diff --git a/world/net/http/library.i b/world/net/http/library.i
index 92e6629..214ed0b 100644
--- a/world/net/http/library.i
+++ b/world/net/http/library.i
@@ -7,6 +7,7 @@
 
 #include <net.h>
 #include <services.h>
+#include <proto.h>
 
 #include "driver.h"
 //#include CONFIG_PATH "ports.h"
@@ -216,3 +217,13 @@ varargs string make_query_string(mapping params, int sort) {
     return q;
 }
 
+object check_query_token(mapping query) {
+        string nick;
+        object user;
+
+        if (nick = query["user"]) user = find_person(nick);
+        if (user && user->validToken(query["token"])) return user;
+        return 0;
+}
+
+
diff --git a/world/net/include/proto.h b/world/net/include/proto.h
index 5ae21be..ec26fcf 100644
--- a/world/net/include/proto.h
+++ b/world/net/include/proto.h
@@ -14,6 +14,7 @@
 void dns_resolve(string hostname, closure callback, varargs array(mixed) extra);
 void dns_rresolve(string ip, closure callback, varargs array(mixed) extra);
 #endif
+varargs object find_person(string name, vaint lowercazed);
 #ifndef hex2int
 int hex2int(string hex);
 #endif
diff --git a/world/net/place/threads.c b/world/net/place/threads.c
index 92aa479..70170f4 100644
--- a/world/net/place/threads.c
+++ b/world/net/place/threads.c
@@ -530,14 +530,6 @@ void displayFooter() {
     w("_HTML_tail_threads", "</body></html>");
 }
 
-static object checkToken(mapping query) {
-	string nick;
-	object user;
-	if (nick = query["user"]) user = find_person(nick);
-	if (user && user->validToken(query["token"])) return user;
-	return 0;
-}
-
 htget(prot, query, headers, qs, data) {
     mapping entrymap;
     mixed target;
@@ -546,7 +538,7 @@ htget(prot, query, headers, qs, data) {
     int a;
     int limit = to_int(query["limit"]) || DEFAULT_BACKLOG;
     int offset = to_int(query["offset"]);
-    int authed = checkToken(query) ? 1 : 0;
+    int authed = check_query_token(query) ? 1 : 0;
     unless (isPublic() || authed) {
 	write("<h1>404</h1>");
 	return 1;
@@ -570,7 +562,7 @@ htget(prot, query, headers, qs, data) {
 	htok(prot);
 
 	// TODO: remote user auth
-	unless (user = checkToken(query)) {
+	unless (user = check_query_token(query)) {
 	    write("Not authenticated!\n");
 	    return 1;
 	}
@@ -618,10 +610,10 @@ htget(prot, query, headers, qs, data) {
 	//P2(("all entries: %O\n", _thread))
 	htok3(prot, "text/html", "Cache-Control: no-cache\n");
 	displayHeader("entries");
-	if ((user = checkToken(query)) && canPost(user->qName()))
+	if ((user = check_query_token(query)) && canPost(user->qName()))
 	    displayForm(!v("showform"));
 	// display the blog
-	displayMain(limit, offset, checkToken(query) ? 1 : 0);
+	displayMain(limit, offset, check_query_token(query) ? 1 : 0);
 	// display the chatlog
 	if (showWebLog()) logView(a < 24 ? a : 12, "html", 15);
 	displayFooter();