diff --git a/admin/index.php b/admin/index.php
new file mode 100644
index 00000000..ac1d2100
--- /dev/null
+++ b/admin/index.php
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+	<title>Console - Blessing Skin Server 0.1</title>
+</head>
+
+<body>
+	<h2>Console</h2>
+</body>
+</html>
diff --git a/admin/install.php b/admin/install.php
new file mode 100644
index 00000000..b1d5d794
--- /dev/null
+++ b/admin/install.php
@@ -0,0 +1,52 @@
+<?php
+if (!file_exists("./install.lock")) {
+	require "../config.php";
+	$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD);
+
+	echo "<h2>Blessing Skin Server Install</h2>";
+
+	if (!$con) {
+	    die ("Can not connect to mysql, check if database info correct in config.php. ".mysql_error());
+	} else {
+		echo "Succesfully connected to mysql server.<br /><br />";
+	}
+
+	if(!mysql_select_db(DB_NAME, $con)){
+		die("Can not select database, please check if database '".DB_NAME."' really exists.");
+	}
+
+	echo "Selected database: ".DB_NAME."<br /><br />";
+
+	echo "Start creating tables... <br /><br />";
+
+	$query = "CREATE TABLE IF NOT EXISTS `users` (
+			  `uid` int(11) NOT NULL AUTO_INCREMENT,
+			  `admin` tinyint(1) NOT NULL DEFAULT '0',
+			  `username` varchar(20) NOT NULL,
+			  `password` varchar(32) NOT NULL,
+			  `ip` varchar(32) NOT NULL,
+			  PRIMARY KEY (`uid`),
+			  UNIQUE KEY `uid` (`uid`)
+			) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=15;";
+
+	if(!mysql_query($query)) {
+		die("Creating tables failed. ".mysql_error());
+	}
+
+	/**
+	 * username: admin
+	 * password: 123456
+	 */
+	mysql_query("INSERT INTO `users` (`uid`, `admin`, `username`, `password`, `ip`) VALUES(1, 1, 'admin', 'e10adc3949ba59abbe56e057f20f883e', '')");
+
+	echo "Successfully installed. <a href='../index.php'>Index</a>";
+
+	$lock = fopen("./install.lock", w) or die("Unable to write 'install.lock'.");
+	fwrite($lock, time());
+	fclose($lock);
+
+} else {
+	echo "It seems that you have already installed. <a href='../index.php'>Index</a><br /><br />";
+	echo "May you should delete the file 'install.lock' in /admin to unlock installing.";
+}
+?>
diff --git a/assets/js/login_utils.js b/assets/js/login_utils.js
index 930b86bb..b73663b6 100755
--- a/assets/js/login_utils.js
+++ b/assets/js/login_utils.js
@@ -2,10 +2,10 @@
 $(document).ready(function(){
     if (docCookies.hasItem("uname") && docCookies.hasItem("token") && $("#login-reg").html() == 'Register') {
         checkToken(docCookies.getItem("token"),function(json) {
-            if (json.success == 1) { 
+            if (json.success == 1) {
     		    showMsg("alert-success", json.msg);
     		    window.location = "./user.php";
-    		} else { 
+    		} else {
     			showMsg("alert-danger", json.msg);
     		}
         });
@@ -37,10 +37,12 @@ function changeForm(code){
 		$("#confirm-passwd").show();
 		$(".login-group").html('<button id="register" type="button" class="btn btn-default">Register</button>');
 		window.history.pushState(null, null, "./index.php?action=register");
+		document.title = "Register - Blessing Skin Server 0.1";
 	} else {
 		$(".login-title").html('Login');
 		$("#confirm-passwd").hide();
 		$(".login-group").html('<div class="checkbox-wrapper"><input id="keep" type="checkbox" class="checkbox"><label for="keep" class="checkbox-label"></label><span>   Remember me</span></div><button id="login" type="button" class="btn btn-default">Log in</button>');
 		window.history.pushState(null, null, "./index.php?action=login");
+		document.title = "Login - Blessing Skin Server 0.1";
 	}
 }
diff --git a/check.php b/check.php
index dc1f7d74..cf3ee82c 100755
--- a/check.php
+++ b/check.php
@@ -1,23 +1,24 @@
 <?php
 header('Access-Control-Allow-Origin：*');
-session_start(); 
+session_start();
 $action = $_GET['action'];
 require "./connect.php";
+global $arr;
 
 if ($action == "login") {
     // SQL injection protection will be done in connect.php
-    $uname = $_POST['uname']; 
+    $uname = $_POST['uname'];
     $passwd = md5(stripslashes(trim($_POST['passwd']))); // Use md5 to encrypt password
     $arr = checkPasswd($uname, $passwd);
     //$arr['msg'] = $uname;
 } elseif ($action == "token") {
-    $uname = $_COOKIE['uname']; 
+    $uname = $_COOKIE['uname'];
     $token = $_POST['token'];
     $arr = checkToken($uname, $token);
 } elseif ($action == "register") {
-    $uname = $_POST['uname']; 
+    $uname = $_POST['uname'];
     $passwd = md5(stripslashes(trim($_POST['passwd'])));
-    
+
     if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
         $ip = $_SERVER['HTTP_CLIENT_IP'];
     } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
@@ -25,10 +26,10 @@ if ($action == "login") {
     } else {
         $ip = $_SERVER['REMOTE_ADDR'];
     }
-    
+
     $arr = register($uname, $passwd, $ip);
 }
 
 
 echo json_encode($arr);
-?>
\ No newline at end of file
+?>
diff --git a/config.php b/config.php
index 5cfbc6cf..6c2b83b7 100644
--- a/config.php
+++ b/config.php
@@ -1,16 +1,16 @@
 <?php
 /* Blessing Skin Server 数据库的名称 */
-define('DB_NAME', '');
+define('DB_NAME', 'skin');
 
 /* MySQL 数据库用户名 */
-define('DB_USER', '');
+define('DB_USER', 'root');
 
 /* MySQL 数据库密码 */
-define('DB_PASSWD', '');
+define('DB_PASSWD', 'root');
 
 /* MySQL 主机 */
 define('DB_HOST', 'localhost');
 
 /* 盐，用于 token 验证，自行修改 */
 define('SALT', '9tvsh55d*s');
-?>
\ No newline at end of file
+?>
diff --git a/connect.php b/connect.php
index ad15df38..64545ce9 100644
--- a/connect.php
+++ b/connect.php
@@ -3,29 +3,29 @@ require "./config.php";
 $con = mysql_connect(DB_HOST, DB_USER, DB_PASSWD);
 
 if (!$con) {
-    die ("Can not connect to mysql, check if database info correct.".mysql_error());
+    die ("Can not connect to mysql, check if database info correct in config.php. ".mysql_error());
 }
 mysql_select_db(DB_NAME, $con);
 
 function getToken($uname) {
     global $con;
     // Simple SQL injection protection
-    $uname = strtolower(stripslashes(trim($_POST['uname']))); 
+    $uname = strtolower(stripslashes(trim($_POST['uname'])));
     $uname = mysql_real_escape_string($uname);
-    $query = mysql_query("SELECT * FROM users where username='$uname'", $con); 
+    $query = mysql_query("SELECT * FROM users where username='$uname'", $con);
     $row = mysql_fetch_array($query);
     return md5($row['uname'].$row['passwd'].SALT);
     mysql_close($con);
 }
 
 function checkToken($uname, $token) {
-    $uname = strtolower(stripslashes(trim($_POST['uname']))); 
+    $uname = strtolower(stripslashes(trim($_POST['uname'])));
     $uname = mysql_real_escape_string($uname);
     if ($token != getToken($uname)){
         $arr['success'] = 0;
         $arr['msg'] = "Invalid Token: ".$token;
     } else {
-        $arr['success'] = 1; 
+        $arr['success'] = 1;
         $arr['msg'] = 'Valid Token.';
     }
     return $arr;
@@ -33,21 +33,21 @@ function checkToken($uname, $token) {
 
 function checkPasswd($uname, $rawPasswd) {
     global $con;
-    $uname = strtolower(stripslashes(trim($_POST['uname']))); 
+    $uname = strtolower(stripslashes(trim($_POST['uname'])));
     $uname = mysql_escape_string($uname);
-    $query = mysql_query("SELECT * FROM users where username='$uname'", $con); 
+    $query = mysql_query("SELECT * FROM users where username='$uname'", $con);
     $row = mysql_fetch_array($query);
-    
+
     if (!$row['password']) {
-        $arr['success'] = 0; 
+        $arr['success'] = 0;
         $arr['msg'] = "Non-existent user.";
     } else {
         if ($row['password'] == $rawPasswd) {
-            $arr['success'] = 1; 
-            $arr['msg'] = 'Logging in succeed!'; 
+            $arr['success'] = 1;
+            $arr['msg'] = 'Logging in succeed!';
             $arr['token'] = getToken();
         } else {
-            $arr['success'] = 0; 
+            $arr['success'] = 0;
             $arr['msg'] = "Incorrect usename or password.";
         }
     }
@@ -57,26 +57,26 @@ function checkPasswd($uname, $rawPasswd) {
 
 function register($uname, $passwd, $ip) {
     global $con;
-    $uname = strtolower(stripslashes(trim($_POST['uname']))); 
+    $uname = strtolower(stripslashes(trim($_POST['uname'])));
     $uname = mysql_real_escape_string($uname);
-    $query = mysql_query("SELECT * FROM users where username='$uname'", $con); 
+    $query = mysql_query("SELECT * FROM users where username='$uname'", $con);
     $row = mysql_fetch_array($query);
-    
+
     if (!$row['password']) {
-        
+
         $ipQuery = mysql_query("SELECT * FROM users where ip='$ip'", $con);
         $ipRow = mysql_fetch_array($ipQuery);
-        
+
         if(!$ipRow['username']) {
             mysql_query("INSERT INTO users (username, password, ip) VALUES ('$uname', '$passwd', '$ip')", $con);
-            $arr['success'] = 1; 
+            $arr['success'] = 1;
             $arr['msg'] = "Registered successfully.";
         } else {
-            $arr['success'] = 0; 
+            $arr['success'] = 0;
             $arr['msg'] = "It seems that you have already register a account with this IP address.";
         }
     } else {
-        $arr['success'] = 0; 
+        $arr['success'] = 0;
         $arr['msg'] = "User already existed.";
     }
     return $arr;
diff --git a/index.php b/index.php
index a6b81230..b3e59e87 100755
--- a/index.php
+++ b/index.php
@@ -1,7 +1,10 @@
+<?php
+	require "./connect.php";
+?>
 <!DOCTYPE HTML>
 <html>
 <head>
-	<title>Blessing Skin Server 0.1</title>
+	<title>Index - Blessing Skin Server 0.1</title>
 	<link rel="stylesheet" href="./libs/bootstrap/bootstrap.min.css">
 	<link rel="stylesheet" href="./assets/css/style.css">
 </head>
@@ -67,7 +70,7 @@
 <script type="text/javascript" src="./libs/jquery/jquery-1.9.1.min.js"></script>
 <script type="text/javascript" src="./libs/cookie.js"></script>
 <script type="text/javascript" src="./assets/js/login_utils.js"></script>
-<?php 
+<?php
 if ($_GET["action"] == "register") {
     echo "<script>changeForm(1);</script>";
 }
@@ -75,4 +78,4 @@ if ($_GET["msg"]) {
     echo "<script>showMsg('alert-warning','".$_GET['msg']."');</script>";
 }?>
 <script type="text/javascript" src="./assets/js/ajax.js"></script>
-</html>
\ No newline at end of file
+</html>
diff --git a/sql/users.sql b/sql/users.sql
deleted file mode 100644
index 699e93b2..00000000
--- a/sql/users.sql
+++ /dev/null
@@ -1,43 +0,0 @@
--- phpMyAdmin SQL Dump
---
--- 主机: localhost
--- 生成日期: 2016-01-03 14:15:15
-
-SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
-SET time_zone = "+00:00";
-
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8 */;
-
---
--- 数据库: `skin`
---
-
--- --------------------------------------------------------
-
---
--- 表的结构 `users`
---
-
-CREATE TABLE IF NOT EXISTS `users` (
-  `uid` int(11) NOT NULL AUTO_INCREMENT,
-  `username` varchar(20) NOT NULL,
-  `password` varchar(32) NOT NULL,
-  `ip` varchar(32) NOT NULL,
-  PRIMARY KEY (`uid`),
-  UNIQUE KEY `uid` (`uid`)
-) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=15 ;
-
---
--- 转存表中的数据 `users`
---
-
-INSERT INTO `users` (`uid`, `username`, `password`, `ip`) VALUES
-(1, 'admin', 'd29920ef0f3867b6b8fde12b9f2051db', '');
-
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
diff --git a/user.php b/user.php
index a56e9058..e202be5a 100755
--- a/user.php
+++ b/user.php
@@ -1,11 +1,11 @@
-<?php 
+<?php
 if (!$_COOKIE["token"] && !$_COOKIE["uname"]) {
     echo "<script>window.location = './index.php?msg=Illegal access. Please login.';</script>";
 }?>
 <!DOCTYPE HTML>
 <html>
 <head>
-	<title>Blessing Skin Server 0.1</title>
+	<title>Upload - Blessing Skin Server 0.1</title>
 	<link rel="stylesheet" href="./libs/bootstrap/bootstrap.min.css">
 	<link rel="stylesheet" href="./assets/css/style.css">
 </head>
@@ -70,4 +70,4 @@ if (file_exists($capeFile)) {
 }
 echo "<script>MSP.changeCape(dcape);</script>";
 ?>
-</html>
\ No newline at end of file
+</html>