diff --git a/README.md b/README.md index ec2d1cf..7469540 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ Installing * Copy ```includes/config.inc.php-dist``` to ```includes/config.inc.php``` and edit config.inc.php to your needs. -* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. +* By default, nsedit writes its user database to ../etc/pdns.users.sqlite3. Be sure that your webserver can create that directory and write to it. **Make sure the Webserver doesn't serve this file/folder to the public!** * Visit http(s):///nsedit/ and login with admin/admin (Don't forget to update your password!) diff --git a/includes/config.inc.php-dist b/includes/config.inc.php-dist index 8991b81..14321a6 100644 --- a/includes/config.inc.php-dist +++ b/includes/config.inc.php-dist @@ -24,6 +24,7 @@ $logsdirectory = "../etc"; #$adminapiips = array(); #$adminapikey = 'thisshouldbequitealongstring,youknow'; +# Location of user-database. Make sure its writeable and not served by the webserver! $authdb = "../etc/pdns.users.sqlite3"; # Set a random generated secret to enable auto-login and long living csrf tokens diff --git a/index.php b/index.php index 65b3436..9a4aaf3 100644 --- a/index.php +++ b/index.php @@ -4,6 +4,9 @@ include_once('includes/config.inc.php'); include_once('includes/session.inc.php'); include_once('includes/misc.inc.php'); +$testpath = str_replace(basename($_SERVER['REQUEST_URI']), $authdb, $_SERVER['REQUEST_URI']); +$testurl = $_SERVER['REQUEST_SCHEME']."://".$_SERVER['HTTP_HOST'].$testpath; + global $errormsg, $blocklogin; if (isset($_GET['logout']) or isset($_POST['logout'])) { @@ -33,6 +36,24 @@ if (is_logged_in() and isset($_POST['formname']) and $_POST['formname'] === "cha NSEdit! +