Continued implementation of new table structures, New SQL procedures, and New function principles, Updated saving methods to support PHP 7.4 and deprecation of magic_quotes

2025-01-03 19:52:13 +01:00 · 2019-10-16 10:20:09 -04:00 · 2019-10-16 10:20:09 -04:00 · fa0889268a
commit fa0889268a
parent ecd0f63d63
19 changed files with 372 additions and 947 deletions
--- a/common.php
+++ b/common.php
@ -167,8 +167,8 @@ class Common {
 	public static function is_admin() {
 		global $sql;
-		$query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;";
+		$query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
-		$bind_variables = array( $_SESSION["user"], "admin" );
+		$bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
 		$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
 		$admin = ( $return > 0 );
 		return $admin;
@ -316,32 +316,7 @@ class Common {
 	public static function startSession() {
-		Common::construct();
+		Common::start_session();
 		//Set a Session Name
 		session_name( md5( BASE_PATH ) );
 		session_save_path( SESSIONS_PATH );
 		session_start();
 		if( ! defined( 'SESSION_ID' ) ) {
 			define( "SESSION_ID", session_id() );
 		}
 		//Check for external authentification
 		if( defined( 'AUTH_PATH' ) ) {
 			require_once( AUTH_PATH );
 		}
 		global $lang;
 		if ( isset( $_SESSION['lang'] ) ) {
 			include BASE_PATH . "/languages/{$_SESSION['lang']}.php";
 		} else {
 			include BASE_PATH . "/languages/" . LANGUAGE . ".php";
 		}
 	}
 	//////////////////////////////////////////////////////////////////
--- a/components/active/class.active.php
+++ b/components/active/class.active.php
@ -14,7 +14,6 @@ class Active extends Common {
 	// PROPERTIES
 	//////////////////////////////////////////////////////////////////
 	public $username    = "";
 	public $path        = "";
 	public $new_path    = "";
@ -34,7 +33,7 @@ class Active extends Common {
 	public static function remove( $path ) {
 		global $sql;
-		$query = "DELETE FROM active WHERE path=? AND username=?;";
+		$query = "DELETE FROM active WHERE path=? AND user=?;";
 		$bind_variables = array( $path, $_SESSION["user"] );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 	}
@ -46,8 +45,8 @@ class Active extends Common {
 	public function ListActive() {
 		global $sql;
-		$query = "SELECT path, position, focused FROM active WHERE username=?";
+		$query = "SELECT path, position, focused FROM active WHERE user=?";
-		$bind_variables = array( $this->username );
+		$bind_variables = array( $_SESSION["user_id"] );
 		$result = $sql->query( $query, $bind_variables, array() );
 		$tainted = false;
 		$root = WORKSPACE;
@ -82,7 +81,7 @@ class Active extends Common {
 	public function Check() {
 		global $sql;
-		$query = "SELECT username FROM active WHERE path=?";
+		$query = "SELECT user FROM active WHERE path=?";
 		$bind_variables = array( $this->path );
 		$result = $sql->query( $query, $bind_variables, array() );
 		$tainted = false;
@ -92,10 +91,11 @@ class Active extends Common {
 		foreach( $result as $id => $data ) {
-			array_push( $users, $data["username"] );
+			array_push( $users, $data["user"] );
-			if( $data["username"] == $this->username ) {
+			if( $data["user"] == $_SESSION ) {
 				$user = true;
 				break;
 			}
 		}
@ -115,8 +115,8 @@ class Active extends Common {
 	public function Add() {
 		global $sql;
-		$query = "INSERT INTO active( username, path, focused ) VALUES ( ?, ?, ? );";
+		$query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
-		$bind_variables = array( $this->username, $this->path, false );
+		$bind_variables = array( $_SESSION["user_id"], $this->path, false );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		if( $return > 0 ) {
@ -149,8 +149,8 @@ class Active extends Common {
 	public function RemoveAll() {
 		global $sql;
-		$query = "DELETE FROM active WHERE username=?;";
+		$query = "DELETE FROM active WHERE user=?;";
-		$bind_variables = array( $this->username );
+		$bind_variables = array( $_SESSION["user_id"] );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		if( $return > 0 ) {
@ -167,8 +167,8 @@ class Active extends Common {
 	public function MarkFileAsFocused() {
 		global $sql;
-		$query = "UPDATE active SET focused=? WHERE username=?;UPDATE active SET focused=? WHERE path=? AND username=?;";
+		$query = "UPDATE active SET focused=? WHERE user=?;UPDATE active SET focused=? WHERE path=? AND user=?;";
-		$bind_variables = array( false, $this->username, true, $this->path, $this->username );
+		$bind_variables = array( false, $_SESSION["user_id"], true, $this->path, $_SESSION["user_id"] );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		if( $return > 0 ) {
@ -188,8 +188,8 @@ class Active extends Common {
 			foreach( $positions as $path => $cursor ) {
-				$query .= "UPDATE active SET position=? WHERE path=? AND username=?;";
+				$query .= "UPDATE active SET position=? WHERE path=? AND user=?;";
-				array_push( $bind_variables, json_encode( $cursor ), $path, $this->username );
+				array_push( $bind_variables, json_encode( $cursor ), $path, $_SESSION["user_id"] );
 			}
 			$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
--- a/components/filemanager/class.filemanager.php
+++ b/components/filemanager/class.filemanager.php
@ -406,7 +406,8 @@ class Filemanager extends Common {
 		if( $patch && ! $mtime ) {
 			$response["status"] = "error";
-			$response["message"] = "mtime parameter not found";
+			$response["message"] = "invalid mtime parameter not found";
 			$response["mtime"] = $mtime;
 			return $response;
 		}
--- a/components/filemanager/controller.php
+++ b/components/filemanager/controller.php
@ -169,24 +169,36 @@ switch( $action ) {
 	case 'modify':
-		if( isset( $_POST["content"] ) || isset( $_POST["patch"] ) ) {
+		if( isset( $_POST["data"] ) ) {
-			$content = isset( $_POST["content"] ) ? $_POST["content"] : "";
+			$data = json_decode( $_POST["data"], true );
 			$patch = isset( $_POST["patch"] ) ? $_POST["patch"] : false;
 			$mtime = isset( $_POST["mtime"] ) ? $_POST["mtime"] : 0;
-			if( get_magic_quotes_gpc() ){
+			if( json_last_error() !== JSON_ERROR_NONE ) {
-				$content = stripslashes( $content );
+				$data = json_decode( stripslashes( $_POST["data"] ), true );
 				$patch = stripslashes( $patch );
 				$mtime = stripslashes( $mtime );
 			}
-			$response = $Filemanager->modify( $path, $content, $mtime );
+			if( json_last_error() !== JSON_ERROR_NONE ) {
 				$data = array();
 			}
 			if( isset( $data["content"] ) || isset( $data["patch"] ) ) {
 				$content = isset( $data["content"] ) ? $data["content"] : "";
 				$patch = isset( $data["patch"] ) ? $data["patch"] : false;
 				$mtime = isset( $data["mtime"] ) ? $data["mtime"] : 0;
 				$response = $Filemanager->modify( $path, $content, $patch, $mtime );
 			} else {
 				$response["status"] = "error";
 				$response["message"] = "Missing modification content";
 			}
 		} else {
 			$response["status"] = "error";
-			$response["message"] = "Missing modification content";
+			$response["message"] = "Missing save data";
 		}
 	break;
--- a/components/filemanager/init.js
+++ b/components/filemanager/init.js
@ -54,10 +54,10 @@
 			this.noOpen = this.noAudio.concat( this.noFiles, this.noImages ),
-				this.noBrowser = this.noAudio.concat( this.noImages ),
+			this.noBrowser = this.noAudio.concat( this.noImages ),
-				
+			
-				// Initialize node listener
+			// Initialize node listener
-				this.nodeListener();
+			this.nodeListener();
 			this.auto_reload = ( await codiad.settings.get_option( "codiad.filemanager.autoReloadPreview" ) == "true" );
 			amplify.subscribe( 'settings.save', async function() {
@ -1066,8 +1066,10 @@
 					callbacks.error.apply( context, [data] );
 				}
 			}
-			
+			let post = {
-			$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), data, function( resp ) {
+				"data": JSON.stringify( data )
 			};
 			$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), post, function( resp ) {
 				console.log( resp );
 				resp = $.parseJSON( resp );
--- a/components/install/install.php
+++ b/components/install/install.php
@ -148,8 +148,7 @@ define("WSURL", BASE_URL . "/workspace");
 // Marketplace
 //define("MARKETURL", "http://market.codiad.com/json");
 ';
-		$this->save_file( $this->config, $config_data );
+		return file_put_contents( $this->config, $config_data );
 		echo( "success" );
 	}
 	function create_project() {
@ -158,10 +157,12 @@ define("WSURL", BASE_URL . "/workspace");
 		if ( ! $this->is_abs_path( $project_path ) ) {
-			$project_path = preg_replace( '/[^\w-._@]/', '-', $project_path );
+			$project_path = preg_replace( '/[^\w\-._@]/', '-', $project_path );
 			$project_path = $this->username . "/" . $project_path;
 			if( ! is_dir( $this->workspace . "/" . $project_path ) ) {
-				mkdir( $this->workspace . "/" . $project_path );
+				mkdir( $this->workspace . "/" . $project_path, 0755, true );
 			}
 		} else {
@ -185,11 +186,12 @@ define("WSURL", BASE_URL . "/workspace");
 		}
 		$bind_variables = array(
 			$project_path,
 			$this->project_name,
 			$project_path,
 			$this->username
 		);
-		$query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
+		$query = "DELETE FROM projects WHERE path = ?;INSERT INTO projects(name, path, owner) VALUES (?,?,( SELECT id FROM users WHERE username = ? LIMIT 1 ));";
 		$connection = $this->sql->connect();
 		$statement = $connection->prepare( $query );
 		$statement->execute( $bind_variables );
@ -205,36 +207,31 @@ define("WSURL", BASE_URL . "/workspace");
 		$result = $this->sql->create_default_tables();
-		if ( ! $result === true ) {
+		if ( ! $result["create_tables"] === true ) {
-			die( '{"message":"Could not tables in database.","error":"' . json_encode( $result ) .'"}' );
+			exit( json_encode( $result ) );
 		}
 	}
 	function create_user() {
 		$bind_variables = array(
 			"",
 			"",
 			$this->username,
 			$this->password,
 			"",
 			$this->project_path,
-			"admin",
+			Permissions::LEVELS["admin"]
 			"",
 			""
 		);
-		$query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
+		$query = "INSERT INTO users( username, password, project, access ) VALUES ( ?,?,( SELECT id FROM projects WHERE path = ? LIMIT 1 ),? )";
 		$connection = $this->sql->connect();
 		$statement = $connection->prepare( $query );
 		$statement->execute( $bind_variables );
 		$error = $statement->errorInfo();
-		if( ! $error[0] == "00000" ) {
+		try {
-			die( '{"message":"Could not create user in database.","error":"' . addslashes(json_encode( $error )) .'"}' );
+			$connection = $this->sql->connect();
 			$statement = $connection->prepare( $query );
 			$statement->execute( $bind_variables );
 		} catch( exception $e ) {
 			exit( "Error could not create user: " . $e->getMessage() );
 		}
 		$this->set_default_options();
 	}
@ -269,10 +266,11 @@ define("WSURL", BASE_URL . "/workspace");
 		$connection = $this->sql->connect();
 		$this->create_tables();
 		$this->create_project();
 		$this->create_user();
 		$this->create_project();
 		//exit( "stop" );
 		$this->create_config();
 		return "success";
 	}
 	function JSEND( $message, $error=null ) {
@ -288,18 +286,11 @@ define("WSURL", BASE_URL . "/workspace");
 		exit( json_encode( $message ) );
 	}
 	function save_file( $file, $data ) {
 		$write = fopen( $file, 'w' ) or die( '{"message": "can\'t open file"}' );
 		fwrite( $write, $data );
 		fclose( $write );
 	}
 	public function set_default_options() {
 		foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
-			$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+			$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username = ? ), ? );";
 			$bind_variables = array(
 				$option["name"],
 				$this->username,
@ -309,7 +300,7 @@ define("WSURL", BASE_URL . "/workspace");
 			if( $result == 0 ) {
-				$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+				$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username = ? );";
 				$bind_variables = array(
 					$option["value"],
 					$option["name"],
--- a/components/install/view.php
+++ b/components/install/view.php
@ -442,12 +442,12 @@ if(!password_match){ alert('The passwords entered do not match'); }
 if(!empty_fields && password_match && check_path){
 $.post('components/install/install.php',$('#install').serialize(),function( data ) {
-if( data == 'success' ){
+console.log( data );
 if( data === "success" ){
 window.location.reload();
 } else {
-data = JSON.parse( data );
+alert( "An Error Occurred.  Please check the console for more information.\n" );
 console.log( data.error );
 alert( "An Error Occurred\n" + data.message );
 }
 });
 }
--- a/components/permissions/class.permissions.php
+++ b/components/permissions/class.permissions.php
@ -23,6 +23,12 @@ class Permissions {
 		"admin" => 64,
 	);
 	const SYSTEM_LEVELS = array(
 		"user" => 32,
 		"admin" => 64,
 	);
 	function __construct() {
@ -82,7 +88,7 @@ class Permissions {
 				if( $data["owner"] == 'nobody' ) {
 					$access = self::LEVELS["owner"];
-				} elseif( $data["owner"] == $_SESSION["user"] ) {
+				} elseif( $data["owner"] == $_SESSION["user_id"] ) {
 					$access = self::LEVELS["owner"];
 				} else {
--- a/components/project/class.project.php
+++ b/components/project/class.project.php
@ -155,13 +155,13 @@ class Project extends Common {
 			$owner = $result["owner"];
 			if( $exclude_public ) {
-				if( $owner == $_SESSION["user"] ) {
+				if( $owner == $_SESSION["user_id"] ) {
 					$return = true;
 				}
 			} else {
-				if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
+				if( $owner == $_SESSION["user_id"] || $owner == 'nobody' ) {
 					$return = true;
 				}
@ -217,7 +217,7 @@ class Project extends Common {
 				OR owner='nobody'
 				OR id IN ( SELECT project FROM access WHERE user = ? )
 			) ORDER BY name;";
-		$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
+		$bind_variables = array( $project, $_SESSION["user_id"], $_SESSION["user_id"] );
 		//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
 		//$bind_variables = array( $project, $_SESSION["user"] );
 		$return = $sql->query( $query, $bind_variables, array(), "fetch" );
@ -260,7 +260,7 @@ class Project extends Common {
 			WHERE owner=?
 			OR owner='nobody'
 			OR id IN ( SELECT project FROM access WHERE user = ? );";
-		$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
+		$bind_variables = array( $_SESSION["user_id"], $_SESSION["user_id"] );
 		$return = $sql->query( $query, $bind_variables, array() );
 		return( $return );
 	}
@ -293,14 +293,14 @@ class Project extends Common {
 		global $sql;
 		$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
-		$bind_variables = array( $old_name, $path, $_SESSION["user"] );
+		$bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
 		$return = $sql->query( $query, $bind_variables, array() );
 		$pass = false;
 		if( ! empty( $return ) ) {
 			$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
-			$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
+			$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
 			$return = $sql->query( $query, $bind_variables, 0, "rowCount");
 			if( $return > 0 ) {
@ -375,13 +375,13 @@ class Project extends Common {
 				OR owner='nobody'
 				OR id IN ( SELECT project FROM access WHERE user = ? )
 			) ORDER BY name LIMIT 1;";
-		$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
+		$bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
 		$return = $sql->query( $query, $bind_variables, array(), "fetch" );
 		if( ! empty( $return ) ) {
 			$query = "UPDATE users SET project=? WHERE username=?;";
-			$bind_variables = array( $this->path, $_SESSION["user"] );
+			$bind_variables = array( $return["id"], $_SESSION["user"] );
 			$sql->query( $query, $bind_variables, 0, "rowCount" );
 			$this->name = $return['name'];
 			$_SESSION['project'] = $return['path'];
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@ -96,7 +96,7 @@ switch( $_GET['action'] ) {
 										?>
 										<td width="70"><a onclick="codiad.message.error(i18n('Public projects can not be managed'));" class="icon-block bigger-icon"></a></td>
 										<?php
-									} elseif( $owner !== $_SESSION["user"] ) {
+									} elseif( $owner !== $_SESSION["user_id"] ) {
 										?>
 										<td width="70"><a onclick="codiad.message.error(i18n('Projects owned by others can not be managed'));" class="icon-block bigger-icon"></a></td>
--- a/components/settings/class.settings.php
+++ b/components/settings/class.settings.php
@ -113,7 +113,7 @@ class Settings {
 			$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		} else {
-			$query = "DELETE FROM options WHERE name=? AND username=?";
+			$query = "DELETE FROM options WHERE name=? AND user=?";
 			$bind_variables = array(
 				$option,
 				$this->username,
@ -138,17 +138,17 @@ class Settings {
 			$query = "SELECT value FROM options WHERE name=?;";
 			$bind_variables = array( $option );
-			$return = $sql->query( $query, $bind_variables, array() )[0];
+			$return = $sql->query( $query, $bind_variables, array() );
 		} else {
-			$query = "SELECT value FROM user_options WHERE name=? AND username=?;";
+			$query = "SELECT value FROM user_options WHERE name=? AND user=?;";
-			$bind_variables = array( $option, $this->username );
+			$bind_variables = array( $option, $_SESSION["user_id"] );
-			$return = $sql->query( $query, $bind_variables, array() )[0];
+			$return = $sql->query( $query, $bind_variables, array() );
 		}
 		if( ! empty( $return ) ) {
-			$return = $return["value"];
+			$return = $return[0]["value"];
 		} else {
 			$return = null;
@ -259,21 +259,21 @@ class Settings {
 			}
 		} else {
-			$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+			$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
 			$bind_variables = array(
 				$option,
-				$this->username,
+				$_SESSION["user_id"],
 				$value,
 			);
 			$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
 			if( $result == 0 ) {
-				$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+				$query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
 				$bind_variables = array(
 					$value,
 					$option,
-					$this->username,
+					$_SESSION["user_id"],
 				);
 				$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
 			}
--- a/components/settings/init.js
+++ b/components/settings/init.js
@ -166,7 +166,7 @@
 			let _self = codiad.settings;
 			jQuery.ajax({
-					
+				
 				url: this.controller + '?action=update_option',
 				type: "POST",
 				dataType: 'html',
--- a/components/sql/class.sql.conversions.php
+++ b/components/sql/class.sql.conversions.php
@ -1,458 +0,0 @@
 <?php
 class sql_conversions {
 	public $actions = array(
 		"create" => array(
 			"mysql" => "CREATE TABLE IF NOT EXISTS",
 			"pgsql" => "CREATE TABLE IF NOT EXISTS",
 			"sqlite" => "CREATE TABLE IF NOT EXISTS",
 		),
 		"delete" => array(
 			"mysql" => "DELETE",
 			"pgsql" => "DELETE",
 			"sqlite" => "DELETE",
 		),
 		"find" => array(
 			"mysql" => "LOCATE( %substring%, %string% )",
 			"pgsql" => "POSITION( %substring% in %string% )",
 			"sqlite" => "INSTR( %string%, %substring% )",
 		),
 		"select" => array(
 			"mysql" => "SELECT",
 			"pgsql" => "SELECT",
 			"sqlite" => "SELECT",
 		),
 		"update" => array(
 			"mysql" => "UPDATE",
 			"pgsql" => "UPDATE",
 			"sqlite" => "UPDATE",
 		),
 	);
 	public $comparisons = array(
 		"equal" => array(
 			"mysql" => "=",
 			"pgsql" => "=",
 			"sqlite" => "=",
 		),
 		"less than" => array(
 			"mysql" => "<",
 			"pgsql" => "<",
 			"sqlite" => "<",
 		),
 		"more than" => array(
 			"mysql" => ">",
 			"pgsql" => ">",
 			"sqlite" => ">",
 		),
 		"not" => array(
 			"mysql" => "!",
 			"pgsql" => "!",
 			"sqlite" => "!",
 		),
 		"not equal" => array(
 			"mysql" => "!=",
 			"pgsql" => "!=",
 			"sqlite" => "!=",
 		),
 		"where" => array(
 			"mysql" => "WHERE",
 			"pgsql" => "WHERE",
 			"sqlite" => "WHERE",
 		),
 	);
 	public $data_types = array(
 		"bool" => array(
 			"mysql" => "BOOL",
 			"pgsql" => "BOOL",
 			"sqlite" => "BOOL",
 		),
 		"int" => array(
 			"mysql" => "INT",
 			"pgsql" => "INT",
 			"sqlite" => "INT",
 		),
 		"string" => array(
 			"mysql" => "VARCHAR(255)",
 			"pgsql" => "VARCHAR",
 			"sqlite" => "VARCHAR",
 		),
 		"text" => array(
 			"mysql" => "TEXT",
 			"pgsql" => "TEXT",
 			"sqlite" => "TEXT",
 		),
 	);
 	public $general = array(
 		"from" => array(
 			"mysql" => "FROM",
 			"pgsql" => "FROM",
 			"sqlite" => "FROM",
 		),
 	);
 	public $specials = array(
 		"id" => array(
 			"mysql" => "NOT NULL AUTO_INCREMENT PRIMARY KEY",
 			"pgsql" => "SERIAL PRIMARY KEY",
 			"sqlite" => "SERIAL PRIMARY KEY",
 		),
 		"key" => array(
 			"mysql" => "KEY",
 			"pgsql" => "KEY",
 			"sqlite" => "KEY",
 		),
 		"auto increment" => array(
 			"mysql" => "AUTO_INCREMENT",
 			"pgsql" => "AUTO_INCREMENT",
 			"sqlite" => "AUTO_INCREMENT",
 		),
 		"not null" => array(
 			"mysql" => "NOT NULL",
 			"pgsql" => "NOT NULL",
 			"sqlite" => "NOT NULL",
 		),
 		"null" => array(
 			"mysql" => "NULL",
 			"pgsql" => "NULL",
 			"sqlite" => "NULL",
 		),
 		"unique" => array(
 			"mysql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
 			"pgsql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
 			"sqlite" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
 		),
 	);
 	public $wraps = array(
 		"close" => array(
 			"mysql" => "`",
 			"mssql" => "]",
 			"pgsql" => "\"",
 			"sqlite" => "\"",
 		),
 		"open" => array(
 			"mysql" => "`",
 			"mssql" => "[",
 			"pgsql" => "\"",
 			"sqlite" => "\"",
 		),
 	);
 	public function check_field( $needle, $haystack ) {
 		$field = preg_replace_callback(
 			// Matches parts to be replaced: '[field]'
 			'/(\[.*?\])/',
 			// Callback function. Use 'use()' or define arrays as 'global'
 			function( $matches ) use ( $haystack ) {
 				// Remove square brackets from the match
 				// then use it as variable name
 				$match = trim( $matches[1], "[]" );
 				return $match;
 			},
 			// Input string to search in.
 			$needle
 		);
 		if( $field === $needle ) {
 			$field = false;
 		}
 		return $field;
 	}
 	public function find( $substring, $string ) {
 		$dbtype = DBTYPE;
 		$find_string = $this->actions["find"][$dbtype];
 		$find_string = str_replace( "%string%", $string, $find_string );
 		$find_string = str_replace( "%substring%", $substring, $find_string );
 		return $find_string;
 	}
 	public function select( $table, $fields, $where ) {
 		$dbtype = DBTYPE;
 		$id_close = $this->wraps["close"][$dbtype];
 		$id_open = $this->wraps["open"][$dbtype];
 		$query = $this->actions["select"][$dbtype] . " ";
 		$bind_vars = array();
 		if( empty( $fields ) ) {
 			$query .= " * ";
 		}
 		foreach( $fields as $field ) {
 			$query .= $field . ",";
 		}
 		$query = substr( $query, 0, -1 );
 		$query .= " {$this->general["from"][$dbtype]} {$table} ";
 		if( ! empty( $where ) ) {
 			$query .= " {$this->comparisons["where"][$dbtype]} ";
 		}
 		foreach( $where as $comparison ) {
 			$comparison_string = "";
 			//Put a replace of %% symbols with fields and open / close
 			if( $comparison[0] == "find" ) {
 				$c1 = $this->check_field( $comparison[1], $fields );
 				$c2 = $this->check_field( $comparison[2], $fields );
 				$c3 = $this->check_field( $comparison[3][1], $fields );
 				if( ! $c1 === FALSE ) {
 					$c1 = $id_open . $c1 . $id_close;
 				} else {
 					$c1 = "?";
 					array_push( $bind_vars, $comparison[1] );
 				}
 				if( ! $c2 === FALSE ) {
 					$c2 = $id_open . $c2 . $id_close;
 				} else {
 					$c2 = "?";
 					array_push( $bind_vars, $comparison[2] );
 				}
 				if( ! $c3 === FALSE ) {
 					$c3 = $id_open . $c3 . $id_close;
 				} else {
 					$c3 = "?";
 					array_push( $bind_vars, $comparison[3][1] );
 				}
 				$c0 = $this->find( $c1, $c2 );
 				$comparison_string .= "{$c0} {$this->comparisons[$comparison[3][0]][$dbtype]} {$c3}";
 			} elseif( $comparison[0] == "in" ) {
 			} elseif( $comparison[0] == "limit" ) {
 			} else {
 				if( in_array( $fields, $comparison[1] ) ) {
 					$comparison[1] = $id_open . $comparison[1] . $id_close;
 				}
 				if( in_array( $fields, $comparison[3] ) ) {
 					$comparison[3] = $id_open . $comparison[3] . $id_close;
 				}
 				$comparison_string .= "{$comparison[1]} {$this->$comparisons[$comparison[0]][$dbtype]} {$comparison[2]}";
 			}
 			$index = array_search( $comparison, $where );
 			if( $index  ) {
 			} else {
 				$query .= "{$comparison_string} ";
 			}
 		}
 		//$query = substr( $query, 0, -1 );
 		$query .= ";";
 		return array( $query, $bind_vars );
 	}
 	public function table( $table_name, $fields, $attributes ) {
 		$dbtype = DBTYPE;
 		$id_close = $this->wraps["close"][$dbtype];
 		$id_open = $this->wraps["open"][$dbtype];
 		$query = "{$this->actions["create"][$dbtype]} {$table_name} (";
 		foreach( $fields as $id => $type ) {
 			$query .= "{$id} {$this->data_types[$type][$dbtype]}";
 			if( isset( $attributes[$id] ) ) {
 				foreach( $attributes[$id] as $attribute ) {
 					$attribute_string = $this->specials["$attribute"][$dbtype];
 					if( $attribute == "unique" ) {
 						continue;
 					}
 					if( $dbtype == "pgsql" ) {
 						if( $id == "id" ) {
 							$query = substr( $query, 0, -( strlen( " {$this->data_types[$type][$dbtype]}" ) ) );
 						}
 					}
 					if( ! strpos( $attribute_string, "%table_name%" ) === FALSE ) {
 						$attribute_string = str_replace( "%table_name%", $table_name, $attribute_string );
 					}
 					if( ! strpos( $attribute_string, "%fields%" ) === FALSE ) {
 						$fields_string = "";
 						foreach( $fields as $field ) {
 							$fields_string .= "{$id_open}field{$id_close},";
 						}
 						$fields_string = substr( $fields_string, 0, -1 );
 						$attribute_string = str_replace( "%fields%", $fields_string, $attribute_string );
 					}
 					$query .= " {$attribute_string}";
 				}
 			}
 			$query .= ",";
 		}
 		$id_close = $this->wraps["close"][$dbtype];
 		$id_open = $this->wraps["open"][$dbtype];
 		$fields_string = "";
 		$unique_string = "";
 		$unique_length = 0;
 		foreach( $attributes as $id => $attribute ) {
 			if( in_array( "unique", $attribute ) ) {
 				$unique_length++;
 			}
 		}
 		foreach( $attributes as $id => $attribute ) {
 			if( is_array( $attribute ) && in_array( "unique", $attribute ) ) {
 				if( $unique_string == "" ) {
 					$unique_string = $this->specials["unique"][$dbtype] . ",";
 				}
 				if( $dbtype == "mysql" && $fields ) {
 					if( $fields[$id] == "text" ) {
 						$field_length = ( 3000 / $unique_length );
 						$fields_string .= "{$id_open}{$id}{$id_close}($field_length),";
 					} elseif( $fields[$id] == "string" ) {
 						$field_length = ( 3000 / $unique_length );
 						$fields_string .= "{$id_open}{$id}{$id_close}(255),";
 					}
 				} else {
 					$fields_string .= "{$id_open}{$id}{$id_close},";
 				}
 			}
 		}
 		$unique_string = str_replace( "%constraint_name%", strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $fields_string ) ), $unique_string );
 		$unique_string = str_replace( "%field_names%", substr( $fields_string, 0, -1 ), $unique_string );
 		$query .= $unique_string;
 		$query = substr( $query, 0, -1 );
 		$query .= ")";
 		if( $dbtype == "mysql" ) {
 			$query .= " ENGINE=InnoDB;";
 		} else {
 			$query .= ";";
 		}
 		return( $query );
 	}
 	public function tables( $tables ) {
 		$query = "";
 		foreach( $tables as $table_name => $table_data ) {
 			$query .= $this->table( $table_name, $table_data["fields"], $table_data["attributes"] ) . PHP_EOL;
 		}
 		return( $query );
 	}
 	public function update( $table, $fields, $where ) {
 	}
 }
 ?>
--- a/components/sql/class.sql.php
+++ b/components/sql/class.sql.php
@ -54,141 +54,27 @@ class sql {
 	public function create_default_tables() {
-		$create_tables = $this->create_tables(
+		$create_tables = $this->create_tables();
 			array(
 				"active" => array(
 					"fields" => array(
 						"username" => "string",
 						"path" => "text",
 						"position" => "string",
 						"focused" => "string"
 					),
 					"attributes" => array(
 						"username" => array( "not null" ),
 						"path" => array( "not null" ),
 						"focused" => array( "not null" ),
 					)
 				),
 				"access" => array(
 					"fields" => array(
 						"project" => "int",
 						"user" => "int",
 						"level" => "int",
 					),
 					"attributes" => array(
 						"id" => array( "not null" ),
 						"user" => array( "not null" ),
 						"level" => array( "not null" ),
 					)
 				),
 				"options" => array(
 					"fields" => array(
 						"id" => "int",
 						"name" => "string",
 						"value" => "text",
 					),
 					"attributes" => array(
 						"id" => array( "id" ),
 						"name" => array( "not null", "unique" ),
 						"value" => array( "not null" ),
 					)
 				),
 				"projects" => array(
 					"fields" => array(
 						"id" => "int",
 						"name" => "string",
 						"path" => "text",
 						"owner" => "string",
 					),
 					"attributes" => array(
 						"id" => array( "id" ),
 						"name" => array( "not null" ),
 						"path" => array( "not null", "unique" ),
 						"owner" => array( "not null", "unique" ),
 					)
 				),
 				"users" => array(
 					"fields" => array(
 						"id" => "int",
 						"first_name" => "string",
 						"last_name" => "string",
 						"username" => "string",
 						"password" => "text",
 						"email" => "string",
 						"project" => "int",
 						"access" => "string",
 						"token" => "string",
 					),
 					"attributes" => array(
 						"id" => array( "id" ),
 						"username" => array( "not null", "unique" ),
 						"password" => array( "not null" ),
 						"access" => array( "not null" ),
 					)
 				),
 				"user_options" => array(
 					"fields" => array(
 						"id" => "int",
 						"name" => "string",
 						"username" => "string",
 						"value" => "text",
 					),
 					"attributes" => array(
 						"id" => array( "id" ),
 						"name" => array( "not null", "unique" ),
 						"username" => array( "not null", "unique" ),
 						"value" => array( "not null" ),
 					)
 				),
 			)
 		);
 		$structure_updates = $this->update_table_structure();
 		$result = array(
 			"create_tables" => $create_tables,
 			"structure_updates" => $structure_updates
 		);
-		exit( json_encode( $result, JSON_PRETTY_PRINT ) );
+		return $result;
 	}
-	public function create_tables( $table ) {
+	public function create_tables() {
-		/**
+		$script = __DIR__ . "/scripts/" . DBTYPE . ".sql";
 		Tables layout
 		array(
 			"table_name" => array(
 				"fields" => array(
 					"id" => "int",
 					"test_field" => "string"
 				),
 				"attributes" => array(
 					"id" => array( "id" ),
 					"test_field" => array( "not null" ),
 				)
 			),
 			"table2_name" => array(
 				"fields" => array(
 					"id" => "int",
 					"test_field" => "string"
 				),
 				"attributes" => array(
 					"id" => array( "id" ),
 					"test_field" => array( "not null" ),
 				)
 			)
 		);
 		*/
-		try { 
+		if( ! is_file( $script ) ) {
-			$query = $this->conversions->tables( $table );
+			return "Error, no database scripts specified for currently selected dbtype.";
 		}
 		try {
 			$query = file_get_contents( $script );
 			$connection = $this->connect();
 			$result = $connection->exec( $query );
 			return true;
@ -227,130 +113,148 @@ class sql {
 		return self::$instance;
 	}
 	public function select( $table, $fields=array(), $where=array() ) {
 		$array = $this->conversions->select( $table, $fields, $where );
 		$query = $array[0];
 		$bind_vars = $array[1];
 		$result = $this->query( $query, $bind_vars, array() );
 		//echo var_dump( $query, $bind_vars ) . "<br>";
 		return $result;
 	}
 	public function update( $table, $fields=array(), $where=array() ) {
 		$query = $this->conversions->update( $table, $fields, $where );
 		//echo var_dump( $query ) . "<br>";
 		//return $query;
 	}
 	public function update_table_structure() {
 		$status_updates = array();
 		$sql_conversions = new sql_conversions();
 		try {
 			$access_query = "INSERT INTO access( project, user, level ) VALUES ";
 			$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
 			$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
 			$delete = Permissions::LEVELS["delete"];
 			foreach( $users as $row => $user ) {
 				foreach( $projects as $row => $project ) {
 					$access = json_decode( $project["access"], true );
 					if( ! is_array( $access ) || empty( $access ) ) {
 						continue;
 					}
 					foreach( $access as $granted_user ) {
 						if( $granted_user == $user["username"] ) {
 							$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
 						}
 					}
 				}
 			}
 			if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
 				$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
 			}
 			$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
 			$status_updates["access_column"] = "Cached data and removed access column.";
 		} catch( Exception $error ) {
 			//The access field is not there.
 			//echo var_export( $error->getMessage(), $access_query );
 			$status_updates["access_column"] = array(
 				"error_message" => $error->getMessage(),
 				"dev_message" => "No access column to convert."
 			);
 		}
 		try {
 			$update_query = "";
 			$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
 			$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
 			$convert = false;
 			$delete = Permissions::LEVELS["delete"];
 			foreach( $result as $row => $user ) {
 				if( ! is_numeric( $user["project"] ) ) {
 					$convert = true;
 				}
 				foreach( $projects as $row => $project ) {
 					if( $project["path"] == $user["project"] ) {
 						$update_query .= "UPDATE users SET project={$project["id"]};";
 					}
 				}
 			}
 			if( $convert && strlen( $update_query ) > 0 ) {
 				//change project to users table
 				$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
 				$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
 				$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
 			} else {
 				$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
 			}
 		} catch( Exception $error ) {
 			//echo var_dump( $error->getMessage() );
 			$status_updates["users_current_project"] = array(
 				"error_message" => $error->getMessage(),
 				"dev_message" => "Users current project column to project_id conversion failed."
 			);
 		}
 		try {
 			$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
 			$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
 		} catch( Exception $error ) {
 			//echo var_dump( $error->getMessage() );
 			$status_updates["users_groups_column"] = array(
 				"error_message" => $error->getMessage(),
 				"dev_message" => "Removal of the groups column from the users table failed.  This usually means there was never one to begin with"
 			);
 		}
 		if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
-			//$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
+			try {
 				$access_query = "INSERT INTO access( project, user, level ) VALUES ";
 				$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
 				$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
 				$delete = Permissions::LEVELS["delete"];
 				foreach( $users as $row => $user ) {
 					foreach( $projects as $row => $project ) {
 						$access = json_decode( $project["access"], true );
 						if( ! is_array( $access ) || empty( $access ) ) {
 							continue;
 						}
 						foreach( $access as $granted_user ) {
 							if( $granted_user == $user["username"] ) {
 								$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
 							}
 						}
 					}
 				}
 				if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
 					$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
 				}
 				$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
 				$status_updates["access_column"] = "Cached data and removed access column.";
 			} catch( Exception $error ) {
 				//The access field is not there.
 				//echo var_export( $error->getMessage(), $access_query );
 				$status_updates["access_column"] = array(
 					"error_message" => $error->getMessage(),
 					"dev_message" => "No access column to convert."
 				);
 			}
 			try {
 				$update_query = "";
 				$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
 				$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
 				$convert = false;
 				$delete = Permissions::LEVELS["delete"];
 				foreach( $result as $row => $user ) {
 					if( ! is_numeric( $user["project"] ) ) {
 						$convert = true;
 					}
 					foreach( $projects as $row => $project ) {
 						if( $project["path"] == $user["project"] ) {
 							$update_query .= "UPDATE users SET project={$project["id"]} WHERE username = '{$user["username"]}';";
 						}
 					}
 				}
 				if( $convert && strlen( $update_query ) > 0 ) {
 					//change project to users table
 					$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
 					$result = $this->query( "ALTER TABLE users ADD COLUMN project INT", array(), array(), "rowCount", "exception" );
 					$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
 				} else {
 					$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
 				}
 			} catch( Exception $error ) {
 				//echo var_dump( $error->getMessage() );
 				$status_updates["users_current_project"] = array(
 					"error_message" => $error->getMessage(),
 					"dev_message" => "Users current project column to project_id conversion failed."
 				);
 			}
 			try {
 				$update_query = "";
 				$options = $this->query( "SELECT id, name, username, value FROM user_options", array(), array(), "fetchAll", "exception" );
 				$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
 				$delete = Permissions::LEVELS["delete"];
 				foreach( $users as $row => $user ) {
 					foreach( $options as $row => $option ) {
 						if( $option["username"] == $user["username"] ) {
 							$update_query .= "UPDATE user_options SET user={$user["id"]} WHERE id={$option["id"]};";
 						}
 					}
 				}
 				if( strlen( $update_query ) > 0 ) {
 					//change project to users table
 					$result = $this->query( "ALTER TABLE user_options DROP COLUMN username", array(), array(), "rowCount", "exception" );
 					$result = $this->query( "ALTER TABLE user_options ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
 					$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
 				} else {
 					$status_updates["username_user_option_column"] = array( "dev_message" => "User options username column needed no conversion." );
 				}
 			} catch( Exception $error ) {
 				//The access field is not there.
 				//echo var_export( $error->getMessage(), $access_query );
 				$status_updates["username_user_option_column"] = array(
 					"error_message" => $error->getMessage(),
 					"dev_message" => "No username column to convert."
 				);
 			}
 			try {
 				$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
 				$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
 			} catch( Exception $error ) {
 				//echo var_dump( $error->getMessage() );
 				$status_updates["users_groups_column"] = array(
 					"error_message" => $error->getMessage(),
 					"dev_message" => "Removal of the groups column from the users table failed.  This usually means there was never one to begin with"
 				);
 			}
 			try {
--- a/components/sql/scripts/mysql.sql
+++ b/components/sql/scripts/mysql.sql
@ -1,3 +1,13 @@
 --
 -- Table structure for table `access`
 --
 CREATE TABLE IF NOT EXISTS `access` (
  `user` int NOT NULL,
  `project` int NOT NULL,
  `level` int NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 --
 -- Table structure for table `active`
 --
@ -9,16 +19,6 @@ CREATE TABLE IF NOT EXISTS `active` (
  `focused` varchar(255) NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 --
 -- Table structure for table `access`
 --
 CREATE TABLE IF NOT EXISTS `access` (
  `user` int NOT NULL,
  `project` int NOT NULL,
  `level` int NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- --------------------------------------------------------
 --
@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `projects` (
  `id` int PRIMARY KEY AUTO_INCREMENT NOT NULL,
  `name` varchar(255) NOT NULL,
  `path` text NOT NULL,
-  `owner` int NOT NULL,
+  `owner` int NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/components/user/class.user.php
+++ b/components/user/class.user.php
@ -10,25 +10,10 @@ require_once( "../settings/class.settings.php" );
 class User {
 	const ACCESS = array(
 		"admin",
 		"user"
 	);
 	//////////////////////////////////////////////////////////////////
 	// PROPERTIES
 	//////////////////////////////////////////////////////////////////
 	public $access		= 'user';
 	public $username    = '';
 	public $password    = '';
 	public $project     = '';
 	public $projects    = '';
 	public $users       = '';
 	public $actives     = '';
 	public $lang        = '';
 	public $theme       = '';
 	//////////////////////////////////////////////////////////////////
 	// METHODS
 	//////////////////////////////////////////////////////////////////
@ -43,46 +28,47 @@ class User {
 	}
-	public function add_user() {
+	public function add_user( $username, $password, $access ) {
 		global $sql;
 		$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
-		$bind_variables = array( $this->username, $this->password, $this->access, null );
+		$bind_variables = array( $username, $password, $access, null );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		$pass = false;
 		if( $return > 0 ) {
-			$this->set_default_options();
+			$this->set_default_options( $username );
-			exit( formatJSEND( "success", array( "username" => $this->username ) ) );
+			$pass = true;
 		} else {
 			exit( formatJSEND( "error", "The Username is Already Taken" ) );
 		}
 		return false;
 	}
-	public function delete_user() {
+	public function delete_user( $username ) {
 		global $sql;
-		$query = "DELETE FROM user_options WHERE username=?;";
+		$query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
-		$bind_variables = array( $this->username );
+		$bind_variables = array( $username );
 		$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
 		if( $return > -1 ) {
 			//TODO: add new permissions system to delete cleanup
 			$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
 			$bind_variables = array(
-				$this->username,
+				$username,
 				"null",
 				null,
 				"[]",
 				"",
-				json_encode( array( $this->username ) )
+				json_encode( array( $username ) )
 			);
 			$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
 			if( $return > -1 ) {
 				$query = "DELETE FROM users WHERE username=?;";
-				$bind_variables = array( $this->username );
+				$bind_variables = array( $username );
 				$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 				if( $return > 0 ) {
@ -134,26 +120,26 @@ class User {
 		}
 	}
-	public function set_default_options() {
+	public function set_default_options( $username ) {
 		foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
 			global $sql;
-			$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
+			$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
 			$bind_variables = array(
 				$option["name"],
-				$this->username,
+				$username,
 				$option["value"],
 			);
 			$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
 			if( $result == 0 ) {
-				$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
+				$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
 				$bind_variables = array(
 					$option["value"],
 					$option["name"],
-					$this->username,
+					$username,
 				);
 				$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
 			}
@ -164,59 +150,18 @@ class User {
 	// Authenticate
 	//////////////////////////////////////////////////////////////////
-	public function Authenticate() {
+	public function Authenticate( $username, $password ) {
-		if( $this->username == "" || $this->password == "" ) {
+		if( $username == "" || $password == "" ) {
-			exit( formatJSEND( "error", "Username or password can not be blank." ) );
+			return false;
 		}
 		if( ! is_dir( SESSIONS_PATH ) ) {
 			mkdir( SESSIONS_PATH, 00755 );
 		}
 		$permissions = array(
 			"755",
 			"0755"
 		);
 		$server_user = posix_getpwuid( posix_geteuid() );
 		$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
 		$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
 		if( is_array( $server_user ) ) {
 			$server_user = $server_user["uid"];
 		}
 		if( ! ( $sessions_owner === $server_user ) ) {
 			try {
 				chown( SESSIONS_PATH, $server_user );
 			} catch( Exception $e ) {
 				exit( formatJSEND("error", "Error, incorrect owner of sessions folder.  Expecting: $server_user, Recieved: " . $sessions_owner ) );
 			}
 		}
 		if( ! in_array( $sessions_permissions, $permissions ) ) {
 			try {
 				chmod( SESSIONS_PATH, 00755 );
 			} catch( Exception $e ) {
 				exit( formatJSEND("error", "Error, incorrect permissions on sessions folder.  Expecting: 0755, Recieved: " . $sessions_permissions ) );
 			}
 		}
 		global $sql;
 		$pass = false;
 		$this->EncryptPassword();
 		$query = "SELECT * FROM users WHERE username=? AND password=?;";
-		$bind_variables = array( $this->username, $this->password );
+		$bind_variables = array( $username, $password );
 		$return = $sql->query( $query, $bind_variables, array() );
 		/**
@ -226,17 +171,17 @@ class User {
 		if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
 			$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
-			$bind_variables = array( $this->username, $this->password );
+			$bind_variables = array( $username, $password );
 			$return = $sql->query( $query, $bind_variables, array() );
 			if( ! empty( $return ) ) {
 				$query = "UPDATE users SET password=? WHERE username=?;";
-				$bind_variables = array( $this->password, $this->username );
+				$bind_variables = array( $password, $username );
 				$return = $sql->query( $query, $bind_variables, array() );
 				$query = "SELECT * FROM users WHERE username=? AND password=?;";
-				$bind_variables = array( $this->username, $this->password );
+				$bind_variables = array( $username, $password );
 				$return = $sql->query( $query, $bind_variables, array() );
 			}
 		}
@ -247,17 +192,15 @@ class User {
 			$pass = true;
 			$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
 			$_SESSION['id'] = SESSION_ID;
-			$_SESSION['user'] = $this->username;
+			$_SESSION['user'] = $username;
 			$_SESSION['user_id'] = $user["id"];
 			$_SESSION['token'] = $token;
 			$_SESSION['lang'] = $this->lang;
 			$_SESSION['theme'] = $this->theme;
 			$_SESSION["login_session"] = true;
 			$query = "UPDATE users SET token=? WHERE username=?;";
 			$bind_variables = array( sha1( $token ), $this->username );
 			$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
-			$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
+			$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
 			if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
@ -265,16 +208,9 @@ class User {
 				$_SESSION['project_id'] = $user['project'];
 			}
-			$this->checkDuplicateSessions( $this->username );
+			$this->checkDuplicateSessions( $username );
 		}
 		if( $pass ) {
 			echo formatJSEND( "success", array( "username" => $this->username ) );
 		} else {
 			echo formatJSEND( "error", "Incorrect Username or Password" );
 		}
 		return $pass;
 	}
 	/**
@ -356,10 +292,9 @@ class User {
 	// Create Account
 	//////////////////////////////////////////////////////////////////
-	public function Create() {
+	public function Create( $username, $password ) {
-		$this->EncryptPassword();
+		$this->add_user( $username, $password  );
 		$this->add_user();
 	}
 	//////////////////////////////////////////////////////////////////
@ -375,9 +310,9 @@ class User {
 	// Encrypt Password
 	//////////////////////////////////////////////////////////////////
-	private function EncryptPassword() {
+	private function encrypt_password( $password ) {
-		$this->password = sha1( md5( $this->password ) );
+		return sha1( md5( $password ) );
 	}
 	//////////////////////////////////////////////////////////////////
@ -421,11 +356,11 @@ class User {
 		}
 	}
-	public function update_access() {
+	public function update_access( $username, $access ) {
 		global $sql;
 		$query = "UPDATE users SET access=? WHERE username=?;";
-		$bind_variables = array( $this->access, $this->username );
+		$bind_variables = array( $access, $username );
 		$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
 		if( $return > 0 ) {
@ -433,7 +368,7 @@ class User {
 			echo formatJSEND( "success", "Updated access for {$this->username}" );
 		} else {
-			echo formatJSEND( "error", "Error updating project" );
+			echo formatJSEND( "error", "Error updating access" );
 		}
 	}
--- a/components/user/controller.php
+++ b/components/user/controller.php
@ -36,22 +36,73 @@ if($_GET['action']=='authenticate') {
 		die( formatJSEND( "error", "Missing username or password" ) );
 	}
-	$User->username = User::CleanUsername( $_POST['username'] );
+	$username = User::CleanUsername( $_POST['username'] );
-	$User->password = $_POST['password'];
+	$password = $User->encrypt_password( $_POST['password'] );
 	// check if the asked languages exist and is registered in languages/code.php
 	require_once '../../languages/code.php';
 	if( isset( $languages[$_POST['language']] ) ) {
-		$User->lang = $_POST['language'];
+		$lang = $_POST['language'];
 	} else {
-		$User->lang = 'en';
+		$lang = 'en';
 	}
 	// theme
-	$User->theme = $_POST['theme'];
+	$theme = $_POST['theme'];
-	$User->Authenticate();
+	$permissions = array(
 		"755",
 		"0755"
 	);
 	if( ! is_dir( SESSIONS_PATH ) ) {
 		mkdir( SESSIONS_PATH, 00755 );
 	}
 	$server_user = getmyuid();
 	$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
 	$sessions_owner = fileowner( SESSIONS_PATH );
 	if( is_array( $server_user ) ) {
 		$server_user = $server_user["uid"];
 	}
 	if( ! ( $sessions_owner === $server_user ) ) {
 		try {
 			chown( SESSIONS_PATH, $server_user );
 		} catch( Exception $e ) {
 			exit( formatJSEND("error", "Error, incorrect owner of sessions folder.  Expecting: $server_user, Recieved: " . $sessions_owner ) );
 		}
 	}
 	if( ! in_array( $sessions_permissions, $permissions ) ) {
 		try {
 			chmod( SESSIONS_PATH, 00755 );
 		} catch( Exception $e ) {
 			exit( formatJSEND("error", "Error, incorrect permissions on sessions folder.  Expecting: 0755, Recieved: " . $sessions_permissions ) );
 		}
 	}
 	$pass = $User->Authenticate( $username, $password );
 	if( $pass ) {
 		$_SESSION['lang'] = $lang;
 		$_SESSION['theme'] = $theme;
 		exit( formatJSEND( "success", array( "username" => $this->username ) ) );
 	} else {
 		exit( formatJSEND( "error", "Incorrect Username or Password" ) );
 	}
 }
 //////////////////////////////////////////////////////////////////
@ -86,9 +137,9 @@ if( $_GET['action'] == 'create' ) {
 			exit( formatJSEND( "error", "Invalid characters in username" ) );
 		}
-		$User->username = User::CleanUsername( $_POST['username'] );
+		$username = User::CleanUsername( $_POST['username'] );
-		$User->password = $_POST['password'];
+		$password = $User->encrypt_password( $_POST['password'] );
-		$User->Create();
+		$User->Create( $username, $password );
 	}
 }
@ -174,7 +225,7 @@ if( $_GET['action'] == 'update_access' ) {
 	checkSession();
-	if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
+	if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) {
 		die( formatJSEND( "error", "Could not update access." ) );
 	}
@ -184,7 +235,10 @@ if( $_GET['action'] == 'update_access' ) {
 		die( formatJSEND( "error", "You do not have permission to update user's access." ) );
 	}
-	$User->username = $_GET["username"];
+	if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) {
-	$User->access  = $_GET["access"];
+		
-	$User->update_access();
+		exit( formatJSEND( "error", "Invalid access level specified." ) );
 	}
 	$User->update_access( $_POST["user"], $_POST["access"] );
 }
--- a/components/user/dialog.php
+++ b/components/user/dialog.php
@ -72,10 +72,10 @@ switch($_GET['action']){
 							<td width="75">
 								<select onchange="codiad.user.update_access( event, '<?php echo( $data['username'] ); ?>' )">
 								<?php
-								foreach( User::ACCESS as $role ) {
+								foreach( Permissions::SYSTEM_LEVELS as $role => $id ) {
 									?>
-									<option value="<?php echo $role;?>" <?php if( $data["access"] == $role ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
+									<option value="<?php echo $id;?>" <?php if( $data["access"] == $id ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
 									<?php
 								}
 								?>
--- a/components/user/init.js
+++ b/components/user/init.js
@ -266,7 +266,7 @@
 			$.get(this.controller + '?action=project&project=' + project);
 		},
-		update_access: function( e, username=null ) {
+		update_access: function( e, username ) {
 			let access = "";
@ -278,7 +278,10 @@
 				access = e.target.value;
 			}
-			$.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) {
+			$.post( this.controller + `?action=update_access`, {
 				username: username,
 				access: access,
 			}, function( data ) {
 				let response = codiad.jsend.parse( data );
 				if( response != 'error' ) {