diff --git a/buttons.php b/buttons.php
index 8769ef9..559a27f 100644
--- a/buttons.php
+++ b/buttons.php
@@ -8,9 +8,12 @@ include_once "functions.php";
 
 header("Cache-Control: no-cache");
 
-if ($_GET['header']) {
+$header = filter_input(INPUT_GET, $_GET['header']);
+$ch = filter_input(INPUT_GET, $_GET['ch']);
+
+if ($header) {
     die();
-} elseif ($_GET['ch'] != null) {
+} elseif ($ch != null) {
 ?>
 <html>
 <head>
@@ -50,13 +53,8 @@ if ($_GET['header']) {
             cursor: pointer;
         }
 
-        .chheadpas {
-            background: url(i/chat/chat_passive.jpg) no-repeat;
-            text-align: center;
-        }
+        .chheadpas, .chheadact {
 
-        .chheadact {
-            background: url(i/chat/chat_aaactive.jpg) no-repeat;
             text-align: center;
         }
 
diff --git a/functions.php b/functions.php
index fcd1f10..79326c2 100644
--- a/functions.php
+++ b/functions.php
@@ -72,8 +72,10 @@ if (empty($user['battle']) && ($user['hp'] < @$user['maxhp'])) {
     regenhp($user);
 }
 
+$inder = filter_input(INPUT_COOKIE, $_COOKIE['inder']);
+
 if (!isset($banks['id'])) {
-    $banks = db::c()->query('SELECT `id`, `cr`, `ekr` FROM `bank` WHERE `id` = "?s" AND `owner` = "?s" LIMIT 1', $_COOKIE['inder'], $user['id'])->fetch_assoc();
+    $banks = db::c()->query('SELECT `id`, `cr`, `ekr` FROM `bank` WHERE `id` = "?s" AND `owner` = "?s" LIMIT 1', $inder, $u->i()['id'])->fetch_assoc();
 }
 
 function auth_bank($id, $pass, $us)