--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/sharing/config.php	Sun May 08 18:11:53 2011 +0100
@@ -0,0 +1,5 @@
+<?php
+// edit these to match your db
+$username = "user";
+$password = "password";
+?>

--- a/sharing/credentials	Fri Apr 29 20:05:21 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-userid:password

--- a/sharing/phpinfo.php	Fri Apr 29 20:05:21 2011 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,13 +0,0 @@
-<?php
-$username = "www-data";
-$password = "nutmeg23";
-$database = "privacy-dashboard";
-
-mysql_connect(localhost,$username,$password);
-
-@mysql_select_db($database) or die( "Unable to select database");
-
-
-echo "It works";
-mysql_close();
-?>

--- a/sharing/query.php	Fri Apr 29 20:05:21 2011 +0100
+++ b/sharing/query.php	Sun May 08 18:11:53 2011 +0100
@@ -1,4 +1,15 @@
 <?php
+  // defines db username and password
+  require("config.php");
+
+/*
+edit config.php to suit your db:
+
+<?php
+$username = "userid";
+$password = "password";
+?>
+*/
 
   $nl = "\n";
   $tab = "\t";
@@ -97,6 +108,7 @@
         break;
 
       case "9":
+
         $sql = "SELECT DISTINCT third_party FROM parties WHERE offsite = 1 " .
                    "AND page_host LIKE '%" . escape1($param) . "'";
         $names = array("3rd party");
@@ -111,7 +123,10 @@
       case "11":
         $sql = "SELECT host,session_cookies,lasting_cookies,flash_cookies," .
         "int_3rd_party_session_cookies,int_3rd_party_lasting_cookies," .
-        "int_3rd_party_flash_cookies,ext_3rd_party_session_cookies," .
+        "int_3rd_party_fla<?php
+$username = "www-data";
+$password = "nutmeg23";
+?>sh_cookies,ext_3rd_party_session_cookies," .
         "ext_3rd_party_lasting_cookies,ext_3rd_party_flash_cookies" .
         " FROM site_info WHERE host LIKE '%" . escape1($param) . "'";
         $names = array("host","session","lasting","flash",
@@ -133,21 +148,7 @@
 
   header('Content-Type: text/plain');
 
-  // read credentials from local file
-  $creds = file_get_contents("credentials");
-
-  if (!$creds)
-  {
-    header("HTTP/1.0 500 Internal Error");
-    die("500 Internal Error - Couldn't get credentials for database access");
-  }
-
-  // file content:  userid:password
-  $creds = explode(":", $creds);
-  $username = trim($creds[0]);
-  $password = trim($creds[1]);
-
-  $database = "privacy-dashboard";
+  $database = "dashboard";
   $db = mysql_connect("localhost",$username,$password);
 
   if (!$db)

--- a/sharing/share.php	Fri Apr 29 20:05:21 2011 +0100
+++ b/sharing/share.php	Sun May 08 18:11:53 2011 +0100
@@ -1,4 +1,7 @@
 <?php
+  // defines db username and password
+  require("config.php");
+
   mb_internal_encoding("UTF-8");
 
   // crude check on data integrity
@@ -251,7 +254,7 @@
   $username = trim($creds[0]);
   $password = trim($creds[1]);
 
-  $database = "privacy-dashboard";
+  $database = "dashboard";
   $db = mysql_connect("localhost",$username,$password);
 
   if (!$db)

--- a/sharing/site.php	Fri Apr 29 20:05:21 2011 +0100
+++ b/sharing/site.php	Sun May 08 18:11:53 2011 +0100
@@ -1,4 +1,6 @@
 <?php
+  // defines db username and password
+  require("config.php");
 
   $nl = "\n";
   $tab = "\t";
@@ -51,9 +53,7 @@
     do_query($sql, $names);
   }
 
-  $username = "www-data";
-  $password = "nutmeg23";  // oops security hole!!!!
-  $database = "privacy-dashboard";
+  $database = "dashboard";
 
   $db = mysql_connect("localhost",$username,$password);