Merge pull request #9 from luca-ceri/dev

Pull Request For Autentication (V1.3.0)
FC-softwares · Dec 5, 2021 · 1f13f75 · 1f13f75
2 parents 1eb3112 + 23324b0
commit 1f13f75
Show file tree

Hide file tree

Showing 18 changed files with 587 additions and 151 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,4 @@
 data.json
 changes.log
 data.json
+test.php
diff --git a/README.md b/README.md
@@ -6,14 +6,14 @@ This is a HTML and JS based scoreboard for baseball live.
 - Go to the installation address from a browser 
 - Use the software
 ## IMPORTANT
-Check the file `data.json` in order to have read and write permissions (you can give them via `chmod 666 data.json`) and make sure `update.php` has execution rights (you can give them via: `chmod 755 update.php`)
+Check all `*.json` files in order to work all users must have read and write permissions (you can give them via `chmod 666 *.json`) and make sure also all `*.php` files has execution rights (you can give them via: `chmod 755 *.php`)
 
 # Installazione (Italiano)
 - Scarica e decomprimi la cartella compressa nella cartella del webserver
 - Vai all'indirizzo di installazione da un browser
 - Usa il software
 ## IMPORTANTE
-Controlla che il file `data.json` abbia i permessi di lettura e scrittura (li puoi fornire tramite `chmod 666 data.json`) e assicurati che `update.php` abbia i diritti di esecuzione (li puoi dare con: `chmod 755 update.php`)
+Controlla che i file `*.json` abbiano i permessi di lettura e scrittura (li puoi fornire tramite `chmod 666 *.json`) e assicurati che i file di tipo `*.php` abbiano i diritti di esecuzione (li puoi dare con: `chmod 755 *.php`)
 # LICENSE
 [![Licenza Creative Commons](https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png)](http://creativecommons.org/licenses/by-nc-nd/4.0/)  
 <span xmlns:dct="http://purl.org/dc/terms/" property="dct:title">Baseball-Scoreboard</span> di [Luca Facchini e Kristian Ceribashi](https://github.com/luca-ceri/) è distribuito con Licenza [Creative Commons Attribuzione - Non commerciale - Non opere derivate 4.0 Internazionale](http://creativecommons.org/licenses/by-nc-nd/4.0/).  

diff --git a/admin.html b/admin.html
@@ -1,6 +1,33 @@
 <html>
     <head>
         <title>Gestione Tabellone</title>
+        <input type="hidden" value="0" id="passwd">
+        <script>
+          const digest = async ({ algorithm = "SHA-256", message }) =>
+            Array.prototype.map
+              .call(
+                new Uint8Array(
+                  await crypto.subtle.digest(algorithm, new TextEncoder().encode(message))
+                ),
+                (x) => ("0" + x.toString(16)).slice(-2)
+              )
+              .join("");
+            digest({message: prompt("Enter Password:")})
+              .then(ins=>{
+                fetch("./passwd.json",{cache: "no-cache"})
+                .then(response => response.json())
+                .then(obj=>{
+                  if(obj.includes(ins)){
+                    document.getElementById('passwd').value=ins;
+                  }else{
+                    if(confirm("Password incorrect\nTry Again?"))
+                      window.location.replace("./admin.html");
+                    else 
+                      window.location.replace("./index.html");
+                  }
+                })
+              })
+        </script>
         <link rel="stylesheet" href="style.css" type="text/CSS">
         <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@800&display=swap" rel="stylesheet">
         <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
@@ -14,6 +41,7 @@
           <li id="title" class="li-navbar">Baseball Scoreboard</li>
           <li class="li-navbar"><a href="./index.html" class="link a-navbar">Home</a></li>
           <li class="li-navbar"><a href="./admin.html" class="link active a-navbar">Admin</a></li>
+          <li class="li-navbar"><a href="./auth.html" class="link a-navbar">Auth</a></li>
           <li class="li-navbar"><a href="./scoreboard.html" class="link a-navbar" target="_blank">Scoreboard <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
           <li class="li-navbar"><a href="./pregame.html" class="link a-navbar" target="_blank">Pre game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
           <li class="li-navbar"><a href="./postgame.html" class="link a-navbar" target="_blank">Post game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>

diff --git a/admin_obs.html b/admin_obs.html
@@ -1,5 +1,32 @@
 <html lang="en">
     <head>
+        <input type="hidden" value="0" id="passwd">
+        <script>
+            const digest = async ({ algorithm = "SHA-256", message }) =>
+              Array.prototype.map
+                .call(
+                  new Uint8Array(
+                    await crypto.subtle.digest(algorithm, new TextEncoder().encode(message))
+                  ),
+                  (x) => ("0" + x.toString(16)).slice(-2)
+                )
+                .join("");
+              digest({message: prompt("Enter Password:")})
+                .then(ins=>{
+                  fetch("./passwd.json",{cache: "no-cache"})
+                  .then(response => response.json())
+                  .then(obj=>{
+                    if(obj.includes(ins)){
+                        document.getElementById('passwd').value=ins;
+                    }else{
+                        if(confirm("Password incorrect\nTry Again"))
+                            window.location.replace("./admin_OBS.html");
+                        else
+                        window.location.replace("./no_pass.html");
+                    }
+                  })
+                })
+          </script>
         <title>OBS admin page</title>
         <link rel="stylesheet" type="text/CSS" href="style_obs.css">
         <meta name="viewport" content="width=device-width, initial-scale=1.0" charset="UTF-8">
@@ -365,7 +392,7 @@
                 obj.ScoreA=obj.ScoreA+obj.int[i].A;
                 obj.ScoreH=obj.ScoreH+obj.int[i].H;
             }
-            ndata = "Away="+obj.Away+"&ScoreA="+obj.ScoreA+"&ColorA="+obj.ColorA+"&Home="+obj.Home+"&ScoreH="+obj.ScoreH+"&ColorH="+obj.ColorH+"&Ball="+obj.Ball+"&Strike="+obj.Strike+"&Out="+obj.Out+"&Ining="+obj.Ining+"&bot="+obj.bot+"&b1="+obj.b1+"&b2="+obj.b2+"&b3="+obj.b3+"&int={";
+            ndata = "pass="+document.getElementById('passwd').value+"&Away="+obj.Away+"&ScoreA="+obj.ScoreA+"&ColorA="+obj.ColorA+"&Home="+obj.Home+"&ScoreH="+obj.ScoreH+"&ColorH="+obj.ColorH+"&Ball="+obj.Ball+"&Strike="+obj.Strike+"&Out="+obj.Out+"&Ining="+obj.Ining+"&bot="+obj.bot+"&b1="+obj.b1+"&b2="+obj.b2+"&b3="+obj.b3+"&int={";
             for(var i=1;i<obj.Ining;i++){
                 tmp=obj.int[i];
                 ndata=ndata+'"'+i+'"'+':{"A":'+tmp.A+',"H":'+tmp.H+'},';

diff --git a/auth.html b/auth.html
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<html lang="it">
+<head>
+    <title>Authentication management</title>
+    <input type="hidden" value="0" id="passwd">
+    <script>
+        const digest = async ({ algorithm = "SHA-256", message }) =>
+          Array.prototype.map
+            .call(
+              new Uint8Array(
+                await crypto.subtle.digest(algorithm, new TextEncoder().encode(message))
+              ),
+              (x) => ("0" + x.toString(16)).slice(-2)
+            )
+            .join("");
+        digest({message: prompt("Enter Password:")})
+            .then(ins=>{
+              fetch("./passwd.json",{cache: "no-cache"})
+              .then(response => response.json())
+              .then(obj=>{
+                if(obj.includes(ins)){
+                  document.getElementById('passwd').value=ins;
+                }else{
+                  if(confirm("Password incorrect\nTry Again?"))
+                    window.location.replace("./auth.html");
+                  else 
+                    window.location.replace("./index.html");
+                }
+              })
+            })
+        function copyToken() {
+          let token = document.getElementById("token").value;
+          navigator.clipboard.writeText(token);
+        }
+    </script>
+    <link rel="stylesheet" href="style.css">
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link href="./style_auth.css" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@800&display=swap" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css?family=Material+Icons|Material+Icons+Outlined|Material+Icons+Two+Tone|Material+Icons+Round|Material+Icons+Sharp" rel="stylesheet">
+    <script type="module" src="https://cdn.jsdelivr.net/gh/zerodevx/zero-md@2/dist/zero-md.min.js"></script>
+</head>
+<body>
+    <div>
+        <ul class="header ul-navbar">
+            <li id="title" class="li-navbar">Baseball Scoreboard</li>
+            <li class="li-navbar"><a href="./index.html" class="link a-navbar">Home</a></li>
+            <li class="li-navbar"><a href="./admin.html" class="link a-navbar">Admin</a></li>
+            <li class="li-navbar"><a href="./auth.html" class="link active a-navbar">Auth</a></li>
+            <li class="li-navbar"><a href="./scoreboard.html" class="link a-navbar" target="_blank">Scoreboard <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
+            <li class="li-navbar"><a href="./pregame.html" class="link a-navbar" target="_blank">Pre game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
+            <li class="li-navbar"><a href="./postgame.html" class="link a-navbar" target="_blank">Post game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
+            <li class="li-navbar"><a href="./parz.html" class="link a-navbar" target="_blank">Partials <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
+        </ul>
+    </div>
+    <div class="div-psw">
+        <h1>Change Password</h1>
+        <form class="form-psw" method="dialog">
+            <label for="oldpsw">Old password:</label>
+            <input type="password" id="oldpsw" name="oldpsw" required>
+            <label for="newpsw">New password:</label>
+            <input type="password" id="newpsw" name="newpsw" required>
+            <label for="repeatpsw">Repeat new password:</label>
+            <input type="password" id="repeatpsw" name="repeatpsw" required>
+            <p>Select an option:</p>
+            <span>
+              <input type="radio" id="opt1" name="opt" value="add" required>
+              <label for="opt1">Add password</label>
+            </span>
+            <span>
+              <input type="radio" id="opt2" name="opt" value="replace" required>
+              <label for="opt2">Replace</label>
+            </span>
+            <input type="submit" value="Invia" style="margin: 10px 0px 10px;" onclick="update()">
+        </form>
+    </div>
+    <div class="div-token">
+        <h1>Generate Token</h1>
+        <div style="display: flex;">
+          <input type="text" id="token" name="token" readonly> 
+          <button id="copy" onclick="copyToken()" class="material-icons-outlined">
+              file_copy
+          </button>
+        </div>
+        <button style="margin: 10px" onclick="update2()">Generate Token</button>
+    </div>
+</body>
+<script src="./auth.js"></script>
+</html>
diff --git a/auth.js b/auth.js
@@ -0,0 +1,90 @@
+function update(){
+    const digest = async ({ algorithm = "SHA-256", message }) =>
+        Array.prototype.map
+          .call(
+            new Uint8Array(
+              await crypto.subtle.digest(algorithm, new TextEncoder().encode(message))
+            ),
+            (x) => ("0" + x.toString(16)).slice(-2)
+          )
+          .join("");
+
+    old=document.getElementById("oldpsw").value;
+    new_p=document.getElementById("newpsw").value;
+    rep_pass=document.getElementById("repeatpsw").value;
+
+    if(new_p!=rep_pass){
+        alert("The New password are different")
+        return;
+    }
+    if(document.getElementById("opt1").checked)
+        opt="add";
+    else if(document.getElementById("opt2").checked)
+        opt="sub";
+    else
+        return;
+    digest({message: new_p})
+          .then(ins=>{
+              new_p=ins;
+              digest({message: old})
+                .then(ins2=>{
+                    old=ins2;
+                    submit(new_p,old,opt);
+                })
+          })
+}
+function submit(new_p,old,opt){
+    ndata="old="+old+"&new="+new_p+"&ope="+opt;
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", './update_pass.php', true);
+    xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+    xhr.onreadystatechange = function() { // Call a function when the state changes.
+        if (this.readyState === XMLHttpRequest.DONE && this.status != 200) {
+            window.alert("An error occurred while updating password\nSee console for more information\nERROR code: "+this.status);
+            console.debug("Error while sending request\nCODE:"+this.status+"\nRECIVED: '"+this.response+"'");
+
+        }else{
+            if(opt="sub"&&this.status==200&&this.readyState === XMLHttpRequest.DONE)
+                window.location.replace("./auth.html");
+        }
+    }
+    xhr.send(ndata);
+}
+function update2(){
+    const digest = async ({ algorithm = "SHA-256", message }) =>
+        Array.prototype.map
+          .call(
+            new Uint8Array(
+              await crypto.subtle.digest(algorithm, new TextEncoder().encode(message))
+            ),
+            (x) => ("0" + x.toString(16)).slice(-2)
+          )
+          .join("");
+
+    old=document.getElementById("passwd").value;
+    new_t=Math.random().toString(16).substr(2, 8);;
+
+    opt="sub";
+    digest({message: new_t})
+          .then(ins=>{
+                new_t=ins;
+                if(submit2(new_t,old,opt))
+                    document.getElementById("token").value=new_t;
+          })
+}
+
+function submit2(new_p,old,opt){
+    ndata="old="+old+"&new="+new_p+"&ope="+opt;
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", './update_token.php', true);
+    xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
+    xhr.onreadystatechange = function() { // Call a function when the state changes.
+        if (this.readyState === XMLHttpRequest.DONE && this.status != 200) {
+            window.alert("An error occurred while updating score\nSee console for more information\nERROR code: "+this.status);
+            console.debug("Error while sending request\nCODE:"+this.status+"\nRECIVED: '"+this.response+"'");
+
+        }
+    }
+    xhr.send(ndata);
+    return true;
+}
diff --git a/changelog.md b/changelog.md
@@ -1,4 +1,15 @@
 # UPDATE LOG (English)
+## V1.3.0
+### New Features:
+* Added authentication to the site, the password/tokens can be managed by the page `auth.html.`
+  * Dedicated Style `style_auth.css` for `auth.html`
+  * The default password is "baseball", is recommended to change before using the software.
+  * The password is asked for access into: `auth.html` `admin.html` `admin_obs.html`.
+  * A valid token is required to use the API: `update.php` `update_pass.php` `update_token.php` `settings.php`.
+* Fixed the bug found on #8 
+* Some Bugfixes
+### Known bugs:
+* We haven't found any bugs yet. If you find any, please notify us!
 ## V1.2.1
 ### New Features:
 * Added administration page
@@ -66,6 +77,17 @@
 * Scoreboard don't update live yo have to wait minus then 5s
 * we don't find any other bug if you find please advise me
 # Update Log (Italiano)
+## V1.3.0
+### Nuove Funzioni:
+* Aggiunta l'autenticazione al sito, la password/token può essere gestita dalla pagina `auth.html.`
+   * Stile dedicato `style_auth.css` per `auth.html`
+   * La password predefinita é "baseball", si consiglia di modificarla prima di utilizzare il software.
+   * Viene richiesta la password per accedere a: `auth.html` `admin.html` `admin_obs.html`.
+   * Per utilizzare l'API è necessario un token valido: `update.php` `update_pass.php` `update_token.php` `settings.php`.
+* Risolto il bug trovato su #8
+* Alcuni bug risolti 
+### Bug noti:
+* non abbiamo trovato nessun altro bug se trovi per favore avvisami
 ## V1.2.1
 ### Nuove Funzioni:
 * Aggiunta pagina amministrazione

diff --git a/index.html b/index.html
@@ -17,6 +17,7 @@
               <li id="title">Baseball Scoreboard</li>
               <li><a href="./index.html" class="link active">Home</a></li>
               <li><a href="./admin.html" class="link">Admin</a></li>
+              <li><a href="./auth.html" class="link">Auth</a></li>
               <li><a href="./scoreboard.html" class="link" target="_blank">Scoreboard <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
               <li><a href="./pregame.html" class="link" target="_blank">Pre game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
               <li><a href="./postgame.html" class="link" target="_blank">Post game <span class="material-icons" style="font-size: 18px;">open_in_new</span></a></li>
@@ -30,6 +31,7 @@ <h2 id="link-index">Here are the links to manage the overlay:</h2>
             </div>
             <br>
             <h3 class="link">Administration access: <a href="./admin.html">./admin.html</a></h3>
+            <h3 class="link">Authentication management: <a href="./auth.html">./auth.html</a></h3>
             <div class="ct-title separator">
               <h2 id="link-index">Here are the links to your overlay:</h2>
             </div>

diff --git a/no_pass.html b/no_pass.html
@@ -0,0 +1,6 @@
+<html>
+    <body>
+        <h1>The password is incorrect</h1>
+        <p>click <a href="./admin_obs.html">here</a> to try again</p>
+    </body>
+</html>
diff --git a/passwd.json b/passwd.json
@@ -0,0 +1,3 @@
+[
+    "a01edad91c00abe7be5b72b5e36bf4ce3c6f26e8bce3340eba365642813ab8b6"
+]
diff --git a/script.js b/script.js
@@ -158,15 +158,15 @@ function reseti(){
         .then(obj =>{nball = 0;
             nStrike = 0;
             nOut = 0;
-            obj.b1 = false;
-            obj.b2 = false;
-            obj.b3 = false;
             if(obj.bot==1){
                 ining('+');
                 nBot = 2;
             }else{
                 nBot = 1;
             }
+            obj.b1 = false;
+            obj.b2 = false;
+            obj.b3 = false;
             update(null,obj)
         })
 }
@@ -263,7 +263,7 @@ function update(par,obj){
         obj.ScoreA=obj.ScoreA+obj.int[i].A;
         obj.ScoreH=obj.ScoreH+obj.int[i].H;
     }
-    ndata = "Away="+obj.Away+"&ScoreA="+obj.ScoreA+"&ColorA="+obj.ColorA+"&Home="+obj.Home+"&ScoreH="+obj.ScoreH+"&ColorH="+obj.ColorH+"&Ball="+obj.Ball+"&Strike="+obj.Strike+"&Out="+obj.Out+"&Ining="+obj.Ining+"&bot="+obj.bot+"&b1="+obj.b1+"&b2="+obj.b2+"&b3="+obj.b3+"&int={";
+    ndata = "pass="+document.getElementById('passwd').value+"&Away="+obj.Away+"&ScoreA="+obj.ScoreA+"&ColorA="+obj.ColorA+"&Home="+obj.Home+"&ScoreH="+obj.ScoreH+"&ColorH="+obj.ColorH+"&Ball="+obj.Ball+"&Strike="+obj.Strike+"&Out="+obj.Out+"&Ining="+obj.Ining+"&bot="+obj.bot+"&b1="+obj.b1+"&b2="+obj.b2+"&b3="+obj.b3+"&int={";
     for(var i=1;i<obj.Ining;i++){
         tmp=obj.int[i];
         ndata=ndata+'"'+i+'"'+':{"A":'+tmp.A+',"H":'+tmp.H+'},';

diff --git a/set_script.js b/set_script.js
@@ -4,7 +4,7 @@ function update2(){
     .then(set=>{
         set.max_inning=document.getElementById("max_ing").value;
         set.dark_current=document.getElementById("dark_current").value;
-        ndata="max_inning="+set.max_inning+"&dark_current="+set.dark_current;
+        ndata="pass="+document.getElementById('passwd').value+"&max_inning="+set.max_inning+"&dark_current="+set.dark_current;
         var xhr = new XMLHttpRequest();
         xhr.open("POST", './settings.php', true);
         xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");