diff --git a/code/web/private_php/ams/autoload/dblayer.php b/code/web/private_php/ams/autoload/dblayer.php
index 1f361008b..da3a757a6 100644
--- a/code/web/private_php/ams/autoload/dblayer.php
+++ b/code/web/private_php/ams/autoload/dblayer.php
@@ -48,8 +48,11 @@ class DBLayer {
 	* @param $db String, the name of the databases entry in the $cfg global var.
 	* @param $dbn String, the name of the databases entry in the $cfg global var if $db referenced to an action(install etc).
 	*/
-	function __construct($db, $dbn = null)
-	{
+	function __construct($db, $dbn = null) {
+		if ($db == "ring" && $dbn == null) {
+			throw new Exception("Domain database access from AMS must have database name specified");
+		}
+
 		global $cfg;
 		// $this->host = $cfg['db'][$db]['host'];
 		// $this->dbname = $cfg['db'][$db]['name'];
diff --git a/code/web/private_php/setup/config/config.php b/code/web/private_php/setup/config/config.php
index 4e2262f41..699b76979 100644
--- a/code/web/private_php/setup/config/config.php
+++ b/code/web/private_php/setup/config/config.php
@@ -4,6 +4,10 @@
 * @author Daan Janssens, mentored by Matthew Lagoe
 */
 
+// WARNING: Do not modify this manually on your web server, it will be
+// overwritten by the upgrade process. Instead, add overrides to the
+// config_user.php file.
+
 // Variables for database access to the www/CMS database (only if support role)
 $cfg['db']['web']['host']    = '%amsSqlHostname%';
 $cfg['db']['web']['port']    = '3306';
@@ -19,25 +23,25 @@ $cfg['db']['lib']['user']    = '%amsSqlUsername%';
 $cfg['db']['lib']['pass']    = '%amsSqlPassword%';
 
 // Variables for database access to the shard database
-$cfg['db']['shard']['host']    = '%nelSqlHostname%';
-$cfg['db']['shard']['port']    = '3306';
-$cfg['db']['shard']['name']    = '%nelDatabase%';
-$cfg['db']['shard']['user']    = '%nelSqlUsername%';
-$cfg['db']['shard']['pass']    = '%nelSqlPassword%';
+$cfg['db']['shard']['host']  = '%nelSqlHostname%';
+$cfg['db']['shard']['port']  = '3306';
+$cfg['db']['shard']['name']  = '%nelDatabase%';
+$cfg['db']['shard']['user']  = '%nelSqlUsername%';
+$cfg['db']['shard']['pass']  = '%nelSqlPassword%';
 
 // Variables for database access to the ring_open database (only if domain role)
-// $cfg['db']['ring']['host']    = '%nelSqlHostname%';
-// $cfg['db']['ring']['port']    = '3306';
-// $cfg['db']['ring']['name']    = '%domainDatabase%';
-// $cfg['db']['ring']['user']    = '%nelSqlUsername%';
-// $cfg['db']['ring']['pass']    = '%nelSqlPassword%';
+$cfg['db']['ring']['host']   = '%nelSqlHostname%';
+$cfg['db']['ring']['port']   = '3306';
+$cfg['db']['ring']['name']   = '%domainDatabase%';
+$cfg['db']['ring']['user']   = '%nelSqlUsername%';
+$cfg['db']['ring']['pass']   = '%nelSqlPassword%';
 
 // Variables for database access to the nel_tool database (only if service role)
-$cfg['db']['tool']['host']    = '%nelSqlHostname%';
-$cfg['db']['tool']['port']    = '3306';
-$cfg['db']['tool']['name']    = '%toolDatabase%';
-$cfg['db']['tool']['user']    = '%nelSqlUsername%';
-$cfg['db']['tool']['pass']    = '%nelSqlPassword%';
+$cfg['db']['tool']['host']   = '%nelSqlHostname%';
+$cfg['db']['tool']['port']   = '3306';
+$cfg['db']['tool']['name']   = '%toolDatabase%';
+$cfg['db']['tool']['user']   = '%nelSqlUsername%';
+$cfg['db']['tool']['pass']   = '%nelSqlPassword%';
 
 // To connect to an IMAP server running on port 143 on the local machine,
 // do the following: $mbox = imap_open("{localhost:143}INBOX", "user_id", "password");
@@ -50,21 +54,21 @@ $cfg['db']['tool']['pass']    = '%nelSqlPassword%';
 // To connect to a remote server replace "localhost" with the name or the IP address of the server you want to connect to.
 //$cfg['mail']['server'] = '{localhost:110/pop3/novalidate-cert}INBOX';
 
-//imap connection string as explained above
+// IMAP connection string as explained above
 $cfg['mail']['default_mailserver']= '{imap.gmail.com:993/imap/ssl}INBOX';
-//groupemail is the email that sends the email
-$cfg['mail']['default_groupemail'] = 'example@gmail.com';
-//groupname will be the name displayed as sender
+// The email address that sends the email
+$cfg['mail']['default_groupemail'] = 'support@ryzomcore.org';
+// Name displayed as sender
 $cfg['mail']['default_groupname'] = 'Ryzom Core Support';
-//the username of the account
-$cfg['mail']['default_username'] = 'example@gmail.com';
-//the matching password
+// Username of the account
+$cfg['mail']['default_username'] = 'support@ryzomcore.org';
+// Password of the account
 $cfg['mail']['default_password'] = 'passw0rd';
-//the host, being used when a mail is sent from a support group: support_groups_name@host
-$cfg['mail']['host'] = "ryzomcore.com";
+// The host, being used when a mail is sent from a support group: support_groups_name@host
+$cfg['mail']['host'] = "ryzomcore.org";
 
 //Defines mailing related stuff
-$SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty";
+$SUPPORT_GROUP_IMAP_CRYPTKEY = '%cryptKeyIMAP%';
 $TICKET_MAILING_SUPPORT = false;
 
 //You have to create this dir at first!
@@ -76,16 +80,16 @@ $MAIL_LOG_PATH = "/home/username/mail/cron_mail.log";
 $TOS_URL ="http://www.gnu.org/licenses/agpl-3.0.html";
 
 //crypt is being used by encrypting & decrypting of the IMAP password of the supportgroups
-$cfg['crypt']['key'] = 'Sup3rS3cr3tStuff';
+$cfg['crypt']['key'] = '%cryptKey%';
 $cfg['crypt']['enc_method'] = 'AES-256-CBC';
 $cfg['crypt']['hash_method'] = "SHA512";
 
 //-----------------------------------------------------------------------------------------
-// If true= the server will add automatically unknown user in the database
-// (in nel.user= nel.permission= ring.ring_user and ring.characters
-$ALLOW_UNKNOWN = true ;
-// if true= the login service automaticaly create a ring user and a editor character if needed
-$CREATE_RING = true ;
+// If true, the server will add automatically unknown user in the database
+// (in nel.user, nel.permission, ring.ring_user and ring.characters
+$ALLOW_UNKNOWN = false;
+// If true, the login service automaticaly create a ring user and a editor character if needed
+$CREATE_RING = true;
 
 // PHP server paths
 $PUBLIC_PHP_PATH = "%publicPhpDirectory%";
@@ -100,29 +104,29 @@ $AMS_TMPDIR = $AMS_LIB . '/tmp';
 // Here your inc and func resides
 $SITEBASE = $PUBLIC_PHP_PATH  . '/ams/' ;
 
-//the paths to your website url
+// The paths to your website url
 $BASE_WEBPATH = '/ams/';
 $IMAGELOC_WEBPATH = $BASE_WEBPATH . 'img';
 $WEBPATH = $BASE_WEBPATH . 'index.php';
 $INGAME_WEBPATH = $BASE_WEBPATH . 'index.php';
 $CONFIG_PATH = $PUBLIC_PHP_PATH;
 
-//defines the default language
+// Defines the default language
 $DEFAULT_LANGUAGE = 'en';
 
-//defines if logging actions should happen or not.
+// Defines if logging actions should happen or not.
 $TICKET_LOGGING = true;
 
-//defines the time format display
+// Defines the time format display
 $TIME_FORMAT = "m-d-Y H:i:s";
 
-//defines which ingame layout template should be used
+// Defines which ingame layout template should be used
 $INGAME_LAYOUT = "basic";
 
-//forces to load the ingame templates if set to true
+// Forces to load the ingame templates if set to true
 $FORCE_INGAME = false;
 
-//file storage path (must be a publicly accessible url for 
+// File storage path (must be a publicly accessible url)
 $FILE_STORAGE_PATH = $PUBLIC_PHP_PATH . '/ams/files/';
 $FILE_WEB_PATH = $BASE_WEBPATH . 'files/';
 
@@ -131,3 +135,14 @@ $NEL_SETUP_PASSWORD = '%nelSetupPassword%';
 
 // Name of current domain (only if domain role)
 $NEL_DOMAIN_NAME = '%nelDomainName%';
+
+// Currently configured setup version
+$NEL_SETUP_VERSION_CONFIGURED = %nelSetupVersion%;
+
+// Get installed version
+require_once('setup/version.php');
+
+// Override user parameters
+require_once('config_user.php');
+
+/* end of file */
diff --git a/code/web/private_php/setup/config/config_user.php b/code/web/private_php/setup/config/config_user.php
new file mode 100644
index 000000000..916adc7c3
--- /dev/null
+++ b/code/web/private_php/setup/config/config_user.php
@@ -0,0 +1,18 @@
+<?php
+
+// Add overrides for config.php into this file
+
+// IMAP connection string as explained above
+//$cfg['mail']['default_mailserver']= '{imap.gmail.com:993/imap/ssl}INBOX';
+// The email address that sends the email
+//$cfg['mail']['default_groupemail'] = 'support@ryzomcore.org';
+// Name displayed as sender
+//$cfg['mail']['default_groupname'] = 'Ryzom Core Support';
+// Username of the account
+//$cfg['mail']['default_username'] = 'support@ryzomcore.org';
+// Password of the account
+//$cfg['mail']['default_password'] = 'passw0rd';
+// The host, being used when a mail is sent from a support group: support_groups_name@host
+//$cfg['mail']['host'] = "ryzomcore.org";
+
+/* end of file */
diff --git a/code/web/public_php/login/config.php b/code/web/public_php/login/config.php
new file mode 100644
index 000000000..805252b62
--- /dev/null
+++ b/code/web/public_php/login/config.php
@@ -0,0 +1,32 @@
+<?php
+
+// This file contains all variables needed by other php scripts
+
+require_once('../config.php');
+
+$LogRelativePath = 'logs/';
+
+// ----------------------------------------------------------------------------------------
+// Variables for nel database access
+// ----------------------------------------------------------------------------------------
+
+if ($cfg['db']['shard']['host'] !=  $cfg['db']['ring']['host'])
+	throw new Exception("Invalid configuration");
+
+// where we can find the mysql database
+$DBHost         = $cfg['db']['shard']['host'];
+$DBUserName     = $cfg['db']['shard']['user'];
+$DBPassword     = $cfg['db']['shard']['pass'];
+$DBName         = $cfg['db']['shard']['name'];
+
+$RingDBUserName = $cfg['db']['ring']['user'];
+$RingDBPassword = $cfg['db']['ring']['pass'];
+$RingDBName     = $cfg['db']['ring']['name'];
+
+// If true, the server will add automatically unknown user in the database
+// (in nel.user, nel.permission, ring.ring_user and ring.characters
+$AcceptUnknownUser = $ALLOW_UNKNOWN;
+// If true, the login service automaticaly create a ring user and a editor character if needed
+$AutoCreateRingInfo = $CREATE_RING;
+
+?>
diff --git a/code/web/public_php/setup/install.php b/code/web/public_php/setup/install.php
index f8dfbdab2..57f7938bb 100644
--- a/code/web/public_php/setup/install.php
+++ b/code/web/public_php/setup/install.php
@@ -136,6 +136,11 @@ include('header.php');
 			$config = str_replace("%nelSetupPassword%", addslashes($_POST["nelSetupPassword"]), $config);
 			$config = str_replace("%domainDatabase%", addslashes($_POST["domainDatabase"]), $config);
 			$config = str_replace("%nelDomainName%", addslashes($_POST["nelDomainName"]), $config);
+			$cryptKeyLength = 16;
+			$cryptKey = str_replace("=", "", base64_encode(mcrypt_create_iv(ceil(0.75 * $cryptKeyLength), MCRYPT_DEV_URANDOM)));
+			$cryptKeyIMAP = str_replace("=", "", base64_encode(mcrypt_create_iv(ceil(0.75 * $cryptKeyLength), MCRYPT_DEV_URANDOM)));
+			$config = str_replace("%cryptKey%", addslashes($cryptKey), $config);
+			$config = str_replace("%cryptKeyIMAP%", addslashes($cryptKeyIMAP), $config);
 			if (file_put_contents("config.php", $config)) {
 				printalert("success", "Generated <em>config.php</em>");
 			} else {
@@ -145,6 +150,21 @@ include('header.php');
 		}
 	}
 
+	if ($continue) {
+		$configUser = file_get_contents($_POST["privatePhpDirectory"] . "/setup/config/config_user.php");
+		if (!$config) {
+			printalert("danger", "Cannot read <em>config_user.php</em>");
+			$continue = false;
+		} else {
+			if (file_put_contents("config_user.php", $config)) {
+				printalert("success", "Copied <em>config_user.php</em>");
+			} else {
+				printalert("danger", "Cannot write to <em>config.php</em>");
+				$continue = false;
+			}
+		}
+	}
+
 	// Load config
 	if ($continue) {
 		try {
diff --git a/code/web/public_php/setup/upgrade.php b/code/web/public_php/setup/upgrade.php
index f8cebb9e2..9e5cf33a5 100644
--- a/code/web/public_php/setup/upgrade.php
+++ b/code/web/public_php/setup/upgrade.php
@@ -10,6 +10,10 @@ $pageTitle = "Upgrade";
 include('header.php');
 
 require_once('config.php');
+require_once('setup/version.php');
+if (!isset($NEL_SETUP_VERSION_CONFIGURED)) {
+	$NEL_SETUP_VERSION_CONFIGURED = 1;
+}
 
 ?>
 
@@ -19,6 +23,24 @@ require_once('config.php');
 
 <?php
 
+	// NOTE: If a config upgrade requires new information, modify the
+	// upgrade confirmation form at the bottom of this script.
+
+	require_once('database.php');
+
+	if (file_exists("role_support")) {
+		$continue = upgrade_support_databases($continue);
+	}
+
+	if (file_exists("role_service")) {
+		$continue = upgrade_service_databases($continue);
+	}
+
+	if (file_exists("role_domain")) {
+		$continue = upgrade_domain_databases($continue);
+	}
+
+	// Rewrite config.php
 	if ($continue) {
 		$config = file_get_contents($PRIVATE_PHP_PATH . "/setup/config/config.php");
 		if (!$config) {
@@ -39,8 +61,15 @@ require_once('config.php');
 			$config = str_replace("%amsDatabase%", addslashes($cfg['db']['web']['name']), $config);
 			$config = str_replace("%amsLibDatabase%", addslashes($cfg['db']['lib']['name']), $config);
 			$config = str_replace("%nelSetupPassword%", addslashes($NEL_SETUP_PASSWORD), $config);
-			// $config = str_replace("%domainDatabase%", addslashes($_POST["domainDatabase"]), $config); // TODO
 			$config = str_replace("%nelDomainName%", addslashes($NEL_DOMAIN_NAME), $config);
+			$config = str_replace("%nelSetupVersion%", addslashes($NEL_SETUP_VERSION), $config);
+			$config = str_replace("%cryptKey%", addslashes($cfg['crypt']['key']), $config);
+			$config = str_replace("%cryptKeyIMAP%", addslashes($SUPPORT_GROUP_IMAP_CRYPTKEY), $config);
+			if ($NEL_SETUP_VERSION_CONFIGURED < 2) {
+				$config = str_replace("%domainDatabase%", "mini01", $config);
+			} else {
+				$config = str_replace("%domainDatabase%", addslashes($cfg['db']['ring']['name']), $config);
+			}
 			if (file_put_contents("config.php", $config)) {
 				printalert("success", "Generated <em>config.php</em>");
 			} else {
@@ -50,18 +79,24 @@ require_once('config.php');
 		}
 	}
 
-	require_once('database.php');
-
-	if (file_exists("role_support")) {
-		$continue = upgrade_support_databases($continue);
+	// Create config_user.php if it doesn't exist yet
+	if ($continue && !file_exists("config_user.php")) {
+		$configUser = file_get_contents($_POST["privatePhpDirectory"] . "/setup/config/config_user.php");
+		if (!$config) {
+			printalert("danger", "Cannot read <em>config_user.php</em>");
+			$continue = false;
+		} else {
+			if (file_put_contents("config_user.php", $config)) {
+				printalert("success", "Copied <em>config_user.php</em>");
+			} else {
+				printalert("danger", "Cannot write to <em>config.php</em>");
+				$continue = false;
+			}
+		}
 	}
 
-	if (file_exists("role_service")) {
-		$continue = upgrade_service_databases($continue);
-	}
-
-	if (file_exists("role_domain")) {
-		$continue = upgrade_domain_databases($continue);
+	if ($continue) {
+		printalert("success", "Upgrade complete");
 	}
 
 ?>
@@ -70,7 +105,7 @@ require_once('config.php');
 					<a class="btn btn-primary" href="index.php">Continue</a>
 				</p>
 
-<?php } else { ?>
+<?php } else { // NOTE: This is where you may also ask for new configuration fields ?>
 
 				<div class="panel panel-danger">
 					<div class="panel-heading"><span class="glyphicon glyphicon-hdd"></span> Backup</div>
diff --git a/code/web/public_php/setup/version.php b/code/web/public_php/setup/version.php
new file mode 100644
index 000000000..67ccd7243
--- /dev/null
+++ b/code/web/public_php/setup/version.php
@@ -0,0 +1,6 @@
+<?php
+
+// Increment whenever a web upgrade is required.
+$NEL_SETUP_VERSION = 2;
+
+/* end of file */
diff --git a/code/web/todo_cfg/login/config.php b/code/web/todo_cfg/login/config.php
deleted file mode 100644
index 11deb410b..000000000
--- a/code/web/todo_cfg/login/config.php
+++ /dev/null
@@ -1,27 +0,0 @@
-<?php
-
-// This file contains all variables needed by other php scripts
-
-$LogRelativePath = 'logs/';
-
-// ----------------------------------------------------------------------------------------
-// Variables for nel database access
-// ----------------------------------------------------------------------------------------
-
-// where we can find the mysql database
-$DBHost         = "localhost";
-$DBUserName     = "shard";
-$DBPassword     = "";
-$DBName         = "nel";
-
-$RingDBUserName = "shard";
-$RingDBName = "ring_open";
-$RingDBPassword = "";
-
-// If true, the server will add automatically unknown user in the database
-// (in nel.user, nel.permission, ring.ring_user and ring.characters
-$AcceptUnknownUser = false;
-// if true, the login service automaticaly create a ring user and a editor character if needed
-$AutoCreateRingInfo = true;
-
-?>