diff --git a/package-lock.json b/package-lock.json
index 0dc05f0..f5b0010 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -260,11 +260,6 @@
         "picomatch": "^2.0.4"
       }
     },
-    "append-field": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
-      "integrity": "sha1-HjRA6RXwsSA9I3SOeO3XubW0PlY="
-    },
     "aproba": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/aproba/-/aproba-1.2.0.tgz",
@@ -540,6 +535,11 @@
         }
       }
     },
+    "bowser": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.9.0.tgz",
+      "integrity": "sha512-2ld76tuLBNFekRgmJfT2+3j5MIrP6bFict8WAIT3beq+srz1gcKNAdNKMqHqauQt63NmAa88HfP1/Ypa9Er3HA=="
+    },
     "brace-expansion": {
       "version": "1.1.11",
       "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -703,7 +703,8 @@
     "buffer-from": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
-      "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A=="
+      "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==",
+      "dev": true
     },
     "buffer-xor": {
       "version": "1.0.3",
@@ -718,35 +719,11 @@
       "dev": true
     },
     "busboy": {
-      "version": "0.2.14",
-      "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz",
-      "integrity": "sha1-bCpiLvz0fFe7vh4qnDetNseSVFM=",
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.3.1.tgz",
+      "integrity": "sha512-y7tTxhGKXcyBxRKAni+awqx8uqaJKrSFSNFSeRG5CsWNdmy2BIK+6VGWEW7TZnIO/533mtMEA4rOevQV815YJw==",
       "requires": {
-        "dicer": "0.2.5",
-        "readable-stream": "1.1.x"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.1.14",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
-          "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.1",
-            "isarray": "0.0.1",
-            "string_decoder": "~0.10.x"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
+        "dicer": "0.3.0"
       }
     },
     "bytes": {
@@ -804,6 +781,11 @@
         "upper-case": "^1.1.1"
       }
     },
+    "camelize": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.0.tgz",
+      "integrity": "sha1-FkpUg+Yw+kMh5a8HAg5TGDGyYJs="
+    },
     "chalk": {
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
@@ -1015,6 +997,7 @@
       "version": "1.6.2",
       "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
       "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
+      "dev": true,
       "requires": {
         "buffer-from": "^1.0.0",
         "inherits": "^2.0.3",
@@ -1047,6 +1030,11 @@
         "safe-buffer": "5.1.2"
       }
     },
+    "content-security-policy-builder": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/content-security-policy-builder/-/content-security-policy-builder-2.1.0.tgz",
+      "integrity": "sha512-/MtLWhJVvJNkA9dVLAp6fg9LxD2gfI6R2Fi1hPmfjYXSahJJzcfvoeDOxSyp4NvxMuwWv3WMssE9o31DoULHrQ=="
+    },
     "content-type": {
       "version": "1.0.4",
       "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
@@ -1179,6 +1167,11 @@
       "integrity": "sha1-WW6WmP0MgOEgOMK4LW6xs1tiJNk=",
       "dev": true
     },
+    "dasherize": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/dasherize/-/dasherize-2.0.0.tgz",
+      "integrity": "sha1-bYCcnNDPe7iVLYD8hPoT1H3bEwg="
+    },
     "debug": {
       "version": "2.6.9",
       "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -1284,35 +1277,11 @@
       "integrity": "sha1-+hN8S9aY7fVc1c0CrFWfkaTEups="
     },
     "dicer": {
-      "version": "0.2.5",
-      "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz",
-      "integrity": "sha1-WZbAhrszIYyBLAkL3cCc0S+stw8=",
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.3.0.tgz",
+      "integrity": "sha512-MdceRRWqltEG2dZqO769g27N/3PXfcKl04VhYnBlo2YhH7zPi88VebsjTKclaOyiuMaGU72hTfw3VkUitGcVCA==",
       "requires": {
-        "readable-stream": "1.1.x",
         "streamsearch": "0.1.2"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.1.14",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
-          "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.1",
-            "isarray": "0.0.1",
-            "string_decoder": "~0.10.x"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
       }
     },
     "diffie-hellman": {
@@ -1340,6 +1309,11 @@
       "integrity": "sha512-jnjyiM6eRyZl2H+W8Q/zLMA481hzi0eszAaBUzIVnmYVDBbnLxVNnfu1HgEBvCbL+71FrxMl3E6lpKH7Ge3OXA==",
       "dev": true
     },
+    "dont-sniff-mimetype": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/dont-sniff-mimetype/-/dont-sniff-mimetype-1.1.0.tgz",
+      "integrity": "sha512-ZjI4zqTaxveH2/tTlzS1wFp+7ncxNZaIEWYg3lzZRHkKf5zPT/MnEG6WL0BhHMJUabkh8GeU5NL5j+rEUCb7Ug=="
+    },
     "dotenv": {
       "version": "8.2.0",
       "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
@@ -1568,6 +1542,11 @@
         }
       }
     },
+    "expect-ct": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/expect-ct/-/expect-ct-0.2.0.tgz",
+      "integrity": "sha512-6SK3MG/Bbhm8MsgyJAylg+ucIOU71/FzyFalcfu5nY19dH8y/z0tBJU0wrNBXD4B27EoQtqPF/9wqH0iYAd04g=="
+    },
     "express": {
       "version": "4.17.1",
       "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
@@ -1605,6 +1584,14 @@
         "vary": "~1.1.2"
       }
     },
+    "express-fileupload": {
+      "version": "1.1.6",
+      "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-1.1.6.tgz",
+      "integrity": "sha512-w24zPWT8DkoIxSVkbxYPo9hkTiLpCQQzNsLRTCnecBhfbYv+IkIC5uLw2MIUAxBZ+7UMmXPjGxlhzUXo4RcbZw==",
+      "requires": {
+        "busboy": "^0.3.1"
+      }
+    },
     "express-session": {
       "version": "1.17.1",
       "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.17.1.tgz",
@@ -1730,6 +1717,11 @@
       "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
       "dev": true
     },
+    "feature-policy": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/feature-policy/-/feature-policy-0.3.0.tgz",
+      "integrity": "sha512-ZtijOTFN7TzCujt1fnNhfWPFPSHeZkesff9AXZj+UEjYBynWNUIYpC87Ve4wHzyexQsImicLu7WsC2LHq7/xrQ=="
+    },
     "figgy-pudding": {
       "version": "3.5.2",
       "resolved": "https://registry.npmjs.org/figgy-pudding/-/figgy-pudding-3.5.2.tgz",
@@ -1830,6 +1822,11 @@
         "map-cache": "^0.2.2"
       }
     },
+    "frameguard": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/frameguard/-/frameguard-3.1.0.tgz",
+      "integrity": "sha512-TxgSKM+7LTA6sidjOiSZK9wxY0ffMPY3Wta//MqwmX0nZuEHc8QrkV8Fh3ZhMJeiH+Uyh/tcaarImRy8u77O7g=="
+    },
     "fresh": {
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
@@ -2046,6 +2043,54 @@
       "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
       "dev": true
     },
+    "helmet": {
+      "version": "3.23.2",
+      "resolved": "https://registry.npmjs.org/helmet/-/helmet-3.23.2.tgz",
+      "integrity": "sha512-pe0UiHw3aHbP8Lon9McCq4AN2XLUMSbhwxJnUY6U2t8wTda7F1SsYg0/pBa1BPugaRqAtx9e1/FyF6E9PsUU5A==",
+      "requires": {
+        "depd": "2.0.0",
+        "dont-sniff-mimetype": "1.1.0",
+        "expect-ct": "0.2.0",
+        "feature-policy": "0.3.0",
+        "frameguard": "3.1.0",
+        "helmet-crossdomain": "0.4.0",
+        "helmet-csp": "2.10.0",
+        "hide-powered-by": "1.1.0",
+        "hpkp": "2.0.0",
+        "hsts": "2.2.0",
+        "nocache": "2.1.0",
+        "referrer-policy": "1.2.0",
+        "x-xss-protection": "1.3.0"
+      },
+      "dependencies": {
+        "depd": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+        }
+      }
+    },
+    "helmet-crossdomain": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/helmet-crossdomain/-/helmet-crossdomain-0.4.0.tgz",
+      "integrity": "sha512-AB4DTykRw3HCOxovD1nPR16hllrVImeFp5VBV9/twj66lJ2nU75DP8FPL0/Jp4jj79JhTfG+pFI2MD02kWJ+fA=="
+    },
+    "helmet-csp": {
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/helmet-csp/-/helmet-csp-2.10.0.tgz",
+      "integrity": "sha512-Rz953ZNEFk8sT2XvewXkYN0Ho4GEZdjAZy4stjiEQV3eN7GDxg1QKmYggH7otDyIA7uGA6XnUMVSgeJwbR5X+w==",
+      "requires": {
+        "bowser": "2.9.0",
+        "camelize": "1.0.0",
+        "content-security-policy-builder": "2.1.0",
+        "dasherize": "2.0.0"
+      }
+    },
+    "hide-powered-by": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/hide-powered-by/-/hide-powered-by-1.1.0.tgz",
+      "integrity": "sha512-Io1zA2yOA1YJslkr+AJlWSf2yWFkKjvkcL9Ni1XSUqnGLr/qRQe2UI3Cn/J9MsJht7yEVCe0SscY1HgVMujbgg=="
+    },
     "hmac-drbg": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
@@ -2063,6 +2108,26 @@
       "integrity": "sha512-f/wzC2QaWBs7t9IYqB4T3sR1xviIViXJRJTWBlx2Gf3g0Xi5vI7Yy4koXQ1c9OYDGHN9sBy1DQ2AB8fqZBWhUg==",
       "dev": true
     },
+    "hpkp": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/hpkp/-/hpkp-2.0.0.tgz",
+      "integrity": "sha1-EOFCJk52IVpdMMROxD3mTe5tFnI="
+    },
+    "hsts": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/hsts/-/hsts-2.2.0.tgz",
+      "integrity": "sha512-ToaTnQ2TbJkochoVcdXYm4HOCliNozlviNsg+X2XQLQvZNI/kCHR9rZxVYpJB3UPcHz80PgxRyWQ7PdU1r+VBQ==",
+      "requires": {
+        "depd": "2.0.0"
+      },
+      "dependencies": {
+        "depd": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
+          "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
+        }
+      }
+    },
     "html-minifier": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/html-minifier/-/html-minifier-4.0.0.tgz",
@@ -2797,21 +2862,6 @@
       "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
       "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
     },
-    "multer": {
-      "version": "1.4.2",
-      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.2.tgz",
-      "integrity": "sha512-xY8pX7V+ybyUpbYMxtjM9KAiD9ixtg5/JkeKUTD6xilfDv0vzzOFcCp4Ljb1UU3tSOM3VTZtKo63OmzOrGi3Cg==",
-      "requires": {
-        "append-field": "^1.0.0",
-        "busboy": "^0.2.11",
-        "concat-stream": "^1.5.2",
-        "mkdirp": "^0.5.1",
-        "object-assign": "^4.1.1",
-        "on-finished": "^2.3.0",
-        "type-is": "^1.6.4",
-        "xtend": "^4.0.0"
-      }
-    },
     "nan": {
       "version": "2.14.1",
       "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz",
@@ -2889,6 +2939,11 @@
         "lower-case": "^1.1.1"
       }
     },
+    "nocache": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/nocache/-/nocache-2.1.0.tgz",
+      "integrity": "sha512-0L9FvHG3nfnnmaEQPjT9xhfN4ISk0A8/2j4M37Np4mcDesJjHgEUfgPhdCyZuFI954tjokaIj/A3NdpFNdEh4Q=="
+    },
     "node-addon-api": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-2.0.1.tgz",
@@ -3553,6 +3608,11 @@
         "picomatch": "^2.2.1"
       }
     },
+    "referrer-policy": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/referrer-policy/-/referrer-policy-1.2.0.tgz",
+      "integrity": "sha512-LgQJIuS6nAy1Jd88DCQRemyE3mS+ispwlqMk3b0yjZ257fI1v9c+/p6SD5gP5FGyXUIgrNOAfmyioHwZtYv2VA=="
+    },
     "regex-not": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/regex-not/-/regex-not-1.0.2.tgz",
@@ -4465,7 +4525,8 @@
     "typedarray": {
       "version": "0.0.6",
       "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
-      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c="
+      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=",
+      "dev": true
     },
     "typescript": {
       "version": "3.9.5",
@@ -4882,10 +4943,16 @@
         "slide": "^1.1.5"
       }
     },
+    "x-xss-protection": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/x-xss-protection/-/x-xss-protection-1.3.0.tgz",
+      "integrity": "sha512-kpyBI9TlVipZO4diReZMAHWtS0MMa/7Kgx8hwG/EuZLiA6sg4Ah/4TRdASHhRRN3boobzcYgFRUFSgHRge6Qhg=="
+    },
     "xtend": {
       "version": "4.0.2",
       "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz",
-      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ=="
+      "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==",
+      "dev": true
     },
     "y18n": {
       "version": "4.0.0",
diff --git a/package.json b/package.json
index 9416417..741acd7 100644
--- a/package.json
+++ b/package.json
@@ -19,10 +19,11 @@
     "cookie-parser": "^1.4.5",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
+    "express-fileupload": "^1.1.6",
     "express-session": "^1.17.1",
+    "helmet": "^3.23.2",
     "mongoose": "^5.9.18",
     "mongoose-fuzzy-searching": "^1.3.1",
-    "multer": "^1.4.2",
     "passport": "^0.4.1",
     "passport-local": "^1.0.0",
     "session-file-store": "^1.4.0",
diff --git a/src/components/Nav.svelte b/src/components/Nav.svelte
index 4a4fa9f..95df642 100644
--- a/src/components/Nav.svelte
+++ b/src/components/Nav.svelte
@@ -45,6 +45,7 @@
         height: 3rem;
         max-width: 100%;
         object-fit: contain;
+        margin-right: 3rem;
     }
     @media (min-width: 800px) {
         div.items {
@@ -56,9 +57,12 @@
             margin-left: 4rem;
         }
     }
+    div.search {
+        width: 100%;
+    }
     input.search {
+        width: 100%;
         height: 1.5rem;
-        width: 50%;
         font-size: 1rem;
         margin: 0 auto;
         text-align: center;
diff --git a/src/models/article.js b/src/models/article.js
index b160fdc..550baf4 100644
--- a/src/models/article.js
+++ b/src/models/article.js
@@ -14,7 +14,11 @@ const ArticleSchema = new Schema({
     html: { type: String, required: true },
     comments: [{
         content: { type: String, required: true },
-        author: { type: String, required: true },
+        author: { type: String },
+        author_user: {
+            type: mongoose.Schema.Types.ObjectId,
+            ref: 'User'
+        },
         created_at: { type: Date, default: Date.now },
         votes: { type: Number, default: 0 }
     }],
diff --git a/src/routes/a/[slug].json.js b/src/routes/a/[slug].json.js
index 4d551bc..ac7baef 100644
--- a/src/routes/a/[slug].json.js
+++ b/src/routes/a/[slug].json.js
@@ -9,6 +9,9 @@ export async function get(req, res, next) {
         select: 'realname'
     }).populate({
         path: 'category'
+    }).populate({
+        path: 'comments.author_user',
+        select: 'realname'
     });
 
     if (article) {
diff --git a/src/routes/a/[slug].svelte b/src/routes/a/[slug].svelte
index dbb7989..c813e00 100644
--- a/src/routes/a/[slug].svelte
+++ b/src/routes/a/[slug].svelte
@@ -14,6 +14,8 @@
 </script>
 
 <script>
+    import { stores } from '@sapper/app';
+    const { session } = stores();
     export let article;
 
     let author = '', content = '';
@@ -110,6 +112,10 @@
         font-weight: bold;
     }
 
+    span.comment-verified {
+        font-style: italic;
+    }
+
     div.comment {
         background-color: rgb(150, 200, 234);
         border: 1px solid #508FC3;
@@ -124,6 +130,10 @@
     div.article-content {
         margin-bottom: 2rem;
     }
+
+    div.comment-content {
+        word-break: break-word;
+    }
 </style>
 
 <svelte:head>
@@ -152,9 +162,13 @@
     {#each article.comments as comment}
         <div class="comment">
             <p class="comment-meta">
+            {#if comment.author_user}
+                <span class="comment-username">{comment.author_user.realname}</span> <span class="comment-verified">(verified)</span> - {new Date(comment.created_at).toLocaleString()}
+            {:else}
                 <span class="comment-username">{comment.author}</span> - {new Date(comment.created_at).toLocaleString()}
+            {/if}
             </p>
-            <div>{comment.content}</div>
+            <div class="comment-content">{comment.content}</div>
         </div>
     {:else}
         <p>No comments.</p>
@@ -162,7 +176,13 @@
     </div>
     <h3>Add a Comment</h3>
     <form method="POST" action={`/a/${article.slug}/comment`}>
-        <p>Name: <input type="text" bind:value={author} name="author" maxlength="100" placeholder="Anonymous"></p>
+        <p>Name:
+        {#if $session.user}
+            <input type="text" disabled value={$session.user.realname}>
+        {:else}
+            <input type="text" bind:value={author} name="author" maxlength="100" placeholder="Anonymous">
+        {/if}
+        </p>
         <p><textarea name="content" bind:value={content} maxlength="5000"></textarea></p>
         <p><button type="submit" on:click|preventDefault={postComment}>Submit</button></p>
     </form>
diff --git a/src/routes/a/[slug]/comment.js b/src/routes/a/[slug]/comment.js
index 81cb360..aa97dbb 100644
--- a/src/routes/a/[slug]/comment.js
+++ b/src/routes/a/[slug]/comment.js
@@ -2,7 +2,10 @@ import Article from '../../../models/article.js';
 
 export async function post(req, res) {
     const { slug } = req.params;
-    const article = await Article.findOne({ slug });
+    const article = await Article.findOne({ slug }).populate({
+        path: 'comments.author_user',
+        select: 'realname'
+    });
 
     if (article) {
         let { author, content } = req.body;
@@ -34,7 +37,11 @@ export async function post(req, res) {
             }));
             return;
         }
-        article.comments.push({ author, content });
+        if (req.user) {
+            article.comments.push({ author_user: req.user._id, content });
+        } else {
+            article.comments.push({ author, content });
+        }
         article.save();
         res.writeHead(200, {
             'Content-Type': 'application/json'
diff --git a/src/routes/c/[slug].json.js b/src/routes/c/[slug].json.js
index 1b74acd..594222f 100644
--- a/src/routes/c/[slug].json.js
+++ b/src/routes/c/[slug].json.js
@@ -6,7 +6,10 @@ export async function get(req, res)
     let { slug } = req.params;
     let articles, cat;
     if (slug === 'all') {
-        articles = await Article.find().sort({ created_at: 'desc' }).populate({ path: 'category' });
+        articles = await Article.find()
+                                .sort({ created_at: 'desc' })
+                                .populate({ path: 'category' })
+                                .populate({ path: 'author', select: 'realname' });
     } else {
         cat = await Category.findOne({ slug });
         if (!cat) {
@@ -20,7 +23,8 @@ export async function get(req, res)
         } else {
             articles = await Article.find({ category: cat.id })
                                     .sort({ created_at: 'desc' })
-                                    .populate({ path: 'category' });
+                                    .populate({ path: 'category' })
+                                    .populate({ path: 'author', select: 'realname' });
         }
     }
     res.writeHead(200, {
diff --git a/src/routes/cms/delete.svelte b/src/routes/cms/delete.svelte
index 519d388..b3b7e03 100644
--- a/src/routes/cms/delete.svelte
+++ b/src/routes/cms/delete.svelte
@@ -5,8 +5,12 @@
             return this.redirect(302, '/cms');
         }
         const res = await this.fetch(`/c/all.json`);
-        const articles = await res.json();
-        return { articles, user: session.user };
+        const json = await res.json();
+        if (res.status === 200) {
+            return { articles: json.articles, user: session.user };
+        } else {
+            this.error(res.status, json.message);
+        }
     }
 </script>
 
@@ -16,7 +20,7 @@
 
 <script>
     import { goto } from '@sapper/app';
-    export let articles;
+    export let articles = [];
 
     async function del(article)
     {
diff --git a/src/server.js b/src/server.js
index efbcfbb..70923d8 100644
--- a/src/server.js
+++ b/src/server.js
@@ -8,6 +8,8 @@ import mongoose from 'mongoose';
 import passport from 'passport';
 import { Strategy } from 'passport-local';
 import sessionFileStore from 'session-file-store';
+import fileUpload from 'express-fileupload';
+import helmet from 'helmet';
 import Article from './models/article.js';
 import Category from './models/category.js';
 import User from './models/user.js';
@@ -77,8 +79,10 @@ const isAuthor = function(req, res, next) {
 
 
 express()
+    .use(helmet())
     .use(bodyParser.json())
     .use(bodyParser.urlencoded({ extended: true }))
+    .use(fileUpload())
     .use(session({
         secret: SESSION_SECRET,
         resave: false,
diff --git a/static/a/.gitkeep b/static/a/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/static/a/here-s-why-canned-water-is-better.jpg b/static/a/here-s-why-canned-water-is-better.jpg
deleted file mode 100644
index bb02d24..0000000
Binary files a/static/a/here-s-why-canned-water-is-better.jpg and /dev/null differ
diff --git a/static/a/how-to-disable-abs-in-your-car.jpg b/static/a/how-to-disable-abs-in-your-car.jpg
deleted file mode 100644
index ca65373..0000000
Binary files a/static/a/how-to-disable-abs-in-your-car.jpg and /dev/null differ
diff --git a/static/a/how-to-pay-zero-in-taxes.jpg b/static/a/how-to-pay-zero-in-taxes.jpg
deleted file mode 100644
index 8a9ffee..0000000
Binary files a/static/a/how-to-pay-zero-in-taxes.jpg and /dev/null differ