
+
+function get_activities_of_day() {
+    if (isset($_GET['day'])) {
+        header('Content-Type: application/json');
+        $dao = new Dao('../');
+        echo json_encode($dao->get_activities_of_day($_GET['day']));
+    } else {
+        show_error();
+    }
+}
+
+
+
+function show_error() {
+    echo "Échec : ";
+    var_dump($_GET);
+}

ajax/write/.htaccess

@@ -0,0 +1,5 @@
+AuthName "MDP ?"
+AuthType Basic
+#AuthUserFile /home/keplyx/Web/site-accueil-insa/includes/.htpassajax
+AuthUserFile /home_clubs/accueil_insa/public_html/includes/.htpassajax #production only
+require valid-user

ajax/write/index.php

@@ -1,18 +1,12 @@
 <?php
-require_once '../classes/dao.php';
+require_once '../../classes/dao.php';
 
 
 if (isset($_GET['function'])) {
     if ($_GET['function'] == "save_scores")
         save_scores();
-    elseif ($_GET['function'] == "get_scores")
-        get_scores();
-    elseif ($_GET['function'] == "get_map_info")
-        get_map_info();
     elseif ($_GET['function'] == "save_map_info")
         save_map_info();
-    elseif ($_GET['function'] == "get_activities_of_day")
-        get_activities_of_day();
     elseif ($_GET['function'] == "save_day_activities")
         save_day_activities();
 } else
@@ -28,26 +22,6 @@ function save_scores() {
         show_error();
 }
 
-function get_scores() {
-    if (isset($_GET['team'])) {
-        header('Content-Type: application/json');
-        $dao = new Dao('../');
-        echo json_encode($dao->get_score_team($_GET['team']));
-    } else {
-        show_error();
-    }
-}
-
-function get_map_info() {
-    if (isset($_GET['selector'])) {
-        header('Content-Type: application/json');
-        $dao = new Dao('../');
-        echo json_encode($dao->get_map_info($_GET['selector']));
-    } else {
-        show_error();
-    }
-}
-
 function save_map_info() {
     if (isset($_GET['selector']) && isset($_GET['info'])) {
         $dao = new Dao('../');
@@ -58,16 +32,6 @@ function save_map_info() {
     }
 }
 
-function get_activities_of_day() {
-    if (isset($_GET['day'])) {
-        header('Content-Type: application/json');
-        $dao = new Dao('../');
-        echo json_encode($dao->get_activities_of_day($_GET['day']));
-    } else {
-        show_error();
-    }
-}
-
 function save_day_activities() {
     if (isset($_GET['day']) && isset($_GET['entries'])) {
         $dao = new Dao('../');

assets/js/map.js

@@ -17,7 +17,7 @@ function clicked(elem){
                 'selector': get_name(elem.id),
             };
             return $.ajax({
-                url: 'admin/ajax_load.php',
+                url: 'ajax/read',
                 data: object,
                 method: 'get'
             }).done(function (data) {

assets/js/mapManager.js

@@ -1,4 +1,3 @@
-let ajaxurl = 'ajax_load.php';
 
 $(document).ready(function () {
     getMapInfo(getSelectedMap());
@@ -12,7 +11,7 @@ $(document).ready(function () {
             'info': info,
         };
         $.get(
-            ajaxurl,
+            "../ajax/write",
             object,
             function (data) {
                 alert(data);
@@ -34,7 +33,7 @@ function getMapInfo(selector) {
         'selector': selector,
     };
     $.get(
-        ajaxurl,
+        "../ajax/read",
         object,
         function (data) {
             console.log(data);

assets/js/planning.js

@@ -1,4 +1,4 @@
-let ajaxurl = 'admin/ajax_load.php';
+let ajaxurl = 'ajax/read';
 
 
 let tableWrapper = $('#tablePlanning');

assets/js/planningManager.js

@@ -1,4 +1,3 @@
-let ajaxurl = 'ajax_load.php';
 let uniqueID = 0;
 
 let currentActivities = [];
@@ -143,7 +142,7 @@ function saveDayActivities() {
         "entries": currentActivities,
     };
     $.get(
-        ajaxurl,
+        "../ajax/write",
         object,
         function (data) {
             alert(data);
@@ -157,7 +156,7 @@ function getDayActivities(day) {
         'day': day,
     };
     $.get(
-        ajaxurl,
+        "../ajax/read",
         object,
         function (data) {
             currentActivities = data;

assets/js/statsDisplay.js

@@ -28,7 +28,7 @@ function showScores(team) {
                 'team': team,
             };
             return $.ajax({
-                url: 'admin/ajax_load.php',
+                url: "ajax/read",
                 data: object,
                 method: 'get'
             }).done(function (data) {

assets/js/statsManager.js

@@ -1,5 +1,4 @@
 let uniqueID = 0;
-let ajaxurl = 'ajax_load.php';
 
 let entryTemplate =
     '<tr class="entry">' +
@@ -24,7 +23,7 @@ $(document).ready(function () {
             "lines": lines,
         };
         $.get(
-            ajaxurl,
+            "../ajax/write",
             object,
             function (data) {
                 alert(data);
@@ -85,7 +84,7 @@ function getScores(team) {
         'team': team,
     };
     $.get(
-        ajaxurl,
+        "../ajax/read",
         object,
         function (data) {
             for (let i = 0; i < data.length; i++) {

includes/.htpassajax

@@ -0,0 +1,2 @@
+admin:$apr1$kQeLzJ44$jOg93m9Vbz6FRkj.ViuIf.
+

includes/.htpassurss

@@ -1 +0,0 @@
-urss:$apr1$be3lzprv$6ML9yz0HALe/oI9DRKEaw0

includes/.htpassusa

@@ -1 +0,0 @@
-usa:$apr1$53morzy0$GxlXNPAdPtiin1/7/xQo4/