diff --git a/common.php b/common.php
index dd88ac0cf..da1fb442e 100644
--- a/common.php
+++ b/common.php
@@ -190,7 +190,7 @@ function file_write($str, $file, $max_size = LOG_MAX_SIZE, $lock = true, $replac
     $bytes_written = false;
     clearstatcache();
 
-    if (is_file($file) && ($max_size && filesize($file) >= $max_size)) {
+    if (is_file($file) && ($max_size && (filesize($file) >= $max_size))) {
         $file_parts = pathinfo($file);
         $new_name = ($file_parts['dirname'] . '/' . $file_parts['filename'] . '_[old]_' . date('Y-m-d_H-i-s_') . getmypid() . '.' . $file_parts['extension']);
         clearstatcache();
@@ -198,6 +198,7 @@ function file_write($str, $file, $max_size = LOG_MAX_SIZE, $lock = true, $replac
             rename($file, $new_name);
         }
     }
+
     clearstatcache();
     if (bb_mkdir(dirname($file))) {
         if ($fp = fopen($file, 'ab+')) {
diff --git a/composer.json b/composer.json
index 5501573a9..d6fc39deb 100644
--- a/composer.json
+++ b/composer.json
@@ -45,6 +45,7 @@
     "ext-xml": "*",
     "ext-xmlwriter": "*",
     "ext-curl": "*",
+    "ext-ctype": "*",
     "arokettu/bencode": "^4.1.0",
     "bugsnag/bugsnag": "^v3.29.1",
     "claviska/simpleimage": "^4.0",
diff --git a/filelist.php b/filelist.php
index 27634e1e1..9cd8b5dfa 100644
--- a/filelist.php
+++ b/filelist.php
@@ -17,7 +17,12 @@ if ($bb_cfg['bt_disable_dht'] && IS_GUEST) {
     bb_simple_die($lang['BT_PRIVATE_TRACKER']);
 }
 
-$topic_id = !empty($_GET['topic']) ? (int)$_GET['topic'] : (http_response_code(404) && die($lang['INVALID_TOPIC_ID']));
+$topic_id = !empty($_GET['topic']) ? (int)$_GET['topic'] : false;
+
+if (!$topic_id) {
+    http_response_code(404);
+    bb_simple_die($lang['INVALID_TOPIC_ID']);
+}
 
 $sql = 'SELECT t.attach_id, t.info_hash, t.info_hash_v2, t.size, ad.physical_filename
         FROM ' . BB_BT_TORRENTS . ' t
@@ -30,7 +35,7 @@ $row = DB()->fetch_row($sql);
 
 if (empty($row) || empty($row['physical_filename'])) {
     http_response_code(404);
-    bb_simple_die($lang['TOPIC_POST_NOT_EXIST']);
+    bb_simple_die($lang['INVALID_TOPIC_ID_DB']);
 }
 
 if (empty($row['info_hash_v2'])) {
diff --git a/library/ajax/avatar.php b/library/ajax/avatar.php
index 62c873557..eac10d50c 100644
--- a/library/ajax/avatar.php
+++ b/library/ajax/avatar.php
@@ -13,9 +13,11 @@ if (!defined('IN_AJAX')) {
 
 global $bb_cfg, $lang, $user;
 
-$mode = (string)$this->request['mode'];
-$user_id = (int)$this->request['user_id'];
+if (!$mode = (string)$this->request['mode']) {
+    $this->ajax_die('invalid mode (empty)');
+}
 
+$user_id = (int)$this->request['user_id'];
 if (!$user_id or !$u_data = get_userdata($user_id)) {
     $this->ajax_die($lang['NO_USER_ID_SPECIFIED']);
 }
@@ -33,7 +35,7 @@ switch ($mode) {
         $response = get_avatar($user_id, $new_ext_id);
         break;
     default:
-        $this->ajax_die('Invalid mode');
+        $this->ajax_die('Invalid mode: ' . $mode);
 }
 
 DB()->query("UPDATE " . BB_USERS . " SET avatar_ext_id = $new_ext_id WHERE user_id = $user_id LIMIT 1");
diff --git a/library/ajax/edit_user_profile.php b/library/ajax/edit_user_profile.php
index 8f70127e9..4615e663c 100644
--- a/library/ajax/edit_user_profile.php
+++ b/library/ajax/edit_user_profile.php
@@ -16,6 +16,7 @@ global $bb_cfg, $lang;
 if (!$user_id = (int)$this->request['user_id'] or !$profiledata = get_userdata($user_id)) {
     $this->ajax_die($lang['NO_USER_ID_SPECIFIED']);
 }
+
 if (!$field = (string)$this->request['field']) {
     $this->ajax_die('invalid profile field');
 }
diff --git a/library/ajax/index_data.php b/library/ajax/index_data.php
index 624406572..193ac1de9 100644
--- a/library/ajax/index_data.php
+++ b/library/ajax/index_data.php
@@ -13,9 +13,11 @@ if (!defined('IN_AJAX')) {
 
 global $bb_cfg, $lang, $userdata, $datastore;
 
-$mode = (string)$this->request['mode'];
-$html = '';
+if (!$mode = (string)$this->request['mode']) {
+    $this->ajax_die('invalid mode (empty)');
+}
 
+$html = '';
 switch ($mode) {
     case 'birthday_week':
         $stats = $datastore->get('stats');
@@ -122,7 +124,7 @@ switch ($mode) {
         break;
 
     default:
-        $this->ajax_die('Invalid mode');
+        $this->ajax_die('Invalid mode: ' . $mode);
 }
 
 $this->response['html'] = $html;
diff --git a/library/ajax/manage_admin.php b/library/ajax/manage_admin.php
index 734395f74..c87de275a 100644
--- a/library/ajax/manage_admin.php
+++ b/library/ajax/manage_admin.php
@@ -95,7 +95,7 @@ switch ($mode) {
         break;
 
     default:
-        $this->ajax_die('Invalid mode');
+        $this->ajax_die('Invalid mode: ' . $mode);
 }
 
 $this->response['mode'] = $mode;
diff --git a/library/ajax/passkey.php b/library/ajax/passkey.php
index 293070ef3..ba579d44f 100644
--- a/library/ajax/passkey.php
+++ b/library/ajax/passkey.php
@@ -13,27 +13,31 @@ if (!defined('IN_AJAX')) {
 
 global $userdata, $lang;
 
-$req_uid = (int)$this->request['user_id'];
-$mode = (string)$this->request['mode'];
+if (!$mode = (string)$this->request['mode']) {
+    $this->ajax_die('invalid mode (empty)');
+}
 
-if ($req_uid == $userdata['user_id'] || IS_ADMIN) {
-    switch ($mode) {
-        case 'generate':
-            if (empty($this->request['confirmed'])) {
-                $this->prompt_for_confirm($lang['BT_GEN_PASSKEY_NEW']);
-            }
+if (!$req_uid = (int)$this->request['user_id']) {
+    $this->ajax_die($lang['NO_USER_ID_SPECIFIED']);
+}
 
-            if (!$passkey = \TorrentPier\Legacy\Torrent::generate_passkey($req_uid, IS_ADMIN)) {
-                $this->ajax_die('Could not insert passkey');
-            }
-
-            \TorrentPier\Legacy\Torrent::tracker_rm_user($req_uid);
-
-            $this->response['passkey'] = $passkey;
-            break;
-        default:
-            $this->ajax_die('Invalid mode');
-    }
-} else {
+if (!IS_ADMIN && $req_uid != $userdata['user_id']) {
     $this->ajax_die($lang['NOT_AUTHORISED']);
 }
+
+switch ($mode) {
+    case 'generate':
+        if (empty($this->request['confirmed'])) {
+            $this->prompt_for_confirm($lang['BT_GEN_PASSKEY_NEW']);
+        }
+
+        if (!$passkey = \TorrentPier\Legacy\Torrent::generate_passkey($req_uid, IS_ADMIN)) {
+            $this->ajax_die('Could not insert passkey');
+        }
+
+        \TorrentPier\Legacy\Torrent::tracker_rm_user($req_uid);
+        $this->response['passkey'] = $passkey;
+        break;
+    default:
+        $this->ajax_die('Invalid mode: ' . $mode);
+}
diff --git a/library/ajax/sitemap.php b/library/ajax/sitemap.php
index b710fdc8f..acd4a7c45 100644
--- a/library/ajax/sitemap.php
+++ b/library/ajax/sitemap.php
@@ -18,8 +18,8 @@ if (!$mode = (string)$this->request['mode']) {
 }
 
 $map = new TorrentPier\Sitemap();
-$html = '';
 
+$html = '';
 switch ($mode) {
     case 'create':
         $map->createSitemap();
diff --git a/library/ajax/thanks.php b/library/ajax/thanks.php
index 59cf45d47..272d89d8e 100644
--- a/library/ajax/thanks.php
+++ b/library/ajax/thanks.php
@@ -17,8 +17,13 @@ if (!$bb_cfg['tor_thank']) {
     $this->ajax_die($lang['MODULE_OFF']);
 }
 
-$mode = (string)$this->request['mode'];
-$topic_id = (int)$this->request['topic_id'];
+if (!$mode = (string)$this->request['mode']) {
+    $this->ajax_die('invalid mode (empty)');
+}
+
+if (!$topic_id = (int)$this->request['topic_id']) {
+    $this->ajax_die($lang['INVALID_TOPIC_ID']);
+}
 
 switch ($mode) {
     case 'add':
@@ -47,7 +52,7 @@ switch ($mode) {
         break;
 
     default:
-        $this->ajax_die('Invalid mode');
+        $this->ajax_die('Invalid mode: ' . $mode);
 }
 
 $this->response['mode'] = $mode;
diff --git a/library/ajax/user_register.php b/library/ajax/user_register.php
index 2e3c80feb..d5b48ec37 100644
--- a/library/ajax/user_register.php
+++ b/library/ajax/user_register.php
@@ -48,7 +48,7 @@ switch ($mode) {
         break;
 
     default:
-        $this->ajax_die('Invalid mode');
+        $this->ajax_die('Invalid mode: ' . $mode);
 }
 
 $this->response['html'] = $html;
diff --git a/library/includes/functions.php b/library/includes/functions.php
index d7bcb462a..d7a5555da 100644
--- a/library/includes/functions.php
+++ b/library/includes/functions.php
@@ -599,7 +599,7 @@ function bt_show_ip($ip, $port = '')
         return $ip;
     }
 
-    return ($bb_cfg['bt_show_ip_only_moder']) ? false : \TorrentPier\Helpers\IPHelper::anonymizeIP($ip);
+    return $bb_cfg['bt_show_ip_only_moder'] ? false : \TorrentPier\Helpers\IPHelper::anonymizeIP($ip);
 }
 
 function bt_show_port($port)
@@ -610,7 +610,7 @@ function bt_show_port($port)
         return $port;
     }
 
-    return ($bb_cfg['bt_show_port_only_moder']) ? false : $port;
+    return $bb_cfg['bt_show_port_only_moder'] ? false : $port;
 }
 
 function checkbox_get_val(&$key, &$val, $default = 1, $on = 1, $off = 0)
@@ -843,7 +843,7 @@ function get_bt_userdata($user_id)
     return $btu;
 }
 
-function get_bt_ratio($btu)
+function get_bt_ratio($btu): ?float
 {
     return
         (!empty($btu['u_down_total']) && $btu['u_down_total'] > MIN_DL_FOR_RATIO)
@@ -851,7 +851,7 @@ function get_bt_ratio($btu)
             : null;
 }
 
-function show_bt_userdata($user_id)
+function show_bt_userdata($user_id): void
 {
     global $template;
 
@@ -1672,7 +1672,7 @@ function obtain_word_list(&$orig_word, &$replacement_word)
 
 function bb_die($msg_text)
 {
-    global $ajax, $bb_cfg, $lang, $template, $theme, $userdata;
+    global $ajax, $bb_cfg, $lang, $template, $theme, $userdata, $user;
 
     if (defined('IN_AJAX')) {
         $ajax->ajax_die($msg_text);
@@ -1692,7 +1692,7 @@ function bb_die($msg_text)
 
     // If empty session
     if (empty($userdata)) {
-        $userdata = \TorrentPier\Sessions::session_pagestart();
+        $userdata = $user->session_start();
     }
 
     // If the header hasn't been output then do it
diff --git a/src/Sessions.php b/src/Sessions.php
index 873d3c26d..7dc02aedf 100644
--- a/src/Sessions.php
+++ b/src/Sessions.php
@@ -32,7 +32,7 @@ class Sessions
      *
      * @return bool|array
      */
-    public static function cache_get_userdata(string $id)
+    public static function cache_get_userdata(string $id): bool|array
     {
         if (self::ignore_cached_userdata()) {
             return false;
@@ -81,9 +81,9 @@ class Sessions
     /**
      * Delete user sessions from cache
      *
-     * @param string|int $user_id
+     * @param int|string $user_id
      */
-    public static function cache_rm_user_sessions($user_id)
+    public static function cache_rm_user_sessions(int|string $user_id): void
     {
         $user_id = get_id_csv(explode(',', (string)$user_id));
 
@@ -134,31 +134,13 @@ class Sessions
     /**
      * Delete user sessions from cache and database
      *
-     * @param string|int $user_id
+     * @param int|string $user_id
      */
-    public static function delete_user_sessions($user_id)
+    public static function delete_user_sessions(int|string $user_id): void
     {
         self::cache_rm_user_sessions($user_id);
 
         $user_id = get_id_csv(explode(',', (string)$user_id));
         DB()->query("DELETE FROM " . BB_SESSIONS . " WHERE session_user_id IN($user_id)");
     }
-
-    /**
-     * Start user session on page header
-     * @param string $user_ip
-     * @param int $page_id
-     * @param bool $req_login
-     *
-     * @return array
-     * @deprecated
-     */
-    public static function session_pagestart($user_ip = USER_IP, $page_id = 0, bool $req_login = false): array
-    {
-        global $user;
-
-        $user->session_start(['req_login' => $req_login]);
-
-        return $user->data;
-    }
 }