diff --git a/admin/admin_ajax.php b/admin/admin_ajax.php
index 3f6b9a15..603cb02c 100644
--- a/admin/admin_ajax.php
+++ b/admin/admin_ajax.php
@@ -3,31 +3,12 @@
  * @Author: prpr
  * @Date:   2016-02-04 13:53:55
  * @Last Modified by:   prpr
- * @Last Modified time: 2016-02-06 23:14:48
+ * @Last Modified time: 2016-02-06 23:29:34
  */
+require "../includes/session.inc.php";
 
-session_start();
-$dir = dirname(dirname(__FILE__));
-require "$dir/includes/autoload.inc.php";
-
-if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
-    $_SESSION['uname'] = $_COOKIE['uname'];
-    $_SESSION['token'] = $_COOKIE['token'];
-}
-
-/**
- * Check token, won't allow non-admin user to access
- */
-if (isset($_SESSION['uname'])) {
-    $admin = new User($_SESSION['uname']);
-    if ($_SESSION['token'] != $admin->getToken()) {
-        header('Location: ../index.php?msg=无效的 token，请重新登录。');
-    } else if (!$admin->is_admin) {
-        header('Location: ../index.php?msg=看起来你并不是管理员');
-    }
-} else {
-    header('Location: ../index.php?msg=非法访问，请先登录。');
-}
+// Check token, won't allow non-admin user to access
+if (!$admin->is_admin) header('Location: ../index.php?msg=看起来你并不是管理员');
 
 /*
  * No protection here,
diff --git a/admin/index.php b/admin/index.php
index a3b9c94b..08a44ea2 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -3,30 +3,11 @@
  * @Author: prpr
  * @Date:   2016-02-03 14:39:50
  * @Last Modified by:   prpr
- * @Last Modified time: 2016-02-06 23:05:31
+ * @Last Modified time: 2016-02-06 23:29:33
  */
-
-session_start();
-$dir = dirname(dirname(__FILE__));
-require "$dir/includes/autoload.inc.php";
-
-if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
-    $_SESSION['uname'] = $_COOKIE['uname'];
-    $_SESSION['token'] = $_COOKIE['token'];
-}
-
-if (isset($_SESSION['uname'])) {
-    $admin = new User($_SESSION['uname']);
-    if ($_SESSION['token'] != $admin->getToken()) {
-        header('Location: ../index.php?msg=无效的 token，请重新登录。');
-    } else if (!$admin->is_admin) {
-        header('Location: ../index.php?msg=看起来你并不是管理员');
-    }
-} else {
-    header('Location: ../index.php?msg=非法访问，请先登录。');
-}
+require "../includes/session.inc.php";
+if (!$admin->is_admin) header('Location: ../index.php?msg=看起来你并不是管理员');
 ?>
-
 <!DOCTYPE html>
 <html>
 <head>
diff --git a/includes/session.inc.php b/includes/session.inc.php
new file mode 100644
index 00000000..c4daf810
--- /dev/null
+++ b/includes/session.inc.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * @Author: prpr
+ * @Date:   2016-02-06 23:18:49
+ * @Last Modified by:   prpr
+ * @Last Modified time: 2016-02-06 23:27:48
+ */
+session_start();
+$dir = dirname(dirname(__FILE__));
+require "$dir/includes/autoload.inc.php";
+
+if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
+    $_SESSION['uname'] = $_COOKIE['uname'];
+    $_SESSION['token'] = $_COOKIE['token'];
+}
+
+if (isset($_SESSION['uname'])) {
+    $user = new User($_SESSION['uname']);
+    if ($_SESSION['token'] != $user->getToken()) {
+        header('Location: ../index.php?msg=无效的 token，请重新登录。');
+    }
+} else {
+    header('Location: ../index.php?msg=非法访问，请先登录。');
+}
diff --git a/user/index.php b/user/index.php
index 6daa7aa0..8419f70a 100644
--- a/user/index.php
+++ b/user/index.php
@@ -5,24 +5,7 @@
 * @Last Modified by:   prpr
 * @Last Modified time: 2016-01-21 20:40:04
 */
-
-session_start();
-$dir = dirname(dirname(__FILE__));
-require "$dir/includes/autoload.inc.php";
-
-if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
-    $_SESSION['uname'] = $_COOKIE['uname'];
-    $_SESSION['token'] = $_COOKIE['token'];
-}
-
-if (isset($_SESSION['uname'])) {
-    $user = new User($_SESSION['uname']);
-    if ($_SESSION['token'] != $user->getToken()) {
-        header('Location: ../index.php?msg=无效的 token，请重新登录。');
-    }
-} else {
-    header('Location: ../index.php?msg=非法访问，请先登录。');
-}
+require "../includes/session.inc.php";
 $action = isset($_GET['action']) ? $_GET['action'] : "";
 ?>
 <!DOCTYPE html>
diff --git a/user/preview.php b/user/preview.php
index c6e2cd48..d5d0799b 100644
--- a/user/preview.php
+++ b/user/preview.php
@@ -3,10 +3,9 @@
  * @Author: prpr
  * @Date:   2016-02-04 19:37:21
  * @Last Modified by:   prpr
- * @Last Modified time: 2016-02-05 15:02:52
+ * @Last Modified time: 2016-02-06 23:24:56
  */
 ?>
-
 <div id="skinpreview"></div>
 <script type="text/javascript" src="../libs/three.js"></script>
 <script type="text/javascript" src="../libs/three.msp.js"></script>
@@ -22,4 +21,4 @@ echo "<script>MSP.changeSkin(dskin);</script>";
 if ($user->getTexture('cape')) {
     echo "<script>var dcape ='../textures/".$user->getTexture('cape')."';</script>";
     echo "<script>MSP.changeCape(dcape);</script>";
-} ?>
+}
diff --git a/user/profile.php b/user/profile.php
index 225e162a..ac52123a 100644
--- a/user/profile.php
+++ b/user/profile.php
@@ -3,26 +3,9 @@
  * @Author: prpr
  * @Date:   2016-02-03 16:12:45
  * @Last Modified by:   prpr
- * @Last Modified time: 2016-02-06 23:04:22
+ * @Last Modified time: 2016-02-06 23:29:32
  */
-
-session_start();
-$dir = dirname(dirname(__FILE__));
-require "$dir/includes/autoload.inc.php";
-
-if(isset($_COOKIE['uname']) && isset($_COOKIE['token'])) {
-    $_SESSION['uname'] = $_COOKIE['uname'];
-    $_SESSION['token'] = $_COOKIE['token'];
-}
-
-if (isset($_SESSION['uname'])) {
-    $user = new User($_SESSION['uname']);
-    if ($_SESSION['token'] != $user->getToken()) {
-        header('Location: ../index.php?msg=无效的 token，请重新登录。');
-    }
-} else {
-    header('Location: ../index.php?msg=非法访问，请先登录。');
-}
+require "../includes/session.inc.php";
 ?>
 <!DOCTYPE html>
 <html>