From 14491489898d0cba23c5f7f8a610c7cd0f9bce04 Mon Sep 17 00:00:00 2001
From: Alex Cabal <alex@alexcabal.com>
Date: Sun, 10 Nov 2024 22:37:59 -0600
Subject: [PATCH] Switch logged in user to static typed variable instead of in
 $GLOBALS

---
 lib/Core.php                      |  8 +++---
 lib/Session.php                   | 46 +++++++++++++++----------------
 templates/ArtworkForm.php         |  6 ++--
 templates/DonationAlert.php       |  4 +--
 templates/DonationProgress.php    |  2 +-
 templates/FeedHowTo.php           |  4 +--
 www/artists/get.php               |  4 +--
 www/artworks/edit.php             |  4 +--
 www/artworks/get.php              | 18 ++++++------
 www/artworks/index.php            |  6 ++--
 www/artworks/new.php              |  6 ++--
 www/artworks/post.php             | 22 +++++++--------
 www/bulk-downloads/collection.php |  2 +-
 www/bulk-downloads/download.php   |  4 +--
 www/bulk-downloads/get.php        |  2 +-
 www/bulk-downloads/index.php      |  2 +-
 www/ebooks/download.php           |  2 +-
 www/feeds/atom/index.php          |  3 +-
 www/feeds/collection.php          |  2 +-
 www/feeds/download.php            |  4 +--
 www/feeds/get.php                 |  2 +-
 www/feeds/index.php               |  2 +-
 www/polls/get.php                 | 14 ++++------
 www/polls/votes/new.php           |  8 +++---
 www/sessions/new.php              |  2 +-
 25 files changed, 88 insertions(+), 91 deletions(-)

diff --git a/lib/Core.php b/lib/Core.php
index e01fedc9..ad6d9c7e 100644
--- a/lib/Core.php
+++ b/lib/Core.php
@@ -68,9 +68,9 @@ if(SITE_STATUS == SITE_STATUS_LIVE){
 
 $GLOBALS['DbConnection'] = new DbConnection(DATABASE_DEFAULT_DATABASE, DATABASE_DEFAULT_HOST);
 
-$GLOBALS['User'] = Session::GetLoggedInUser();
+Session::InitializeFromCookie();
 
-if($GLOBALS['User'] === null){
+if(Session::$User === null){
 	$httpBasicAuthLogin = $_SERVER['PHP_AUTH_USER'] ?? null;
 
 	if($httpBasicAuthLogin !== null){
@@ -83,10 +83,10 @@ if($GLOBALS['User'] === null){
 				$password = null;
 			}
 
-			// Most patrons have a null password, meaning they only need to log in using an email and a blank password.
+			// Most patrons have a `null` password, meaning they only need to log in using an email and a blank password.
 			// Some users with admin rights need a password to log in.
 			$session->Create($httpBasicAuthLogin, $password);
-			$GLOBALS['User'] = $session->User;
+			Session::$User = $session->User;
 		}
 		catch(Exception){
 			// Do nothing.
diff --git a/lib/Session.php b/lib/Session.php
index a04cec31..3c017e00 100644
--- a/lib/Session.php
+++ b/lib/Session.php
@@ -3,17 +3,17 @@ use Ramsey\Uuid\Uuid;
 use Safe\DateTimeImmutable;
 
 /**
- * @property User $User
  * @property string $Url
  */
 class Session{
 	use Traits\Accessor;
 
+	public static ?User $User = null;
+
 	public int $UserId;
 	public DateTimeImmutable $Created;
 	public string $SessionId;
 
-	protected User $_User;
 	public string $_Url;
 
 
@@ -42,8 +42,8 @@ class Session{
 	 */
 	public function Create(?string $identifier = null, ?string $password = null): void{
 		try{
-			$this->User = User::GetIfRegistered($identifier, $password);
-			$this->UserId = $this->User->UserId;
+			Session::$User = User::GetIfRegistered($identifier, $password);
+			$this->UserId = Session::$User->UserId;
 
 			$existingSessions = Db::Query('
 							SELECT SessionId,
@@ -76,26 +76,6 @@ class Session{
 		}
 	}
 
-	public static function GetLoggedInUser(): ?User{
-		$sessionId = HttpInput::Str(COOKIE, 'sessionid');
-
-		if($sessionId !== null){
-			$result = Db::Query('
-						SELECT u.*
-						from Users u
-						inner join Sessions s using (UserId)
-						where s.SessionId = ?
-					', [$sessionId], User::class);
-
-			if(sizeof($result) > 0){
-				self::SetSessionCookie($sessionId);
-				return $result[0];
-			}
-		}
-
-		return null;
-	}
-
 	public static function SetSessionCookie(string $sessionId): void{
 		/** @throws void */
 		setcookie('sessionid', $sessionId, ['expires' => intval((new DateTimeImmutable('+1 week'))->format(Enums\DateTimeFormat::UnixTimestamp->value)), 'path' => '/', 'domain' => SITE_DOMAIN, 'secure' => true, 'httponly' => false, 'samesite' => 'Lax']); // Expires in two weeks
@@ -122,4 +102,22 @@ class Session{
 
 		return $result[0] ?? throw new Exceptions\SessionNotFoundException();
 	}
+
+	public static function InitializeFromCookie(): void{
+		$sessionId = HttpInput::Str(COOKIE, 'sessionid');
+
+		if($sessionId !== null){
+			$result = Db::Query('
+						SELECT u.*
+						from Users u
+						inner join Sessions s using (UserId)
+						where s.SessionId = ?
+					', [$sessionId], User::class);
+
+			if(sizeof($result) > 0){
+				self::SetSessionCookie($sessionId);
+				Session::$User = $result[0];
+			}
+		}
+	}
 }
diff --git a/templates/ArtworkForm.php b/templates/ArtworkForm.php
index 64e42e7d..4d6be444 100644
--- a/templates/ArtworkForm.php
+++ b/templates/ArtworkForm.php
@@ -171,10 +171,10 @@ $isEditForm = $isEditForm ?? false;
 		<textarea maxlength="1024" name="artwork-notes"><?= Formatter::EscapeHtml($artwork->Notes) ?></textarea>
 	</label>
 </fieldset>
-<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'] ?? null) || $artwork->CanEbookUrlBeChangedBy($GLOBALS['User'] ?? null)){ ?>
+<? if($artwork->CanStatusBeChangedBy(Session::$User) || $artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
 	<fieldset>
 		<legend>Editor options</legend>
-		<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'] ?? null)){ ?>
+		<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
 			<label>
 				<span>Artwork approval status</span>
 				<span>
@@ -186,7 +186,7 @@ $isEditForm = $isEditForm ?? false;
 				</span>
 			</label>
 		<? } ?>
-		<? if($artwork->CanEbookUrlBeChangedBy($GLOBALS['User'] ?? null)){ ?>
+		<? if($artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
 			<label>
 				<span>In use by</span>
 				<span>The full S.E. ebook URL. If not in use, leave this blank.</span>
diff --git a/templates/DonationAlert.php b/templates/DonationAlert.php
index 8f202920..60312b63 100644
--- a/templates/DonationAlert.php
+++ b/templates/DonationAlert.php
@@ -3,7 +3,7 @@
 $donationDrive = DonationDrive::GetByIsRunning();
 
 if(
-	$GLOBALS['User'] !== null // If a user is logged in.
+	Session::$User !== null // If a user is logged in.
 	||
 	$donationDrive !== null // There is a currently-running donation drive.
 	||
@@ -12,7 +12,7 @@ if(
 	return;
 }
 
-if($GLOBALS['User'] === null){
+if(Session::$User === null){
 	// The Kindle browsers renders `<aside>` as an undismissable popup. Serve a `<div>` to Kindle instead.
 	// See <https://github.com/standardebooks/web/issues/204>.
 	$element = 'aside';
diff --git a/templates/DonationProgress.php b/templates/DonationProgress.php
index ce32c27a..28074be4 100644
--- a/templates/DonationProgress.php
+++ b/templates/DonationProgress.php
@@ -6,7 +6,7 @@ if(
 	||
 	($autoHide ?? $_COOKIE['hide-donation-alert'] ?? false) // If the user has hidden the box.
 	||
-	$GLOBALS['User'] !== null // If a user is logged in.
+	Session::$User !== null // If a user is logged in.
 	||
 	$donationDrive === null // There is no donation drive running right now.
 ){
diff --git a/templates/FeedHowTo.php b/templates/FeedHowTo.php
index 89b3bffc..a7918e7a 100644
--- a/templates/FeedHowTo.php
+++ b/templates/FeedHowTo.php
@@ -1,6 +1,6 @@
 <section id="accessing-the-feeds">
 	<h2>Accessing the feeds</h2>
-	<? if($GLOBALS['User'] === null){ ?>
+	<? if(Session::$User === null){ ?>
 		<p>Our New Releases feeds are open to everyone. Our other feeds are a benefit of Patrons Circle membership.</p>
 		<ul>
 			<li>
@@ -19,7 +19,7 @@
 		<p>
 			<i>If you’re a Patrons Circle member, when prompted enter your email address and leave the password field blank to access a feed.</i>
 		</p>
-	<? }elseif($GLOBALS['User']->Benefits->CanAccessFeeds){ ?>
+	<? }elseif(Session::$User->Benefits->CanAccessFeeds){ ?>
 		<p>When prompted enter your email address and leave the password field blank to access a feed.</p>
 	<? }else{ ?>
 		<p>
diff --git a/www/artists/get.php b/www/artists/get.php
index 5bb500f1..871f8c28 100644
--- a/www/artists/get.php
+++ b/www/artists/get.php
@@ -1,6 +1,6 @@
 <?
-$isReviewerView = $GLOBALS['User']?->Benefits?->CanReviewArtwork ?? false;
-$submitterUserId = $GLOBALS['User']?->Benefits?->CanUploadArtwork ? $GLOBALS['User']->UserId : null;
+$isReviewerView = Session::$User?->Benefits?->CanReviewArtwork ?? false;
+$submitterUserId = Session::$User?->Benefits?->CanUploadArtwork ? Session::$User->UserId : null;
 $isSubmitterView = !$isReviewerView && $submitterUserId !== null;
 
 $filterArtworkStatus = 'all';
diff --git a/www/artworks/edit.php b/www/artworks/edit.php
index 71ca87a1..ce2f6540 100644
--- a/www/artworks/edit.php
+++ b/www/artworks/edit.php
@@ -9,7 +9,7 @@ $exception = $_SESSION['exception'] ?? null;
 $artwork = $_SESSION['artwork'] ?? null;
 
 try{
-	if($GLOBALS['User'] === null){
+	if(Session::$User === null){
 		throw new Exceptions\LoginRequiredException();
 	}
 
@@ -17,7 +17,7 @@ try{
 		$artwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name'), HttpInput::Str(GET, 'artwork-url-name'));
 	}
 
-	if(!$artwork->CanBeEditedBy($GLOBALS['User'])){
+	if(!$artwork->CanBeEditedBy(Session::$User)){
 		throw new Exceptions\InvalidPermissionsException();
 	}
 
diff --git a/www/artworks/get.php b/www/artworks/get.php
index b0bde130..80bb0224 100644
--- a/www/artworks/get.php
+++ b/www/artworks/get.php
@@ -28,14 +28,14 @@ try{
 		}
 	}
 
-	$isReviewerView = $GLOBALS['User']->Benefits->CanReviewArtwork ?? false;
-	$isAdminView = $GLOBALS['User']->Benefits->CanReviewOwnArtwork ?? false;
+	$isReviewerView = Session::$User->Benefits->CanReviewArtwork ?? false;
+	$isAdminView = Session::$User->Benefits->CanReviewOwnArtwork ?? false;
 
 	// If the artwork is not approved, and we're not an admin or the submitter when they can edit, don't show it.
 	if(
-		($GLOBALS['User'] === null && $artwork->Status != Enums\ArtworkStatusType::Approved)
+		(Session::$User === null && $artwork->Status != Enums\ArtworkStatusType::Approved)
 		||
-		($GLOBALS['User'] !== null && $artwork->Status != Enums\ArtworkStatusType::Approved && $artwork->SubmitterUserId != $GLOBALS['User']->UserId && !$isReviewerView)
+		(Session::$User !== null && $artwork->Status != Enums\ArtworkStatusType::Approved && $artwork->SubmitterUserId != Session::$User->UserId && !$isReviewerView)
 	){
 		throw new Exceptions\InvalidPermissionsException();
 	}
@@ -164,20 +164,20 @@ catch(Exceptions\InvalidPermissionsException){
 			<?= Formatter::MarkdownToHtml($artwork->Notes) ?>
 		<? } ?>
 
-		<? if($artwork->CanBeEditedBy($GLOBALS['User'])){ ?>
+		<? if($artwork->CanBeEditedBy(Session::$User)){ ?>
 			<h2>Edit artwork</h2>
 			<p>An editor or the submitter may edit this artwork before it’s approved. Once it’s approved, it can no longer be edited.</p>
 			<p><a href="<?= $artwork->EditUrl ?>">Edit this artwork.</a></p>
 		<? } ?>
 
-		<? if($artwork->CanStatusBeChangedBy($GLOBALS['User']) || $artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){ ?>
+		<? if($artwork->CanStatusBeChangedBy(Session::$User) || $artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
 			<h2>Editor options</h2>
-			<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'])){ ?>
+			<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
 				<p>Review the metadata and PD proof for this artwork submission. Approve to make it available for future producers. Once an artwork is approved, it can no longer be edited.</p>
 			<? } ?>
 			<form method="post" action="<?= $artwork->Url ?>" autocomplete="off">
 				<input type="hidden" name="_method" value="PATCH" />
-				<? if($artwork->CanStatusBeChangedBy($GLOBALS['User'])){ ?>
+				<? if($artwork->CanStatusBeChangedBy(Session::$User)){ ?>
 					<label>
 						<span>Artwork approval status</span>
 						<span>
@@ -191,7 +191,7 @@ catch(Exceptions\InvalidPermissionsException){
 				<? }else{ ?>
 					<input type="hidden" name="artwork-status" value="<?= Formatter::EscapeHtml($artwork->Status->value ?? '') ?>" />
 				<? } ?>
-				<? if($artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){ ?>
+				<? if($artwork->CanEbookUrlBeChangedBy(Session::$User)){ ?>
 					<label>
 						<span>In use by</span>
 						<span>The full S.E. ebook URL. If not in use, leave this blank.</span>
diff --git a/www/artworks/index.php b/www/artworks/index.php
index ca01db6e..da71d23f 100644
--- a/www/artworks/index.php
+++ b/www/artworks/index.php
@@ -11,8 +11,8 @@ $totalArtworkCount = 0;
 $pageDescription = '';
 $pageTitle = '';
 $queryString = '';
-$isReviewerView = $GLOBALS['User']?->Benefits?->CanReviewArtwork ?? false;
-$submitterUserId = $GLOBALS['User']?->Benefits?->CanUploadArtwork ? $GLOBALS['User']->UserId : null;
+$isReviewerView = Session::$User?->Benefits?->CanReviewArtwork ?? false;
+$submitterUserId = Session::$User?->Benefits?->CanUploadArtwork ? Session::$User->UserId : null;
 $isSubmitterView = !$isReviewerView && $submitterUserId !== null;
 
 try{
@@ -132,7 +132,7 @@ catch(Exceptions\PageOutOfBoundsException){
 <main class="artworks">
 	<section class="narrow">
 		<h1>Browse U.S. Public Domain Artwork</h1>
-		<p><? if($GLOBALS['User']?->Benefits->CanUploadArtwork){ ?><a href="/artworks/new">Submit new public domain artwork.</a><? }else{ ?>You can help Standard Ebooks by <a href="/artworks/new">submitting new public domain artwork</a> to add to this catalog for use in future ebooks. For free access to the submission form, <a href="/about#editor-in-chief">contact the Editor-in-Chief</a>.<? } ?></p>
+		<p><? if(Session::$User?->Benefits->CanUploadArtwork){ ?><a href="/artworks/new">Submit new public domain artwork.</a><? }else{ ?>You can help Standard Ebooks by <a href="/artworks/new">submitting new public domain artwork</a> to add to this catalog for use in future ebooks. For free access to the submission form, <a href="/about#editor-in-chief">contact the Editor-in-Chief</a>.<? } ?></p>
 		<form class="browse-artwork" action="/artworks" method="get" rel="search">
 			<label>
 				<span>Status</span>
diff --git a/www/artworks/new.php b/www/artworks/new.php
index 698a535c..1811447a 100644
--- a/www/artworks/new.php
+++ b/www/artworks/new.php
@@ -10,11 +10,11 @@ $exception = $_SESSION['exception'] ?? null;
 $artwork = $_SESSION['artwork'] ?? null;
 
 try{
-	if($GLOBALS['User'] === null){
+	if(Session::$User === null){
 		throw new Exceptions\LoginRequiredException();
 	}
 
-	if(!$GLOBALS['User']->Benefits->CanUploadArtwork){
+	if(!Session::$User->Benefits->CanUploadArtwork){
 		throw new Exceptions\InvalidPermissionsException();
 	}
 
@@ -35,7 +35,7 @@ try{
 		$artwork = new Artwork();
 		$artwork->Artist = new Artist();
 
-		if($GLOBALS['User']->Benefits->CanReviewOwnArtwork){
+		if(Session::$User->Benefits->CanReviewOwnArtwork){
 			$artwork->Status = Enums\ArtworkStatusType::Approved;
 		}
 	}
diff --git a/www/artworks/post.php b/www/artworks/post.php
index b10d6361..7fe1102f 100644
--- a/www/artworks/post.php
+++ b/www/artworks/post.php
@@ -9,30 +9,30 @@ try{
 		throw new Exceptions\InvalidRequestException('File upload too large.');
 	}
 
-	if($GLOBALS['User'] === null){
+	if(Session::$User === null){
 		throw new Exceptions\LoginRequiredException();
 	}
 
 	// POSTing a new artwork
 	if($httpMethod == Enums\HttpMethod::Post){
-		if(!$GLOBALS['User']->Benefits->CanUploadArtwork){
+		if(!Session::$User->Benefits->CanUploadArtwork){
 			throw new Exceptions\InvalidPermissionsException();
 		}
 
 		$artwork = new Artwork();
 		$artwork->FillFromHttpPost();
 
-		$artwork->SubmitterUserId = $GLOBALS['User']->UserId ?? null;
+		$artwork->SubmitterUserId = Session::$User->UserId ?? null;
 
 		// Only approved reviewers can set the status to anything but unverified when uploading.
 		// The submitter cannot review their own submissions unless they have special permission.
-		if($artwork->Status !== Enums\ArtworkStatusType::Unverified && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){
+		if($artwork->Status !== Enums\ArtworkStatusType::Unverified && !$artwork->CanStatusBeChangedBy(Session::$User)){
 			throw new Exceptions\InvalidPermissionsException();
 		}
 
 		// If the artwork is approved, set the reviewer.
 		if($artwork->Status !== Enums\ArtworkStatusType::Unverified){
-			$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
+			$artwork->ReviewerUserId = Session::$User->UserId;
 		}
 
 		$artwork->Create(HttpInput::File('artwork-image'));
@@ -48,7 +48,7 @@ try{
 	if($httpMethod == Enums\HttpMethod::Put){
 		$originalArtwork = Artwork::GetByUrl(HttpInput::Str(GET, 'artist-url-name'), HttpInput::Str(GET, 'artwork-url-name'));
 
-		if(!$originalArtwork->CanBeEditedBy($GLOBALS['User'])){
+		if(!$originalArtwork->CanBeEditedBy(Session::$User)){
 			throw new Exceptions\InvalidPermissionsException();
 		}
 
@@ -62,11 +62,11 @@ try{
 
 		$newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? '');
 		if($newStatus !== null){
-			if($originalArtwork->Status != $newStatus && !$originalArtwork->CanStatusBeChangedBy($GLOBALS['User'])){
+			if($originalArtwork->Status != $newStatus && !$originalArtwork->CanStatusBeChangedBy(Session::$User)){
 				throw new Exceptions\InvalidPermissionsException();
 			}
 
-			$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
+			$artwork->ReviewerUserId = Session::$User->UserId;
 			$artwork->Status = $newStatus;
 		}
 
@@ -93,11 +93,11 @@ try{
 		if(isset($_POST['artwork-status'])){
 			$newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? '');
 			if($newStatus !== null){
-				if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy($GLOBALS['User'])){
+				if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy(Session::$User)){
 					throw new Exceptions\InvalidPermissionsException();
 				}
 
-				$artwork->ReviewerUserId = $GLOBALS['User']->UserId;
+				$artwork->ReviewerUserId = Session::$User->UserId;
 
 				$artwork->Status = $newStatus;
 			}
@@ -108,7 +108,7 @@ try{
 
 		if(isset($_POST['artwork-ebook-url'])){
 			$newEbookUrl = HttpInput::Str(POST, 'artwork-ebook-url');
-			if($artwork->EbookUrl != $newEbookUrl && !$artwork->CanEbookUrlBeChangedBy($GLOBALS['User'])){
+			if($artwork->EbookUrl != $newEbookUrl && !$artwork->CanEbookUrlBeChangedBy(Session::$User)){
 				throw new Exceptions\InvalidPermissionsException();
 			}
 
diff --git a/www/bulk-downloads/collection.php b/www/bulk-downloads/collection.php
index 6c52ec58..182062de 100644
--- a/www/bulk-downloads/collection.php
+++ b/www/bulk-downloads/collection.php
@@ -9,7 +9,7 @@ if($class === null || ($class != 'authors' && $class != 'collections' && $class
 	Template::Emit404();
 }
 
-if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
+if(Session::$User?->Benefits->CanBulkDownload){
 	$canDownload = true;
 }
 
diff --git a/www/bulk-downloads/download.php b/www/bulk-downloads/download.php
index a75d545e..e03c9e84 100644
--- a/www/bulk-downloads/download.php
+++ b/www/bulk-downloads/download.php
@@ -10,7 +10,7 @@ try{
 		throw new Exceptions\InvalidFileException();
 	}
 
-	if($GLOBALS['User'] === null){
+	if(Session::$User === null){
 		throw new Exceptions\LoginRequiredException();
 	}
 
@@ -18,7 +18,7 @@ try{
 		throw new Exceptions\InvalidPermissionsException();
 	}
 
-	if(!$GLOBALS['User']->Benefits->CanBulkDownload){
+	if(!Session::$User->Benefits->CanBulkDownload){
 		throw new Exceptions\InvalidPermissionsException();
 	}
 
diff --git a/www/bulk-downloads/get.php b/www/bulk-downloads/get.php
index 7949fe04..618d65b6 100644
--- a/www/bulk-downloads/get.php
+++ b/www/bulk-downloads/get.php
@@ -8,7 +8,7 @@ $authorUrlName = HttpInput::Str(GET, 'author');
 $canDownload = false;
 
 try{
-	if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
+	if(Session::$User?->Benefits->CanBulkDownload){
 		$canDownload = true;
 	}
 
diff --git a/www/bulk-downloads/index.php b/www/bulk-downloads/index.php
index 376dba4f..0b446d9f 100644
--- a/www/bulk-downloads/index.php
+++ b/www/bulk-downloads/index.php
@@ -1,6 +1,6 @@
 <?
 $canDownload = false;
-if($GLOBALS['User'] !== null && $GLOBALS['User']->Benefits->CanBulkDownload){
+if(Session::$User?->Benefits->CanBulkDownload){
 	$canDownload = true;
 }
 
diff --git a/www/ebooks/download.php b/www/ebooks/download.php
index 8eee98aa..ad1c427b 100644
--- a/www/ebooks/download.php
+++ b/www/ebooks/download.php
@@ -5,7 +5,7 @@ use Safe\DateTimeImmutable;
 
 $ebook = null;
 $downloadCount = $_COOKIE['download-count'] ?? 0;
-$showThankYouPage = $GLOBALS['User'] === null && $downloadCount < 5;
+$showThankYouPage = Session::$User === null && $downloadCount < 5;
 $downloadUrl = null;
 
 try{
diff --git a/www/feeds/atom/index.php b/www/feeds/atom/index.php
index 2f389fd7..16d14fe7 100644
--- a/www/feeds/atom/index.php
+++ b/www/feeds/atom/index.php
@@ -15,7 +15,8 @@
 				</li>
 				<li>
 					<p><a href="/feeds/atom/all">All ebooks</a></p>
-					<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/atom/all</p>
+					<p class="url">
+						<? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/atom/all</p>
 					<p>All Standard Ebooks, most-recently-released first.</p>
 				</li>
 			</ul>
diff --git a/www/feeds/collection.php b/www/feeds/collection.php
index 23f9f3fe..2b1d5876 100644
--- a/www/feeds/collection.php
+++ b/www/feeds/collection.php
@@ -41,7 +41,7 @@ catch(Safe\Exceptions\ApcuException){
 				<? foreach($feeds as $feed){ ?>
 				<li>
 					<p><a href="<?= Formatter::EscapeHtml($feed->Url) ?>"><?= Formatter::EscapeHtml($feed->Label) ?></a></p>
-					<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?><?= Formatter::EscapeHtml($feed->Url) ?></p>
+					<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?><?= Formatter::EscapeHtml($feed->Url) ?></p>
 				</li>
 				<? } ?>
 			</ul>
diff --git a/www/feeds/download.php b/www/feeds/download.php
index 7a80e734..5d84bfc1 100644
--- a/www/feeds/download.php
+++ b/www/feeds/download.php
@@ -33,7 +33,7 @@ try{
 		}
 
 		if(!$isUserAgentAllowed){
-			if($GLOBALS['User'] === null){
+			if(Session::$User === null){
 				throw new Exceptions\LoginRequiredException();
 			}
 
@@ -41,7 +41,7 @@ try{
 				throw new Exceptions\InvalidPermissionsException();
 			}
 
-			if(!$GLOBALS['User']->Benefits->CanAccessFeeds){
+			if(!Session::$User->Benefits->CanAccessFeeds){
 				throw new Exceptions\InvalidPermissionsException();
 			}
 		}
diff --git a/www/feeds/get.php b/www/feeds/get.php
index 2ff9cf4b..2e8e10e6 100644
--- a/www/feeds/get.php
+++ b/www/feeds/get.php
@@ -82,7 +82,7 @@ catch(Exceptions\CollectionNotFoundException){
 				<ul class="feed">
 					<li>
 						<p><a href="/feeds/<?= $type ?>/<?= $name ?>/<?= $target?>"><?= Formatter::EscapeHtml($label) ?></a></p>
-						<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/<?= $type ?>/<?= $name ?>/<?= $target?></p>
+						<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/<?= $type ?>/<?= $name ?>/<?= $target?></p>
 					</li>
 				</ul>
 			</section>
diff --git a/www/feeds/index.php b/www/feeds/index.php
index 31244fc0..38361b2c 100644
--- a/www/feeds/index.php
+++ b/www/feeds/index.php
@@ -17,7 +17,7 @@
 			<ul class="feed">
 				<li>
 					<p><a href="/feeds/opds">The Standard Ebooks OPDS feed</a></p>
-					<p class="url"><? if($GLOBALS['User'] !== null){ ?>https://<?= rawurlencode($GLOBALS['User']->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/opds</p>
+					<p class="url"><? if(isset(Session::$User->Email)){ ?>https://<?= rawurlencode(Session::$User->Email) ?>@<?= SITE_DOMAIN ?><? }else{ ?><?= SITE_URL ?><? } ?>/feeds/opds</p>
 				</li>
 			</ul>
 		</section>
diff --git a/www/polls/get.php b/www/polls/get.php
index 26aff60f..aec3337b 100644
--- a/www/polls/get.php
+++ b/www/polls/get.php
@@ -1,22 +1,20 @@
 <?
-use Safe\DateTimeImmutable;
-
 $poll = new Poll();
-$canVote = true; // Allow non-logged-in users to see the 'vote' button
+$canVote = true; // Allow non-logged-in users to see the 'vote' button.
 
 try{
 	$poll = Poll::GetByUrlName(HttpInput::Str(GET, 'pollurlname'));
 
 	if(!$poll->IsActive() && $poll->End !== null && $poll->End < NOW){
-		// If the poll ended, redirect to the results
+		// If the poll ended, redirect to the results.
 		header('Location: ' . $poll->Url . '/votes');
 		exit();
 	}
 
-	if(isset($GLOBALS['User'])){
-		$canVote = false; // User is logged in, hide the vote button unless they haven't voted yet
+	if(Session::$User !== null){
+		$canVote = false; // User is logged in, hide the vote button unless they haven't voted yet.
 		try{
-			PollVote::Get($poll->UrlName, $GLOBALS['User']->UserId);
+			PollVote::Get($poll->UrlName, Session::$User->UserId);
 		}
 		catch(Exceptions\AppException){
 			// User has already voted
@@ -42,7 +40,7 @@ catch(Exceptions\AppException){
 			<? } ?>
 			<p class="button-row narrow">
 				<? if($canVote){ ?>
-				<a href="<?= $poll->Url ?>/votes/new" class="button">Vote now</a>
+					<a href="<?= $poll->Url ?>/votes/new" class="button">Vote now</a>
 				<? } ?>
 				<a href="<?= $poll->Url ?>/votes" class="button">View results</a>
 			</p>
diff --git a/www/polls/votes/new.php b/www/polls/votes/new.php
index d90e9085..8015b584 100644
--- a/www/polls/votes/new.php
+++ b/www/polls/votes/new.php
@@ -9,7 +9,7 @@ $vote = new PollVote();
 $exception = $_SESSION['exception'] ?? null;
 
 try{
-	if($GLOBALS['User'] === null){
+	if(Session::$User === null){
 		throw new Exceptions\LoginRequiredException();
 	}
 
@@ -19,14 +19,14 @@ try{
 	}
 
 	if(!isset($vote->UserId)){
-		$vote->UserId = $GLOBALS['User']->UserId;
-		$vote->User = $GLOBALS['User'];
+		$vote->UserId = Session::$User->UserId;
+		$vote->User = Session::$User;
 	}
 
 	$poll = Poll::GetByUrlName(HttpInput::Str(GET, 'pollurlname'));
 
 	try{
-		$vote = PollVote::Get($poll->UrlName, $GLOBALS['User']->UserId);
+		$vote = PollVote::Get($poll->UrlName, Session::$User->UserId);
 
 		// Vote was found, don't allow another vote
 		throw new Exceptions\PollVoteExistsException($vote);
diff --git a/www/sessions/new.php b/www/sessions/new.php
index 95c50e52..393e50d9 100644
--- a/www/sessions/new.php
+++ b/www/sessions/new.php
@@ -3,7 +3,7 @@ use function Safe\session_unset;
 
 session_start();
 
-if($GLOBALS['User'] !== null){
+if(Session::$User !== null){
 	header('Location: /');
 	exit();
 }