classes/donationsview.class.php

     public static function render_mod_donations($UserID)
     {
         ?>
-<table class="layout box" id="donation_box">
+<table class="box skeleton-fix" id="donation_box">
   <tr class="colhead">
     <td colspan="2">
       Donor System (add points)
   </tr>
 </table>
 
-<table class="layout box" id="donor_points_box">
+<table class="box skeleton-fix" id="donor_points_box">
   <tr class="colhead">
     <td colspan="3" class="tooltip"
       title='Use this tool only when manually correcting values. If crediting donations normally, use the "Donor System (add points)" tool'>

classes/mysql.class.php

 
 * Making a query
 
-$DB->query("
+$DB->prepared_query("
   SELECT *
   FROM table...");
 
   This class can only hold one result set at a time. Using set_query_id allows
   you to set the result set that the class is using to the result set in
   $ResultSet. This result set should have been obtained earlier by using
-  $DB->query().
+  $DB->prepared_query().
 
   Example:
 
-  $FoodRS = $DB->query("
+  $FoodRS = $DB->prepared_query("
       SELECT *
       FROM food");
-  $DB->query("
+  $DB->prepared_query("
     SELECT *
     FROM drink");
   $Drinks = $DB->next_record();

classes/permissions_form.php

     </div>
     
     <div class="submit_container">
-      <input type="submit" name="submit" value="Save Permission Class" />
+      <input type="submit" name="submit" class ="button-primary" value="Save Permission Class" />
     </div>
 HTML;
 }

classes/script_start.php

 
     $UserSessions = $Cache->get_value("users_sessions_$UserID");
     if (!is_array($UserSessions)) {
-        $DB->query(
+        $DB->prepared_query(
             "
         SELECT
           SessionID,
     // Check if user is enabled
     $Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);
     if ($Enabled === false) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT Enabled
           FROM users_main
           WHERE ID = '$LoggedUser[ID]'");
     // Up/Down stats
     $UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);
     if (!is_array($UserStats)) {
-        $DB->query("
+        $DB->prepared_query("
         SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio
         FROM users_main
           WHERE ID = '$LoggedUser[ID]'");
 
     // Update LastUpdate every 10 minutes
     if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {
-        $DB->query("
+        $DB->prepared_query("
         UPDATE users_main
         SET LastAccess = NOW()
         WHERE ID = '$LoggedUser[ID]'
         WHERE UserID = '$LoggedUser[ID]'
         AND SessionID = '".db_string($SessionID)."'";
 
-        $DB->query($SessionQuery);
+        $DB->prepared_query($SessionQuery);
         $Cache->begin_transaction("users_sessions_$UserID");
         $Cache->delete_row($SessionID);
 
     if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {
         $LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);
         if (!is_array($LoggedUser['Notify'])) {
-            $DB->query("
+            $DB->prepared_query("
             SELECT ID, Label
             FROM users_notify_filters
               WHERE UserID = '$LoggedUser[ID]'");
     // Get stylesheets
     $Stylesheets = $Cache->get_value('stylesheets');
     if (!is_array($Stylesheets)) {
-        $DB->query('
+        $DB->prepared_query('
         SELECT
           ID,
           LOWER(REPLACE(Name, " ", "_")) AS Name,
     setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);
 
     if ($SessionID) {
-        G::$DB->query("
+        G::$DB->prepared_query("
         DELETE FROM users_sessions
           WHERE UserID = '" . G::$LoggedUser['ID'] . "'
           AND SessionID = '".db_string($SessionID)."'");
 {
     $UserID = G::$LoggedUser['ID'];
 
-    G::$DB->query("
+    G::$DB->prepared_query("
     DELETE FROM users_sessions
       WHERE UserID = '$UserID'");
 

classes/torrent_form.class.php

 
         # Start printing the form
         echo '<h2 class="header">Torrent Form</h2>';
-        echo '<table class="torrent_form">';
+        echo '<table class="torrent_form skeleton-fix">';
 
         
         /**

gazelle.sql

 ) ENGINE=InnoDB CHARSET=utf8mb4;
 
 
-CREATE TABLE `label_aliases` (
-  `ID` int NOT NULL AUTO_INCREMENT,
-  `BadLabel` varchar(100) NOT NULL, -- todo: 100 vs. 255?
-  `AliasLabel` varchar(100) NOT NULL, -- todo
-  PRIMARY KEY (`ID`),
-  KEY `BadLabel` (`BadLabel`),
-  KEY `AliasLabel` (`AliasLabel`)
-) ENGINE=InnoDB CHARSET=utf8mb4;
-
-
 -- 2020-03-09
 CREATE TABLE `last_sent_email` (
   `UserID` int NOT NULL,
 
 
 INSERT INTO `stylesheets` (`ID`, `Name`, `Description`, `Default`, `Additions`, `Color`) VALUES
-  (1, 'matcha', 'BioTorrents.de Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue', '#000000'),
-  (2, 'bookish', 'Template Stylesheet', '1', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue', '#000000'),
+  (1, 'bookish', 'BioTorrents.de Stylesheet', '1', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;checkbox=matcha', '#000000'),
+  (2, 'postmod', 'What.cd Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;', '#000000'),
   (3, 'oppai', 'Oppaitime Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue', '#fbc2e5'),
-  (4, 'beluga', 'Beluga Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;checkbox=pink;checkbox=haze', '#23252a'),
-  (5, 'genaviv', 'Genaviv Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;checkbox=fixed_header', '#0a0a0a'),
-  (6, 'postmod', 'What.cd Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;', '#000000');
+  (4, 'beluga', 'Beluga Stylesheet', '0', 'select=noto_sans;select=luxi_sans;select=cmodern_sans;select=noto_serif;select=luxi_serif;select=cmodern_serif;select=opendyslexic;select=comic_neue;checkbox=pink;checkbox=haze', '#23252a');
 
 
 INSERT INTO `wiki_articles` (`ID`, `Revision`, `Title`, `Body`, `MinClassRead`, `MinClassEdit`, `Date`, `Author`) VALUES

sections/artist/notify.php

 if (!check_perms('site_torrents_notify')) {
     error(403);
 }
-$ArtistID = $_GET['artistid'];
-if (!is_number($ArtistID)) {
-    error(0);
-}
+
+$ArtistID = (int) $_GET['artistid'];
+Security::checkInt($ArtistID);
+
 /*
-$DB->query("
+$DB->prepared_query("
   SELECT GROUP_CONCAT(Name SEPARATOR '|')
   FROM artists_alias
   WHERE ArtistID = '$ArtistID'
   GROUP BY ArtistID");
 list($ArtistAliases) = $DB->next_record(MYSQLI_NUM, FALSE);
 */
-$DB->query("
+
+$DB->prepared_query("
   SELECT Name
   FROM artists_group
   WHERE ArtistID = '$ArtistID'");
 
 $Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID']);
 if (empty($Notify)) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT ID, Artists
     FROM users_notify_filters
     WHERE Label = 'Artist notifications'
     ORDER BY ID
     LIMIT 1");
 } else {
-    $DB->query("
+    $DB->prepared_query("
     SELECT ID, Artists
     FROM users_notify_filters
     WHERE ID = '$Notify[ID]'");
 }
+
 if (empty($Notify) && !$DB->has_results()) {
-    $DB->query("
+    $DB->prepared_query("
     INSERT INTO users_notify_filters
       (UserID, Label, Artists)
     VALUES
     list($ID, $ArtistNames) = $DB->next_record(MYSQLI_NUM, false);
     if (stripos($ArtistNames, "|$ArtistAliases|") === false) {
         $ArtistNames .= "$ArtistAliases|";
-        $DB->query("
+        $DB->prepared_query("
       UPDATE users_notify_filters
       SET Artists = '".db_string($ArtistNames)."'
       WHERE ID = '$ID'");

sections/artist/notifyremove.php

-<?
+<?php
+#declare(strict_types=1);
+
 authorize();
 if (!check_perms('site_torrents_notify')) {
-  error(403);
-}
-$ArtistID = $_GET['artistid'];
-if (!is_number($ArtistID)) {
-  error(0);
+    error(403);
 }
 
+$ArtistID = (int) $_GET['artistid'];
+Security::checkInt($ArtistID);
+
 if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
-  $DB->query("
+    $DB->prepared_query("
     SELECT ID, Artists
     FROM users_notify_filters
     WHERE Label = 'Artist notifications'
     ORDER BY ID
     LIMIT 1");
 } else {
-  $DB->query("
+    $DB->prepared_query("
     SELECT ID, Artists
     FROM users_notify_filters
     WHERE ID = '$Notify[ID]'");
 }
 list($ID, $Artists) = $DB->next_record(MYSQLI_NUM, false);
-$DB->query("
+
+$DB->prepared_query("
   SELECT Name
   FROM artists_alias
   WHERE ArtistID = '$ArtistID'
     AND Redirect = 0");
+
 while (list($Alias) = $DB->next_record(MYSQLI_NUM, false)) {
-  while (stripos($Artists, "|$Alias|") !== false) {
-    $Artists = str_ireplace("|$Alias|", '|', $Artists);
-  }
+    while (stripos($Artists, "|$Alias|") !== false) {
+        $Artists = str_ireplace("|$Alias|", '|', $Artists);
+    }
 }
+
 if ($Artists == '|') {
-  $DB->query("
+    $DB->prepared_query("
     DELETE FROM users_notify_filters
     WHERE ID = $ID");
 } else {
-  $DB->query("
+    $DB->prepared_query("
     UPDATE users_notify_filters
     SET Artists = '".db_string($Artists)."'
     WHERE ID = '$ID'");
 }
+
 $Cache->delete_value('notify_filters_'.$LoggedUser['ID']);
 $Cache->delete_value('notify_artists_'.$LoggedUser['ID']);
 header('Location: '.$_SERVER['HTTP_REFERER']);
-?>

sections/better/better.php

 </h3>
 
 <div class="box pad">
-  <table class="better_list">
+  <table class="skeleton-fix">
     <tr class="colhead">
       <td style="width: 150px;">Method</td>
       <td style="width: 400px;">Additional Information</td>

sections/better/covers.php

 $DB->exec_prepared_query();
 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 $Results = Torrents::get_groups(array_keys($Groups));
 

sections/better/folders.php

 #declare(strict_types=1);
 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
-    $DB->query("
+    $DB->prepared_query("
     DELETE FROM torrents_bad_folders
     WHERE TorrentID = ".$_GET['remove']);
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT GroupID
     FROM torrents
     WHERE ID = ".$_GET['remove']);
 }
 
 View::show_header('Torrents with bad folder names');
-$DB->query("
+$DB->prepared_query("
   SELECT tbf.TorrentID, t.GroupID
   FROM torrents_bad_folders AS tbf
     JOIN torrents AS t ON t.ID = tbf.TorrentID

sections/better/literature.php

 ");
 
 $Groups = $DB->to_array('id', MYSQLI_ASSOC);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 $Results = Torrents::get_groups(array_keys($Groups)); ?>
 

sections/better/single.php

 declare(strict_types = 1);
 
 if (($Results = $Cache->get_value('better_single_groupids')) === false) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       t.`ID` AS `TorrentID`,
       t.`GroupID` AS `GroupID`

sections/better/tags.php

 declare(strict_types=1);
 
 if (check_perms('admin_reports') && !empty($_GET['remove']) && is_number($_GET['remove'])) {
-    $DB->query("
+    $DB->prepared_query("
     DELETE FROM torrents_bad_tags
     WHERE TorrentID = ".$_GET['remove']);
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT GroupID
     FROM torrents
     WHERE ID = ".$_GET['remove']);
 
 View::show_header('Torrents with bad tags');
 
-$DB->query("
+$DB->prepared_query("
   SELECT tbt.TorrentID, t.GroupID
   FROM torrents_bad_tags AS tbt
     JOIN torrents AS t ON t.ID = tbt.TorrentID

sections/blog/index.php

         switch ($_REQUEST['action']) {
       case 'deadthread':
         if (is_number($_GET['id'])) {
-            $DB->query("
+            $DB->prepared_query("
             UPDATE blog
             SET ThreadID = NULL
             WHERE ID = ".$_GET['id']);
       case 'takeeditblog':
         authorize();
         if (is_number($_POST['blogid']) && is_number($_POST['thread'])) {
-            $DB->query("
+            $DB->prepared_query("
             UPDATE blog
             SET
               Title = '".db_string($_POST['title'])."',
       case 'editblog':
         if (is_number($_GET['id'])) {
             $BlogID = $_GET['id'];
-            $DB->query("
+            $DB->prepared_query("
             SELECT Title, Body, ThreadID
             FROM blog
             WHERE ID = $BlogID");
       case 'deleteblog':
         if (is_number($_GET['id'])) {
             authorize();
-            $DB->query("
+            $DB->prepared_query("
             DELETE FROM blog
             WHERE ID = '".db_string($_GET['id'])."'");
             $Cache->delete_value('blog');
         $Body = db_string($_POST['body']);
         $ThreadID = $_POST['thread'];
         if ($ThreadID && is_number($ThreadID)) {
-            $DB->query("
+            $DB->prepared_query("
             SELECT ForumID
             FROM forums_topics
             WHERE ID = $ThreadID");
             }
         }
 
-        $DB->query("
+        $DB->prepared_query("
           INSERT INTO blog
             (UserID, Title, Body, Time, ThreadID, Important)
           VALUES
             $Cache->delete_value('blog_latest_id');
         }
         if (isset($_POST['subscribe'])) {
-            $DB->query("
+            $DB->prepared_query("
             INSERT IGNORE INTO users_subscriptions
             VALUES ('$LoggedUser[ID]', $ThreadID)");
             $Cache->delete_value('subscriptions_user_'.$LoggedUser['ID']);
       <label for="subscribebox">Subscribe</label>
 
       <div class="center">
-        <input type="submit"
+        <input type="submit" class="button-primary"
           value="<?=!isset($_GET['action']) ? 'Create blog post' : 'Edit blog post'; ?>" />
       </div>
     </div>
 <div>
   <?php
 if (!$Blog = $Cache->get_value('blog')) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       b.ID,
       um.Username,
     $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
     $Cache->update_row(false, array('LastReadBlog' => $Blog[0][0]));
     $Cache->commit_transaction(0);
-    $DB->query("
+    $DB->prepared_query("
     UPDATE users_info
     SET LastReadBlog = '".$Blog[0][0]."'
     WHERE UserID = ".$LoggedUser['ID']);

sections/bookmarks/add.php

 }
 
 $PageID = $_GET['id'];
-$DB->query("
+$DB->prepared_query("
 SELECT
   `UserID`
 FROM
 
 if (!$DB->has_results()) {
     if ($Type === 'torrent') {
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           MAX(`Sort`)
         FROM
         }
 
         $Sort += 1;
-        $DB->query("
+        $DB->prepared_query("
         INSERT IGNORE
         INTO $Table(`UserID`, $Col, `Time`, `Sort`)
         VALUES(
         )
         ");
     } else {
-        $DB->query("
+        $DB->prepared_query("
         INSERT IGNORE
         INTO $Table(`UserID`, $Col, `Time`)
         VALUES(
     $Cache->delete_value('bookmarks_'.$Type.'_'.$LoggedUser['ID']);
     if ($Type === 'torrent') {
         $Cache->delete_value("bookmarks_group_ids_$UserID");
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           `title`,
           `year`,
             $Feed->populate('torrents_bookmarks_t_'.$LoggedUser['torrent_pass'], $Item);
         }
     } elseif ($Type === 'request') {
-        $DB->query("
+        $DB->prepared_query("
         SELECT
           `UserID`
         FROM

sections/bookmarks/artists.php

         error(404);
     }
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT Username
       FROM users_main
       WHERE ID = '$UserID'");
 $Sneaky = $UserID !== $LoggedUser['ID'];
 //$ArtistList = Bookmarks::all_bookmarks('artist', $UserID);
 
-$DB->query("
+$DB->prepared_query("
   SELECT ag.ArtistID, ag.Name
   FROM bookmarks_artists AS ba
     INNER JOIN artists_group AS ag ON ba.ArtistID = ag.ArtistID
         <?php
   if (check_perms('site_torrents_notify')) {
       if (($Notify = $Cache->get_value('notify_artists_'.$LoggedUser['ID'])) === false) {
-          $DB->query("
+          $DB->prepared_query("
             SELECT ID, Artists
             FROM users_notify_filters
             WHERE UserID = '$LoggedUser[ID]'

sections/collages/browse.php

         <input type="hidden" name="action" value="search" />
       </div>
 
-      <table cellpadding="6" cellspacing="1" border="0" class="layout torrent_search" width="100%">
+      <table cellpadding="6" cellspacing="1" border="0" class="skeleton-fix" width="100%">
         <tr id="search_terms">
           <td class="label"></td>
           <td>

sections/collages/recover.php

           <input type="text" name="collage_id" size="8" />
         </div>
         <div class="submit_div">
-          <input value="Recover!" type="submit" />
+          <input value="Recover" class="button-primary" type="submit" />
         </div>
       </form>
     </div>

sections/collages/torrent_collage.php

 
 // Build the data for the collage and the torrent list
 // todo: Cache this
-$DB->query("
+$DB->prepared_query("
 SELECT
   ct.`GroupID`,
   ct.`UserID`
 FROM `collages_torrents` AS ct
-  JOIN `torrents_group` AS tg ON tg.`ID` = ct.`GroupID`
+  JOIN `torrents_group` AS tg ON tg.`id` = ct.`GroupID`
 WHERE ct.`CollageID` = '$CollageID'
 ORDER BY ct.`Sort`
 ");

sections/forums/edit_rules.php

         </td>
 
         <td>
-          <input type="submit" name="add" value="Add thread" />
+          <input type="submit" name="add" class="button-primary" value="Add thread" />
         </td>
       </form>
 

sections/forums/forum.php

 
             <tr>
               <td colspan="2" style="text-align: center;">
-                <input type="submit" name="submit" value="Search" />
+                <input type="submit" name="submit" class="button-primary" value="Search" />
               </td>
             </tr>
           </table>
   </div>
 </div>
 
-<table class="forum_index alternate_rows" width="100%">
+<table class="forum_index skeleton-fix">
   <tr class="colhead">
     <td style="width: 2%;"></td>
     <td>Latest</td>

sections/forums/newthread.php

       <input type="hidden" name="auth"
         value="<?=$LoggedUser['AuthKey']?>" />
       <input type="hidden" name="forum" value="<?=$ForumID?>" />
-      <table id="newthreadtext" class="layout new_thread">
+      <table id="newthreadtext" class="new_thread skeleton-fix">
         <tr>
           <td class="label">Title</td>
           <td><input id="title" class="required" type="text" name="title" style="width: 98%;" /></td>

sections/forums/thread.php

         <br />
         <br />
         <?php } ?>
-        <input type="button"
+        <input type="button" class="button-primary"
           onclick="ajax.post('index.php','poll',function(response) { $('#poll_container').raw().innerHTML = response});"
           value="Vote" />
       </form>
   </div>
 </div>
 <?php
-} //End Polls
+} // End Polls
 
-//Sqeeze in stickypost
+// Sqeeze in stickypost
 if ($ThreadInfo['StickyPostID']) {
     if ($ThreadInfo['StickyPostID'] != $Thread[0]['ID']) {
         array_unshift($Thread, $ThreadInfo['StickyPost']);
     ));
       }
   }
+
 if (check_perms('site_moderate_forums')) {
     G::$DB->query("
       SELECT ID, AuthorID, AddedTime, Body
           $ID = 'topic_notes',
       ); ?>
         </div>
-        <input type="submit" value="Save" />
+        <input type="submit" class="button-primary" value="Save" />
       </td>
     </tr>
   </table>

sections/register/closed.php

 <?php
-View::show_header('Registration Closed');
-?>
-
-<div style="width: 250px;">
-  <p><strong>Sorry, the site is currently invite only.</strong></p>
-</div>
+declare(strict_types=1);
 
-<?php
+View::show_header('Registration Closed');
+echo '<p><strong>Sorry, the site is currently invite only.</strong></p>';
 View::show_footer();

sections/requests/request.php

     <div class="box">
       <div class="head"><strong>Info</strong></div>
       <div class="pad">
-        <table class="layout request_form">
+        <table class="request_form skeleton-fix">
           <tr>
             <td class="label">Created</td>
             <td>

sections/stats/torrents.php

 LIMIT 1, 12
 */
 if (!list($Labels, $InFlow, $OutFlow, $Max) = $Cache->get_value('torrents_timeline')) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       DATE_FORMAT(`Time`, '%b %Y') AS Month,
       COUNT(`ID`)
     ");
     $TimelineIn = array_reverse($DB->to_array());
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       DATE_FORMAT(`Time`, '%b %Y') AS Month,
       COUNT(`ID`)
 }
 
 if (!$CategoryDistribution = $Cache->get_value('category_distribution')) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT
       tg.`category_id`,
       COUNT(t.`ID`) AS Torrents

sections/stats/users.php

 
 
 if (!$ClassDistribution = $Cache->get_value('class_distribution')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT p.Name, COUNT(m.ID) AS Users
       FROM users_main AS m
         JOIN permissions AS p ON m.PermissionID = p.ID
 }
 
 if (!$PlatformDistribution = $Cache->get_value('platform_distribution')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT OperatingSystem, COUNT(DISTINCT UserID) AS Users
       FROM users_sessions
       GROUP BY OperatingSystem
 }
 
 if (!$BrowserDistribution = $Cache->get_value('browser_distribution')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT Browser, COUNT(DISTINCT UserID) AS Users
       FROM users_sessions
       GROUP BY Browser
 
 // Timeline generation
 if (!list($Labels, $InFlow, $OutFlow) = $Cache->get_value('users_timeline')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT DATE_FORMAT(JoinDate,\"%b %Y\") AS Month, COUNT(UserID)
       FROM users_info
       GROUP BY Month
       LIMIT 1, 11");
     $TimelineIn = array_reverse($DB->to_array());
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT DATE_FORMAT(BanDate,\"%b %Y\") AS Month, COUNT(UserID)
       FROM users_info
       WHERE BanDate > 0

sections/store/badge.php

 
 if (isset($_GET['confirm']) && $_GET['confirm'] === '1') {
     if (!isset($Err)) {
-        $DB->query("
+        $DB->prepared_query("
           SELECT BonusPoints
           FROM users_main
           WHERE ID = $UserID");
                 if (!Badges::award_badge($UserID, $BadgeID)) {
                     $Err = 'Could not award badge, unknown error occurred.';
                 } else {
-                    $DB->query("
+                    $DB->prepared_query("
                       UPDATE users_main
                       SET BonusPoints = BonusPoints - " . $Prices[$BadgeID] ."
                       WHERE ID = $UserID");
 
-                    $DB->query("
+                    $DB->prepared_query("
                       UPDATE users_info
                       SET AdminComment = CONCAT('".sqltime()." - Purchased badge $BadgeID from store\n\n', AdminComment)
                       WHERE UserID = $UserID");

sections/store/coinbadge.php

 #declare(strict_types=1);
 
 $UserID = $LoggedUser['ID'];
-$DB->query("
+$DB->prepared_query("
   SELECT First, Second
   FROM misc
   WHERE Name='CoinBadge'");
 if ($DB->has_results()) {
     list($Purchases, $Price) = $DB->next_record();
 } else {
-    $DB->query("
+    $DB->prepared_query("
     INSERT INTO misc
       (Name, First, Second)
     VALUES ('CoinBadge', 0, 1000)");
   if (isset($_GET['confirm'])
    && $_GET['confirm'] === 1
    && !Badges::has_badge($UserID, 255)) {
-      $DB->query("
+      $DB->prepared_query("
       SELECT BonusPoints
       FROM users_main
       WHERE ID = $UserID");
           if (!Badges::award_badge($UserID, 255)) {
               $Err = 'Could not award badge, unknown error occurred.';
           } else {
-              $DB->query("
+              $DB->prepared_query("
               UPDATE users_main
               SET BonusPoints = BonusPoints - $Price
               WHERE ID = $UserID");
 
-              $DB->query("
+              $DB->prepared_query("
               UPDATE users_info
               SET AdminComment = CONCAT('".sqltime()." - Purchased badge 255 from store\n\n', AdminComment)
               WHERE UserID = $UserID");
               $x = $Purchases;
               $Price = 1000+$x*(10000+1400*((sin($x/1.3)+cos($x/4.21))+(sin($x/2.6)+cos(2*$x/4.21))/2));
 
-              $DB->query("
+              $DB->prepared_query("
               UPDATE misc
               SET First  = $Purchases,
                 Second = $Price

sections/store/freeleechize.php

     $UserID = $LoggedUser['ID'];
 
     // Make sure torrent exists
-    $DB->query("
+    $DB->prepared_query("
       SELECT FreeTorrent, FreeLeechType
       FROM torrents
       WHERE ID = $TorrentID");
         error('Torrent does not exist');
     }
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT BonusPoints
       FROM users_main
       WHERE ID = $UserID");
         list($Points) = $DB->next_record();
 
         if ($Points >= $Cost) {
-            $DB->query("
+            $DB->prepared_query("
               SELECT TorrentID
               FROM shop_freeleeches
               WHERE TorrentID = $TorrentID");
 
             if ($DB->has_results()) {
-                $DB->query("
+                $DB->prepared_query("
                   UPDATE shop_freeleeches
                   SET ExpiryTime = ExpiryTime + INTERVAL 1 DAY
                   WHERE TorrentID = $TorrentID");
             } else {
-                $DB->query("
+                $DB->prepared_query("
                   INSERT INTO shop_freeleeches
                     (TorrentID, ExpiryTime)
                   VALUES($TorrentID, NOW() + INTERVAL 1 DAY)");
                 Torrents::freeleech_torrents($TorrentID, 1, 3);
             }
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET BonusPoints = BonusPoints - $Cost
               WHERE ID = $UserID");
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_info
               SET AdminComment = CONCAT('".sqltime()." - Made TorrentID $TorrentID freeleech for 24 more hours via the store\n\n', AdminComment)
               WHERE UserID = $UserID");

sections/store/freeleechpool.php

     }
 
     $UserID = $LoggedUser['ID'];
-    $DB->query("
+    $DB->prepared_query("
       SELECT BonusPoints
       FROM users_main
       WHERE ID = $UserID");
         if ($Points >= $Donation) {
             $PoolTipped = false;
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET BonusPoints = BonusPoints - $Donation
               WHERE ID = $UserID");
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE misc
               SET First = First + $Donation
               WHERE Name = 'FreeleechPool'");
             $Cache->delete_value('user_info_heavy_'.$UserID);
 
             // Check to see if we're now over the target pool size
-            $DB->query("
+            $DB->prepared_query("
               SELECT First, Second
               FROM misc
               WHERE Name = 'FreeleechPool'");
 
                     for ($i = 0; $i < $NumTorrents; $i++) {
                         $TorrentSize = intval($Pool * (($i===$NumTorrents-1)?1:(rand(10, 80)/100)) * 100000); # todo
-                        $DB->query("
+                        $DB->prepared_query("
                           SELECT ID, Size
                           FROM torrents
                           WHERE Size < $TorrentSize
                         if ($DB->has_results()) {
                             list($TorrentID, $Size) = $DB->next_record();
 
-                            $DB->query("
+                            $DB->prepared_query("
                               INSERT INTO shop_freeleeches
                                 (TorrentID, ExpiryTime)
                               VALUES($TorrentID, NOW() + INTERVAL 2 DAY)");
                     }
 
                     $Target = rand(10000, 100000);
-                    $DB->query("
+                    $DB->prepared_query("
                       UPDATE misc
                       SET First = 0,
                         Second = $Target
 <?php
 View::show_footer();
 } else {
-    $DB->query("
+    $DB->prepared_query("
       SELECT First
       FROM misc
       WHERE Name = 'FreeleechPool'");

sections/store/invite.php

 $Purchase = "1 invite";
 $UserID = $LoggedUser['ID'];
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             Invites = Invites + 1
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - Purchased an invite from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/points_1.php

 $GiB = 1024 * 1024 * 1024;
 $Cost = intval(0.15 * $GiB);
 
-$DB->query("
+$DB->prepared_query("
   SELECT Uploaded
   FROM users_main
   WHERE ID = $UserID");
     list($Upload) = $DB->next_record();
 
     if ($Upload >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints + 10,
             Uploaded = Uploaded - $Cost
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/points_10.php

 $GiB = 1024 * 1024 * 1024;
 $Cost = 1.5 * $GiB;
 
-$DB->query("
+$DB->prepared_query("
   SELECT Uploaded
   FROM users_main
   WHERE ID = $UserID");
     list($Upload) = $DB->next_record();
 
     if ($Upload >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints + 100,
             Uploaded = Uploaded - $Cost
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/points_100.php

 $GiB = 1024 * 1024 * 1024;
 $Cost = 15.0 * $GiB;
 
-$DB->query("
+$DB->prepared_query("
   SELECT Uploaded
   FROM users_main
   WHERE ID = $UserID");
     list($Upload) = $DB->next_record();
 
     if ($Upload >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints + 1000,
             Uploaded = Uploaded - $Cost
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/points_1000.php

 $GiB = 1024*1024*1024;
 $Cost = 150.0 * $GiB;
 
-$DB->query("
+$DB->prepared_query("
   SELECT Uploaded
   FROM users_main
   WHERE ID = $UserID");
     list($Upload) = $DB->next_record();
 
     if ($Upload >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints + 10000,
             Uploaded = Uploaded - $Cost
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/promotion.php

 );
 
 $To = -1;
-$DB->query("
+$DB->prepared_query("
   SELECT PermissionID, BonusPoints, Warned, Uploaded, Downloaded, (Uploaded / Downloaded) AS Ratio, Enabled, COUNT(torrents.ID) AS Uploads, COUNT(DISTINCT torrents.GroupID) AS Groups
   FROM users_main
     JOIN users_info ON users_main.ID = users_info.UserID
         $Err[] = "This account is disabled, how did you get here?";
     } else {
         if ($Classes[$To]['NonSmall'] > 0) {
-            $DB->query("
+            $DB->prepared_query("
               SELECT COUNT(torrents.ID)
               FROM torrents
               JOIN torrents_group ON torrents.GroupID = torrents_group.ID
         }
 
         if (!isset($Err)) {
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET
                 BonusPoints = BonusPoints - ".$Classes[$To]['Price'].",
                 PermissionID = $To
               WHERE ID = $UserID");
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_info
               SET AdminComment = CONCAT('".sqltime()." - Class changed to ".Users::make_class_string($To)." via store purchase\n\n', AdminComment)
               WHERE UserID = $UserID");

sections/store/store.php

 
 if (!$LoggedUser['DisablePoints']) {
     $PointsRate = 0;
-    $getTorrents = $DB->query("
+    $getTorrents = $DB->prepared_query("
       SELECT um.BonusPoints,
         COUNT(DISTINCT x.fid) AS Torrents,
         SUM(t.Size) AS Size,
       </tr>
 
       <?php
-$DB->query("
+$DB->prepared_query("
   SELECT ID AS BadgeID, Name, Description
   FROM badges
   WHERE ID IN (40, 41, 42, 43, 44, 45, 46, 47, 48)

sections/store/title.php

     $Title = htmlspecialchars($_POST['title'], ENT_QUOTES);
     $UserID = $LoggedUser['ID'];
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT BonusPoints
       FROM users_main
       WHERE ID = $UserID");
         list($Points) = $DB->next_record();
 
         if ($Points >= $Cost) {
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET BonusPoints = BonusPoints - $Cost,
                 Title = ?
               WHERE ID = ?", $Title, $UserID);
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_info
               SET AdminComment = CONCAT(NOW(), ' - Changed title to ', ?, ' via the store\n\n', AdminComment)
               WHERE UserID = ?", $Title, $UserID);

sections/store/token.php

 $Purchase = "1 freeleech token";
 $UserID = $LoggedUser['ID'];
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             FLTokens = FLTokens + 1
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - Purchased a freeleech token from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/upload_1.php

 $GiB = 1024*1024*1024;
 $Cost = 15;
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             Uploaded = Uploaded + ($GiB * 0.1)
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/upload_10.php

 $GiB = 1024*1024*1024;
 $Cost = 150;
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             Uploaded = Uploaded + ($GiB * 1)
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/upload_100.php

 $GiB = 1024*1024*1024;
 $Cost = 1500;
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             Uploaded = Uploaded + ($GiB * 10)
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/store/upload_1000.php

 $GiB = 1024*1024*1024;
 $Cost = 15000;
 
-$DB->query("
+$DB->prepared_query("
   SELECT BonusPoints
   FROM users_main
   WHERE ID = $UserID");
     list($Points) = $DB->next_record();
 
     if ($Points >= $Cost) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_main
           SET BonusPoints = BonusPoints - $Cost,
             Uploaded = Uploaded + ($GiB * 100)
           WHERE ID = $UserID");
 
-        $DB->query("
+        $DB->prepared_query("
           UPDATE users_info
           SET AdminComment = CONCAT('".sqltime()." - $Purchase from the store\n\n', AdminComment)
           WHERE UserID = $UserID");

sections/tools/data/database_specifics.php

 
 // View schemas
 if (!empty($_GET['table'])) {
-    $DB->query('SHOW TABLES');
+    $DB->prepared_query('SHOW TABLES');
     $Tables =$DB->collect('Tables_in_'.$ENV->getPriv('SQLDB'));
 
     if (!in_array($_GET['table'], $Tables)) {
         error(0);
     }
 
-    $DB->query('SHOW CREATE TABLE '.db_string($_GET['table']));
+    $DB->prepared_query('SHOW CREATE TABLE '.db_string($_GET['table']));
     list(, $Schema) = $DB->next_record(MYSQLI_NUM, false);
     header('Content-type: text/plain');
     error($Schema);
 
 // Cache the tables for 4 hours, makes sorting faster
 if (!$Tables = $Cache->get_value('database_table_stats')) {
-    $DB->query('SHOW TABLE STATUS');
+    $DB->prepared_query('SHOW TABLE STATUS');
     $Tables =$DB->to_array();
     $Cache->cache_value('database_table_stats', $Tables, 3600 * 4);
 }
           Size
       </td>
 
+      <!--
       <td>
         Tools
       </td>
+      -->
     </tr>
 
     <?php
         <?=Format::get_size($DataSize + $IndexSize)?>
       </td>
 
+      <!--
       <td>
-        <a href="tools.php?action=database_specifics&table=<?=display_str($Name)?>"
-          class="brackets">Schema</a>
+        <a href="tools.php?action=database_specifics&table=<?=null#display_str($Name)?>"
+      class="brackets">Schema</a>
       </td>
+      -->
     </tr>
     <?php
 }

sections/tools/data/economic_stats.php

 View::show_header('Economy');
 
 if (!$EconomicStats = $Cache->get_value('new_economic_stats')) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Uploaded), SUM(Downloaded), COUNT(ID)
       FROM users_main
       WHERE Enabled = '1'");
     list($TotalUpload, $TotalDownload, $NumUsers) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Bounty)
       FROM requests_votes");
     list($TotalBounty) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(rv.Bounty)
       FROM requests_votes AS rv
         JOIN requests AS r ON r.ID = rv.RequestID
       WHERE TorrentID > 0");
     list($AvailableBounty) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT SUM(Snatched), COUNT(ID)
       FROM torrents");
     list($TotalSnatches, $TotalTorrents) = $DB->next_record(); // This is the total number of snatches for torrents that still exist
 
-    $DB->query("
+    $DB->prepared_query("
       SELECT COUNT(uid)
       FROM xbt_snatched");
     list($TotalOverallSnatches) = $DB->next_record();
 
     if (($PeerStats = $Cache->get_value('stats_peers')) === false) {
-        $DB->query("
+        $DB->prepared_query("
           SELECT COUNT(fid)
           FROM xbt_files_users
           WHERE remaining = 0");
         list($TotalSeeders) = $DB->next_record();
 
-        $DB->query("
+        $DB->prepared_query("
           SELECT COUNT(fid)
           FROM xbt_files_users
           WHERE remaining > 0");
     }
 
     $TotalPeers = $TotalLeechers + $TotalSeeders;
-    $DB->query("
+    $DB->prepared_query("
       SELECT COUNT(ID)
       FROM users_main
       WHERE (

sections/tools/data/invite_pool.php

           <input type="email" name="search" size="60"
             value="<?=display_str($Search)?>" />
           &nbsp;
-          <input type="submit" value="Search log" />
+          <input type="submit" class="button-primary" value="Search log" />
         </td>
       </tr>
     </table>

sections/tools/data/registration_log.php

   <input type="hidden" name="action" value="registration_log" />
   Joined after: <input type="date" name="after_date" />
   Joined before: <input type="date" name="before_date" />
-  <input type="submit" />
+  <input type="submit" class="button-primary" />
 </form>
 
 <?php

sections/tools/data/torrent_stats.php

 View::show_header('Torrents');
 
 if (!$TorrentStats = $Cache->get_value('new_torrent_stats')) {
-    $DB->query("
+    $DB->prepared_query("
     SELECT COUNT(ID), SUM(Size), SUM(FileCount)
     FROM torrents");
     list($TorrentCount, $TotalSize, $TotalFiles) = $DB->next_record();
 
-    $DB->query("
+    $DB->prepared_query("
     SELECT COUNT(ID)
     FROM users_main
     WHERE Enabled = '1'");
     list($NumUsers) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 1 DAY)");
     list($DayNum, $DaySize, $DayFiles) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 7 DAY)");
     list($WeekNum, $WeekSize, $WeekFiles) = $DB->next_record();
 
-    $DB->query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
+    $DB->prepared_query("SELECT COUNT(ID), SUM(Size), SUM(FileCount) FROM torrents WHERE Time > SUBDATE(NOW(), INTERVAL 30 DAY)");
     list($MonthNum, $MonthSize, $MonthFiles) = $DB->next_record();
   
     $Cache->cache_value('new_torrent_stats', array($TorrentCount, $TotalSize, $TotalFiles,

sections/tools/development/clear_cache.php

 
         <textarea type="text" name="key" id="key"
           class="inputtext"><?=((isset($_GET['key']) && (isset($_GET['submit']))) ? display_str($_GET['key']) : '')?></textarea>
-        <input type="submit" name="submit" class="submit" />
+        <input type="submit" name="submit" class="submit button-primary" />
       </form>
     </td>
   </tr>

sections/tools/development/misc_values.php

 
 if (!check_perms('admin_manage_permissions')) {
     View::show_header('Site Options');
-    $DB->query("SELECT Name, First, Second FROM misc"); ?>
+    $DB->prepared_query("SELECT Name, First, Second FROM misc"); ?>
 
 <div class="header">
   <h1>Miscellaneous Values</h1>
 </div>
 
-<table width="100%">
-  <tr class="colhead">
-    <td>Name</td>
-    <td>First</td>
-    <td>Second</td>
+<table class="skeleton-fix">
+  <tr>
+    <th>Name</th>
+    <th>First</th>
+    <th>Second</th>
   </tr>
 
   <?php
 
     if ($_POST['submit'] === 'Delete') {
         $Name = db_string($_POST['name']);
-        $DB->query("DELETE FROM misc WHERE Name = '" . $Name . "'");
+        $DB->prepared_query("DELETE FROM misc WHERE Name = '" . $Name . "'");
     } else {
         $Val->SetFields('name', '1', 'regex', 'The name must be separated by underscores. No spaces are allowed.', array('regex' => '/^[a-z][:_a-z0-9]{0,63}$/i'));
         $Val->SetFields('first', '1', 'string', 'You must specify the first value.');
         $Second = db_string($_POST['second']);
 
         if ($_POST['submit'] === 'Edit') {
-            $DB->query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
+            $DB->prepared_query("SELECT Name FROM misc WHERE ID = '" . db_string($_POST['id']) . "'");
             list($OldName) = $DB->next_record();
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE misc
               SET
                 Name = '$Name',
               WHERE ID = '" . db_string($_POST['id']) . "'
             ");
         } else {
-            $DB->query("
+            $DB->prepared_query("
               INSERT INTO misc (Name, First, Second)
               VALUES ('$Name', '$First', '$Second')
             ");
     }
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT
     ID,
     Name,
         </td>
 
         <td>
-          <input type="text" size="60" name="first" />
+          <input type="text" size="50" name="first" />
         </td>
 
         <td>
-          <input type="text" size="60" name="second" />
+          <input type="text" size="50" name="second" />
         </td>
 
         <td>
-          <input type="submit" name="submit" value="Create" />
+          <input type="submit" name="submit" class="button-primary" value="Create" />
         </td>
       </form>
     </tr>
         </td>
 
         <td>
-          <input type="text" size="60" name="first"
+          <input type="text" size="50" name="first"
             value="<?=$First?>" />
         </td>
 
         <td>
-          <input type="text" size="60" name="second"
+          <input type="text" size="50" name="second"
             value="<?=$Second?>" />
         </td>
 
         <td>
-          <input type="submit" name="submit" value="Edit" />
+          <input type="submit" name="submit" class="button-primary" value="Edit" />
           <input type="submit" name="submit" value="Delete" />
         </td>
       </form>

sections/tools/development/render_build_preview.js

   console.log(JSON.stringify(returnStatus));
   phantom.exit();
 }
+
 fs.changeWorkingDirectory(toolsMiscPath);
 if (!fs.exists('render_base.html')) {
   // Rendering base doesn't exist, who broke things?
     width: 1200,
     height: 1000
   };
+
   // Switch to specific stylesheet subdirectory
   fs.changeWorkingDirectory(rootPath + '/' + staticPath + 'styles/' + system.args[3] + '/');
   if (!fs.isWritable(fs.workingDirectory)) {
     console.log(JSON.stringify(returnStatus));
     phantom.exit();
   }
+
   fs.write('preview.html', page.content, 'w');
   if (!fs.isFile('preview.html')) {
     // Failed to store specific preview file.
     console.log(JSON.stringify(returnStatus));
     phantom.exit();
   }
+
   page.close();
   returnStatus.status = 0;
   console.log(JSON.stringify(returnStatus));

sections/tools/development/rerender_gallery.php

-<?
-/*
+<?php
+#declare(strict_types=1);
+
+/**
  * This page creates previews of all supported stylesheets
  * SERVER_ROOT . '/' . STATIC_SERVER . 'styles/preview' must exist and be writable
  * Dependencies are PhantomJS (http://phantomjs.org/) and
  * ImageMagick (http://www.imagemagick.org/script/index.php)
  */
+
 View::show_header('Rerender stylesheet gallery images');
-$DB->query('
+$DB->prepared_query('
   SELECT
     ID,
     LOWER(REPLACE(Name," ","_")) AS Name,
     <div class="box box_info">
       <div class="head colhead_dark">Rendering parameters</div>
       <ul class="stats nobullet">
-        <li>Server root: <?= var_dump(SERVER_ROOT); ?></li>
-        <li>Static server: <?= var_dump(STATIC_SERVER); ?></li>
-        <li>Whoami: <? echo(shell_exec('whoami')); ?></li>
-        <li>Path: <? echo dirname(__FILE__); ?></li>
-        <li>Phantomjs ver: <? echo (shell_exec('/usr/bin/phantomjs -v;')); ?></li>
+        <li>Server root: <?= var_dump(SERVER_ROOT); ?>
+        </li>
+        <li>Static server: <?= var_dump(STATIC_SERVER); ?>
+        </li>
+        <li>Whoami: <?php echo(shell_exec('whoami')); ?>
+        </li>
+        <li>Path: <?php echo dirname(__FILE__); ?>
+        </li>
+        <li>Phantomjs ver: <?php echo(shell_exec('/usr/bin/phantomjs -v')); ?>
+        </li>
       </ul>
     </div>
   </div>
     <div class="box">
       <div class="head">Rendering status</div>
       <div class="pad">
-<?
+        <?php
 //set_time_limit(0);
 foreach ($Styles as $Style) {
-?>
+    ?>
         <div class="box">
-          <h6><?= $Style['Name'] ?></h6>
+          <h6><?= $Style['Name'] ?>
+          </h6>
           <p>Build preview:
-<?
+            <?php
   $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_build_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
-  $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
-  switch ($BuildResult['status']) {
+    $BuildResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
+    switch ($BuildResult['status']) {
     case 0:
       echo 'Success.';
       break;
       break;
     default:
       echo 'Err: Unknown error returned';
-  }
-?>
+  } ?>
           </p>
-<?
+          <?php
   //If build was successful, snap a preview.
   if ($BuildResult['status'] === 0) {
-?>
+      ?>
           <p>Snap preview:
-<?
+            <?php
     $CmdLine = '/usr/bin/phantomjs "' . dirname(__FILE__) . '/render_snap_preview.js" "' . SERVER_ROOT . '" "' . STATIC_SERVER . '" "' . $Style['Name'] . '" "' . dirname(__FILE__) . '"';
-    $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
-    switch ($SnapResult['status']) {
+      $SnapResult = json_decode(shell_exec(escapeshellcmd($CmdLine)), true);
+      switch ($SnapResult['status']) {
       case 0:
         echo 'Success.';
         $CmdLine = '/usr/bin/convert "' . $ImagePath . '/full_' . $Style['Name'] . '.png" -filter Box -resize 40% -quality 94 "' . $ImagePath . '/thumb_' . $Style['Name'] . '.png"';
         $ResizeResult = shell_exec(escapeshellcmd($CmdLine));
         if ($ResizeResult !== null) {
-          echo ' But failed to resize image';
+            echo ' But failed to resize image';
         }
         break;
       case -1:
         break;
       default:
         echo 'Err: Unknown error returned.';
-    }
-?>
+    } ?>
           </p>
-<?php } ?>
+          <?php
+  } ?>
         </div>
-<? } ?>
+        <?php
+} ?>
       </div>
     </div>
   </div>
 </div>
-<?
+<?php
 View::show_footer();

sections/tools/development/service_stats.php

     $Cache->flush();
 }
 
-$DB->query('SHOW GLOBAL STATUS');
+$DB->prepared_query('SHOW GLOBAL STATUS');
 $DBStats = $DB->to_array('Variable_name');
 $MemStats = $Cache->getStats();
 
             <input type="hidden" name="auth"
               value="<?=$LoggedUser['AuthKey']?>" />
             <input type="hidden" name="global_flush" value="1" />
-            <input type="submit" value="Flush" />
+            <input type="submit" class="button-primary" value="Flush" />
           </form>
         </td>
       </tr>

sections/tools/finances/donation_log.php

       </tr>
       <tr>
         <td>
-          <input type="submit" value="Search donation log" />
+          <input type="submit" class="button-primary" value="Search donation log" />
         </td>
       </tr>
     </table>

sections/tools/index.php

     }
 
     if (is_number($_POST['newsid'])) {
-        $DB->query("
+        $DB->prepared_query("
           UPDATE news
           SET Title = '".db_string($_POST['title'])."',
             Body = '".db_string($_POST['body'])."'
 
     if (is_number($_GET['id'])) {
         authorize();
-        $DB->query("
+        $DB->prepared_query("
           DELETE FROM news
           WHERE ID = '".db_string($_GET['id'])."'");
 
         error(403);
     }
 
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO news (UserID, Title, Body, Time)
       VALUES ('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
 
     include SERVER_ROOT.'/sections/tools/managers/tag_aliases.php';
     break;
 
-  case 'label_aliases':
-    include SERVER_ROOT.'/sections/tools/managers/label_aliases.php';
-    break;
-
   case 'global_notification':
     include SERVER_ROOT.'/sections/tools/managers/global_notification.php';
     break;
         //$Val->SetFields('test', true, 'number', 'You did not enter a valid level for this permission set.');
 
         if (is_numeric($_REQUEST['id'])) {
-            $DB->query("
+            $DB->prepared_query("
               SELECT p.ID, p.Name, p.Abbreviation, p.Level, p.Secondary, p.PermittedForums, p.Values, p.DisplayStaff, COUNT(u.ID)
               FROM permissions AS p
                 LEFT JOIN users_main AS u ON u.PermissionID = p.ID
             $Err = $Val->ValidateForm($_POST);
 
             if (!is_numeric($_REQUEST['id'])) {
-                $DB->query("
+                $DB->prepared_query("
                   SELECT ID
                   FROM permissions
                   WHERE Level = '".db_string($_REQUEST['level'])."'");
 
             if (!$Err) {
                 if (!is_numeric($_REQUEST['id'])) {
-                    $DB->query("
+                    $DB->prepared_query("
                       INSERT INTO permissions (Level, Name, Abbreviation, Secondary, PermittedForums, `Values`, DisplayStaff)
                       VALUES ('".db_string($Level)."',
                         '".db_string($Name)."',
                         '".db_string(serialize($Values))."',
                         '".db_string($DisplayStaff)."')");
                 } else {
-                    $DB->query("
+                    $DB->prepared_query("
                       UPDATE permissions
                       SET Level = '".db_string($Level)."',
                         Name = '".db_string($Name)."',
 
                     $Cache->delete_value('perm_'.$_REQUEST['id']);
                     if ($Secondary) {
-                        $DB->query("
+                        $DB->prepared_query("
                           SELECT DISTINCT UserID
                           FROM users_levels
                           WHERE PermissionID = ".db_string($_REQUEST['id']));
         include SERVER_ROOT.'/sections/tools/managers/permissions_alter.php';
     } else {
         if (!empty($_REQUEST['removeid'])) {
-            $DB->query("
+            $DB->prepared_query("
               DELETE FROM permissions
               WHERE ID = '".db_string($_REQUEST['removeid'])."'");
 
-            $DB->query("
+            $DB->prepared_query("
               SELECT UserID
               FROM users_levels
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
                 $Cache->delete_value("user_info_$UserID");
                 $Cache->delete_value("user_info_heavy_$UserID");
             }
-            $DB->query("
+            $DB->prepared_query("
               DELETE FROM users_levels
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
 
-            $DB->query("
+            $DB->prepared_query("
               SELECT ID
               FROM users_main
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");
                 $Cache->delete_value("user_info_heavy_$UserID");
             }
 
-            $DB->query("
+            $DB->prepared_query("
               UPDATE users_main
               SET PermissionID = '".USER."'
               WHERE PermissionID = '".db_string($_REQUEST['removeid'])."'");

sections/tools/managers/bans.php

             value="<?=(!empty($_GET['notes']) ? display_str($_GET['notes']) : '')?>" />
         </td>
         <td>
-          <input type="submit" value="Search" />
+          <input type="submit" class="button-primary" value="Search" />
         </td>
       </tr>
     </table>
         <input type="text" size="72" name="notes" />
       </td>
       <td>
-        <input type="submit" name="submit" value="Create" />
+        <input type="submit" name="submit" class="button-primary" value="Create" />
       </td>
     </form>
   </tr>

sections/tools/managers/email_blacklist.php

   <input type="hidden" name="action" value="email_blacklist" />
   <input type="email" name="email" size="30" placeholder="Email" />
   <input type="search" name="comment" size="60" placeholder="Comment" />
-  <input type="submit" value="Search" />
+  <input type="submit" class="button-primary" value="Search" />
 </form>
 <div class="linkbox pager">
   <br />
       <input type="hidden" name="action" value="email_blacklist_alter" />
       <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
       <td><input type="text" name="email" size="30" /></td>
-      <td colspan="2"><input type="text" name="comment" size="60" /></td>
-      <td><input type="submit" value="Create" /></td>
+      <td colspan="2"><input type="text" name="comment" size="50" /></td>
+      <td><input type="submit" class="button-primary" value="Create" /></td>
     </form>
   </tr>
 <?
         <input type="hidden" name="id" value="<?=$Result['ID']?>" />
         <input type="email" name="email" value="<?=display_str($Result['Email'])?>" size="30" />
       </td>
-      <td><input type="text" name="comment" value="<?=display_str($Result['Comment'])?>" size="60" /></td>
+      <td><input type="text" name="comment" value="<?=display_str($Result['Comment'])?>" size="50" /></td>
       <td><?=Users::format_username($Result ['UserID'], false, false, false)?><br /><?=time_diff($Result ['Time'], 1)?></td>
       <td>
-        <input type="submit" name="submit" value="Edit" />
+        <input type="submit" name="submit" class="button-primary" value="Edit" />
         <input type="submit" name="submit" value="Delete" />
       </td>
     </form>

sections/tools/managers/global_notification.php

   <form action="tools.php" method="post">
     <input type="hidden" name="action" value="take_global_notification" />
     <input type="hidden" name="type" value="set" />
-    <table align="center">
+    <table class="skeleton-fix">
       <tr>
         <td class="label">
           Message
 
       <tr>
         <td>
-          <input type="submit" name="set" value="Create Notification" />
+          <input type="submit" name="set" class="button-primary" value="Create Notification" />
         </td>
 
         <?php if ($GlobalNotification) { ?>

sections/tools/managers/label_aliases.php

-<?php
-/*
-if (!check_perms('torrents_edit') || $LoggedUser['DisableWiki']) {
-  error(403);
-}
-*/
-
-if (!check_perms('users_mod') && !$LoggedUser['ExtraClasses'][DELTA_TEAM]) {
-  error(403);
-}
-
-View::show_header('Label Aliases');
-
-$OrderBy = $_GET['order'] === 'BadLabels' ? 'BadLabel' : 'AliasLabel';
-/*
-$LabelID = (int)$_GET['id'];
-$LabelNameSQL = '';
-//TODO join with labels table to get label name
-if (!empty($LabelID)) {
-  $DB->query("
-    SELECT name
-    FROM labels
-    WHERE ID = '$LabelID'");
-  if ($DB->has_results()) {
-    list($LabelName) = $DB->next_record();
-  }
-  $LabelNameSQL = " WHERE AliasLabel = '$LabelName'";
-}
-*/
-
-if (isset($_POST['newalias'])) {
-  $BadLabel = db_string($_POST['BadLabel']);
-  $AliasLabel = db_string($_POST['AliasLabel']);
-
-  $DB->query("
-    INSERT INTO label_aliases (BadLabel, AliasLabel)
-    VALUES ('$BadLabel', '$AliasLabel')");
-}
-
-if (isset($_POST['changealias']) && is_number($_POST['aliasid'])) {
-  $AliasID = $_POST['aliasid'];
-  $BadLabel = db_string($_POST['BadLabel']);
-  $AliasLabel = db_string($_POST['AliasLabel']);
-
-  if ($_POST['save']) {
-    $DB->query("
-      UPDATE label_aliases
-      SET BadLabel = '$BadLabel', AliasLabel = '$AliasLabel'
-      WHERE ID = '$AliasID' ");
-  }
-  if ($_POST['delete']) {
-    $DB->query("
-      DELETE FROM label_aliases
-      WHERE ID = '$AliasID'");
-  }
-}
-?>
-<div class="header">
-  <h2>Label Aliases<?=($LabelName ? " for <a href=\"labels.php?id=$LabelID\">$LabelName</a>" : '')?></h2>
-  <div class="linkbox">
-    <a href="tools.php?action=label_aliases&amp;order=GoodLabels" class="brackets">Sort by good labels</a>
-    <a href="tools.php?action=label_aliases&amp;order=BadLabels" class="brackets">Sort by bad labels</a>
-  </div>
-</div>
-<table width="100%">
-  <tr class="colhead">
-    <td>Label</td>
-    <td>Renamed from</td>
-    <td>Submit</td>
-  </tr>
-  <tr />
-  <tr>
-    <form method="post" action="">
-      <input type="hidden" name="newalias" value="1" />
-      <td>
-        <input type="text" name="AliasLabel" />
-      </td>
-      <td>
-        <input type="text" name="BadLabel" />
-      </td>
-      <td>
-        <input type="submit" value="Add alias" />
-      </td>
-    </form>
-  </tr>
-<?
-$DB->query("
-  SELECT ID, BadLabel, AliasLabel
-  FROM label_aliases
-  $LabelNameSQL
-  ORDER BY $OrderBy");
-while (list($ID, $BadLabel, $AliasLabel) = $DB->next_record()) {
-?>
-  <tr>
-    <form method="post" action="">
-      <input type="hidden" name="changealias" value="1" />
-      <input type="hidden" name="aliasid" value="<?=$ID?>" />
-      <td>
-        <input type="text" name="AliasLabel" value="<?=$AliasLabel?>" />
-      </td>
-      <td>
-        <input type="text" name="BadLabel" value="<?=$BadLabel?>" />
-      </td>
-      <td>
-        <input type="submit" name="save" value="Save alias" />
-        <input type="submit" name="delete" value="Delete alias" />
-      </td>
-    </form>
-  </tr>
-<?
-}
-?>
-</table>
-<? View::show_footer(); ?>

sections/tools/managers/mass_pm.php

       <div id="preview" class="hidden"></div>
       <div id="buttons" class="center">
         <input type="button" value="Preview" onclick="Quick_Preview();" />
-        <input type="submit" value="Send message" />
+        <input type="submit" class="button-primary" value="Send message" />
       </div>
     </div>
   </form>

sections/tools/managers/multiple_freeleech.php

                 <option value="m" <?=$_POST['scale'] == 'm' ? 'selected' : ''?>>MB</option>
                 <option value="g" <?=!isset($_POST['scale']) || $_POST['scale'] == 'g' ? 'selected' : ''?>>GB</option>
             </select><br /><br />
-            <input type="submit" value="Submit" />
+            <input type="submit" class="button-primary" value="Submit" />
         </form>
     </div>
 </div>

sections/tools/managers/news.php

     if (is_number($_POST['newsid'])) {
         authorize();
 
-        $DB->query("
+        $DB->prepared_query("
         UPDATE news
         SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
         WHERE ID = '".db_string($_POST['newsid'])."'");
   case 'editnews':
     if (is_number($_GET['id'])) {
         $NewsID = $_GET['id'];
-        $DB->query("
+        $DB->prepared_query("
         SELECT Title, Body
         FROM news
         WHERE ID = $NewsID");
 ); ?>
 
       <div class="center">
-        <input type="submit"
+        <input type="submit" class="button-primary"
           value="<?= ($_GET['action'] === 'news') ? 'Create news post' : 'Edit news post';?>">
       </div>
     </div>
 
   <h2>News archive</h2>
   <?php
-$DB->query('
+$DB->prepared_query('
   SELECT
     ID,
     Title,

sections/tools/managers/official_tags.php

         </tr>
         <tr style="border-top: thin solid;">
           <td colspan="11" style="text-align: center;">
-            <input type="submit" value="Submit changes" />
+            <input type="submit" class="button-primary" value="Submit changes" />
           </td>
         </tr>
 

sections/tools/managers/permissions_alter.php

     <a href="tools.php?action=permissions" class="brackets">Back to permission list</a>
     <a href="tools.php" class="brackets">Back to tools</a>
   </div>
-  <table class="permission_head layout box">
+  <table class="permission_head skeleton-fix">
     <tr>
       <td class="label">Permission name</td>
       <td><input type="text" name="name" id="name"

sections/tools/managers/permissions_list.php

     </div>
   </div>
 <?
-$DB->query("
+$DB->prepared_query("
   SELECT
     p.ID,
     p.Name,
 if ($DB->has_results()) {
 ?>
   <div class="box">
-  <table width="100%">
+  <table class="skeleton-fix">
     <tr class="colhead">
       <td>Name</td>
       <td>Level</td>

sections/tools/managers/sitewide_freeleech.php

-<?
+<?php
+declare(strict_types=1);
+
 if (isset($_POST['type'])) {
-  if ($_POST['type'] == 'tag') {
-    authorize();
-    if (!isset($_POST['tag'])) {
-      error("You didn't enter a tag, dipshit.");
-    }
-    $Tag = db_string($_POST['tag']);
-    $DB->query("
-      SELECT ID
-      FROM tags
-      WHERE
-        Name = '" . $Tag . "'");
-    if ($DB->has_results()) {
-      $Tag = str_replace('.', '_', $Tag);
-      $DB->query("
-        SELECT t.ID
-        FROM torrents AS t
-          JOIN torrents_group AS tg ON t.GroupID = tg.ID
-        WHERE t.FreeTorrent != '2'
-          AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')
-          AND tg.TagList LIKE '%" . $Tag . "%'");
-      if ($DB->has_results()) {
-        $IDs = $DB->collect('ID');
-        $Duration = db_string($_POST['duration']);
-        $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
-        foreach ($IDs as $ID) {
-          $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+    if ($_POST['type'] === 'tag') {
+        authorize();
+
+        if (!isset($_POST['tag'])) {
+            error("You didn't enter a tag, dipshit.");
         }
-        $Query = substr($Query, 0, strlen($Query) - 2);
-        $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
-        $DB->query($Query);
 
+        $Tag = db_string($_POST['tag']);
         $DB->query("
-          INSERT INTO misc
-            (Name, First, Second)
-          VALUES
-            ('" . $Tag . "', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
-          ON DUPLICATE KEY UPDATE
-            First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
-        Torrents::freeleech_torrents($IDs, 1, 3, false);
-        echo("Success! Now run the indexer.");
-      } else {
-        error('No torrents with that tag exist.');
-      }
-    } else {
-      error("That tag doesn't exist.");
-    }
-  } elseif ($_POST['type'] == 'global') {
-    authorize();
-    $DB->query("
-      SELECT t.ID
-      FROM torrents AS t
-        JOIN torrents_group AS tg ON t.GroupID = tg.ID
-      WHERE t.FreeTorrent != '2'
-        AND (t.FreeLeechType = '0' OR t.FreeLeechType = '3')");
-    if ($DB->has_results()) {
-      $IDs = $DB->collect('ID');
-      $Duration = db_string($_POST['duration']);
-      $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
-      foreach ($IDs as $ID) {
-        $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
-      }
-      $Query = substr($Query, 0, strlen($Query) - 2);
-      $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
-      $DB->query($Query);
-      $DB->query("
-        INSERT INTO misc
-          (Name, First, Second)
+        SELECT `ID`
+        FROM `tags`
+        WHERE `Name` = '$Tag'
+        ");
+
+        if ($DB->has_results()) {
+            $Tag = str_replace('.', '_', $Tag);
+            $DB->query("
+            SELECT t.`ID`
+            FROM `torrents` AS t
+            JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
+            WHERE t.`FreeTorrent` != '2'
+            AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
+            AND tg.`tag_list` LIKE '%$Tag%'
+            ");
+
+            if ($DB->has_results()) {
+                $IDs = $DB->collect('ID');
+                $Duration = db_string($_POST['duration']);
+                $Query = "INSERT IGNORE INTO `shop_freeleeches` (TorrentID, ExpiryTime) VALUES ";
+
+                foreach ($IDs as $ID) {
+                    $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+                }
+
+                $Query = substr($Query, 0, strlen($Query) - 2);
+                $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
+                $DB->query($Query);
+
+                $DB->query(
+                    "
+                INSERT INTO `misc`
+                  (Name, First, Second)
+                VALUES
+                  ('$Tag', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
+                ON DUPLICATE KEY UPDATE
+                  `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
+                );
+
+                Torrents::freeleech_torrents($IDs, 1, 3, false);
+                echo("Success! Now run the indexer.");
+            } else {
+                error('No torrents with that tag exist.');
+            }
+        } else {
+            error("That tag doesn't exist.");
+        }
+    } elseif ($_POST['type'] === 'global') {
+        authorize();
+
+        $DB->query("
+        SELECT t.`ID`
+        FROM `torrents` AS t
+        JOIN `torrents_group` AS tg ON t.`GroupID` = tg.`id`
+        WHERE t.`FreeTorrent` != '2'
+        AND (t.`FreeLeechType` = '0' OR t.`FreeLeechType` = '3')
+        ");
+
+        if ($DB->has_results()) {
+            $IDs = $DB->collect('ID');
+            $Duration = db_string($_POST['duration']);
+            $Query = "INSERT IGNORE INTO shop_freeleeches (TorrentID, ExpiryTime) VALUES ";
+
+            foreach ($IDs as $ID) {
+                $Query .= "(" . $ID . ", NOW() + INTERVAL " . $Duration . " HOUR), ";
+            }
+
+            $Query = substr($Query, 0, strlen($Query) - 2);
+            $Query .= " ON DUPLICATE KEY UPDATE ExpiryTime = ExpiryTime + INTERVAL " . $Duration . " HOUR";
+            $DB->query($Query);
+
+            $DB->query(
+                "
+        INSERT INTO `misc`
+          (`Name`, `First`, `Second`)
         VALUES
           ('global', '" . (time() + (60 * 60 * $Duration)) . "', 'freeleech')
         ON DUPLICATE KEY UPDATE
-          First = CONVERT(First, UNSIGNED INTEGER) + " . (60 * 60 * $Duration));
-      Torrents::freeleech_torrents($IDs, 1, 3, false);
-      echo("Success! Now run the indexer.");
-    } else {
-      error("RIP Oppaitime");
+          `First` = CONVERT(`First`, UNSIGNED INTEGER) + " . (60 * 60 * $Duration)
+            );
+        
+            Torrents::freeleech_torrents($IDs, 1, 3, false);
+            echo("Success! Now run the indexer.");
+        } else {
+            error("RIP Oppaitime");
+        }
     }
-  }
 } else {
-  View::show_header('Site-Wide Freeleech'); ?>
-  <div>
-    <div class="box text-align: center;">
-      <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until the indexer runs.</strong>
-    </div>
-    <div class="box text-align: center;">
-      <form action="tools.php" method="POST">
-        <input type="hidden" name="action" value="freeleech" />
-        <input type="hidden" name="type" value="tag">
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
-        <strong>Single Tag Freeleech</strong>
-        <br />
-        <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
-        <br />
-        <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
-        <br />
-        <input type="submit" value="RELEASE THE LEECH" />
-      </form>
-    </div>
-    <div class="box text-align: center;">
-      <form action="tools.php" method="POST">
-        <input type="hidden" name="action" value="freeleech" />
-        <input type="hidden" name="type" value="global" />
-        <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
-        <strong>Global Freeleech</strong>
-        <br />
-        <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
-        <br />
-        <input type="submit" value="RELEASE THE LEECH" />
-    </div>
+    View::show_header('Site-Wide Freeleech'); ?>
+<div>
+  <div class="box text-align: center;">
+    <strong>Make sure you run the indexer after using either of these tools, or torrents may disappear from search until
+      the indexer runs.</strong>
+  </div>
+  <div class="box text-align: center;">
+    <form action="tools.php" method="POST">
+      <input type="hidden" name="action" value="freeleech" />
+      <input type="hidden" name="type" value="tag">
+      <input type="hidden" name="auth"
+        value="<?=$LoggedUser['AuthKey']?>" />
+      <strong>Single Tag Freeleech</strong>
+      <br />
+      <input id="tag_name" type="text" name="tag" placeholder="Tag" value="" />
+      <br />
+      <input id="tag_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
+      <br />
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
+    </form>
+  </div>
+  <div class="box text-align: center;">
+    <form action="tools.php" method="POST">
+      <input type="hidden" name="action" value="freeleech" />
+      <input type="hidden" name="type" value="global" />
+      <input type="hidden" name="auth"
+        value="<?=$LoggedUser['AuthKey']?>" />
+      <strong>Global Freeleech</strong>
+      <br />
+      <input id="global_duration" type="number" name="duration" placeholder="Duration (hours)" value="" />
+      <br />
+      <input type="submit" class="button-primary" value="RELEASE THE LEECH" />
   </div>
-  <? View::show_footer();
+</div>
+<?php View::show_footer();
 }
-?>

sections/tools/managers/tag_aliases.php

       </td>
 <?php if (check_perms('users_mod')) { ?>
       <td>
-        <input type="submit" value="Add alias" />
+        <input type="submit" class="button-primary" value="Add alias" />
       </td>
 <?php } ?>
     </form>
       </td>
 <?php if (check_perms('users_mod')) { ?>
       <td>
-        <input type="submit" name="save" value="Save alias" />
+        <input type="submit" name="save" class="button-primary" value="Save alias" />
         <input type="submit" name="delete" value="Delete alias" />
       </td>
 <?php } ?>

sections/tools/managers/tokens.php

     <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
     Tokens to add: <input type="text" name="numtokens" size="5" style="text-align: right;" value="0" /><br /><br />
     <label for="leechdisabled">Grant tokens to leech disabled users: </label><input type="checkbox" id="leechdisabled" name="leechdisabled" value="1" /><br /><br />
-    <input type="submit" name="addtokens" value="Add tokens" />
+    <input type="submit" name="addtokens" class="button-primary" value="Add tokens" />
   </form>
 </div>
 <br />

sections/tools/managers/whitelist_list.php

 <?
+#declare(strict_types = 1);
+
 if (!check_perms('admin_whitelist')) {
   error(403);
 }
         <input type="text" size="10" name="peer_id" placeholder="Peer ID" />
       </td>
       <td>
-        <input type="submit" value="Create" />
+        <input type="submit" class="button-primary" value="Create" />
       </td>
     </tr>
   </table>
         <input type="text" size="10" name="peer_id" value="<?=$Peer_ID?>" />
       </td>
       <td>
-        <input type="submit" name="submit" value="Edit" />
+        <input type="submit" name="submit" class="button-primary" value="Edit" />
         <input type="submit" name="submit" value="Delete" />
       </td>
     </tr>

sections/tools/misc/create_user.php

       </tr>
       <tr>
         <td colspan="2" align="right">
-          <input type="submit" name="submit" value="Create User" class="submit" />
+          <input type="submit" name="submit" value="Create User" class="submit button-primary" />
         </td>
       </tr>
     </table>

sections/tools/misc/database_key.php

 
     <div style="display: flex;">
       <input type="text" name="dbkey" style="flex-grow: 1;" />
-      <input type="submit" name="submit" value="Update key" />
+      <input type="submit" name="submit" class="button-primary" value="Update key" />
     </div>
 
   </form>

sections/tools/misc/manipulate_tree.php

           if ($_POST['perform'] === 'inviteprivs') { echo ' selected="selected"'; } ?>>Disable invites privileges</option>
           </select>
         </td>
-        <td align="left"><input type="submit" value="Go" /></td>
+        <td align="left"><input type="submit" class="button-primary" value="Go" /></td>
       </tr>
     </table>
   </form>

sections/tools/misc/tags.php

       </tr>
       <tr>
         <td class="center" colspan="5">
-          <input type="submit" value="Process Tag" />
+          <input type="submit" class="button-primary" value="Process Tag" />
         </td>
       </tr>
     </table>

sections/tools/tools.php

   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Administration</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Announcements</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Community</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Finances</td>
         </tr>
   // begin Queue category
   $ToolsHTML = "";
   create_row("Auto-Enable requests", "tools.php?action=enable_requests", check_perms("users_mod"));
-  create_row("Email deletion requests", "tools.php?action=delete_email", check_perms("users_mod"));
   create_row("Login watch", "tools.php?action=login_watch", check_perms("admin_login_watch"));
 
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Queue</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Managers</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Development</td>
         </tr>
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Site Information</td>
         </tr>
   create_row("Collage recovery", "collages.php?action=recover", check_perms("site_collages_recover"));
   create_row("Manage freeleech tokens", "tools.php?action=tokens", check_perms("users_mod"));
   create_row("Multiple freeleech", "tools.php?action=multiple_freeleech", check_perms("users_mod"));
-  create_row("Label aliases", "tools.php?action=label_aliases", check_perms("users_mod"));
   create_row("Tag aliases", "tools.php?action=tag_aliases", check_perms("users_mod"));
   create_row("Batch tag editor", "tools.php?action=edit_tags", check_perms("users_mod"));
   create_row("Official tags manager", "tools.php?action=official_tags", check_perms("users_mod"));
   if ($ToolsHTML) {
       ?>
     <div class="permission_subcontainer">
-      <table class="layout admin_tools">
+      <table class="admin-tools skeleton-fix">
         <tr class="colhead">
           <td>Torrents</td>
         </tr>

sections/torrents/download.php

     }
 }
 
-$TorrentID = $_REQUEST['id'];
-if (!is_number($TorrentID)) {
-    error(0);
-}
+$TorrentID = (int) $_REQUEST['id'];
+Security::checkInt($TorrentID);
 
 /*
   uTorrent Remote and various scripts redownload .torrent files periodically.
 if ($_REQUEST['usetoken'] && $FreeTorrent === '0') {
     if (isset($LoggedUser)) {
         $FLTokens = $LoggedUser['FLTokens'];
-        if ($LoggedUser['CanLeech'] !== '1') {
+        if ($LoggedUser['CanLeech'] !== 1) {
             error('You cannot use tokens while leech disabled.');
         }
     } else {

sections/user/permissions.php

 </div>
 <br />
 <form class="manage_form" name="permissions" id="permissionsform" method="post" action="">
-  <table class="layout permission_head">
+  <table class="permission_head skeleton-fix">
     <tr>
       <td class="label">Extra personal collages</td>
       <td><input type="text" name="maxcollages" size="5"

sections/user/user.php

           <input type="hidden" name="to" value="<?=$UserID?>">
           <div class="flex_input_container">
             <input type="text" name="amount" placeholder="Amount">
-            <input type="submit" value="Send">
+            <input type="submit" class="button-primary" value="Send">
           </div>
           <textarea name="message" rows="2" placeholder="Message"></textarea>
           <label><input type="checkbox" name="adjust"> Adjust for tax?</label>
       </div>
     </div>
 
-    <table class="layout box" id="user_info_box">
+    <table class="box skeleton-fix" id="user_info_box">
       <tr class="colhead">
         <td colspan="2">
           User Information
     </table>
 
     <?php if (check_perms('users_warn')) { ?>
-    <table class="layout box" id="warn_user_box">
+    <table class="box skeleton-fix" id="warn_user_box">
       <tr class="colhead">
         <td colspan="2">
           Warnings
       <?php } ?>
     </table>
     <?php if (check_perms('users_disable_any')) { ?>
-    <table class="layout box" id="user_lock_account">
+    <table class="box skeleton-fix" id="user_lock_account">
       <tr class="colhead">
         <td colspan="2">
           Lock Account
       </tr>
     </table>
     <?php }  ?>
-    <table class="layout box" id="user_privs_box">
+    <table class="box skeleton-fix" id="user_privs_box">
       <tr class="colhead">
         <td colspan="2">
           User Privileges
   } ?>
     </table>
     <?php if (check_perms('users_logout')) { ?>
-    <table class="layout box" id="session_box">
+    <table class="box skeleton-fix" id="session_box">
       <tr class="colhead">
         <td colspan="2">
           Session
       DonationsView::render_mod_donations($UserID);
   }
 ?>
-    <table class="layout box" id="submit_box">
+    <table class="box skeleton-fix" id="submit_box">
       <tr class="colhead">
         <td colspan="2">
           Submit

sections/userhistory/collage_subscribe.php

 $CollageID = (int)$_GET['collageid'];
 
 if (!$UserSubscriptions = $Cache->get_value('collage_subs_user_'.$LoggedUser['ID'])) {
-  $DB->query('
+  $DB->prepared_query('
     SELECT CollageID
     FROM users_collage_subs
     WHERE UserID = '.db_string($LoggedUser['ID']));
 }
 
 if (($Key = array_search($CollageID, $UserSubscriptions)) !== false) {
-  $DB->query('
+  $DB->prepared_query('
     DELETE FROM users_collage_subs
     WHERE UserID = '.db_string($LoggedUser['ID'])."
       AND CollageID = $CollageID");
   unset($UserSubscriptions[$Key]);
   Collages::decrease_subscriptions($CollageID);
 } else {
-  $DB->query("
+  $DB->prepared_query("
     INSERT IGNORE INTO users_collage_subs
       (UserID, CollageID, LastVisit)
     VALUES

sections/userhistory/subscribed_collages.php

     GROUP BY c.ID";
 }
 
-$DB->query($sql);
+$DB->prepared_query($sql);
 $NumResults = $DB->record_count();
 $CollageSubs = $DB->to_array();
 ?>
             $TorrentTable = '';
 
             list($CollageID, $CollageName, $CollageSize, $LastVisit) = $Collage;
-            $RS = $DB->query("
+            $RS = $DB->prepared_query("
       SELECT GroupID
       FROM collages_torrents
       WHERE CollageID = $CollageID

sections/userhistory/subscriptions.php

  * LastReadAvatar
  * LastReadEditedUserID
  */
-$DB->query("
+$DB->prepared_query("
   (SELECT
     SQL_CALC_FOUND_ROWS
     s.`Page`,
   LIMIT $Limit");
 
 $Results = $DB->to_array(false, MYSQLI_ASSOC, false);
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 
 $Debug->log_var($Results, 'Results');

sections/userhistory/thread_subscribe.php

 
 $TopicID = (int)$_GET['topicid'];
 
-$DB->query("
+$DB->prepared_query("
   SELECT f.ID
   FROM forums_topics AS t
     JOIN forums AS f ON f.ID = t.ForumID

sections/userhistory/token_history.php

 
 # Validate user ID
 if (isset($_GET['userid'])) {
-    $UserID = $_GET['userid'];
+    $UserID = (int) $_GET['userid'];
 } else {
-    $UserID = $LoggedUser['ID'];
+    $UserID = (int) $LoggedUser['ID'];
 }
 
 Security::checkInt($UserID);
         error(403);
     }
 
-    $UserID = $_GET['userid'];
-    $TorrentID = $_GET['torrentid'];
+    $UserID = (int) $_GET['userid'];
+    $TorrentID = (int) $_GET['torrentid'];
     Security::checkInt($UserID, $TorrentID);
 
     $DB->prepare_query("
 $DB->exec_prepared_query();
 
 $Tokens = $DB->to_array();
-$DB->query('SELECT FOUND_ROWS()');
+$DB->prepared_query('SELECT FOUND_ROWS()');
 list($NumResults) = $DB->next_record();
 $Pages = Format::get_pages($Page, $NumResults, 25);
 ?>
         $Name = "(<i>Deleted torrent <a href='log.php?search=Torrent+$TorrentID'>$TorrentID</a></i>)";
     }
 
+    /*
     $ArtistName = Artists::display_artists($Artists[$GroupID]);
     if ($ArtistName) {
         $Name = $ArtistName.$Name;
-    } ?>
+    }
+    */ ?>
 
   <tr class="row">
     <td>

sections/wiki/add_alias.php

 
 $ArticleID = (int)$_POST['article'];
 
-$DB->query("SELECT MinClassEdit FROM wiki_articles WHERE ID = $ArticleID");
+$DB->prepared_query("SELECT MinClassEdit FROM wiki_articles WHERE ID = $ArticleID");
 list($MinClassEdit) = $DB->next_record();
 
 if ($MinClassEdit > $LoggedUser['EffectiveClass']) {
 $Dupe = Wiki::alias_to_id($_POST['alias']);
 
 if ($NewAlias !== '' && $NewAlias!== 'addalias' && $Dupe === false) { // Not null, and not dupe
-    $DB->query("INSERT INTO wiki_aliases (Alias, UserID, ArticleID) VALUES ('$NewAlias', '$LoggedUser[ID]', '$ArticleID')");
+    $DB->prepared_query("INSERT INTO wiki_aliases (Alias, UserID, ArticleID) VALUES ('$NewAlias', '$LoggedUser[ID]', '$ArticleID')");
 } else {
     error('The alias you attempted to add was either null or already in the database.');
 }

sections/wiki/compare.php

     if ((int) $Rev === $Revision) {
         $Str = $Body;
     } else {
-        $DB->query("
+        $DB->prepared_query("
           SELECT Body
           FROM wiki_revisions
           WHERE ID = '$ID'
   || !is_number($_GET['old'])
   || !is_number($_GET['new'])
   || !is_number($_GET['id'])
-  || $_GET['old'] > $_GET['new']
 ) {
-    error(0);
+    error(400);
+}
+
+if ($_GET['old'] > $_GET['new']) {
+    error('The new revision compared must be newer than the old revision to compare against.');
 }
 
 $ArticleID = (int) $_GET['id'];

sections/wiki/create.php

           <input type="button" value="Preview"
             class="hidden button_preview_<?=$ReplyText->getID()?>"
             tabindex="1" />
-          <input type="submit" value="Submit" />
+          <input type="submit" class="button-primary" value="Submit" />
         </div>
       </div>
     </form>

sections/wiki/delete.php

     error('You cannot delete the main wiki article.');
 }
 
-$DB->query("
+$DB->prepared_query("
   SELECT Title
   FROM wiki_articles
   WHERE ID = $ID");
 Misc::write_log("Wiki article $ID ($Title) was deleted by ".$LoggedUser['Username']);
 
 // Delete
-$DB->query("DELETE FROM wiki_articles WHERE ID = $ID");
-$DB->query("DELETE FROM wiki_aliases WHERE ArticleID = $ID");
-$DB->query("DELETE FROM wiki_revisions WHERE ID = $ID");
+$DB->prepared_query("DELETE FROM wiki_articles WHERE ID = $ID");
+$DB->prepared_query("DELETE FROM wiki_aliases WHERE ArticleID = $ID");
+$DB->prepared_query("DELETE FROM wiki_revisions WHERE ID = $ID");
 
 Wiki::flush_aliases();
 Wiki::flush_article($ID);

sections/wiki/delete_alias.php

 
 $ArticleID = Wiki::alias_to_id($_GET['alias']);
 
-$DB->query("SELECT MinClassEdit FROM wiki_articles WHERE ID = $ArticleID");
+$DB->prepared_query("SELECT MinClassEdit FROM wiki_articles WHERE ID = $ArticleID");
 list($MinClassEdit) = $DB->next_record();
 if ($MinClassEdit > $LoggedUser['EffectiveClass']) {
     error(403);
 }
 
-$DB->query("DELETE FROM wiki_aliases WHERE Alias='".Wiki::normalize_alias($_GET['alias'])."'");
+$DB->prepared_query("DELETE FROM wiki_aliases WHERE Alias='".Wiki::normalize_alias($_GET['alias'])."'");
 Wiki::flush_article($ArticleID);
 Wiki::flush_aliases();

sections/wiki/edit.php

           <input type="button" value="Preview"
             class="hidden button_preview_<?=$ReplyText->getID()?>"
             tabindex="1" />
-          <input type="submit" value="Submit" />
+          <input type="submit" class="button-primary" value="Submit" />
         </div>
       </div>
     </form>

sections/wiki/revisions.php

       </tr>
 
       <?php
-$DB->query("
+$DB->prepared_query("
   SELECT
     Revision,
     Title,
 
       <tr>
         <td class="center" colspan="6">
-          <input type="submit" value="Compare" />
+          <input type="submit" class="button-primary" value="Compare" />
         </td>
       </tr>
     </table>

sections/wiki/search.php

 
         <tr>
           <td colspan="4" class="center">
-            <input type="submit" value="Search" />
+            <input type="submit" class="button-primary" value="Search" />
           </td>
         </tr>
       </table>
   </div>
   <?php } ?>
 
-  <table width="100%">
-    <tr class="colhead">
-      <td>Article</td>
-      <td>Last updated on</td>
-      <td>Last edited by</td>
+  <table class="skeleton-fix">
+    <tr>
+      <th>Article</th>
+      <th>Last updated on</th>
+      <th>Last edited by</th>
     </tr>
 
     <?php

sections/wiki/takecreate.php

 $Err = $Val->ValidateForm($_POST);
 
 if (!$Err) {
-    $DB->query("
+    $DB->prepared_query("
       SELECT ID
       FROM wiki_articles
       WHERE Title = '$P[title]'");
     $Edit = 100;
 }
 
-$DB->query("
+$DB->prepared_query("
   INSERT INTO wiki_articles
     (Revision, Title, Body, MinClassRead, MinClassEdit, Date, Author)
   VALUES
 $Dupe = Wiki::alias_to_id($_POST['title']);
 
 if ($TitleAlias !== '' && $Dupe === false) {
-    $DB->query("
+    $DB->prepared_query("
       INSERT INTO wiki_aliases (Alias, ArticleID)
       VALUES ('".db_string($TitleAlias)."', '$ArticleID')");
     Wiki::flush_aliases();

sections/wiki/takeedit.php

 }
 
 // Store previous revision
-$DB->query("
+$DB->prepared_query("
   INSERT INTO wiki_revisions
     (ID, Revision, Title, Body, Date, Author)
   VALUES
     Author = '$LoggedUser[ID]'
   WHERE ID = '$P[id]'";
 
-$DB->query($SQL);
+$DB->prepared_query($SQL);
 Wiki::flush_article($ArticleID);
 header("Location: wiki.php?action=article&id=$ArticleID");

sections/wiki/wiki_browse.php

 }
 
 $sql .= " ORDER BY Title";
-$DB->query($sql);
+$DB->prepared_query($sql);
 ?>
 
 <div>

static/styles/assets/scss/fonts.scss

     font-weight: 600;
     src: url($font-path + "misc/OpenSans-SemiBold.woff2");
 }
-
-/**
- * genaviv
- */
-
-/* latin-ext */
-@font-face {
-    font-family: "Source Sans Pro";
-    font-style: normal;
-    font-weight: 400;
-    src: url($font-path + "misc/SourceSansPro-Regular.woff2");
-    unicode-range: U+0100-024F, U+1E00-1EFF, U+20A0-20AB, U+20AD-20CF, U+2C60-2C7F, U+A720-A7FF;
-}
-
-/* latin */
-@font-face {
-    font-family: "Source Sans Pro";
-    font-style: normal;
-    font-weight: 400;
-    src: url($font-path + "misc/SourceSansPro-Regular.woff2");
-    unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215,
-        U+E0FF, U+EFFD, U+F000;
-}

static/styles/bookish/bookish.scss

 @import "../assets/go";
+@import "matcha/matcha";
 @import "scss/bookish";
 
 @import "scss/colors";

static/styles/bookish/matcha/matcha.scss

+/**
+ * Matcha Additions
+ */
+
+body.style_matcha {
+    /* Body */
+    background: #edeae5;
+
+    /* Header and logo */
+    #header {
+        background: url("/static/styles/bookish/matcha/sam-komon.png");
+    }
+
+    #logo {
+        background: url("/static/common/logos/matcha.png") no-repeat center;
+        background-size: contain;
+        width: 250px;
+        height: 50px;
+        margin: 0 0 0 10%;
+    }
+
+    /* Main menu */
+    #menu {
+        background-color: #016670;
+    }
+
+    #menu ul li a.active {
+        background-color: #016670;
+    }
+
+    #menu ul li a:hover {
+        background-color: #0298a6;
+    }
+
+    /* Dropdown menu */
+    #menu .nav_dropdown {
+        background: #016670;
+        margin-top: 0;
+    }
+
+    .nav_dropdown > div {
+        box-shadow: 2px 2px 10px -2px slategray;
+        position: absolute;
+        background-color: #016670;
+        width: 100%;
+        z-index: 99999;
+        margin-top: 2.4em;
+        /* margin-top: 32px; */
+        left: 0;
+    }
+
+    .nav_dropdown > div > a {
+        display: none;
+        color: white;
+        height: 2.4em;
+        line-height: 2.4em;
+        text-decoration: none;
+    }
+
+    .nav_dropdown:hover > div > a {
+        display: block;
+    }
+
+    /* Search bars */
+    #searchbars {
+        text-align: center;
+        background-color: #9fedd7;
+        box-sizing: content-box;
+        padding: 0.5em 10%;
+        display: flex;
+
+        input {
+            position: relative;
+            border: 1px solid transparent;
+            box-sizing: border-box;
+            padding: 0.25em 0.25em 0.25em 0.5em;
+            background-color: white;
+            width: 100%;
+            color: black;
+        }
+
+        ul {
+            margin: 0 auto;
+            display: block;
+            text-align: center;
+
+            li {
+                display: inline;
+                margin: 0px 1px;
+                list-style: none;
+                position: relative;
+
+                form {
+                    display: inline;
+                }
+
+                ul {
+                    display: block;
+                    position: absolute;
+                    top: 1em;
+                    left: 0;
+                    z-index: 1000;
+                    background-color: white;
+                    width: 12em;
+                    margin-top: 1em;
+
+                    li {
+                        margin: 0 0 0 0;
+                        padding: 0;
+                        display: block;
+                        width: 100%;
+
+                        .highlight {
+                            background: white;
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    #searchbars > .search_form {
+        flex: 1 1 auto;
+        text-align: center;
+        margin: 0 0.1em;
+    }
+
+    /* Upload, Invite, etc. */
+    #userinfo {
+        background: #fff9c7;
+        box-shadow: 0 2px 10px -2px slategray;
+        color: black;
+        padding: 0.5em 0;
+        width: 100%;
+        text-align: center;
+
+        a {
+            color: black;
+            text-decoration: none;
+
+            &:hover {
+                text-decoration: underline;
+            }
+        }
+
+        b a {
+            font-weight: normal;
+            font-size: 0.9em;
+            font-weight: bold;
+        }
+
+        ul {
+            display: inline;
+            margin: 0 1%;
+
+            li {
+                display: inline;
+                margin: 0 0.1em;
+                line-height: 2em;
+                vertical-align: middle;
+                padding: 0;
+            }
+        }
+    }
+
+    #userinfo_minor > li > ul {
+        display: none;
+        position: absolute;
+        padding: 5px;
+        left: -5px;
+        background-color: #fff9c7;
+        z-index: 100;
+    }
+
+    /* Alerts, Toolbox, etc. */
+    .alertbar {
+        background-color: #fff9c7;
+        text-align: center;
+        color: black;
+        font-weight: bold;
+        width: 320px;
+        margin: 2em auto;
+        padding: 1em;
+
+        a {
+            color: black;
+            text-decoration: none;
+
+            &:hover {
+                color: black;
+                text-decoration: underline;
+            }
+        }
+
+        .warning {
+            background-color: #ffe68a;
+        }
+
+        .error {
+            background-color: #ff8a8a;
+        }
+    }
+
+    /* Column heads */
+    .head {
+        background: #9fedd7;
+        color: black;
+        padding: 0.5em 1em;
+    }
+
+    .colhead {
+        background: #9fedd7;
+        font-weight: bold;
+        color: black;
+    }
+
+    .colhead_dark {
+        background: #9fedd7;
+        color: black;
+    }
+
+    /* Box */
+    .box,
+    section {
+        background-color: white;
+        border: none;
+        margin-bottom: 1em;
+    }
+
+    /* Shadows */
+    .box,
+    .border,
+    .alertbar,
+    .artist_table,
+    .request_table,
+    .forum_index,
+    #userinfo_minor > li > ul,
+    .permissions table {
+        box-shadow: 2px 2px 10px -2px slategray;
+    }
+
+    /* Links */
+    a {
+        color: #016670;
+        text-decoration: none;
+
+        &:hover {
+            color: black;
+            text-decoration: underline;
+        }
+    }
+
+    /* Special links */
+    .forum_post .body a:not([href="#"]),
+    .rule_summary a,
+    .wiki_article a,
+    #actual_rules a,
+    .news_post .pad a,
+    .store_table a {
+        color: #016670;
+        text-decoration: none;
+    }
+
+    .forum_post .body a:hover:not([href="#"]),
+    .rule_summary a:hover,
+    .wiki_article a:hover,
+    #actual_rules a:hover,
+    .news_post .pad a:hover,
+    .store_table a:hover {
+        color: black;
+        text-decoration: underline;
+    }
+
+    /* Blockquote */
+    blockquote {
+        margin: 0.5em 2em;
+        padding: 1em;
+        border: 1px solid #bbb;
+    }
+
+    /* Buttons */
+    button:not(.editor-toolbar button),
+    input[type="button"],
+    input[type="submit"] {
+        background: #fbe180;
+        border-radius: 0.25rem;
+        box-shadow: 2px 2px 10px -5px slategray;
+    }
+
+    button:hover,
+    input[type="button"]:hover,
+    input[type="submit"]:hover {
+        background: #fff9c7;
+    }
+
+    button:focus,
+    input[type="button"]:focus,
+    input[type="submit"]:focus {
+        background: #fff9c7;
+    }
+
+    /* Text input */
+    input.inputtext {
+        border: none;
+        border-bottom: 1px solid #edeae5;
+        background-color: white;
+        font-size: 13px;
+        outline: none;
+        transition: ease-in-out 0.12s;
+
+        &:focus {
+            border-bottom: 1px solid #fbe180;
+        }
+    }
+
+    /* Cover images */
+    #coverCont {
+        background-color: #fff9c7;
+        padding: 5px;
+        box-shadow: 2px 2px 10px -2px slategray;
+    }
+
+    #coverCont img {
+        background-color: #fff9c7;
+    }
+
+    /* Captions */
+    caption {
+        border-bottom: 1px solid #edeae5;
+        font-weight: bold;
+    }
+
+    /* Messages */
+    .error_message {
+        padding: 1em;
+        background-color: #ff8a8a;
+        text-align: center;
+        color: white;
+        font-weight: bold;
+        box-shadow: 2px 2px 10px -5px slategray;
+    }
+
+    .save_message {
+        padding: 1em;
+        width: 50%;
+        margin: 2em auto;
+        background: #fbe180;
+        text-align: center;
+        color: black;
+        font-weight: bold;
+        box-shadow: 2px 2px 10px -5px slategray;
+    }
+
+    /* Forums */
+    .forum_post .colhead_dark {
+        background: #9fedd7;
+    }
+
+    .forum_post.staff_post .colhead_dark {
+        background: #fbe180;
+    }
+
+    .forum_post.sticky_post {
+        border: 2px solid #fbe180;
+    }
+
+    /* Inbox */
+    tr.unreadpm {
+        background-color: #fff9c7;
+    }
+} /* end body.style_matcha */