No problem Piotrek!
The code you wrote in the first PHP code block wouldn't be hacked by script.php?authorised=1 since I wrote that example for the registered_globals set to off so no outside influence on variables is allowed.
And yes, you could hack the script with admin.php?login=true, but that wasn't the point. I was just giving an example of some kind of access to the admin part.

Don't know about I guide for .htaccess files. I've never found one comprehensive enough. They usually tend give examples for only one group of settings. But when I get some free time, I'll create one.