From b0637405479619ffbb132b415b7a3228660e8848 Mon Sep 17 00:00:00 2001
From: Sky Johnson <skylearj@gmail.com>
Date: Fri, 27 Sep 2024 18:45:33 -0500
Subject: [PATCH] initial commit

---
 .env                              |   9 +
 color.php                         |  15 +
 database/auth.db                  | Bin 0 -> 36864 bytes
 database/blueprints.db            | Bin 0 -> 16384 bytes
 database/fights.db                | Bin 0 -> 24576 bytes
 database/live.db                  | Bin 0 -> 77824 bytes
 database/scripts/create.php       | 540 ++++++++++++++++++++++++++++++
 docs/TODO.md                      |   4 +
 docs/items.md                     |   3 +
 public/index.php                  |  23 ++
 src/auth.php                      | 206 ++++++++++++
 src/bootstrap.php                 |  34 ++
 src/database.php                  |  79 +++++
 src/env.php                       |  40 +++
 src/helpers.php                   | 110 ++++++
 src/models/fights.php             |   3 +
 src/models/items.php              |  66 ++++
 src/models/player.php             |  37 ++
 src/models/session.php            |  50 +++
 src/models/token.php              |  50 +++
 src/models/user.php               |  37 ++
 src/router.php                    | 130 +++++++
 templates/layouts/basic.php       |  23 ++
 templates/pages/auth/login.php    |  19 ++
 templates/pages/auth/register.php |  19 ++
 templates/pages/home.php          |  11 +
 26 files changed, 1508 insertions(+)
 create mode 100644 .env
 create mode 100644 color.php
 create mode 100644 database/auth.db
 create mode 100644 database/blueprints.db
 create mode 100644 database/fights.db
 create mode 100644 database/live.db
 create mode 100644 database/scripts/create.php
 create mode 100644 docs/TODO.md
 create mode 100644 docs/items.md
 create mode 100644 public/index.php
 create mode 100644 src/auth.php
 create mode 100644 src/bootstrap.php
 create mode 100644 src/database.php
 create mode 100644 src/env.php
 create mode 100644 src/helpers.php
 create mode 100644 src/models/fights.php
 create mode 100644 src/models/items.php
 create mode 100644 src/models/player.php
 create mode 100644 src/models/session.php
 create mode 100644 src/models/token.php
 create mode 100644 src/models/user.php
 create mode 100644 src/router.php
 create mode 100644 templates/layouts/basic.php
 create mode 100644 templates/pages/auth/login.php
 create mode 100644 templates/pages/auth/register.php
 create mode 100644 templates/pages/home.php

diff --git a/.env b/.env
new file mode 100644
index 0000000..9ec955f
--- /dev/null
+++ b/.env
@@ -0,0 +1,9 @@
+debug = true
+open = true
+world_size = 250
+exp_modifier = 1
+silver_modifier = 1
+allow_pvp = true
+allow_registration = true
+start_silver = 100
+sp_per_level = 5
diff --git a/color.php b/color.php
new file mode 100644
index 0000000..ea3c0f3
--- /dev/null
+++ b/color.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * A collection of functions to colorize the output of the terminal.
+ */
+
+function c(string $c, string $s): string { return $c . $s . "\033[0m"; }
+function black(string $s): string { return c("\033[30m", $s); }
+function red(string $s): string { return c("\033[31m", $s); }
+function green(string $s): string { return c("\033[32m", $s); }
+function yellow(string $s): string { return c("\033[33m", $s); }
+function blue(string $s): string { return c("\033[34m", $s); }
+function magenta(string $s): string { return c("\033[35m", $s); }
+function cyan(string $s): string { return c("\033[36m", $s); }
+function white(string $s): string { return c("\033[37m", $s); }
diff --git a/database/auth.db b/database/auth.db
new file mode 100644
index 0000000000000000000000000000000000000000..3831452d27a079cbe8bc987b407d74ee1f6daeef
GIT binary patch
literal 36864
zcmeI)PjA|090zb462MUild8&!rc9p1AyJaX|F9tvO1;Eg-G)CQrfYgZ1{*>FJH;e~
zBhy|<uRZUw-Fw@+*bC@o(stWp6EskRa_FHF`&#fkj~_n|{ym?^LVCdR`PpfE;BZZ^
z-?IjsM14ciH1(9@D2ih4-XsgRC`niD%0WiYlou5l>WTYXGW9o=SpPt6_^Cfq?>D|r
zTFFoAACmH-PN;_f1Rwwb2tWV=5P$##{`UgoSUk>dZqnn{z^Zqhf!A?df08DSE4pUt
zoT>eAs&kV%ZhMVku6?IpYulVrH1!|#3Rf(dT(Nq3x<`(M%{WtkO{(syxoXiktLnkg
zM&Gdp&gVVXn4R53j6K?<skUo7xBj~>SwPjS>wy>U*CuDL36q=|udl}0tu1=o38VHM
z-*0=aKh0xvkxy&CFm~tms@-?|&qhsRKZwQH<E=%pPtRWyrloj!CC2XV(ifBHCxi8!
zch`>FaPG!F-Cdm@%Y55y*XlWYr0LGjdvu&-S^5_>{LEmA{4j~k^$)8;h?)5-SB!#I
zx!_*v7o1i#OGc6ODd<Hrn6jWpaF&I0dS&_k(Cgdt4T7#t&uVw)t7onSGP#!l=6~18
ziT+Hho|+s#d#Rj|OVBh5IyXIfT&+|{Y_*{B+|&x?pmo>s2eq!(YP;OS9mtIBL}P58
zT{L5%QcVoAm7U1LO@**&u$E5*-zZ7)j%>WAQWcV5g8&2|009U<00Izz00bZa0SJ6G
zf$@HXp&pM*M+r&tJ0me|^;@1Rw(ayyUdW|;c_ovPl)XV--n+^RX`^R2-B*`o_twsu
zo#8?6tXmyvX_3Dib#IJ9r!I}2`^M$4Jvh+}<EE4S$tx)@hT5oNo}F7tv!Riby!9?!
z-*cb#+Ks;Fd(FX<hSw8CUX=Iw+`g!Cf_f+khjQkgs_`z(P>;r?{3PB7!tJ-7+hzWu
z-g{PP%G$YGZ{3P-&eCta*A=Dp(k+z><*eZqMlWu&)dTf{zk0>1Z%$0@dT95Rl6_?l
z7lu0%t#T-fhk`O2?OoLxnb%0_6P5ahB-kJT0SG_<0uX=z1Rwwb2tWV=5LgO<MD#Ho
z{E8BZMISMwFj@b9q*8yTJ}$)oF$f4i00Izz00bZa0SG_<0uX?}(h6)vkAhYG{kJVd
zzK!OCrT)D~gZuyK)L#^NVS@k!AOHafKmY;|fB*y_009U<V3`CMI?B@Fa{wa2`ky@X
zk4pWzOasJNAOHafKmY;|fB*y_009U<00K)OV9=|~IJsg=Sy@rDjZ9M}4=%{%vWio0
zShm2+xolk!<&2{6d|i@7LCiRUm{V0%%BW3VmU7K{T~b@$4Yz~)|HJkF?@Qo<AwU2E
z5P$##AOHafKmY;|fB*!RPvB%_oMgWAH-PE?|I5dN5kUX~5P$##AOHafKmY;|fB*y_
jFcp~o|3BSF4gm;200Izz00bZa0SG_<0uX?}@(KJ4jupVT

literal 0
HcmV?d00001

diff --git a/database/blueprints.db b/database/blueprints.db
new file mode 100644
index 0000000000000000000000000000000000000000..16c4108939c89ac62046aa5063ea80f7928c814b
GIT binary patch
literal 16384
zcmeH~L2KJE7>4bntRyTj1|e6`Q%cJijNRw8-UxHj%ynQn1=UejQ`<@;IctAFFYTY&
zPn(>zVM^p~hwZTN3KU~~?<Ysk_q_+5e-0AG$c&4OD)Pp8;kd5zju6LjYI^SJ`8YP;
z-N(Qa&zkcpc3WCdZ+4y5%je(q0|Nv=00ck)1V8`;K;S<haNDl$ciL_DuBGTj$})Z-
z%ei+F`d;Ld$a^37q+B80W}}fzNpBGOAN`OF!(QJD$K;bgCf+DI>kV{D-ycNBT9?y|
zk;wlNk-?dsqaY|()y<r(^M4HpnqOH1DO<AC8o8WXmos`jsR~tRWcJXUe`CV>8O4jQ
zmpPNt8l@uR_Pn`ZaUv6*Tk~R(C~IKG1dkJSV+}47MboO_wf$r=NtYEzOF38DrAxW6
z6f_o$DmEpjx>cfH-zTU32X7Qa<YW|vx)mnn;(6rthh_PT`ScIf&Bo!d_N;Ss<c?Qe
zDHr;HY$DmBV0p|oUh77$ZUnn!D<132!`mx&ztics_itBw>J2lw`l%WDtEIoy?1lx_
zbY7P<1l85vuBa(m(zMvNjHzL>8H<%PYqpjg9F!l6c`l2rH278vt(8Cj6<a*Llid^M
zCe`jRb#|Yanrg?GI;(d~Nu`TSS*4#$nG!Vl4fSo)thab5%fItac{kUWehd%*0T2KI
z5C8!X009sH0T2KI5CDN4CV>0@4i^_k0|5{K0T2KI5C8!X009sH0T2Lz2LibNqZL2^
Z1V8`;KmY_l00ck)1V8`;Kw$R?`~V`sq`UwC

literal 0
HcmV?d00001

diff --git a/database/fights.db b/database/fights.db
new file mode 100644
index 0000000000000000000000000000000000000000..a6c2a1726084637bccca9617b8f4c95d6c244d92
GIT binary patch
literal 24576
zcmeI#%Wm306b4{B38a7`CCVbJNV80osA^oP>ypH+P=Qclq@pfHjv0d`upQgvvSgQS
zA0e;P=japk2|B~YB7nzkrAQU}Q6gXFcx1kFd>CJUtvV4SwigV{h`d*J6;)L}5~3)4
zS5fl(fA$f_TeAbcRp<7Tc6XJxmbz2=spQmWrSy>dtv(lj6&p$6IKL$DR4;5F?C+~T
zHY4+<&-^=||K%^5dfCv4Q9iHggr6Ws#X`a9kV@UqKkH4>XjW?FW}AG`+oaqwt}1nY
zMNO|8r##N@n~y9wqjT}~D}&Tq)$06k&yS~DH9RmMXj(}63<G(H@7=RNdK-~9?Dkw1
zhSDfA7<lq|{D4_b=y<Ml9xHGnX@JcF&vK$iY0#Y$nSFVXCeMy0r`Kp|c6f-4elkN!
zNLqF@nk73LP0Nl(vt&o3DcR9zhU{omnjPB-!iYx0V0E3W93UNLo5OxY&cx$&@3`)Y
znvR3si6ARrX2d$=l0W4}rKXch{ZqMBHONJ)+2oHg6(_Haa;+hvhkhqxbg^*!^!?4G
zp&U*d3hyawW1*q2e`qN3ij@~^dcDfab$q?FT4`FbW~$ZHQq5GUX@#1lPUU4f@NSaQ
zA%+tAwiuE$j`8s7rZKxRAq8SM*<Xyx8-<8SZW80!rR`fpBsK>zC~XWP;D2ZecAv4O
z-<7y;jGGG!Ez{?HW3~>M{cy)ouiafnd!_Az!$Wm6oGn*q-|L2ai89{i7W&NO>|Zq-
z+v)bAq~dm5+areljjv{=D;nPMMtjAV_r#|6G}&$~+|%UjE8kONBY$vmqPE9M;VoYc
zFdDMkA#*LZaJc#6{uTz0Tywxq`IX0fasFXx^@tM?fB*y%1$M-Uc(ca`0uX=z1Rwwb
z2tWV=5P$##AOL~26~O!d+NKs?3<3~<00bZa0SG_<0uX=z1RxL#;Qc?Qzzzf;009U<
z00Izz00bZa0SG`~Z3XcDzqYBx7lQx<AOHafKmY;|fB*y_009WZ0(k$ADX;?p2tWV=
T5P$##AOHafKmY;|SX+TV!#xVL

literal 0
HcmV?d00001

diff --git a/database/live.db b/database/live.db
new file mode 100644
index 0000000000000000000000000000000000000000..1296611ca7b950d04ecaba2324fda34964e854c0
GIT binary patch
literal 77824
zcmeI&+iTla9Kdm_NuxMzE^8>JE2W~Pw54UV8{Gz@u&nh)Xp&~Bv#pe26z4cmCrgeb
z=fe7u^a8uU{-8bWasNTt{)0X5X?vN@k>gphEx8a4F}?vOvUGCv)8}05qn{pqzF-By
zsJmXn42<^*GX+g6d~6tnLSZ_5&4#bTANhXt@J;wv>)IZ)IbC?Crk#|9r~j5^-irPV
zD$afc5I_I{1Q0*~0R#|0009ILIDUa?eNt9BbNn?^BLWB@fB*srAb<b@2q1s}0tn<s
zfc1ZV+JZ<BKmY**5I_I{1Q0*~0R#}pN`Uo$R<hKK00IagfB*srAb<b@2q1t!egs(m
z=cg@*1OWsPKmY**5I_I{1Q0*~fvf~r|7Rsjy$B$H00IagfB*srAb<b@2;@hA^?!ca
zf=CcR009ILKmY**5I_I{1Q5tdfc1Y?veb(J0tg_000IagfB*srAb>!A1X%y)r!9yC
z0R#|0009ILKmY**5I_KdtOQv9XC+I$2q1s}0tg_000IagfB*sr<VS$@e}3A6NDx2(
z0R#|0009ILKmY**5Xee^^?z2f)QbQD2q1s}0tg_000IagfIxl(SpVmzEr<jG1Q0*~
z0R#|0009ILKmdWP1X%xPB}=^sAb<b@2q1s}0tg_000Ic)M?kLsb^Tdka`yBu#XpLz
z@z?ra`m?bwM}HcroY1r{3gyDxq-e*ZgZc+ag*b))0tg_000JF>XS!axaz)$!C@|M-
zv1U5oi1n%!h=$+2J$`ScJXa|jmAOwA%0~AQ<Jv^A*tE?(;Z?15V}7Yp{;a%WEIq6k
zOREbDH^ZZ{wtmMZir4p_jOnGbXSL_&I;WSF>piC%;xxYP27XTf#{KfAbE^v#<Bkl)
zx9n}<4K8#`77DDSBDd8gIf3wmA0*TyukP)Wdg<Ib?O<A6-HvJ7B8YyE#jY^gH_SDr
z#D7~|fFGFNhG--Q=a1^8ix;*1J1REI*%nUVdV8IXld%XpyN3uep}k*LM)cC<%i8y@
zI%~V%YzWiq+8m9Yx$D3X=iU@%Zzt^Z0i{#hOl~;YzH4q`UsCmKn$CJce^X@|rsY&+
z!GyMu=X2}zVTySzN2Ju`S<XgEk*2$o)WKEYf!o^HbcCOFfu`4R)5cTN6E(}XTqh;2
znr9^qDCtxeo?Ekmy_A}^t-!R?i#5#M>Si;gE?KCNR45$i%O}Q4H*RQ;Rj2m1!c&W?
zFSc63sfi<RM`E4($iZul*$_9w|GfV4siv3CpVxl4(KS%~Xe{_AVs*54s=?7U123=4
zFV3wzHXf888*{6bhx1F}e=U}mD$=p#51y`N3`V8=RXBlnP2x4%?9&-!UAEX3_FzOc
zU+yLW%1U;d)xfQ$Rdp*Gz%9=UC#%G!d$&FOk{dWGRcqIm)XLGsn${PhQjD*Pq4>iO
zjcUrL^6gvU@FD--`8vi10tg_000IagfB*srAb<b@|62jM{x6RFT$uWOa`x2giI>IS
z#(&kn8~Zcd#Sa1q<X7O;`!jl}RMLKY5T%i1;!tG|XJhxM)vh<XL*4%_bg<Vva&J1G
z+wsgWhme*XsJmfyEG;9m)fy&)ux;9{w2X|X*F`PNOvY}hcf!7ON#6dhxsKmz$PDb@
z8|mtnswcLRYvSf}`{r}tnO2Ir?RtZHQ@dF_VFqDWxgX}fEAxxxPOIHpU0DfJDOI`i
zQDts%StV7P>qC~7x#2U@dg;OiZGT4%oWR|2s-9>b{yh^LK8JgUNPw!MU1^~198Oq&
zLiY-TI=DNf((y08RzW$<nlE27v0&t$;~L8S9vA3smG%e;Gxxq3$UI_fD5>;O&vnVY
zy%T||DZ55Jn3~i}SFdW%pD4eLmSwM38=|omMjm@J6%&meQnb;Y0nOOXhz~gGh0jm)
z)ktoADYNc6sskTwl}@);Q_xe_a)ufcvX@^wt@8Z`r7jQ|VVgs3PWHi22hu49UTpu5
zkEZY%mM>G$M<!9(_m@wphc#Y&`){aGl>X`70FPq?^mg<PbTs|g;lm7r^Rz=f%aY#c
zwG4;DhZE6s@<@?dj^oSMsTil+^WRS=yM2eqfC<Cx^Po@0Gs*LEQGKs^6+X!jek<@d
z-KMX8O~mlju6*l7U;TP!Z28Pj?>ycJ=O529?IXieVz0IKsttGDswY346+I&03)>#P
zbe2Ql(zt5J7nfB#%1>us{VK-VQSCa0c6^g=t-ebio$94@@4S?8XD9!k-vu6#A%Fk^
s2q1s}0tg_000Iaga9jec|Bp+OdJsSW0R#|0009ILKmY**5Xi5<KTX}<o&W#<

literal 0
HcmV?d00001

diff --git a/database/scripts/create.php b/database/scripts/create.php
new file mode 100644
index 0000000..7f5076f
--- /dev/null
+++ b/database/scripts/create.php
@@ -0,0 +1,540 @@
+<?php
+
+/*
+	This script is used to create the database and the tables for said database.
+	php create.php <database>
+*/
+
+require_once __DIR__ . '/../../color.php';
+
+const AUTH = 'auth.db';
+const LIVE = 'live.db';
+const FIGHTS = 'fights.db';
+const BPS = 'blueprints.db';
+
+/**
+ * Echo a string with a newline.
+ */
+function eln(string $string): void
+{
+	echo $string . PHP_EOL;
+}
+
+// pick the database to create
+if (!isset($argv[1])) {
+	eln(red('Missing database name.'));
+	eln(blue('Usage: ') . 'php create.php auth.db|live.db|fight.db|blueprints.db [-d]');
+	exit(1);
+}
+
+// make sure it's a valid database
+if (!in_array($argv[1], [AUTH, LIVE, FIGHTS, BPS])) {
+	eln(red('Invalid database: ') . $argv[1]);
+	exit(1);
+}
+
+$database = $argv[1];
+// whether the -d flag is set
+$drop = isset($argv[2]) && $argv[2] === '-d';
+
+/*
+	================================================================================
+	Databases
+	================================================================================
+*/
+
+/*
+	The Auth database is used to store user information - not player info, but user info.
+	Usernames, passwords, email, session tokens, etc.
+*/
+if ($database === AUTH) {
+	if ($drop) {
+		unlink(__DIR__ . '/../' . AUTH);
+		eln(red('Dropped database: ') . 'auth.db');
+	}
+	$db = new SQLite3(__DIR__ . '/../' . AUTH);
+
+	// Users table
+	$db->exec('DROP TABLE IF EXISTS users');
+	$db->exec('CREATE TABLE users (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		email TEXT NOT NULL UNIQUE,
+		password TEXT NOT NULL,
+		auth INT NOT NULL DEFAULT 0,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		last_login DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'users');
+
+	// Sessions table
+	$db->exec('DROP TABLE IF EXISTS sessions');
+	$db->exec('CREATE TABLE sessions (
+		user_id INTEGER NOT NULL,
+		token TEXT NOT NULL UNIQUE,
+		expires INTEGER NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'sessions');
+
+	// Verification tokens
+	$db->exec('DROP TABLE IF EXISTS tokens');
+	$db->exec('CREATE TABLE tokens (
+		user_id INTEGER NOT NULL,
+		token TEXT NOT NULL UNIQUE,
+		created INTEGER NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'tokens');
+
+	eln(green('Created database: ') . 'auth.db');
+
+	exit(0);
+}
+
+/*
+	The Fights database is used to store information about fights.
+	A fight is a battle between two characters; players or NPCs.
+*/
+if ($database === FIGHTS) {
+	if ($drop) {
+		unlink(__DIR__ . '/../' . FIGHTS);
+		eln(red('Dropped database: ') . 'fights.db');
+	}
+	$db = new SQLite3(__DIR__ . '/../' . FIGHTS);
+
+	// PvE fights
+	$db->exec('DROP TABLE IF EXISTS pve');
+	$db->exec('CREATE TABLE pve (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		player_id INTEGER NOT NULL,
+		player_hp INTEGER NOT NULL,
+		player_max_hp INTEGER NOT NULL,
+		player_mp INTEGER NOT NULL,
+		player_max_mp INTEGER NOT NULL,
+		player_power INTEGER NOT NULL,
+		player_toughness INTEGER NOT NULL,
+		player_armor INTEGER NOT NULL,
+		player_precision INTEGER NOT NULL,
+		player_crit INTEGER NOT NULL,
+		player_ferocity INTEGER NOT NULL,
+		player_vitality INTEGER NOT NULL,
+		mob_id INTEGER NOT NULL,
+		mob_level INTEGER NOT NULL,
+		mob_rank INTEGER NOT NULL,
+		mob_hp INTEGER NOT NULL,
+		mob_max_hp INTEGER NOT NULL,
+		mob_mp INTEGER NOT NULL,
+		mob_max_mp INTEGER NOT NULL,
+		mob_power INTEGER NOT NULL,
+		mob_toughness INTEGER NOT NULL,
+		mob_armor INTEGER NOT NULL,
+		mob_precision INTEGER NOT NULL,
+		mob_crit INTEGER NOT NULL,
+		mob_ferocity INTEGER NOT NULL,
+		mob_vitality INTEGER NOT NULL,
+		first_turn INTEGER NOT NULL,
+		turn INTEGER NOT NULL default 1,
+		winner INTEGER NOT NULL default 0,
+		flee INTEGER NOT NULL default 1,
+		escaped INTEGER NOT NULL default 0,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'pve');
+
+	// PvP fights
+	$db->exec('DROP TABLE IF EXISTS pvp');
+	$db->exec('CREATE TABLE pvp (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		player1_id INTEGER NOT NULL,
+		player1_hp INTEGER NOT NULL,
+		player1_max_hp INTEGER NOT NULL,
+		player1_mp INTEGER NOT NULL,
+		player1_max_mp INTEGER NOT NULL,
+		player1_power INTEGER NOT NULL,
+		player1_toughness INTEGER NOT NULL,
+		player1_armor INTEGER NOT NULL,
+		player1_precision INTEGER NOT NULL,
+		player1_crit INTEGER NOT NULL,
+		player1_ferocity INTEGER NOT NULL,
+		player1_vitality INTEGER NOT NULL,
+		player2_id INTEGER NOT NULL,
+		player2_hp INTEGER NOT NULL,
+		player2_max_hp INTEGER NOT NULL,
+		player2_mp INTEGER NOT NULL,
+		player2_max_mp INTEGER NOT NULL,
+		player2_power INTEGER NOT NULL,
+		player2_toughness INTEGER NOT NULL,
+		player2_armor INTEGER NOT NULL,
+		player2_precision INTEGER NOT NULL,
+		player2_crit INTEGER NOT NULL,
+		player2_ferocity INTEGER NOT NULL,
+		player2_vitality INTEGER NOT NULL,
+		first_turn INTEGER NOT NULL,
+		turn INTEGER NOT NULL default 1,
+		winner INTEGER NOT NULL default 0,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'pvp');
+
+	// PvE fight logs
+	$db->exec('DROP TABLE IF EXISTS pve_logs');
+	$db->exec('CREATE TABLE pve_logs (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		fight_id INTEGER NOT NULL,
+		info TEXT NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'pve_logs');
+
+	// PvP fight logs
+	$db->exec('DROP TABLE IF EXISTS pvp_logs');
+	$db->exec('CREATE TABLE pvp_logs (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		fight_id INTEGER NOT NULL,
+		info TEXT NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'pvp_logs');
+
+	eln(green('Created database: ') . 'fights.db');
+
+	exit(0);
+}
+
+/*
+	The Blueprints database is used to store information about items, weapons, armor, etc.
+*/
+if ($database === BPS) {
+	if ($drop) {
+		unlink(__DIR__ . '/../' . BPS);
+		eln(red('Dropped database: ') . 'blueprints.db');
+	}
+
+	$db = new SQLite3(__DIR__ . '/../' . BPS);
+
+	// Items
+	$db->exec('DROP TABLE IF EXISTS items');
+	$db->exec('CREATE TABLE items (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type INTEGER NOT NULL DEFAULT 0,
+		subtype INTEGER NOT NULL DEFAULT 0,
+		slot INTEGER NOT NULL DEFAULT 0,
+		rarity INTEGER NOT NULL DEFAULT 0,
+		value INTEGER NOT NULL DEFAULT 0,
+		consumable INTEGER NOT NULL DEFAULT 0,
+		duration INTEGER NOT NULL DEFAULT 0,
+		durability INTEGER NOT NULL DEFAULT 0,
+		power INTEGER NOT NULL DEFAULT 0,
+		toughness INTEGER NOT NULL DEFAULT 0,
+		armor INTEGER NOT NULL DEFAULT 0,
+		precision INTEGER NOT NULL DEFAULT 0,
+		crit INTEGER NOT NULL DEFAULT 0,
+		ferocity INTEGER NOT NULL DEFAULT 0,
+		vitality INTEGER NOT NULL DEFAULT 0,
+		reqs TEXT NOT NULL DEFAULT "",
+		traits TEXT NOT NULL DEFAULT "",
+		lore TEXT NOT NULL DEFAULT "",
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'items');
+
+	// Mobs
+	$db->exec('DROP TABLE IF EXISTS mobs');
+	$db->exec('CREATE TABLE mobs (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type INTEGER NOT NULL,
+		rank INTEGER NOT NULL,
+		level INTEGER NOT NULL,
+		hp INTEGER NOT NULL,
+		max_hp INTEGER NOT NULL,
+		mp INTEGER NOT NULL,
+		max_mp INTEGER NOT NULL,
+		power INTEGER NOT NULL,
+		toughness INTEGER NOT NULL,
+		armor INTEGER NOT NULL,
+		precision INTEGER NOT NULL,
+		crit INTEGER NOT NULL,
+		ferocity INTEGER NOT NULL,
+		vitality INTEGER NOT NULL,
+		xp INTEGER NOT NULL,
+		silver INTEGER NOT NULL,
+		loot TEXT NOT NULL,
+		lore TEXT NOT NULL,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'mobs');
+
+	eln(green('Created database: ') . 'blueprints.db');
+
+	exit(0);
+}
+
+/*
+	The Live database is used to store information about players, NPCs, guilds, etc.
+*/
+if ($database === LIVE) {
+	if ($drop) {
+		unlink(__DIR__ . '/../' . LIVE);
+		eln(red('Dropped database: ') . 'live.db');
+	}
+
+	$db = new SQLite3(__DIR__ . '/../' . LIVE);
+
+	// Players
+	$db->exec('DROP TABLE IF EXISTS players');
+	$db->exec('CREATE TABLE players (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		user_id INTEGER NOT NULL,
+		name TEXT NOT NULL UNIQUE,
+		title_id INTEGER NOT NULL DEFAULT,
+		level INTEGER NOT NULL DEFAULT 1,
+		xp INTEGER NOT NULL DEFAULT 0,
+		xp_to_level INTEGER NOT NULL DEFAULT 100,
+		current_hp INTEGER NOT NULL DEFAULT 20,
+		max_hp INTEGER NOT NULL DEFAULT 20,
+		current_mp INTEGER NOT NULL DEFAULT 10,
+		max_mp INTEGER NOT NULL DEFAULT 10,
+		current_tp INTEGER NOT NULL DEFAULT 0,
+		max_tp INTEGER NOT NULL DEFAULT 0,
+		power INTEGER NOT NULL DEFAULT 0,
+		toughness INTEGER NOT NULL DEFAULT 0,
+		armor INTEGER NOT NULL DEFAULT 0,
+		precision INTEGER NOT NULL DEFAULT 0,
+		crit INTEGER NOT NULL DEFAULT 0,
+		ferocity INTEGER NOT NULL DEFAULT 0,
+		vitality INTEGER NOT NULL DEFAULT 0,
+		inv_slots INTEGER NOT NULL DEFAULT 10
+	)');
+
+	eln(yellow('Created table: ') . 'players');
+
+	// Player gear
+	$db->exec('DROP TABLE IF EXISTS player_gear');
+	$db->exec('CREATE TABLE player_gear (
+		player_id INTEGER NOT NULL,
+		head INTEGER NOT NULL DEFAULT 0,
+		chest INTEGER NOT NULL DEFAULT 0,
+		boots INTEGER NOT NULL DEFAULT 0,
+		hands INTEGER NOT NULL DEFAULT 0,
+		main_hand INTEGER NOT NULL DEFAULT 0,
+		off_hand INTEGER NOT NULL DEFAULT 0,
+		rune INTEGER NOT NULL DEFAULT 0,
+		ring INTEGER NOT NULL DEFAULT 0,
+		amulet INTEGER NOT NULL DEFAULT 0,
+		power INTEGER NOT NULL DEFAULT 0,
+		toughness INTEGER NOT NULL DEFAULT 0,
+		armor INTEGER NOT NULL DEFAULT 0,
+		precision INTEGER NOT NULL DEFAULT 0,
+		crit INTEGER NOT NULL DEFAULT 0,
+		ferocity INTEGER NOT NULL DEFAULT 0,
+		vitality INTEGER NOT NULL DEFAULT 0,
+		max_hp INTEGER NOT NULL DEFAULT 0,
+		max_mp INTEGER NOT NULL DEFAULT 0,
+		traits TEXT NOT NULL DEFAULT ""
+	)');
+
+	eln(yellow('Created table: ') . 'player_gear');
+
+	// Player inventory
+	$db->exec('DROP TABLE IF EXISTS player_inventory');
+	$db->exec('CREATE TABLE inventory (
+		player_id INTEGER NOT NULL,
+		item_id INTEGER NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'inventory');
+
+	// Player wallet
+	$db->exec('DROP TABLE IF EXISTS player_wallet');
+	$db->exec('CREATE TABLE wallet (
+		player_id INTEGER NOT NULL,
+		silver INTEGER NOT NULL DEFAULT 10,
+		stargem INTEGER NOT NULL DEFAULT 0
+	)');
+
+	eln(yellow('Created table: ') . 'wallet');
+
+	// Player bank
+	$db->exec('DROP TABLE IF EXISTS player_bank');
+	$db->exec('CREATE TABLE bank (
+		player_id INTEGER NOT NULL,
+		slots INTEGER NOT NULL DEFAULT 5,
+		silver INTEGER NOT NULL DEFAULT 0,
+		tier INTEGER NOT NULL DEFAULT 1,
+		interest INTEGER NOT NULL DEFAULT 0
+	)');
+
+	eln(yellow('Created table: ') . 'bank');
+
+	// Banked items
+	$db->exec('DROP TABLE IF EXISTS player_banked_items');
+	$db->exec('CREATE TABLE banked_items (
+		player_id INTEGER NOT NULL,
+		item_id INTEGER NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'banked_items');
+
+	// Towns
+	$db->exec('DROP TABLE IF EXISTS towns');
+	$db->exec('CREATE TABLE towns (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		x INTEGER NOT NULL,
+		y INTEGER NOT NULL,
+		type INTEGER NOT NULL,
+		lore TEXT NOT NULL,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'towns');
+
+	// Shops
+	$db->exec('DROP TABLE IF EXISTS shops');
+	$db->exec('CREATE TABLE shops (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type INTEGER NOT NULL,
+		lore TEXT NOT NULL,
+		x INTEGER NOT NULL,
+		y INTEGER NOT NULL,
+		items TEXT NOT NULL,
+		gear TEXT NOT NULL,
+		materials TEXT NOT NULL,
+		buy_modifier INTEGER NOT NULL DEFAULT 100,
+		sell_modifier INTEGER NOT NULL DEFAULT 100,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'shops');
+
+	// Inns
+	$db->exec('DROP TABLE IF EXISTS inns');
+	$db->exec('CREATE TABLE inns (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type INTEGER NOT NULL,
+		lore TEXT NOT NULL,
+		x INTEGER NOT NULL,
+		y INTEGER NOT NULL,
+		cost INTEGER NOT NULL,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'inns');
+
+	// Guilds
+	$db->exec('DROP TABLE IF EXISTS guilds');
+	$db->exec('CREATE TABLE guilds (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		lore TEXT NOT NULL DEFAULT "",
+		leader_id INTEGER NOT NULL,
+		silver INTEGER NOT NULL DEFAULT 0,
+		rep INTEGER NOT NULL DEFAULT 0,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'guilds');
+
+	// Guild ranks
+	$db->exec('DROP TABLE IF EXISTS guild_ranks');
+	$db->exec('CREATE TABLE guild_ranks (
+		guild_id INTEGER NOT NULL,
+		rank INTEGER NOT NULL,
+		name TEXT NOT NULL,
+		permissions TEXT NOT NULL
+	)');
+
+	eln(yellow('Created table: ') . 'guild_ranks');
+
+	// Guild members
+	$db->exec('DROP TABLE IF EXISTS guild_members');
+	$db->exec('CREATE TABLE guild_members (
+		guild_id INTEGER NOT NULL,
+		player_id INTEGER NOT NULL,
+		rank INTEGER NOT NULL,
+		rep INTEGER NOT NULL DEFAULT 0,
+		donated INTEGER NOT NULL DEFAULT 0,
+		joined DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'guild_members');
+
+	// NPCs
+	$db->exec('DROP TABLE IF EXISTS npcs');
+	$db->exec('CREATE TABLE npcs (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type INTEGER NOT NULL,
+		lore TEXT NOT NULL,
+		conversation TEXT NOT NULL,
+		x INTEGER NOT NULL,
+		y INTEGER NOT NULL,
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'npcs');
+
+	// Town reputation
+	$db->exec('DROP TABLE IF EXISTS player_town_rep');
+	$db->exec('CREATE TABLE town_rep (
+		player_id INTEGER NOT NULL,
+		town_id INTEGER NOT NULL,
+		rep INTEGER NOT NULL DEFAULT 0
+	)');
+
+	eln(yellow('Created table: ') . 'town_rep');
+
+	// Items
+	// Items
+	$db->exec('DROP TABLE IF EXISTS items');
+	$db->exec('CREATE TABLE items (
+		id INTEGER PRIMARY KEY AUTOINCREMENT,
+		name TEXT NOT NULL,
+		type TEXT NOT NULL DEFAULT 0,
+		rarity INTEGER NOT NULL DEFAULT 0,
+		forged INTEGER NOT NULL DEFAULT 0,
+		quality INTEGER NOT NULL DEFAULT 0,
+		value INTEGER NOT NULL DEFAULT 0,
+		consumable INTEGER NOT NULL DEFAULT 0,
+		duration INTEGER NOT NULL DEFAULT 0,
+		durability INTEGER NOT NULL DEFAULT 0,
+		max_durability INTEGER NOT NULL DEFAULT 0,
+		power INTEGER NOT NULL DEFAULT 0,
+		toughness INTEGER NOT NULL DEFAULT 0,
+		armor INTEGER NOT NULL DEFAULT 0,
+		precision INTEGER NOT NULL DEFAULT 0,
+		crit INTEGER NOT NULL DEFAULT 0,
+		ferocity INTEGER NOT NULL DEFAULT 0,
+		vitality INTEGER NOT NULL DEFAULT 0,
+		reqs TEXT NOT NULL DEFAULT "",
+		traits TEXT NOT NULL DEFAULT "",
+		lore TEXT NOT NULL DEFAULT "",
+		created DATETIME DEFAULT CURRENT_TIMESTAMP,
+		updated DATETIME DEFAULT CURRENT_TIMESTAMP
+	)');
+
+	eln(yellow('Created table: ') . 'items');
+
+	eln(green('Created database: ') . 'live.db');
+
+	exit(0);
+}
+
diff --git a/docs/TODO.md b/docs/TODO.md
new file mode 100644
index 0000000..d045ad8
--- /dev/null
+++ b/docs/TODO.md
@@ -0,0 +1,4 @@
+# TODO
+Currently, everything needs implemented.
+
+First task is to finish building up the database structures.
diff --git a/docs/items.md b/docs/items.md
new file mode 100644
index 0000000..d250712
--- /dev/null
+++ b/docs/items.md
@@ -0,0 +1,3 @@
+# Items
+
+Items consists of all item types in the game; useless flavor items, gear, consumables, etc.
diff --git a/public/index.php b/public/index.php
new file mode 100644
index 0000000..918bc31
--- /dev/null
+++ b/public/index.php
@@ -0,0 +1,23 @@
+<?php
+
+define('SRC', __DIR__ . '/../src');
+require_once SRC . '/bootstrap.php';
+
+$r = [];
+
+router_get($r, '/', function () {
+	echo render('layouts/basic', ['view' => 'pages/home']);
+});
+
+router_get($r, '/auth/register', 'auth_register_get');
+router_post($r, '/auth/register', 'auth_register_post');
+router_get($r, '/auth/login', 'auth_login_get');
+router_post($r, '/auth/login', 'auth_login_post');
+router_post($r, '/auth/logout', 'auth_logout');
+
+// [code, handler, params]
+$l = router_lookup($r, $_SERVER['REQUEST_METHOD'], $_SERVER['REQUEST_URI']);
+
+if ($l['code'] !== 200) router_error($l['code']);
+$l['handler'](...$l['params'] ?? []);
+clear_flashes();
diff --git a/src/auth.php b/src/auth.php
new file mode 100644
index 0000000..5b16d1f
--- /dev/null
+++ b/src/auth.php
@@ -0,0 +1,206 @@
+<?php
+
+/**
+ * Checks if the given username already exists.
+ */
+function auth_usernameExists(string $username): bool
+{
+	return db_exists(db_auth(), 'users', 'username', $username);
+}
+
+/**
+ * Checks if the given email already exists.
+ */
+function auth_emailExists(string $email): bool
+{
+	return db_exists(db_auth(), 'users', 'email', $email);
+}
+
+/**
+ * Displays the registration page.
+ */
+function auth_register_get(): void
+{
+	echo render('layouts/basic', ['view' => 'pages/auth/register']);
+}
+
+/**
+ * Handles the registration form submission.
+ */
+function auth_register_post(): void
+{
+	csrf_ensure();
+
+	$errors = [];
+
+	$u = $_POST['username'] ?? '';
+	$e = $_POST['email'] ?? '';
+	$p = $_POST['password'] ?? '';
+
+	// Trim the input.
+	$u = trim($u);
+	$e = trim($e);
+
+	/*
+		A username is required.
+		A username must be at least 3 characters long and at most 25 characters long.
+		A username must contain only alphanumeric characters and spaces.
+	*/
+	if (empty($u) || strlen($u) < 3 || strlen($u) > 25 || !ctype_alnum(str_replace(' ', '', $u))) {
+		$errors['u'][] = 'Username is required and must be between 3 and 25 characters long and contain only
+			alphanumeric characters and spaces.';
+	}
+
+	/*
+		An email is required.
+		An email must be at most 255 characters long.
+		An email must be a valid email address.
+	*/
+	if (empty($e) || strlen($e) > 255 || !filter_var($e, FILTER_VALIDATE_EMAIL)) {
+		$errors['e'][] = 'Email is required must be a valid email address.';
+	}
+
+	/*
+		A password is required.
+		A password must be at least 6 characters long.
+	*/
+	if (empty($p) || strlen($p) < 6) {
+		$errors['p'][] = 'Password is required and must be at least 6 characters long.';
+	}
+
+	// If there are errors at this point, send them to the page with errors flashed.
+	if (!empty($errors)) {
+		flash('errors', $errors);
+		redirect('/auth/register');
+	}
+
+	/*
+		A username must be unique.
+	*/
+	if (auth_usernameExists($u)) {
+		$errors['u'][] = 'Username is already taken.';
+	}
+
+	/*
+		An email must be unique.
+	*/
+	if (auth_emailExists($e)) {
+		$errors['e'][] = 'Email is already taken.';
+	}
+
+	// If there are errors at this point, send them to the page with errors flashed.
+	if (!empty($errors)) {
+		flash('errors', $errors);
+		redirect('/auth/register');
+	}
+
+	$user = user_create($u, $e, $p);
+	if ($user === false) router_error(400);
+
+	$_SESSION['user'] = user_find($u);
+	redirect('/');
+}
+
+/**
+ * Displays the login page.
+ */
+function auth_login_get(): void
+{
+	echo render('layouts/basic', ['view' => 'pages/auth/login']);
+}
+
+/**
+ * Handles the login form submission.
+ */
+function auth_login_post(): void
+{
+	csrf_ensure();
+
+	$errors = [];
+
+	$u = $_POST['username'] ?? '';
+	$p = $_POST['password'] ?? '';
+
+	// Trim the input.
+	$u = trim($u);
+
+	/*
+		A username is required.
+	*/
+	if (empty($u)) {
+		$errors['u'][] = 'Username is required.';
+	}
+
+	/*
+		A password is required.
+	*/
+	if (empty($p)) {
+		$errors['p'][] = 'Password is required.';
+	}
+
+	// If there are errors at this point, send them to the page with errors flashed.
+	if (!empty($errors)) {
+		flash('errors', $errors);
+		redirect('/auth/login');
+	}
+
+	$user = user_find($u);
+	if ($user === false || !password_verify($p, $user['password'])) {
+		$errors['u'][] = 'Invalid username or password.';
+		flash('errors', $errors);
+		redirect('/auth/login');
+	}
+
+	$_SESSION['user'] = $user;
+	if ($_POST['remember'] ?? false) auth_rememberMe();
+	redirect('/');
+}
+
+/**
+ * Logs the user out.
+ */
+function auth_logout(): void
+{
+	csrf_ensure();
+	session_delete($_SESSION['user']['id']);
+	unset($_SESSION['user']);
+	set_cookie('remember_me', '', 1);
+	redirect('/');
+}
+
+/**
+ * Create a long-lived session for the user.
+ */
+function auth_rememberMe()
+{
+	$token = token();
+	$expires = strtotime('+30 days');
+	$result = db_query(db_auth(), "INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)", [
+		':t' => $token,
+		':u' => $_SESSION['user']['id'],
+		':e' => $expires
+	]);
+	if (!$result) router_error(400);
+	set_cookie('remember_me', $token, $expires);
+}
+
+/**
+ * Check for a user session. If $_SESSION['user'] already exists, return early. If not, check for a remember me
+ * cookie. If a remember me cookie exists, validate the session and set $_SESSION['user'].
+ */
+function auth_check(): bool
+{
+	if (isset($_SESSION['user'])) return true;
+
+	if (isset($_COOKIE['remember_me'])) {
+		$session = session_validate($_COOKIE['remember_me']);
+		if ($session === true) {
+			$user = user_find($session['user_id']);
+			unset($user['password']);
+			$_SESSION['user'] = user_find($session['user_id']);
+			return true;
+		}
+	}
+
+	return false;
+}
diff --git a/src/bootstrap.php b/src/bootstrap.php
new file mode 100644
index 0000000..bf942dd
--- /dev/null
+++ b/src/bootstrap.php
@@ -0,0 +1,34 @@
+<?php
+
+session_start();
+
+// SRC is defined as the path to the src/ directory from public/
+
+// Source libraries
+require_once SRC . '/helpers.php';
+require_once SRC . '/env.php';
+require_once SRC . '/database.php';
+require_once SRC . '/auth.php';
+require_once SRC . '/router.php';
+
+// Database models
+require_once SRC . '/models/user.php';
+require_once SRC . '/models/session.php';
+require_once SRC . '/models/token.php';
+
+/*
+	Load env, set error reporting, etc.
+*/
+env_load(SRC . '/../.env');
+
+if (env('debug') === 'true') {
+	ini_set('display_errors', '1');
+	ini_set('display_startup_errors', '1');
+	error_reporting(E_ALL);
+}
+
+// Generate a new CSRF token. (if one doesn't exist, that is)
+csrf();
+
+// Have a global counter for queries
+$GLOBALS['queries'] = 0;
diff --git a/src/database.php b/src/database.php
new file mode 100644
index 0000000..1b89641
--- /dev/null
+++ b/src/database.php
@@ -0,0 +1,79 @@
+<?php
+
+/**
+ * Return a connection to the auth database.
+ */
+function db_auth(): SQLite3
+{
+	return $GLOBALS['db_auth'] ??= new SQLite3(__DIR__ . '/../database/auth.db');
+}
+
+/**
+ * Return a connection to the live database.
+ */
+function db_live(): SQLite3
+{
+	return $GLOBALS['db_live'] ??= new SQLite3(__DIR__ . '/../database/live.db');
+}
+
+
+/**
+ * Return a connection to the fights database.
+ */
+function db_fights(): SQLite3
+{
+	return $GLOBALS['db_fights'] ??= new SQLite3(__DIR__ . '/../database/fights.db');
+}
+
+
+/**
+ * Return a connection to the blueprints database.
+ */
+function db_blueprints(): SQLite3
+{
+	return $GLOBALS['db_blueprints'] ??= new SQLite3(__DIR__ . '/../database/blueprints.db');
+}
+
+/**
+ * Take a SQLite3 database connection, a query string, and an array of parameters. Prepare the query and
+ * bind the parameters with proper type casting. Then execute the query and return the result.
+ */
+function db_query(SQLite3 $db, string $query, array $params = []): SQLite3Result|false
+{
+	$stmt = $db->prepare($query);
+	if (!empty($params)) foreach ($params as $key => $value) $stmt->bindValue($key, $value, getSQLiteType($value));
+	$GLOBALS['queries']++;
+	return $stmt->execute();
+}
+
+/**
+ * Take a SQLite3 database connection and a query string. Execute the query and return the result.
+ */
+function db_exec(SQLite3 $db, string $query): bool
+{
+	$GLOBALS['queries']++;
+	return $db->exec($query);
+}
+
+/**
+ * Take a SQLite3 database connection, a column name, and a value. Execute a COUNT query to see if the value
+ * exists in the column. Return true if the value exists, false otherwise.
+ */
+function db_exists(SQLite3 $db, string $table, string $column, mixed $value): bool
+{
+	$result = db_query($db, "SELECT 1 FROM $table WHERE $column = :v LIMIT 1", [':v' => $value]);
+	return $result->fetchArray(SQLITE3_NUM) !== false;
+}
+
+/**
+ * Return the appropriate SQLite type casting for the value.
+ */
+function getSQLiteType(mixed $value): int
+{
+    return match (true) {
+        is_int($value)   => SQLITE3_INTEGER,
+        is_float($value) => SQLITE3_FLOAT,
+        is_null($value)  => SQLITE3_NULL,
+        default          => SQLITE3_TEXT
+    };
+}
diff --git a/src/env.php b/src/env.php
new file mode 100644
index 0000000..06239f2
--- /dev/null
+++ b/src/env.php
@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Load the environment variables from the .env file.
+ */
+function env_load(string $filePath): void
+{
+    if (!file_exists($filePath)) throw new Exception("The .env file does not exist.");
+
+    $lines = file($filePath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+    foreach ($lines as $line) {
+        $line = trim($line);
+
+        // Skip lines that are empty after trimming or are comments
+        if ($line === '' || str_starts_with($line, '#')) continue;
+
+		// Skip lines without an '=' character
+        if (strpos($line, '=') === false) continue;
+
+        [$name, $value] = explode('=', $line, 2);
+
+        $name = trim($name);
+        $value = trim($value, " \t\n\r\0\x0B\"'"); // Trim whitespace and quotes
+
+        if (!array_key_exists($name, $_SERVER) && !array_key_exists($name, $_ENV)) {
+            putenv("$name=$value");
+            $_ENV[$name] = $value;
+            $_SERVER[$name] = $value;
+        }
+    }
+}
+
+
+/**
+ * Retrieve an environment variable.
+ */
+function env(string $key, mixed $default = null): mixed
+{
+	return $_ENV[$key] ?? $_SERVER[$key] ?? getenv($key) ?? $default;
+}
diff --git a/src/helpers.php b/src/helpers.php
new file mode 100644
index 0000000..0ffd95e
--- /dev/null
+++ b/src/helpers.php
@@ -0,0 +1,110 @@
+<?php
+
+/**
+ * Return the path to a view file.
+ */
+function template(string $name): string
+{
+	return __DIR__ . "/../templates/$name.php";
+}
+
+/**
+ * Render a view with the given data. Looks for `$view` through `template()`.
+ */
+function render(string $pathToBaseView, array $data = []): string|false
+{
+	ob_start();
+	extract($data);
+	require template($pathToBaseView);
+	return ob_get_clean();
+}
+
+/**
+ * Generate a pretty dope token.
+ */
+function token(int $length = 32): string
+{
+	return bin2hex(random_bytes($length));
+}
+
+/**
+ * Redirect to a new location.
+ */
+function redirect(string $location): void
+{
+	header("Location: $location");
+	exit;
+}
+
+/**
+ * Flash a message to the session, or retrieve an existing flash value.
+ */
+function flash(string $key, mixed $value = ''): mixed
+{
+	if ($value === '') return $_SESSION["flash_$key"] ?? false;
+	$_SESSION["flash_$key"] = $value;
+	return $value;
+}
+
+/**
+ * Clear all flash messages.
+ */
+function clear_flashes(): void
+{
+	foreach ($_SESSION as $key => $_) {
+		if (str_starts_with($key, 'flash_')) unset($_SESSION[$key]);
+	}
+}
+
+/**
+ * Create a CSRF token.
+ */
+function csrf(): string
+{
+	if (empty($_SESSION['csrf'])) $_SESSION['csrf'] = token();
+	return $_SESSION['csrf'];
+}
+
+/**
+ * Verify a CSRF token.
+ */
+function csrf_verify(string $token): bool
+{
+	if (hash_equals($_SESSION['csrf'] ?? '', $token)) {
+		$_SESSION['csrf'] = token();
+		return true;
+	}
+
+	return false;
+}
+
+/**
+ * Create a hidden input field for CSRF tokens.
+ */
+function csrf_field(): string
+{
+	return '<input type="hidden" name="csrf" value="' . csrf() . '">';
+}
+
+/**
+ * Kill the current request with a 418 error, if $_POST['csrf'] is invalid.
+ */
+function csrf_ensure(): void
+{
+	if (!csrf_verify($_POST['csrf'] ?? '')) router_error(418);
+}
+
+/**
+ * Set a cookie with secure and HTTP-only flags.
+ */
+function set_cookie(string $name, string $value, int $expires): void
+{
+	setcookie($name, $value, [
+		'expires' => $expires,
+		'path' => '/',
+		'domain' => '', // Defaults to the current domain
+		'secure' => true, // Ensure the cookie is only sent over HTTPS
+		'httponly' => true, // Prevent access to cookie via JavaScript
+		'samesite' => 'Strict' // Enforce SameSite=Strict
+	]);
+}
diff --git a/src/models/fights.php b/src/models/fights.php
new file mode 100644
index 0000000..e8e80b9
--- /dev/null
+++ b/src/models/fights.php
@@ -0,0 +1,3 @@
+<?php
+
+// @TODO: everything
diff --git a/src/models/items.php b/src/models/items.php
new file mode 100644
index 0000000..738332a
--- /dev/null
+++ b/src/models/items.php
@@ -0,0 +1,66 @@
+<?php
+
+const item_types = [
+	0 => 'Item',
+	1 => 'Weapon', // Can be one-handed or two-handed, see slot
+	5 => 'Off-Hand',
+	6 => 'Armor',
+	5 => 'Shield',
+	10 => 'Jewelry',
+	11 => 'Rune',
+	12 => 'Potion',
+	13 => 'Food',
+	14 => 'Crafting Material',
+	15 => 'Quest Item',
+];
+
+const item_subtypes = [
+	0 => 'None',
+	1 => 'Axe',
+	2 => 'Bow',
+	3 => 'Dagger',
+	4 => 'Mace',
+	5 => 'Polearm',
+	6 => 'Sword',
+	7 => 'Warglaive',
+	8 => 'Staff',
+	9 => 'Fist Weapon',
+	10 => 'Miscellaneous',
+	11 => 'Gun',
+	12 => 'Crossbow',
+	13 => 'Wand',
+	14 => 'Fishing Pole',
+	15 => 'Thrown',
+	16 => 'Shield',
+	17 => 'Miscellaneous',
+];
+
+const item_rarities = [
+	0 => 'Common',
+	1 => 'Uncommon',
+	2 => 'Rare',
+	3 => 'Unique',
+	4 => 'Super Elite',
+	5 => 'Crystalline',
+	6 => 'Epic',
+	7 => 'Artifact',
+	8 => 'Heirloom',
+	9 => 'Legendary'
+];
+
+const item_qualities = [
+	0 => 'Very Poor',
+	1 => 'Poor',
+	2 => 'Average',
+	3 => 'Good',
+	4 => 'Very Good',
+	5 => 'Excellent',
+	6 => 'Masterwork',
+];
+
+/**
+ * Create an item
+ */
+function create_item(string $name, array $type, array $opts) {
+
+}
diff --git a/src/models/player.php b/src/models/player.php
new file mode 100644
index 0000000..d707706
--- /dev/null
+++ b/src/models/player.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+	Players are the living, breathing entities that interact with the game world. They are inextricably linked to their
+	accounts, and are the primary means by which the player interacts with the game world. Separating the player from
+	the account allows for multiple players to be associated with a single account, and to prevent concurrency issues
+	when performing auth checks on the database.
+
+	When creating a player, we want to init all of the related data tables; wallets, inventory, bank, etc.
+
+	When retrieving a player, we will get the tables as-needed, to prevent allocating more memory than we need.
+*/
+
+/**
+ * Create a player. Only a user ID and a name are required. All other fields are optional. Pass a key-value array
+ * of overrides to set additional fields. A player's name must be unique, but this function does not check for that.
+ */
+function player_create(int $user_id, string $name, array $overrides = []): int
+{
+	// Prep the data and merge in any overrides
+	$data = ['user_id' => $user_id, 'name' => $name];
+	if (!empty($overrides)) $data = array_merge($data, $overrides);
+
+	// Prep the fields for the query
+	$k = array_keys($data);
+	$f = implode(', ', array_keys($k));
+	$v = implode(', ', array_map(fn($x) => ":$x", $k));
+
+	// Create the player!
+	if (db_query(db_live(), "INSERT INTO players ($f) VALUES ($v)", $data) === false) {
+		// @TODO: Log this error
+		throw new Exception('Failed to create player.');
+	}
+
+	// Get the player ID
+	return db_live()->lastInsertRowID();
+}
diff --git a/src/models/session.php b/src/models/session.php
new file mode 100644
index 0000000..ced6361
--- /dev/null
+++ b/src/models/session.php
@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * Create a session for a user with a token and expiration date. Returns the token on success, or false on failure.
+ */
+function session_create(int $userId, int $expires): string|false
+{
+	$token = token();
+	$result = db_query(db_auth(), "INSERT INTO sessions (token, user_id, expires) VALUES (:t, :u, :e)", [
+		':t' => $token,
+		':u' => $userId,
+		':e' => $expires
+	]);
+	if (!$result) return false;
+	return $token;
+}
+
+/**
+ * Find a session by token.
+ */
+function session_find(string $token): array|false
+{
+	$result = db_query(db_auth(), "SELECT * FROM sessions WHERE token = :t", [':t' => $token]);
+	$session = $result->fetchArray(SQLITE3_ASSOC);
+	if (!$session) return false;
+	$result->finalize();
+	return $session;
+}
+
+/**
+ * Delete sessions by user id.
+ */
+function session_delete(int $userId): SQLite3Result|false
+{
+	return db_query(db_auth(), "DELETE FROM sessions WHERE user_id = :u", [':u' => $userId]);
+}
+
+/**
+ * Validate a session by token and expiration date. If expired, the session is deleted and false is returned.
+ */
+function session_validate(string $token): bool
+{
+	$session = session_find($token);
+	if (!$session) return false;
+	if ($session['expires'] < time()) {
+		session_delete($session['user_id']);
+		return false;
+	}
+	return true;
+}
diff --git a/src/models/token.php b/src/models/token.php
new file mode 100644
index 0000000..e19375c
--- /dev/null
+++ b/src/models/token.php
@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * Create a token for a user. Returns the token on success, or false on failure.
+ */
+function token_create(int $userId): string|false
+{
+	$token = token();
+	$result = db_query(db_auth(), "INSERT INTO tokens (token, user_id) VALUES (:t, :u)", [
+		':t' => $token,
+		':u' => $userId
+	]);
+	if (!$result) return false;
+	return $token;
+}
+
+/**
+ * Find a token by token.
+ */
+function token_find(string $token): array|false
+{
+	$result = db_query(db_auth(), "SELECT * FROM tokens WHERE token = :t", [':t' => $token]);
+	$token = $result->fetchArray(SQLITE3_ASSOC);
+	if (!$token) return false;
+	$result->finalize();
+	return $token;
+}
+
+/**
+ * Delete a token by token.
+ */
+function token_delete(string $token): SQLite3Result|false
+{
+	return db_query(db_auth(), "DELETE FROM tokens WHERE token = :t", [':t' => $token]);
+}
+
+/**
+ * Validate a token by token and created date. Tokens are invalid if older than 7 days.
+ */
+function token_validate(string $token): bool
+{
+	$token = token_find($token);
+	if (!$token) return false;
+	if (strtotime('+7 days') < time()) {
+		token_delete($token['token']);
+		return false;
+	}
+	return true;
+}
+
diff --git a/src/models/user.php b/src/models/user.php
new file mode 100644
index 0000000..0245406
--- /dev/null
+++ b/src/models/user.php
@@ -0,0 +1,37 @@
+<?php
+
+/**
+ * Find a user by username, email, or id.
+ */
+function user_find(string|int $user): array|false
+{
+	$result = db_query(db_auth(), "SELECT * FROM users WHERE username = :u OR email = :u OR id = :u", [':u' => $user]);
+	$user = $result->fetchArray(SQLITE3_ASSOC);
+	if (!$user) return false;
+	$result->finalize();
+	return $user;
+}
+
+/**
+ * Create a user with a username, email, and password. Optionally pass an auth level. This function will not check
+ * if the username or email already exists. It is up to the caller to check this before calling this function. It is
+ * also up to the caller to validate password strength. This function will hash the password with the PASSWORD_ARGON2ID
+ * algorithm.
+ */
+function user_create(string $username, string $email, string $password, int $auth = 0): SQLite3Result|false
+{
+	return db_query(db_auth(), "INSERT INTO users (username, email, password, auth) VALUES (:u, :e, :p, :a)", [
+		':u' => $username,
+		':e' => $email,
+		':p' => password_hash($password, PASSWORD_ARGON2ID),
+		':a' => $auth
+	]);
+}
+
+/**
+ * Delete a user by username, email, or id.
+ */
+function user_delete(string|int $user): SQLite3Result|false
+{
+	return db_query(db_auth(), "DELETE FROM users WHERE username = :u OR email = :u OR id = :u", [':u' => $user]);
+}
diff --git a/src/router.php b/src/router.php
new file mode 100644
index 0000000..5af9985
--- /dev/null
+++ b/src/router.php
@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * Add a route to the route tree. The route must be a URI path, and contain dynamic segments
+ * using a colon prefix. (:id, :slug, etc)
+ *
+ * Example:
+ * `router_add($routes, 'GET', '/posts/:id', function($id) { echo "Viewing post $id"; });`
+ */
+function router_add(array &$routes, string $method, string $route, callable $handler): void
+{
+	// Expand the route into segments and make dynamic segments into a common placeholder
+	$segments = array_map(function($segment) {
+		return str_starts_with($segment, ':') ? ':x' : $segment;
+	}, explode('/', trim($route, '/')));
+
+	// Push each segment into the routes array as a node, except if this is the root node
+	$node = &$routes;
+	foreach ($segments as $segment) {
+		// skip an empty segment, which allows us to register handlers for the root node
+		if ($segment === '') continue;
+		$node = &$node[$segment]; // build the node tree as we go
+	}
+
+	// Add the handler to the last node
+	$node[$method] = $handler;
+}
+
+/**
+ * Perform a lookup in the route tree for a given method and URI. Returns an array with a result code,
+ * a handler if found, and any dynamic parameters. Codes are 200 for success, 404 for not found, and
+ * 405 for method not allowed.
+ *
+ * @return array ['code', 'handler', 'params']
+ */
+function router_lookup(array $routes, string $method, string $uri): array
+{
+	// node is a reference to our current location in the node tree
+	$node = $routes;
+
+	// params will hold any dynamic segments we find
+	$params = [];
+
+	// if the URI is just a slash, we can return the handler for the root node
+	if ($uri === '/') {
+		return isset($node[$method])
+			? ['code' => 200, 'handler' => $node[$method], 'params' => null]
+			: ['code' => 405, 'handler' => null, 'params' => null];
+	}
+
+	// We'll split up the URI into segments and traverse the node tree
+	foreach (explode('/', trim($uri, '/')) as $segment) {
+		// if there is a node for this segment, move to it
+		if (isset($node[$segment])) {
+			$node = $node[$segment];
+			continue;
+		}
+
+		// if there is a dynamic segment, move to it and store the value
+		if (isset($node[':x'])) {
+			$params[] = $segment;
+			$node = $node[':x'];
+			continue;
+		}
+
+		// if we can't find a node for this segment, return 404
+		return ['code' => 404, 'handler' => null, 'params' => []];
+	}
+
+	// if we found a handler for the method, return it and any params. if not, return a 405
+	return isset($node[$method])
+		? ['code' => 200, 'handler' => $node[$method], 'params' => $params ?? []]
+		: ['code' => 405, 'handler' => null, 'params' => []];
+}
+
+/**
+ * Register a GET route
+ */
+function router_get(array &$routes, string $route, callable $handler): void
+{
+	router_add($routes, 'GET', $route, $handler);
+}
+
+/**
+ * Register a POST route
+ */
+function router_post(array &$routes, string $route, callable $handler): void
+{
+	router_add($routes, 'POST', $route, $handler);
+}
+
+/**
+ * Register a PUT route
+ */
+function router_put(array &$routes, string $route, callable $handler): void
+{
+	router_add($routes, 'PUT', $route, $handler);
+}
+
+/**
+ * Register a DELETE route
+ */
+function router_delete(array &$routes, string $route, callable $handler): void
+{
+	router_add($routes, 'DELETE', $route, $handler);
+}
+
+/**
+ * Register a PATCH route
+ */
+function router_patch(array &$routes, string $route, callable $handler): void
+{
+	router_add($routes, 'PATCH', $route, $handler);
+}
+
+/**
+ * Handle a router error by setting the response code and echoing an error message
+ */
+function router_error(int $code): void
+{
+	http_response_code($code);
+	echo match ($code) {
+		403 => 'Forbidden',
+		404 => 'Not Found',
+		405 => 'Method Not Allowed',
+		418 => 'I\'m a teapot',
+		default => 'Unknown Error',
+	};
+	exit;
+}
diff --git a/templates/layouts/basic.php b/templates/layouts/basic.php
new file mode 100644
index 0000000..132bc37
--- /dev/null
+++ b/templates/layouts/basic.php
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+	<meta charset="UTF-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+	<title>Dragon Knight</title>
+</head>
+<body>
+	<div id="dk">
+		<header>
+			<h1>Dragon Knight</h1>
+		</header>
+
+		<main>
+			<?= render($view, $data) ?>
+		</main>
+
+		<footer>
+			<p>&copy; 2024 Dragon Knight</p>
+		</footer>
+	</div>
+</body>
+</html>
diff --git a/templates/pages/auth/login.php b/templates/pages/auth/login.php
new file mode 100644
index 0000000..9040f0e
--- /dev/null
+++ b/templates/pages/auth/login.php
@@ -0,0 +1,19 @@
+<?php
+	$errors = flash('errors');
+	if ($errors !== false) {
+		foreach ($errors as $error) {
+			foreach ($error as $message) {
+				echo "<p>$message</p>";
+			}
+		}
+	}
+?>
+
+<form action="/auth/login" method="post">
+	<?= csrf_field() ?>
+
+	<input type="text" name="username" placeholder="Username">
+	<input type="password" name="password" placeholder="Password">
+	<input type="checkbox" name="remember" id="remember"> <label for="remember">remember me</label>
+	<input type="submit" value="Login">
+</form>
diff --git a/templates/pages/auth/register.php b/templates/pages/auth/register.php
new file mode 100644
index 0000000..bcaa1c3
--- /dev/null
+++ b/templates/pages/auth/register.php
@@ -0,0 +1,19 @@
+<?php
+	$errors = flash('errors');
+	if ($errors !== false) {
+		foreach ($errors as $error) {
+			foreach ($error as $message) {
+				echo "<p>$message</p>";
+			}
+		}
+	}
+?>
+
+<form action="/auth/register" method="post">
+	<?= csrf_field() ?>
+
+	<input type="text" name="username" placeholder="Username">
+	<input type="text" name="email" placeholder="Email">
+	<input type="password" name="password" placeholder="Password">
+	<input type="submit" value="Register">
+</form>
diff --git a/templates/pages/home.php b/templates/pages/home.php
new file mode 100644
index 0000000..8a1d0b6
--- /dev/null
+++ b/templates/pages/home.php
@@ -0,0 +1,11 @@
+<?php if (!auth_check()): ?>
+	Hello, oppai!
+	<a href="/auth/register">Register</a>
+	<a href="/auth/login">Login</a>
+<?php else: ?>
+	Hello, <?= $_SESSION['user']['username'] ?>!
+	<form action="/auth/logout" method="post">
+		<input type="hidden" name="csrf" value="<?= csrf() ?>">
+		<input type="submit" value="Logout">
+	</form>
+<?php endif; ?>