diff --git a/.htaccess b/.htaccess
index cfffd1b..369eb63 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,8 +1,8 @@
 <IfModule mod_rewrite.c>
-RewriteEngine On
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d 
-RewriteRule . index.php [L]
+    RewriteEngine On
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME} !-d 
+    RewriteRule . index.php [L]
 </IfModule>
 
 # Prevent file browsing
diff --git a/README.md b/README.md
index 5416c52..443b91e 100644
--- a/README.md
+++ b/README.md
@@ -1,27 +1,31 @@
 #PIP
 
-PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use.
+PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to setup and use. 
+
+This is Dushan's fork which features:
+
+* Security fix for a Local File Inclusion (credit LB)
+* Removal of redundant/legacy code
+* Cleanup of directory structure
+* Upgraded database handling (using PDO)
+* Various minor upgrades
 
 Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) for more information and documentation.
 
 ## Requirements
 
-* PHP 5.1 or greater
-* MySQL 4.1.2 or greater
-* The mod_rewrite Apache module
+* A recent version of PHP (with PDO support)
+* A recent version of MySQL or MariaDB
+* A recent version of Apache with mod_rewrite and htaccess enabled (or another compatible web server such as Nginx)
 
 ## Installation
 
-* Download PIP and extract
-* Navigate to `application/config/config.php` and fill in your `base_url`
-* You are ready to rock! Point your browser to your `base_url` and hopefully see a welcome message.
-
-## Documentation
-
-Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) to see the documentation.
+* Download PIP and extract to your web root
+* Navigate to `system/` and edit `db.php`, `config.php` and `controllers.php` as needed
+* Point your browser to your `base_url`
 
 ## License
 
 PIP is released under the MIT license.
 
-Want to say thanks? [Consider tipping me](https://www.gittip.com/gilbitron).
+Credit to original author [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/)
diff --git a/application/config/config.php b/application/config/config.php
deleted file mode 100644
index d34579b..0000000
--- a/application/config/config.php
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php 
-
-$config['base_url'] = ''; // Base URL including trailing slash (e.g. http://localhost/)
-
-$config['default_controller'] = 'main'; // Default controller to load
-$config['error_controller'] = 'error'; // Controller used for errors (e.g. 404, 500 etc)
-
-$config['db_host'] = ''; // Database host (e.g. localhost)
-$config['db_name'] = ''; // Database name
-$config['db_username'] = ''; // Database username
-$config['db_password'] = ''; // Database password
-
-?>
\ No newline at end of file
diff --git a/application/controllers/error.php b/application/controllers/error.php
index 99d72f7..56d8f1c 100644
--- a/application/controllers/error.php
+++ b/application/controllers/error.php
@@ -1,18 +1,11 @@
 <?php
-
-class Error extends Controller {
-	
-	function index()
-	{
-		$this->error404();
-	}
-	
-	function error404()
-	{
-		echo '<h1>404 Error</h1>';
-		echo '<p>Looks like this page doesn\'t exist</p>';
-	}
-    
-}
-
+    class Error extends Controller {
+	    function index() {
+		    $this->errorMsg();
+	    }
+	    
+        function errorMsg() {
+            echo 'There is an error, that is all we know...';
+        }
+    }
 ?>
diff --git a/application/controllers/main.php b/application/controllers/main.php
index b1c40ac..b87b9a1 100644
--- a/application/controllers/main.php
+++ b/application/controllers/main.php
@@ -1,13 +1,10 @@
 <?php
-
-class Main extends Controller {
-	
-	function index()
-	{
-		$template = $this->loadView('main_view');
-		$template->render();
-	}
-    
-}
-
+    class Main extends Controller {
+        function index() {
+            $data = $this->loadModel('example');
+            $template = $this->loadView('view');
+            $template->set('data', 'Hello World');
+            $template->render();
+        }
+    }
 ?>
diff --git a/application/helpers/session_helper.php b/application/helpers/session_helper.php
deleted file mode 100644
index 5322e9c..0000000
--- a/application/helpers/session_helper.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
-
-class Session_helper {
-
-	function set($key, $val)
-	{
-		$_SESSION["$key"] = $val;
-	}
-	
-	function get($key)
-	{
-		return $_SESSION["$key"];
-	}
-	
-	function destroy()
-	{
-		session_destroy();
-	}
-
-}
-
-?>
\ No newline at end of file
diff --git a/application/helpers/url_helper.php b/application/helpers/url_helper.php
deleted file mode 100644
index c9caf98..0000000
--- a/application/helpers/url_helper.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-
-class Url_helper {
-
-	function base_url()
-	{
-		global $config;
-		return $config['base_url'];
-	}
-	
-	function segment($seg)
-	{
-		if(!is_int($seg)) return false;
-		
-		$parts = explode('/', $_SERVER['REQUEST_URI']);
-	    return isset($parts[$seg]) ? $parts[$seg] : false;
-	}
-	
-}
-
-?>
\ No newline at end of file
diff --git a/application/models/example.php b/application/models/example.php
new file mode 100644
index 0000000..cd8e657
--- /dev/null
+++ b/application/models/example.php
@@ -0,0 +1,15 @@
+<?php
+    class Example extends Model {
+	    public function addID($id) {
+            try {
+                $sql = 'INSERT INTO id (id) VALUES (:id)';
+                $db = $this->getDB();
+                $stmt = $db->prepare($sql);
+                $stmt->bindParam('id', $id, PDO::PARAM_INT);
+                $stmt->execute();
+            } catch (PDOException $e) {
+                echo $e->getMessage();
+            }
+        }
+    }
+?>
diff --git a/application/models/example_model.php b/application/models/example_model.php
deleted file mode 100644
index 18c960a..0000000
--- a/application/models/example_model.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-
-class Example_model extends Model {
-	
-	public function getSomething($id)
-	{
-		$id = $this->escapeString($id);
-		$result = $this->query('SELECT * FROM something WHERE id="'. $id .'"');
-		return $result;
-	}
-
-}
-
-?>
diff --git a/application/plugins/.gitignore b/application/plugins/.gitkeep
similarity index 100%
rename from application/plugins/.gitignore
rename to application/plugins/.gitkeep
diff --git a/application/views/footer.php b/application/views/footer.php
deleted file mode 100644
index 691287b..0000000
--- a/application/views/footer.php
+++ /dev/null
@@ -1,2 +0,0 @@
-</body>
-</html>
\ No newline at end of file
diff --git a/application/views/header.php b/application/views/header.php
deleted file mode 100644
index c93a60a..0000000
--- a/application/views/header.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8" />
-    
-    <title>Welcome to PIP</title>
-    <meta name="description" content="">
-    <meta name="author" content="">
-    
-    <link rel="stylesheet" href="<?php echo BASE_URL; ?>static/css/style.css" type="text/css" media="screen" />
-</head>
-<body>
diff --git a/application/views/main_view.php b/application/views/main_view.php
deleted file mode 100644
index 9c101d2..0000000
--- a/application/views/main_view.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php include('header.php'); ?>
-	
-    <div id="content">
-        
-        <h1>Welcome to PIP</h1>
-        <p>To get started please read the documentation at <a href="http://pip.dev7studios.com/">http://pip.dev7studios.com</a>.</p>
-        
-    </div>
-
-<?php include('footer.php'); ?>
\ No newline at end of file
diff --git a/application/views/view.php b/application/views/view.php
new file mode 100644
index 0000000..4e858e8
--- /dev/null
+++ b/application/views/view.php
@@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <link rel="stylesheet" href="<?php echo BASE_URL; ?>static/css/style.css" type="text/css" media="screen" />
+    </head>
+    <body>
+        <p><?php echo $data; ?></p>
+    </body>
+</html>
diff --git a/index.php b/index.php
index ed8010b..339dbe8 100644
--- a/index.php
+++ b/index.php
@@ -1,26 +1,50 @@
 <?php
-/*
- * PIP v0.5.3
- */
+    // Base paths
+    define('ROOT_DIR', realpath(dirname(__FILE__)) .'/');
+    define('APP_DIR', ROOT_DIR .'application/');
+    require(ROOT_DIR .'system/config.php');
+    
+    // Settings 
+    global $config;
+    define('BASE_URL', $config['base_url']);
 
-//Start the Session
-session_start(); 
+    /* Secure session (disabled as it does not function as intended, will be fixed in time)
+    if(session_id() == '' || !isset($_SESSION)) {
+        session_name($config['session_name']);
+        session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']);
+        session_start();
+    } else {
+        session_start();
+    } */
 
-// Defines
-define('ROOT_DIR', realpath(dirname(__FILE__)) .'/');
-define('APP_DIR', ROOT_DIR .'application/');
+    // Start a session
+    session_start(); 
+    
+    // Set variable for tracking the number of requests per session id
+    if(!isset($_SESSION['regen'])) {
+        $_SESSION['regen'] = 0;
+    }
+    
+    // Rotate session id every N requests to protect from session fixation
+    if(++$_SESSION['regen'] > $config['rotation_interval']) {
+        $_SESSION['regen'] = 0;
+        session_regenerate_id(true);
+    }     
+    
+    // PHP settings for dev mode 
+    if(!$config['production']) {
+        error_reporting(E_ALL);
+        ini_set('display_errors', 1);
+        ini_set('memory_limit', '-1');
+        set_time_limit(0);
+    }
 
-// Includes
-require(APP_DIR .'config/config.php');
-require(ROOT_DIR .'system/model.php');
-require(ROOT_DIR .'system/view.php');
-require(ROOT_DIR .'system/controller.php');
-require(ROOT_DIR .'system/pip.php');
-
-// Define base URL
-global $config;
-define('BASE_URL', $config['base_url']);
-
-pip();
+    // Base classes for application
+    require(ROOT_DIR .'system/model.php');
+    require(ROOT_DIR .'system/view.php');
+    require(ROOT_DIR .'system/controller.php');
+    require(ROOT_DIR .'system/pip.php');
 
+    // Call PIP
+    pip();
 ?>
diff --git a/static/.gitignore b/static/.gitkeep
similarity index 100%
rename from static/.gitignore
rename to static/.gitkeep
diff --git a/static/css/style.css b/static/css/style.css
index 933b736..a8f7ab4 100644
--- a/static/css/style.css
+++ b/static/css/style.css
@@ -1 +1,3 @@
-/* CSS Styles */
\ No newline at end of file
+p {
+    font-family: Arial;
+}
diff --git a/static/images/.gitignore b/static/images/.gitkeep
similarity index 100%
rename from static/images/.gitignore
rename to static/images/.gitkeep
diff --git a/static/js/.gitignore b/static/js/.gitkeep
similarity index 100%
rename from static/js/.gitignore
rename to static/js/.gitkeep
diff --git a/system/config.php b/system/config.php
new file mode 100644
index 0000000..b96f17d
--- /dev/null
+++ b/system/config.php
@@ -0,0 +1,25 @@
+<?php 
+    // Mode
+    $config['production'] = false;
+    
+    // Session rotation interval
+    $config['rotation_interval'] = 20;    
+    
+    // Session cookie settings
+    $config['session_name'] = 'pip'; // Change me
+    $config['http_only'] = true; // You really shouldn't change this
+    $config['cookie_lifetime'] = 3600; // 1 hour in seconds
+
+    // URL
+    if((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) {
+        $config['base_url'] = 'https://'.$_SERVER['HTTP_HOST'].'/';
+        $config['https_cookie'] = true;
+    } else {
+        $config['base_url'] = 'http://'.$_SERVER['HTTP_HOST'].'/';
+        $config['https_cookie'] = false;
+    }
+
+    // Database credentials and default/permitted controllers
+    require_once('db.php');
+    require_once('controllers.php');
+?>
diff --git a/system/controller.php b/system/controller.php
index dc51490..2ed64f9 100644
--- a/system/controller.php
+++ b/system/controller.php
@@ -1,40 +1,23 @@
 <?php
-
-class Controller {
+    class Controller {
+	    public function loadModel($name) {
+		    require(APP_DIR .'models/'. strtolower($name) .'.php');
+		    $model = new $name;
+		    return $model;
+	    }
 	
-	public function loadModel($name)
-	{
-		require(APP_DIR .'models/'. strtolower($name) .'.php');
-
-		$model = new $name;
-		return $model;
-	}
+	    public function loadView($name) {
+		    $view = new View($name);
+		    return $view;
+	    }
 	
-	public function loadView($name)
-	{
-		$view = new View($name);
-		return $view;
-	}
+	    public function loadPlugin($name) {
+		    require(APP_DIR .'plugins/'. strtolower($name) .'.php');
+	    }
 	
-	public function loadPlugin($name)
-	{
-		require(APP_DIR .'plugins/'. strtolower($name) .'.php');
-	}
-	
-	public function loadHelper($name)
-	{
-		require(APP_DIR .'helpers/'. strtolower($name) .'.php');
-		$helper = new $name;
-		return $helper;
-	}
-	
-	public function redirect($loc)
-	{
-		global $config;
-		
-		header('Location: '. $config['base_url'] . $loc);
-	}
-    
-}
-
-?>
\ No newline at end of file
+	    public function redirect($loc) {
+		    global $config;
+		    header('Location: '. $config['base_url'] . $loc);
+	    }
+    }
+?>
diff --git a/system/controllers.php b/system/controllers.php
new file mode 100644
index 0000000..91e9dc9
--- /dev/null
+++ b/system/controllers.php
@@ -0,0 +1,8 @@
+<?php
+    // Default controllers
+    $config['default_controller'] = 'main';
+    $config['error_controller'] = 'error';
+    
+    // Permitted controllers
+    $config['valid_controllers'] = array('error', 'main');
+?>
diff --git a/system/db.php b/system/db.php
new file mode 100644
index 0000000..e903899
--- /dev/null
+++ b/system/db.php
@@ -0,0 +1,7 @@
+<?php
+    // Database
+    $config['db_host'] = 'localhost';
+    $config['db_name'] = 'test';
+    $config['db_user'] = 'root';
+    $config['db_pass'] = 'toor';
+?>
diff --git a/system/model.php b/system/model.php
index 04503ca..4dd793e 100644
--- a/system/model.php
+++ b/system/model.php
@@ -1,63 +1,24 @@
 <?php
-
-class Model {
-
-	private $connection;
-
-	public function __construct()
-	{
-		global $config;
-		
-		$this->connection = mysql_pconnect($config['db_host'], $config['db_username'], $config['db_password']) or die('MySQL Error: '. mysql_error());
-		mysql_select_db($config['db_name'], $this->connection);
-	}
-
-	public function escapeString($string)
-	{
-		return mysql_real_escape_string($string);
-	}
-
-	public function escapeArray($array)
-	{
-	    array_walk_recursive($array, create_function('&$v', '$v = mysql_real_escape_string($v);'));
-		return $array;
-	}
-	
-	public function to_bool($val)
-	{
-	    return !!$val;
-	}
-	
-	public function to_date($val)
-	{
-	    return date('Y-m-d', $val);
-	}
-	
-	public function to_time($val)
-	{
-	    return date('H:i:s', $val);
-	}
-	
-	public function to_datetime($val)
-	{
-	    return date('Y-m-d H:i:s', $val);
-	}
-	
-	public function query($qry)
-	{
-		$result = mysql_query($qry) or die('MySQL Error: '. mysql_error());
-		$resultObjects = array();
-
-		while($row = mysql_fetch_object($result)) $resultObjects[] = $row;
-
-		return $resultObjects;
-	}
-
-	public function execute($qry)
-	{
-		$exec = mysql_query($qry) or die('MySQL Error: '. mysql_error());
-		return $exec;
-	}
-    
-}
+    class Model {
+	    private $connection;
+
+	    public function __construct() {
+		    global $config;
+            try {
+                $this->connection = new PDO('mysql:host='.$config['db_host'].';dbname='.$config['db_name'],$config['db_user'],$config['db_pass']);
+                // NOTE: Specify SSL parameters if database is not on localhost
+                $this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+            } catch(PDOException $e) {
+                die('Could not connect to database...');
+            }
+        }
+
+        public function __destruct() {
+            $this->connection = null;
+        }
+
+        public function getDB() {
+            return $this->connection;
+        }
+    }
 ?>
diff --git a/system/pip.php b/system/pip.php
index c69195c..2e5b282 100644
--- a/system/pip.php
+++ b/system/pip.php
@@ -1,47 +1,45 @@
 <?php
+    function pip() {
+	    global $config;
 
-function pip()
-{
-	global $config;
+        // Set our defaults
+        $controller = $config['default_controller'];
+        $action = 'index';
+        $url = '';
+        $request_url = '';
+        $script_url = '';
     
-    // Set our defaults
-    $controller = $config['default_controller'];
-    $action = 'index';
-    $url = '';
-	
-	// Get request url and script url
-	$request_url = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : '';
-	$script_url  = (isset($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : '';
-    	
-	// Get our url path and trim the / of the left and the right
-	if($request_url != $script_url) $url = trim(preg_replace('/'. str_replace('/', '\/', str_replace('index.php', '', $script_url)) .'/', '', $request_url, 1), '/');
+        // Get request url and script url
+        if(isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI'])) $request_url = $_SERVER['REQUEST_URI'];
+        if(isset($_SERVER['PHP_SELF']) && !empty($_SERVER['PHP_SELF'])) $script_url = $_SERVER['PHP_SELF'];
+
+	    // Get our url path and trim the / of the left and the right
+	    if($request_url != $script_url) $url = trim(preg_replace('/'. str_replace('/', '\/', str_replace('index.php', '', $script_url)) .'/', '', $request_url, 1), '/');
     
-	// Split the url into segments
-	$segments = explode('/', $url);
+	    // Split the url into segments
+	    $segments = explode('/', $url);
 	
-	// Do our default checks
-	if(isset($segments[0]) && $segments[0] != '') $controller = $segments[0];
-	if(isset($segments[1]) && $segments[1] != '') $action = $segments[1];
+	    // Do our default checks
+	    if(isset($segments[0]) && $segments[0] != '') $controller = $segments[0];
+	    if(isset($segments[1]) && $segments[1] != '') $action = $segments[1];
 
-	// Get our controller file
-    $path = APP_DIR . 'controllers/' . $controller . '.php';
-	if(file_exists($path)){
-        require_once($path);
-	} else {
-        $controller = $config['error_controller'];
-        require_once(APP_DIR . 'controllers/' . $controller . '.php');
-	}
+        // Get our controller file (and check it's valid to protect from LFI)
+        $path = APP_DIR . 'controllers/' . $controller . '.php';
+        if(in_array($controller, $config['valid_controllers']) && file_exists($path)) {
+            require_once($path);
+	    } else {
+            $controller = $config['error_controller'];
+            require_once(APP_DIR . 'controllers/' . $controller . '.php');
+	    }
     
-    // Check the action exists
-    if(!method_exists($controller, $action)){
-        $controller = $config['error_controller'];
-        require_once(APP_DIR . 'controllers/' . $controller . '.php');
-        $action = 'index';
-    }
+        // Check the action exists
+        if(!method_exists($controller, $action)){
+            $controller = $config['error_controller'];
+            require_once(APP_DIR . 'controllers/' . $controller . '.php');
+            $action = 'index';
+        }
 	
-	// Create object and call method
-	$obj = new $controller;
-    die(call_user_func_array(array($obj, $action), array_slice($segments, 2)));
-}
-
+	    // Create object and call method
+        die(trim(call_user_func_array(array(new $controller, $action), array_slice($segments, 2))));
+    }
 ?>
diff --git a/system/view.php b/system/view.php
index 1548f6a..94f9b93 100644
--- a/system/view.php
+++ b/system/view.php
@@ -1,29 +1,21 @@
 <?php
+    class View {
+	    private $pageVars = array();
+	    private $template;
 
-class View {
+	    public function __construct($template) {
+		    $this->template = APP_DIR .'views/'. $template .'.php';
+	    }
 
-	private $pageVars = array();
-	private $template;
+	    public function set($var, $val) {
+		    $this->pageVars[$var] = $val;
+	    }
 
-	public function __construct($template)
-	{
-		$this->template = APP_DIR .'views/'. $template .'.php';
-	}
-
-	public function set($var, $val)
-	{
-		$this->pageVars[$var] = $val;
-	}
-
-	public function render()
-	{
-		extract($this->pageVars);
-
-		ob_start();
-		require($this->template);
-		echo ob_get_clean();
-	}
-    
-}
-
-?>
\ No newline at end of file
+	    public function render() {
+		    extract($this->pageVars);
+		    ob_start();
+		    require($this->template);
+		    echo ob_get_clean();
+	    }
+    }
+?>