move code server side

.htaccess

@@ -0,0 +1,4 @@
+<IfModule mod_rewrite.c>
+RewriteEngine on
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
+</IfModule>

ics.php

@@ -1,78 +1,93 @@
-<?php
-	require 'settings.php';
-
-	if (isset($_POST['password']))
-	{
-		$password = $_POST['password'];
-
-		$curl = curl_init();
-
-		curl_setopt($curl, CURLOPT_URL, $url);
-		curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-		curl_setopt($curl, CURLOPT_USERPWD, $user . ':' . $password);
-		curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
-		$result = curl_exec($curl);
-
-		if (!$result)
-		{
-			die('error');
-		}
-		curl_close($curl);
-		die($result);
-	}
-?>
-
 <html>
 	<header>
 		<title>Evénements à venir</title>
 	</header>
 	<body style="font-family: helvetica; line-height: 24px; font-size: 16px;">
+<?php
+	require 'settings.php';
+
+	if ($password && (!isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_PW'] != $password)) {
+		header('WWW-Authenticate: Basic realm="bbn"');
+		header('HTTP/1.0 401 Unauthorized');
+		die('<p>Access denied.</p></body></html>');
+	}
+	
+	/*function ics2json($input)
+	{
+		$id = 0;
+		$root = array();
+		$curr = root;
+		input.split("\r\n").forEach(l =>
+		{
+			var key = l.split(":")[0].split(";")[0];
+			var val = l.split(":")[1];
+			if (key == "BEGIN")
+			{
+				if (curr[val])
+				{
+					val += "_" + (id++);
+				}
+				curr[val] = {
+					parent: curr
+				};
+				curr = curr[val];
+			}
+			else if (key == "END")
+			{
+				var parent = curr.parent;
+				delete curr.parent;
+				curr = parent;
+			}
+			else
+			{
+				curr[key] = key.startsWith("DT") ? dt(val) : val;
+			}
+
+		});
+
+		root.VCALENDAR.VEVENTS = [];
+		Object.keys(root.VCALENDAR)
+		.filter(k => (k == "VEVENT" || k.startsWith("VEVENT_")))
+		.forEach(k =>
+		{
+			root.VCALENDAR.VEVENTS.push(root.VCALENDAR[k]);
+			delete root.VCALENDAR[k];
+		});
+
+		return root.VCALENDAR;
+	}*/
+
+	// Get ics file
+	$curl = curl_init();
+	curl_setopt($curl, CURLOPT_URL, $url);
+	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+	curl_setopt($curl, CURLOPT_USERPWD, $user . ':' . $password);
+	curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
+	$result = curl_exec($curl);
+
+	if (!$result)
+	{
+		die('<p>Error while getting ics file from caldav server.</p></body></html>');
+	}
+	curl_close($curl);
+
+	// port "showresult" js function:
+	$recent = 7;
+	if (isset($_GET['recent']))
+	{
+		$recent = $_GET['recent'];
+	}
+
+	echo '<h1>Evénements à venir</h1>';
+
+?>
+	</body>
+</html>
+
+<!-- old -->
 		<div id="content">Récupération du calendrier...</div>
 		<script type="text/javascript">
-function ics2json(input)
-{
-	var id = 0;
-	var root = {};
-	var curr = root;
-	input.split("\r\n").forEach(l =>
-	{
-		var key = l.split(":")[0].split(";")[0];
-		var val = l.split(":")[1];
-		if (key == "BEGIN")
-		{
-			if (curr[val])
-			{
-				val += "_" + (id++);
-			}
-			curr[val] = {
-				parent: curr
-			};
-			curr = curr[val];
-		}
-		else if (key == "END")
-		{
-			var parent = curr.parent;
-			delete curr.parent;
-			curr = parent;
-		}
-		else
-		{
-			curr[key] = key.startsWith("DT") ? dt(val) : val;
-		}
 
-	});
-
-	root.VCALENDAR.VEVENTS = [];
-	Object.keys(root.VCALENDAR)
-	.filter(k => (k == "VEVENT" || k.startsWith("VEVENT_")))
-	.forEach(k =>
-	{
-		root.VCALENDAR.VEVENTS.push(root.VCALENDAR[k]);
-		delete root.VCALENDAR[k];
-	});
-
-	return root.VCALENDAR;
-}
 
 function dt(s)
 {
@@ -163,5 +178,3 @@ xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
 xhr.send("password=" + password);
 
 		</script>
-	</body>
-</html>

settings.php.sample.php

@@ -1,4 +1,5 @@
 <?php
 	$url = 'https://caldav.example.com/path/to/calendar';
 	$user = 'caldavuser';
+	$password = 'caldavpassword';
 ?>