All this are plain text files. The tool to deal with each one is Notepad or some other programmer's editor. Don't try edit them with Word, WordPerfect or any other heavy-weight word processor. And remember: all the text is case-sensitive.

By now, we will take care of the first one, TopSecret.config.

• Open the file TopSecret.config in a simple editor, like Notepad.
• Don't be frightened: all lines that begins with the # character are comments. So, there are only seven lines to fit according the needs of your site. Came with them, one at a time.
• Change the configuration accordingly:

   

  $Database

  The name of your SQL Database. Don't confuse this with table names. If your site is in an ISP, chances are you have an unique database, where you put all your tables. If you don't know this, call your ISP support.

   

  $user

  The username you use to access your SQL Database. Again, call your ISP if you don't know this. See the Security session for some advice about that.

   

  $password

  The password to access the database.

   

  $user_table

  This is the table where the users data will be stored. This table will be inside the Database above.

   

  $logout_page

  This page is loaded when the user closes the section, that is, when the user goes out of the "secret" page. This page is layout dependant and can even be discarded, depending of the site implementation. For example, you should give normal links to your site inside the "secret" page. This way you will not need this page.

   

  $error_page

  This page is loaded if a database error occurs.

   

  $timeout = 30;

  Time, in seconds, during which the logged user can goes out and turn in again, without need to re-authentication. Note that the user will not be disconnected after this period. Once in the page, there is no time concerns; the user can stay in the page "forever".

   

• Upload the two files to the server, using your favourite FTP software.
  • TopSecret.config
  • TopSecret.php

I consider that your server handles PHP files adequately. For those cases when the things goes wrong, I have been included the test.php file in the distribution zip file. Upload it to the server and call it from your browser. You should receive a page with all PHP information. If this not happens or if you receive it like a txt file, with the PHP code visible, or even if a download have been initiated, thus contact your ISP support.


Create the database

Each server has its own SQL interface. This is about how you takes care of your data stored in the server. There are two basic kinds: a web interface or a SSH/Telnet access.

In the web side, PHPMyAdmin is a popular choice and there are chances that your ISP have been provided it to you. Indeed, no matter which tool you have, all their are very similar and operates in the same manner. All you need is a box in which you can paste a SQL query.

The SSH/Telnet access is a bit more complicated, since you will need to log onto the server, and access the MySQL server in a command line fashion.

If you don't know about your options, search the administration page of your site on the scent of SQL. You should find the way.

The file TopSecret.sql, included in the distribution zip file, have all you need in both situations.

1. Web interface
   1. Connect to the Internet.
   2. Go to the administrative page of your site.
   3. Access the PHPMyAdmin (or the like).
   4. Search for the box entitled SQL Query (or something similar).
   5. Open the file TopSecret.sql in Notepad.
   6. Select all the text in TopSecret.sql.
   7. Copy it to the Clipboard (Edit - Copy).
   8. Turn on to the browser and paste the text into the box entitled SQL Query.
   9. Hit the Go button.
   10. Check the return message to see if all has gone successful.

2. SSH/Telnet
   1. Upload the file TopSecret.sql to the server.
   2. Log onto the server.
   3. Go to the directory for what you have been uploaded the TopSecret.sql.
   4. Use the TopSecret.sql to insert your tables. Normally, the user and password to MySQL access is the same that one you use to log onto your site. If it's not the case, consider an search in your Post-Its :>)
   5. The command to create the tables is:
      
      $mysql -u user -p database_name < TopSecret.sql

To facilitate to first contact with TopSecret we've been provided four files:

Upload all these files to your server.

Once you have been uploaded the files, access the login.html file from your site. You should be prompted to login. If you have been used the TopSecret.sql, the combination guest/guest should give you access to the treasure.php page.

• Read the Security issues.
• Enjoy TopSecret.