Changelog
All notable changes to MΓΌΓΌsP3Player will be documented in this file.
[1.0.0] - 2025-10-25
Changed - Major UI/UX Overhaul
- π¨ Mobile Landscape Layout - All controls on one line in 4 groups: [Play Stop] [Slow Reset Fast] [Set A Set B Reset] [View PDF]
- π± Viewport Optimization - Prevents zoom on orientation change across all pages (index, statistics, README, CHANGELOG)
- π― Logo & Title Repositioning - Moved inside control panel on desktop, removed "Song:" and "Track:" labels
- ποΈ Footer Redesign - Centered on all devices with cache icon instead of text
- π€ Typography Consistency - Sniglet font applied across all pages
- π Login Screen Simplification - Footer below login button, removed "Passwort:" label
- π Statistics Cleanup - Removed "Nutzer pro Song" section, changed position visualization to horizontal lines, removed logo
- π Smart Statistics - Position chart preselects song with most data automatically
- π Smart PDF Matching - PDF button only active when 95%+ filename match (using Levenshtein distance)
- π₯οΈ Desktop Fullscreen Fix - Fullscreen mode only activates on mobile devices, not desktop
Added
- πΎ Track Type Persistence - Last selected instrument/track type stored in localStorage
- π¨ Improved Button Layout - Larger gaps between button groups, visible background padding in landscape mode
- π String Similarity Algorithm - Levenshtein distance for precise PDF-to-MP3 matching
Removed
- β Debug logging from PDF matching function
- β Complex word-based PDF matching (replaced with simple string similarity)
- β Logo from statistics page
Technical Details
- PDF matching now uses 95% string similarity threshold instead of word-based matching
- Viewport meta tag:
maximum-scale=1.0, user-scalable=no prevents unwanted zoom
- Mobile detection:
/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i
- Landscape layout breakpoints: small phones (<500px height) and large phones (501-700px height)
[0.9.0] - 2025-10-22
Changed - Statistics Visualization Improvements
- π¨ Paintball Splatter Effect - Position heatmap now shows colorful "paint impacts" instead of simple dots
- π Multi-Color Visualization - 5 vibrant colors (Orange, Red, Gold, Hot Pink, Purple) randomly assigned to points
- π Optimized Chart Height - Position heatmap reduced from 400px to 250px for better layout
- π― Splatter Details - Each 2-second point creates main impact (6-8px) plus 3-5 small splatter points (2-4px)
Added
- β¨ Realistic paint splatter effect with randomized spread (Β±2s horizontal, Β±10 units vertical)
- π¨ Color-grouped datasets for better rendering performance
- π Fixed Y-axis range (0-100) for consistent visualization height
Technical Details
- Position heatmap uses Chart.js scatter plot with multiple datasets
- Main impact points: 6-8px radius with 0.7 alpha transparency
- Splatter points: 2-4px radius with 0.5 alpha transparency
- Random color assignment from paintballColors array
- Creates "point clouds" at frequently played positions
[0.8.0] - 2025-10-22
- π¨ Login als Overlay - Nicht mehr separate Seite, erscheint ΓΌber der App
- β‘ Direkter Apache Auth Test - Kein login.py mehr, Authentication via geschΓΌtztem File
- π UTF-8 PasswΓΆrter - NFC Normalisierung fΓΌr Umlaute (Γ€, ΓΆ, ΓΌ)
- π± Custom Dropdown nur fΓΌr Android - Natives Dropdown fΓΌr iOS/Desktop
- ποΈ Password Show/Hide Toggle - Bessere UX mit Auge-Icon
Added
- β¨ Loading Spinner wΓ€hrend Login
- β¨ Smooth Fade-In/Out Animationen fΓΌr Login Overlay
- β¨ Auto-Focus auf Username-Feld
- β¨ Enter-Taste submittet Login-Form
- π
.auth-test File fΓΌr Apache Auth Validierung
Changed
- βοΈ Statistik Minimum - ErhΓΆht von 3 auf 10 Sekunden
- π Security -
Require valid-user statt hardcoded username
- π Security -
.auth-test in root .htaccess geschΓΌtzt
Removed
- β
login.py - Nicht mehr benΓΆtigt (Apache Auth direkt)
- β
login.html - Ersetzt durch Overlay in index.html
Technical Details
- Login Overlay zeigt sich automatisch wenn keine Credentials in localStorage
- JavaScript testet Auth mit
fetch('Repertoire/.auth-test')
- UTF-8 NFC Normalisierung:
password.normalize('NFC')
- Base64 Encoding:
btoa(unescape(encodeURIComponent(...)))
- Custom Dropdown nur via
isAndroid() User-Agent Detection
[0.7.0] - 2025-10-21
Changed - Major Authentication Overhaul
- π Migrated to Apache HTTP Basic Authentication (from session-based auth) - See Flow Diagram
- β‘ Files now served directly by Apache (native speed, no Python CGI overhead)
- πΎ Credentials stored in browser localStorage (persistent login)
- π One password for everything (
.htpasswd file managed with htpasswd command)
- π JavaScript automatically sends Basic Auth headers with fetch requests
Added
- π¦ Cache busting for songs.py to prevent stale data
- π‘οΈ CSP updated to allow
blob: URLs for authenticated media loading
- β
Password validation using
htpasswd -v command (100% Apache compatibility)
Fixed
- π Browser hang issue when loading large MP3 files (4MB+)
- π§ UTF-8 encoding issues with passwords (ASCII-only recommended)
- π΅ Audio playback now uses fetch() + Blob URLs for authenticated requests
Removed
- β
serve-file.py - No longer needed (Apache serves files directly)
- β
check-auth.py - No longer needed
- β
sessions.dat - Session-based auth replaced with HTTP Basic Auth
- β Debug logging from production code
Technical Details
- Authentication: Apache Basic Auth via
.htpasswd + Repertoire/.htaccess
- Note: In v0.7.0,
login.py validated credentials (removed in v0.8.0)
- Frontend stores credentials in localStorage and sends via Authorization header
- MP3/PDF files fetched with auth, converted to Blob URLs for playback
[0.6.0] - 2025-10-21
Added
- π PDF sheet music viewer (automatically matches PDF to track name)
- π― Smart PDF matching algorithm based on string similarity
- π¨ Icon-based speed control buttons (βΌ β² βΊ)
- π·οΈ "Speed:" label matching Song/Track label style
- π Caching headers for PDFs and MP3 files (1 month)
Changed
- π§ Backend API now includes PDF listing for each song
- β‘ Speed control redesigned: replaced slider with +/- buttons for better mobile UX
- π¨ Speed control uses Unicode symbols instead of text labels
- π Button text improvements: "Clear Loop" β "Reset", "PDF" β "View PDF"
- π PDF opens in new tab using link-element trick (avoids popup blocker)
- π± Speed display moved to info panel (removed redundant display)
Fixed
- π Songs with dots in name (e.g., "Nr. 1", "Nr. 3") now work correctly
- π Added dot (.) to allowed characters in path validation
[0.5.0] - 2025-10-20
Added
- πͺ Environment-specific cookies (dev/prod separation)
- π
Deployment date display in footer
- π Automatic README.md to README.html conversion
- βοΈ Automatic environment configuration (config.py)
- π¨ Favicon support in all pages
- π Server-side statistics tracking (shared across all users)
Fixed
- π Cookie conflicts between dev and prod environments
- π Race condition in play button functionality
- π Path traversal vulnerability in songs.py
- π XSS vulnerability in statistics.html
- π Client-side only authentication
Changed
- β‘ Progress line color changed to white for better contrast
- π¨ Removed "auswΓ€hlen" text from labels (cleaner UI)
- π¦ Improved deployment scripts with automatic config generation
Security
- π Server-side session authentication implemented
- π Password stored as SHA-256 hash (not plaintext)
- π Input validation and sanitization added
- π Security headers enabled (CSP, X-Frame-Options, etc.)
- π Debug mode disabled in production
- π CORS wildcard removed
[0.4.0] - 2025-10-20
Initial Release
- π Waveform visualization with time scale
- π Draggable A-B loop markers
- β‘ Speed control (0.4x - 1.5x) with pitch preservation
- π Password-protected access
- π± Mobile-optimized interface
- π Basic statistics tracking (localStorage)
---
Note: Version 0.4.0 was the first documented release after initial development.
