diff --git a/contrib/admin/theme.php b/contrib/admin/theme.php
index dce3b26d..d79c5c5f 100644
--- a/contrib/admin/theme.php
+++ b/contrib/admin/theme.php
@@ -20,8 +20,7 @@ class AdminPageTheme extends Themelet {
 		global $user;
 
 		$html = "
-			<p><form action='".make_link("admin_utils")."' method='POST'>
-				".$user->get_auth_html()."
+			".make_form(make_link("admin_utils"))."
 				<select name='action'>
 					<option value='lowercase all tags'>All tags to lowercase</option>
 					<option value='recount tag use'>Recount tag use</option>
diff --git a/contrib/artists/theme.php b/contrib/artists/theme.php
index e54d65a4..0f60df72 100644
--- a/contrib/artists/theme.php
+++ b/contrib/artists/theme.php
@@ -21,38 +21,45 @@ class ArtistsTheme extends Themelet {
 		
 		if($mode == "neutral"){
 			$html = "<form method='post' action='".make_link("artist/new_artist")."'>
+						".$user->get_auth_html()."
 						<input type='submit' name='edit' id='edit' value='New Artist'/>
 					</form>";
 		}
 		
 		if($mode == "editor"){
 			$html = "<form method='post' action='".make_link("artist/new_artist")."'>
+						".$user->get_auth_html()."
 						<input type='submit' name='edit' id='edit' value='New Artist'/>
 					</form>
 					
 					<form method='post' action='".make_link("artist/edit_artist")."'>
+						".$user->get_auth_html()."
 						<input type='submit' name='edit' id='edit' value='Edit Artist'/>
 						<input type='hidden' name='artist_id' value='".$artistID."'>
 					</form>";
 					
 			if($is_admin){
 				$html .= "<form method='post' action='".make_link("artist/nuke_artist")."'>
+							".$user->get_auth_html()."
 							<input type='submit' name='edit' id='edit' value='Delete Artist'/>
 							<input type='hidden' name='artist_id' value='".$artistID."'>
 						</form>";
 			}
 			
 			$html .= "<form method='post' action='".make_link("artist/add_alias")."'>
+							".$user->get_auth_html()."
 							<input type='submit' name='edit' id='edit' value='Add Alias'/>
 							<input type='hidden' name='artist_id' value='".$artistID."'>
 						</form>
 						
 						<form method='post' action='".make_link("artist/add_member")."'>
+							".$user->get_auth_html()."
 							<input type='submit' name='edit' id='edit' value='Add Member'/>
 							<input type='hidden' name='artist_id' value='".$artistID."'>
 						</form>
 						
 						<form method='post' action='".make_link("artist/add_url")."'>
+							".$user->get_auth_html()."
 							<input type='submit' name='edit' id='edit' value='Add Url'/>
 							<input type='hidden' name='artist_id' value='".$artistID."'>
 						</form>";
@@ -102,6 +109,7 @@ class ArtistsTheme extends Themelet {
             $html =
 '
 			<form method="POST" action="'.make_link("artist/edited/".$artist['id']).'">
+				'.$user->get_auth_html().'
 				<table>
 					<tr><td>Name:</td><td><input type="text" name="name" value="'.$artistName.'" />
 										  <input type="hidden" name="id" value="'.$artistID.'" /></td></tr>
@@ -127,6 +135,7 @@ class ArtistsTheme extends Themelet {
             global $page;
 
             $html = "<form action=".make_link("artist/create")." method='POST'>
+							".$user->get_auth_html()."
                             <table>
                                     <tr><td>Name:</td><td><input type='text' name='name' /></td></tr>
                                     <tr><td>Aliases:</td><td><input type='text' name='aliases' /></td></tr>
@@ -223,6 +232,7 @@ class ArtistsTheme extends Themelet {
         {
             $html =
             '<form method="POST" action='.make_link("artist/alias/add").'>
+				'.$user->get_auth_html().'
 				  <table>
 					<tr><td>Alias:</td><td><input type="text" name="aliases" />
 										   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
@@ -238,6 +248,7 @@ class ArtistsTheme extends Themelet {
         {
             $html =
             '   <form method="POST" action='.make_link("artist/member/add").'>					
+				'.$user->get_auth_html().'
 					<table>
 						<tr><td>Members:</td><td><input type="text" name="members" />
 											   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
@@ -254,6 +265,7 @@ class ArtistsTheme extends Themelet {
         {
             $html =
             '   <form method="POST" action='.make_link("artist/url/add").'>					
+				'.$user->get_auth_html().'
 					<table>
 						<tr><td>URL:</td><td><textarea name="urls"></textarea>
 											   <input type="hidden" name="artistID" value='.$artistID.' /></td></tr>
@@ -271,6 +283,7 @@ class ArtistsTheme extends Themelet {
             $html =
             '
                 <form method="POST" action="'.make_link("artist/alias/edited/".$alias['id']).'">
+					'.$user->get_auth_html().'
                     <label for="alias">Alias:</label>
                     <input type="text" name="alias" value="'.$alias['alias'].'" />
                     <input type="hidden" name="aliasID" value="'.$alias['id'].'" />
@@ -287,6 +300,7 @@ class ArtistsTheme extends Themelet {
             $html =
             '
                 <form method="POST" action="'.make_link("artist/url/edited/".$url['id']).'">
+					'.$user->get_auth_html().'
                     <label for="url">URL:</label>
                     <input type="text" name="url" value="'.$url['url'].'" />
                     <input type="hidden" name="urlID" value="'.$url['id'].'" />
@@ -303,6 +317,7 @@ class ArtistsTheme extends Themelet {
             $html =
             '
                 <form method="POST" action="'.make_link("artist/member/edited/".$member['id']).'">
+					'.$user->get_auth_html().'
                     <label for="member">Member name:</label>
                     <input type="text" name="name" value="'.$member['name'].'" />
                     <input type="hidden" name="memberID" value="'.$member['id'].'" />
@@ -491,4 +506,4 @@ class ArtistsTheme extends Themelet {
 	}
 
 }
-?>
\ No newline at end of file
+?>
diff --git a/contrib/blotter/theme.php b/contrib/blotter/theme.php
index 39874682..6fdd2d88 100644
--- a/contrib/blotter/theme.php
+++ b/contrib/blotter/theme.php
@@ -45,8 +45,7 @@ class BlotterTheme extends Themelet {
 			</tr>";
 		$add_new = "
 			<tr class='even'>
-			<form action='".make_link("blotter/add")."' method='POST'>
-			".$user->get_auth_html()."
+			".make_form(make_link("blotter/add"))."
 			<td colspan='2'><textarea style='text-align:left;' name='entry_text' rows='2' /></textarea></td>
 			<td><input type='checkbox' name='important' /></td>
 			<td><input type='submit' value='Add'></td>
diff --git a/contrib/bulk_add/theme.php b/contrib/bulk_add/theme.php
index 973a2504..d83f8ba8 100644
--- a/contrib/bulk_add/theme.php
+++ b/contrib/bulk_add/theme.php
@@ -28,8 +28,7 @@ class BulkAddTheme extends Themelet {
 			<br>Note: this is the folder as seen by the server -- you need to
 			upload via FTP or something first.
 
-			<p><form action='".make_link("bulk_add")."' method='POST'>
-				".$user->get_auth_html()."
+			<p>".make_form(make_link("bulk_add"))."
 				Directory to add: <input type='text' name='dir' size='40'>
 				<input type='submit' value='Add'>
 			</form>
diff --git a/contrib/downtime/theme.php b/contrib/downtime/theme.php
index 7fe05ed0..f1c1827d 100644
--- a/contrib/downtime/theme.php
+++ b/contrib/downtime/theme.php
@@ -19,6 +19,7 @@ class DowntimeTheme extends Themelet {
 		$login_link = make_link("user_admin/login");
 		header("HTTP/1.0 503 Service Temporarily Unavailable");
 
+		$auth = $user->get_auth_html();
 		print <<<EOD
 <html>
 	<head>
@@ -34,6 +35,7 @@ class DowntimeTheme extends Themelet {
 			<h3>Admin Login</h3>
 			<div id="login">
 				<form action="$login_link" method="POST">
+					$auth
 					<table id="login_table" summary="Login Form">
 						<tr>
 							<td width="70"><label for="user">Name</label></td>
diff --git a/contrib/et/theme.php b/contrib/et/theme.php
index 88c14a14..3ddd5786 100644
--- a/contrib/et/theme.php
+++ b/contrib/et/theme.php
@@ -38,8 +38,10 @@ Tags: {$info['stat_tags']}
 Applications: {$info['stat_image_tags']}
 Extensions: {$info['sys_extensions']}
 EOD;
+		$auth = $user->get_auth_html();
 		$html = <<<EOD
 <form action='http://shimmie.shishnet.org/register.php' method='POST'>
+	$auth
 	<input type='hidden' name='registration_api' value='1'>
 	<textarea name='data' rows='20' cols='80'>$data</textarea>
 	<br><input type='submit' value='Click to send to Shish'>
diff --git a/contrib/favorites/theme.php b/contrib/favorites/theme.php
index 9c6449da..47983e6f 100644
--- a/contrib/favorites/theme.php
+++ b/contrib/favorites/theme.php
@@ -7,8 +7,8 @@ class FavoritesTheme extends Themelet {
 		$i_image_id = int_escape($image->id);
 		$name  = $is_favorited ? "unset" : "set";
 		$label = $is_favorited ? "Un-Favorite" : "Favorite";
-		$html  = "<form action='".make_link("change_favorite")."' method='POST'>
-			".$user->get_auth_html()."
+		$html  = "
+			".make_form(make_link("change_favorite"))."
 			<input type='hidden' name='image_id' value='$i_image_id'>
 			<input type='hidden' name='favorite_action' value='$name'>
 			<input type='submit' value='$label'>
diff --git a/contrib/featured/theme.php b/contrib/featured/theme.php
index 8d93b042..ffdac9e2 100644
--- a/contrib/featured/theme.php
+++ b/contrib/featured/theme.php
@@ -11,8 +11,7 @@ class FeaturedTheme extends Themelet {
 	public function get_buttons_html($image_id) {
 		global $user;
 		return "
-			<form action='".make_link("featured_image/set")."' method='POST'>
-			".$user->get_auth_html()."
+			".make_form(make_link("featured_image/set"))."
 			<input type='hidden' name='image_id' value='$image_id'>
 			<input type='submit' value='Feature This'>
 			</form>
diff --git a/contrib/forum/theme.php b/contrib/forum/theme.php
index d3c83f41..ea460b47 100644
--- a/contrib/forum/theme.php
+++ b/contrib/forum/theme.php
@@ -21,8 +21,7 @@ class ForumTheme extends Themelet {
     {
 		global $config, $user;
 		$max_characters = $config->get_int('forumMaxCharsPerPost');
-        $postUrl = make_link("forum/create");
-        $html = '<form action="'.$postUrl.'" method="POST">';
+		$html = make_form(make_link("forum/create"));
 
        
         if (!is_null($threadTitle))
@@ -58,8 +57,7 @@ class ForumTheme extends Themelet {
 		
 		$max_characters = $config->get_int('forumMaxCharsPerPost');
 		
-        $postUrl = make_link("forum/answer");
-        $html = '<form action="'.$postUrl.'" method="POST">';
+		$html = make_form(make_link("forum/answer"));
 
         $html .= '<input type="hidden" name="threadID" value="'.$threadID.'" />';
 		
@@ -226,4 +224,4 @@ class ForumTheme extends Themelet {
         return $html;
     }
 }
-?>
\ No newline at end of file
+?>
diff --git a/contrib/image_hash_ban/theme.php b/contrib/image_hash_ban/theme.php
index 296fbc2c..c5b81788 100644
--- a/contrib/image_hash_ban/theme.php
+++ b/contrib/image_hash_ban/theme.php
@@ -30,7 +30,7 @@ class ImageBanTheme extends Themelet {
 					<td width='30%'>{$ban['hash']}</td>
 					<td>{$ban['reason']}</td>
 					<td width='10%'>
-						<form action='".make_link("image_hash_ban/remove")."' method='POST'>
+						".make_form(make_link("image_hash_ban/remove"))."
 							<input type='hidden' name='hash' value='{$ban['hash']}'>
 							<input type='submit' value='Remove'>
 						</form>
@@ -48,7 +48,7 @@ class ImageBanTheme extends Themelet {
 				<thead><th>Hash</th><th>Reason</th><th>Action</th></thead>
 				$h_bans
 				<tfoot><tr>
-					<form action='".make_link("image_hash_ban/add")."' method='POST'>
+					".make_form(make_link("image_hash_ban/add"))."
 						<td><input type='text' name='hash'></td>
 						<td><input type='text' name='reason'></td>
 						<td><input type='submit' value='Ban'></td>
@@ -80,7 +80,7 @@ class ImageBanTheme extends Themelet {
 	 */
 	public function get_buttons_html(Image $image) {
 		$html = "
-			<form action='".make_link("image_hash_ban/add")."' method='POST'>
+			".make_form(make_link("image_hash_ban/add"))."
 				<input type='hidden' name='hash' value='{$image->hash}'>
 				<input type='hidden' name='image_id' value='{$image->id}'>
 				<input type='text' name='reason'>
diff --git a/contrib/ipban/theme.php b/contrib/ipban/theme.php
index b4d02479..78482473 100644
--- a/contrib/ipban/theme.php
+++ b/contrib/ipban/theme.php
@@ -27,8 +27,7 @@ class IPBanTheme extends Themelet {
 					<td width='10%'>{$ban['banner_name']}</td>
 					<td width='15%'>{$end_human}</td>
 					<td width='10%'>
-						<form action='".make_link("ip_ban/remove")."' method='POST'>
-							".$user->get_auth_html()."
+						".make_form(make_link("ip_ban/remove"))."
 							<input type='hidden' name='id' value='{$ban[$prefix.'id']}'>
 							<input type='submit' value='Remove'>
 						</form>
@@ -47,8 +46,7 @@ class IPBanTheme extends Themelet {
 				<thead><tr><th>IP</th><th>Reason</th><th>By</th><th>Until</th><th>Action</th></tr></thead>
 				$h_bans
 				<tfoot><tr>
-					<form action='".make_link("ip_ban/add")."' method='POST'>
-						".$user->get_auth_html()."
+					".make_form(make_link("ip_ban/add"))."
 						<td><input type='text' name='ip'></td>
 						<td><input type='text' name='reason'></td>
 						<td>{$user->name}</td>
diff --git a/contrib/notes/theme.php b/contrib/notes/theme.php
index f6d72111..08c4f815 100644
--- a/contrib/notes/theme.php
+++ b/contrib/notes/theme.php
@@ -23,26 +23,21 @@ class NotesTheme extends Themelet {
 					';
 	}
 	public function request_button($image_id) {
-		return '						
-						
-						<form action="'.make_link("note/add_request").'" method="POST">
+		return make_form(make_link("note/add_request")) . '
 						<input id="noterequest" type="submit" value="Add Note Request">
 						<input type="hidden" name="image_id" value="'.$image_id.'">
 						</form>
 					';
 	}
 	public function nuke_notes_button($image_id) {
-		return '
-							<form action="'.make_link("note/nuke_notes").'" method="POST" ">
+		return make_form(make_link("note/nuke_notes")) . '
 							<input id="noterequest" type="submit" value="Nuke Notes" onclick="return confirm_action()">
 							<input type="hidden" name="image_id" value="'.$image_id.'">
 							</form>
 				';
 	}
 	public function nuke_requests_button($image_id) {
-		return '
-							
-							<form action="'.make_link("note/nuke_requests").'" method="POST">
+		return make_form(make_link("note/nuke_requests")) . '
 							<input id="noterequest" type="submit" value="Nuke Requests" onclick="return confirm_action()">
 							<input type="hidden" name="image_id" value="'.$image_id.'">
 							</form>
@@ -167,7 +162,7 @@ class NotesTheme extends Themelet {
 	</script>
 	
 	<div id='noteform'>
-		<form id='NoteAddForm' action='".make_link("note/add_note")."' method='POST'>
+		".make_form(make_link("note/add_note"))."
 			<input type='hidden' name='image_id' value='".$image_id."' />
 			<input name='note_x1' type='hidden' value='' id='NoteX1' />
 			<input name='note_y1' type='hidden' value='' id='NoteY1' />
@@ -189,7 +184,7 @@ class NotesTheme extends Themelet {
 		</form>
 	</div>
         <div id='noteEditForm'>
-            <form id='NoteEditForm' action='".make_link("note/edit_note")."' method='POST'>
+			".make_form(make_link("note/edit_note"))."
                 <input type='hidden' name='image_id' value='".$image_id."' />
                 <input type='hidden' name='note_id' id='EditNoteID' value='' />
                 <input name='note_x1' type='hidden' value='' id='EditNoteX1' />
@@ -211,7 +206,7 @@ class NotesTheme extends Themelet {
 
         if($adminOptions)
             $html .= "
-            <form id='NoteDeleteForm' action='".make_link("note/delete_note")."' method='POST'>
+				".make_form(make_link("note/delete_note"))."
                 <input type='hidden' name='image_id' value='".$image_id."' />
                 <input type='hidden' name='note_id' value='' id='DeleteNoteNoteID' />
                 <table>
@@ -371,4 +366,4 @@ class NotesTheme extends Themelet {
 	}
 
  }        
- ?>
\ No newline at end of file
+ ?>
diff --git a/contrib/pools/theme.php b/contrib/pools/theme.php
index cca13450..1f44a904 100644
--- a/contrib/pools/theme.php
+++ b/contrib/pools/theme.php
@@ -17,7 +17,7 @@ class PoolsTheme extends Themelet {
 			$h .= "<option value='".$pool['id']."'>".html_escape($pool['title'])."</option>";
 		}
 		$editor = "
-			<form method='POST' action='".make_link("pool/add_post")."'>
+			".make_form(make_link("pool/add_post"))."
 				<select name='pool_id'>
 					$h
 				</select>
@@ -81,13 +81,15 @@ class PoolsTheme extends Themelet {
 	 * HERE WE DISPLAY THE NEW POOL COMPOSER
 	 */
 	public function new_pool_composer(Page $page) {
-		$create_html = "<form action=".make_link("pool/create")." method='POST'>
-			<table>
-			<tr><td>Title:</td><td><input type='text' name='title'></td></tr>
-			<tr><td>Public?</td><td><input name='public' type='checkbox' value='Y' checked='checked'/></td></tr>
-			<tr><td>Description:</td><td><textarea name='description'></textarea></td></tr>
-			<tr><td colspan='2'><input type='submit' value='Create' /></td></tr>
-			</table>
+		$create_html = "
+			".make_form(make_link("pool/create"))."
+				<table>
+					<tr><td>Title:</td><td><input type='text' name='title'></td></tr>
+					<tr><td>Public?</td><td><input name='public' type='checkbox' value='Y' checked='checked'/></td></tr>
+					<tr><td>Description:</td><td><textarea name='description'></textarea></td></tr>
+					<tr><td colspan='2'><input type='submit' value='Create' /></td></tr>
+				</table>
+			</form>
 		";
 
 		$blockTitle = "Create Pool";
@@ -168,7 +170,8 @@ class PoolsTheme extends Themelet {
 	public function sidebar_options(Page $page, $pool, $check_all) {
 		global $user;
 
-		$editor = " <form action='".make_link("pool/import")."' method='POST'>
+		$editor = "
+			".make_form(make_link("pool/import"))."
 			<input type='text' name='pool_tag' id='edit' value='Please enter a tag' onclick='this.value=\"\";'/>
 			<input type='submit' name='edit' id='edit' value='Import'/>
 			<input type='hidden' name='pool_id' value='".$pool['id']."'>
@@ -191,7 +194,7 @@ class PoolsTheme extends Themelet {
 				}
 				</script>
 
-				<form action='".make_link("pool/nuke")."' method='POST'>
+				".make_form(make_link("pool/nuke"))."
 				<input type='submit' name='delete' id='delete' value='Delete Pool' onclick='return confirm_action()' />
 				<input type='hidden' name='pool_id' value='".$pool['id']."'>
 				</form>
diff --git a/contrib/rating/theme.php b/contrib/rating/theme.php
index 414b9d93..87efa7ef 100644
--- a/contrib/rating/theme.php
+++ b/contrib/rating/theme.php
@@ -22,7 +22,7 @@ class RatingsTheme extends Themelet {
 	public function display_bulk_rater() {
 		global $page;
 		$html = "
-			<form action='".make_link("admin/bulk_rate")."' method='POST'>
+			".make_form(make_link("admin/bulk_rate"))."
 				<table style='width: 300px'>
 					<tr>
 						<td>Search</td>
diff --git a/contrib/regen_thumb/theme.php b/contrib/regen_thumb/theme.php
index 7c55c7af..2d8b7d68 100644
--- a/contrib/regen_thumb/theme.php
+++ b/contrib/regen_thumb/theme.php
@@ -6,7 +6,7 @@ class RegenThumbTheme extends Themelet {
 	 */
 	public function get_buttons_html($image_id) {
 		return "
-			<form action='".make_link("regen_thumb")."' method='POST'>
+			".make_form(make_link("regen_thumb"))."
 			<input type='hidden' name='image_id' value='$image_id'>
 			<input type='submit' value='Regenerate'>
 			</form>
diff --git a/contrib/report_image/theme.php b/contrib/report_image/theme.php
index 837bd441..d05cb5bf 100755
--- a/contrib/report_image/theme.php
+++ b/contrib/report_image/theme.php
@@ -42,7 +42,7 @@ class ReportImageTheme extends Themelet {
 					<td>{$image_link}</td>
 					<td>Report by $userlink: $h_reason</td>
 					<td class='formstretch'>
-						<form action='".make_link("image_report/remove")."' method='POST'>
+						".make_form(make_link("image_report/remove"))."
 							<input type='hidden' name='id' value='{$report['id']}'>
 							<input type='submit' value='Remove Report'>
 						</form>
@@ -73,7 +73,7 @@ class ReportImageTheme extends Themelet {
 
 		$i_image = int_escape($image->id);
 		$html = "
-			<form action='".make_link("image_report/add")."' method='POST'>
+			".make_form(make_link("image_report/add"))."
 				<input type='hidden' name='image_id' value='$i_image'>
 				<input type='text' name='reason' value='Please enter a reason' onclick='this.value=\"\";'>
 				<input type='submit' value='Report'>
diff --git a/contrib/tag_history/theme.php b/contrib/tag_history/theme.php
index 92d6137e..46ed3564 100644
--- a/contrib/tag_history/theme.php
+++ b/contrib/tag_history/theme.php
@@ -5,7 +5,7 @@ class Tag_HistoryTheme extends Themelet {
 		global $user;
 		$start_string = "
 			<div style='text-align: left'>
-				<form enctype='multipart/form-data' action='".make_link("tag_history/revert")."' method='POST'>
+				".make_form(make_link("tag_history/revert"))."
 					<ul style='list-style-type:none;'>
 		";
 
@@ -46,7 +46,7 @@ class Tag_HistoryTheme extends Themelet {
 	public function display_global_page(Page $page, $history) {
 		$start_string = "
 			<div style='text-align: left'>
-				<form enctype='multipart/form-data' action='".make_link("tag_history/revert")."' method='POST'>
+				".make_form(make_link("tag_history/revert"))."
 					<ul style='list-style-type:none;'>
 		";
 		$end_string = "
diff --git a/contrib/tips/theme.php b/contrib/tips/theme.php
index e8f93ade..d06e0bd7 100644
--- a/contrib/tips/theme.php
+++ b/contrib/tips/theme.php
@@ -11,8 +11,7 @@ class TipsTheme extends Themelet {
 		$select .= "</select>";
 
 		$html = "
-<form action='".make_link("tips/save")."' method='POST'>
-".$user->get_auth_html()."
+".make_form(make_link("tips/save"))."
 <table>
   <tr>
     <td>Enable:</td>
diff --git a/contrib/wiki/theme.php b/contrib/wiki/theme.php
index 84960bd3..45b7bee4 100644
--- a/contrib/wiki/theme.php
+++ b/contrib/wiki/theme.php
@@ -51,7 +51,7 @@ class WikiTheme extends Themelet {
 			$lock = "";
 		}
 		return "
-			<form action='".make_link("wiki_admin/save")."' method='POST'>
+			".make_form(make_link("wiki_admin/save"))."
 				<input type='hidden' name='title' value='$h_title'>
 				<input type='hidden' name='revision' value='$i_revision'>
 				<textarea name='body' style='width: 100%' rows='20'>".html_escape($page->body)."</textarea>
@@ -71,7 +71,7 @@ class WikiTheme extends Themelet {
 		$edit = "<table><tr>";
 		$edit .= Wiki::can_edit($user, $page) ?
 			"
-				<td><form action='".make_link("wiki_admin/edit")."' method='POST'>
+				<td>".make_form(make_link("wiki_admin/edit"))."
 					<input type='hidden' name='title' value='".html_escape($page->title)."'>
 					<input type='hidden' name='revision' value='".int_escape($page->revision)."'>
 					<input type='submit' value='Edit'>
@@ -80,12 +80,12 @@ class WikiTheme extends Themelet {
 			"";
 		if($user->is_admin()) {
 			$edit .= "
-				<td><form action='".make_link("wiki_admin/delete_revision")."' method='POST'>
+				<td>".make_form(make_link("wiki_admin/delete_revision"))."
 					<input type='hidden' name='title' value='".html_escape($page->title)."'>
 					<input type='hidden' name='revision' value='".int_escape($page->revision)."'>
 					<input type='submit' value='Delete This Version'>
 				</form></td>
-				<td><form action='".make_link("wiki_admin/delete_all")."' method='POST'>
+				<td>".make_form(make_link("wiki_admin/delete_all"))."
 					<input type='hidden' name='title' value='".html_escape($page->title)."'>
 					<input type='submit' value='Delete All'>
 				</form></td>
diff --git a/core/util.inc.php b/core/util.inc.php
index 7786641e..fe8b6a95 100644
--- a/core/util.inc.php
+++ b/core/util.inc.php
@@ -216,6 +216,21 @@ function make_http($link) {
 	return $link;
 }
 
+/**
+ * Make a form tag with relevant auth token and stuff
+ *
+ * @retval string
+ */
+function make_form($target, $method="POST", $multipart=False) {
+	global $user;
+	$auth = $user->get_auth_html();
+	$extra = "";
+	if($multipart) {
+		$extra .= " enctype='multipart/form-data'"
+	}
+	return "<form action='$target' method='$method'$extra>$auth";
+}
+
 /**
  * Make a link to a static file in the current theme's
  * directory
diff --git a/ext/alias_editor/theme.php b/ext/alias_editor/theme.php
index 08bad4ba..671dec8a 100644
--- a/ext/alias_editor/theme.php
+++ b/ext/alias_editor/theme.php
@@ -12,7 +12,7 @@ class AliasEditorTheme extends Themelet {
 			$action = "<th width='10%'>Action</th>";
 			$add = "
 				<tr>
-					<form action='".make_link("alias/add")."' method='POST'>
+					".make_form(make_link("alias/add"))."
 						<td><input type='text' name='oldtag'></td>
 						<td><input type='text' name='newtag'></td>
 						<td><input type='submit' value='Add'></td>
@@ -36,7 +36,7 @@ class AliasEditorTheme extends Themelet {
 			if($is_admin) {
 				$h_aliases .= "
 					<td>
-						<form action='".make_link("alias/remove")."' method='POST'>
+						".make_form(make_link("alias/remove"))."
 							<input type='hidden' name='oldtag' value='$h_old'>
 							<input type='submit' value='Remove'>
 						</form>
@@ -60,7 +60,7 @@ class AliasEditorTheme extends Themelet {
 		";
 
 		$bulk_html = "
-			<form enctype='multipart/form-data' action='".make_link("alias/import")."' method='POST'>
+			".make_form(make_link("alias/import"), multipart=True)."
 				<input type='file' name='alias_file'>
 				<input type='submit' value='Upload List'>
 			</form>
diff --git a/ext/comment/theme.php b/ext/comment/theme.php
index a32171f6..9c76f723 100644
--- a/ext/comment/theme.php
+++ b/ext/comment/theme.php
@@ -173,7 +173,7 @@ class CommentListTheme extends Themelet {
 		$captcha = $config->get_bool("comment_captcha") ? captcha_get_html() : "";
 
 		return "
-			<form name='comment_form' action='".make_link("comment/add")."' method='POST'>
+			".make_form(make_link("comment/add"))."
 				<input type='hidden' name='image_id' value='$i_image_id' />
 				<input type='hidden' name='hash' value='$hash' />
 				<textarea name='comment' rows='5' cols='50'></textarea>
diff --git a/ext/ext_manager/theme.php b/ext/ext_manager/theme.php
index 7af8459b..99f8e12a 100644
--- a/ext/ext_manager/theme.php
+++ b/ext/ext_manager/theme.php
@@ -5,8 +5,7 @@ class ExtManagerTheme extends Themelet {
 		global $user;
 		$en = $editable ? "<th>Enabled</th>" : "";
 		$html = "
-			<form action='".make_link("ext_manager/set")."' method='POST'>
-				".$user->get_auth_html()."
+			".make_form(make_link("ext_manager/set"))."
 				<script>
 				$(document).ready(function() {
 					$(\"#extensions\").tablesorter();
@@ -96,7 +95,7 @@ class ExtManagerTheme extends Themelet {
 			}
 		}
 		$html = "
-			<form action='".make_link("ext_manager/set")."' method='POST'>
+			".make_form(make_link("ext_manager/set"))."
 				".$user->get_auth_html()."
 				<table border='0'>
 					<tr><td width='50%'>$col_1</td><td>$col_2</td></tr>
diff --git a/ext/image/theme.php b/ext/image/theme.php
index 95699e0f..e1554af4 100644
--- a/ext/image/theme.php
+++ b/ext/image/theme.php
@@ -10,9 +10,8 @@ class ImageIOTheme {
 
 		$i_image_id = int_escape($image_id);
 		$html = "
-			<form action='".make_link("image_admin/delete")."' method='POST'>
+			".make_form(make_link("image_admin/delete"))."
 				<input type='hidden' name='image_id' value='$i_image_id'>
-				".$user->get_auth_html()."
 				<input type='submit' value='Delete'>
 			</form>
 		";
diff --git a/ext/setup/theme.php b/ext/setup/theme.php
index 48d5f022..500b5791 100644
--- a/ext/setup/theme.php
+++ b/ext/setup/theme.php
@@ -42,11 +42,12 @@ class SetupTheme extends Themelet {
 		}
 
 		$table = "
-			<form action='".make_link("setup/save")."' method='POST'><table>
-			".$user->get_auth_html()."
-			<tr><td>$setupblock_html1</td><td>$setupblock_html2</td></tr>
-			<tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr>
-			</table></form>
+			".make_form(make_link("setup/save"))."
+				<table>
+				<tr><td>$setupblock_html1</td><td>$setupblock_html2</td></tr>
+				<tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr>
+				</table>
+			</form>
 			";
 
 		$page->set_title("Shimmie Setup");
@@ -83,12 +84,13 @@ class SetupTheme extends Themelet {
 				$(\"#settings\").tablesorter();
 			});
 			</script>
-			<form action='".make_link("setup/save")."' method='POST'><table id='settings' class='zebra'>
-				".$user->get_auth_html()."
-				<thead><tr><th width='25%'>Name</th><th>Value</th></tr></thead>
-				<tbody>$rows</tbody>
-				<tfoot><tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr></tfoot>
-			</table></form>
+			".make_form(make_link("setup/save"))."
+				<table id='settings' class='zebra'>
+					<thead><tr><th width='25%'>Name</th><th>Value</th></tr></thead>
+					<tbody>$rows</tbody>
+					<tfoot><tr><td colspan='2'><input type='submit' value='Save Settings'></td></tr></tfoot>
+				</table>
+			</form>
 			";
 
 		$page->set_title("Shimmie Setup");
diff --git a/ext/tag_edit/theme.php b/ext/tag_edit/theme.php
index f73ba0e6..0684b3dd 100644
--- a/ext/tag_edit/theme.php
+++ b/ext/tag_edit/theme.php
@@ -7,7 +7,7 @@ class TagEditTheme extends Themelet {
 	 */
 	public function display_mass_editor(Page $page) {
 		$html = "
-		<form action='".make_link("tag_edit/replace")."' method='POST'>
+		".make_form(make_link("tag_edit/replace"))."
 			<table style='width: 300px;'>
 				<tr><td>Search</td><td><input type='text' name='search'></tr>
 				<tr><td>Replace</td><td><input type='text' name='replace'></td></tr>
diff --git a/ext/upload/theme.php b/ext/upload/theme.php
index 6c88eaa2..41ca6886 100644
--- a/ext/upload/theme.php
+++ b/ext/upload/theme.php
@@ -50,7 +50,7 @@ class UploadTheme extends Themelet {
 				});
 			});
 			</script>
-			<form enctype='multipart/form-data' action='".make_link("upload")."' method='POST'>
+			".make_form(make_link("upload"), multipart=True)."
 				<table id='large_upload_form'>
 					$upload_list
 					<tr><td>Tags</td><td colspan='3'><input id='tag_box' name='tags' type='text'></td></tr>
@@ -120,7 +120,7 @@ class UploadTheme extends Themelet {
 				});
 			});
 			</script>
-			<form enctype='multipart/form-data' action='".make_link("upload")."' method='POST'>
+			".make_form(make_link("upload"), multipart=True)."
 				$upload_list
 				<input id='tag_input' name='tags' type='text' autocomplete='off'>
 				<input type='submit' value='Post'>
diff --git a/ext/user/theme.php b/ext/user/theme.php
index 749a71d6..5f1491e1 100644
--- a/ext/user/theme.php
+++ b/ext/user/theme.php
@@ -53,7 +53,7 @@ class UserPageTheme extends Themelet {
 		$reca = "<tr><td colspan='2'>".captcha_get_html()."</td></tr>";
 
 		$html .= "
-		<form action='".make_link("user_admin/create")."' method='POST'>
+		".make_form(make_link("user_admin/create"))."
 			<table style='width: 300px;'>
 				<tr><td>Name</td><td><input type='text' name='name'></td></tr>
 				<tr><td>Password</td><td><input type='password' name='pass1'></td></tr>
@@ -82,7 +82,7 @@ class UserPageTheme extends Themelet {
 	public function display_login_block(Page $page) {
 		global $config;
 		$html = "
-			<form action='".make_link("user_admin/login")."' method='POST'>
+			".make_form(make_link("user_admin/login"))."
 				<table summary='Login Form'>
 					<tr>
 						<td width='70'><label for='user'>Name</label></td>
@@ -150,10 +150,8 @@ class UserPageTheme extends Themelet {
 	protected function build_options(User $duser) {
 		global $config, $database, $user;
 
-		$html = "";
-
-		$html .= "
-		<form action='".make_link("user_admin/change_pass")."' method='POST'>
+		$html = "
+		".make_form(make_link("user_admin/change_pass"))."
 			<input type='hidden' name='id' value='{$duser->id}'>
 			<table style='width: 300px;'>
 				<tr><th colspan='2'>Change Password</th></tr>
@@ -163,7 +161,7 @@ class UserPageTheme extends Themelet {
 			</table>
 		</form>
 
-		<p><form action='".make_link("user_admin/change_email")."' method='POST'>
+		<p>".make_form(make_link("user_admin/change_email"))."
 			<input type='hidden' name='id' value='{$duser->id}'>
 			<table style='width: 300px;'>
 				<tr><th colspan='2'>Change Email</th></tr>
@@ -177,10 +175,10 @@ class UserPageTheme extends Themelet {
 			$i_user_id = int_escape($duser->id);
 			$h_is_admin = $duser->is_admin() ? " checked" : "";
 			$html .= "
-				<p><form action='".make_link("user_admin/set_more")."' method='POST'>
-				<input type='hidden' name='id' value='$i_user_id'>
-				Admin: <input name='admin' type='checkbox'$h_is_admin>
-				<input type='submit' value='Set'>
+				<p>".make_form(make_link("user_admin/set_more"))."
+					<input type='hidden' name='id' value='$i_user_id'>
+					Admin: <input name='admin' type='checkbox'$h_is_admin>
+					<input type='submit' value='Set'>
 				</form>
 			";
 		}
diff --git a/ext/view/theme.php b/ext/view/theme.php
index 0dd53b84..4fdca762 100644
--- a/ext/view/theme.php
+++ b/ext/view/theme.php
@@ -112,7 +112,7 @@ class ViewImageTheme extends Themelet {
 		$html = " (<a href=\"javascript: toggle('imgdata')\">edit info</a>)";
 		$html .= "
 			<div id='imgdata'>
-				<form action='".make_link("post/set")."' method='POST'>
+				".make_form(make_link("post/set"))."
 					<input type='hidden' name='image_id' value='{$image->id}'>
 					<input type='hidden' name='query' value='$h_query'>
 					<table style='width: 500px;'>

Hash	Reason	Action
Name	{$ban['hash']}	{$ban['reason']}	- + ".make_form(make_link("image_hash_ban/remove"))." @@ -48,7 +48,7 @@ class ImageBanTheme extends Themelet {
			{$ban['banner_name']}	{$end_human}	- - ".$user->get_auth_html()." + ".make_form(make_link("ip_ban/remove"))." @@ -47,8 +46,7 @@ class IPBanTheme extends Themelet {
IP	Reason	By	Until	Action
		{$user->name}