diff --git a/misuzu.php b/misuzu.php
index 9136ea2a..9f44402f 100644
--- a/misuzu.php
+++ b/misuzu.php
@@ -36,7 +36,6 @@ $errorHandler->register();
 
 require_once 'src/array.php';
 require_once 'src/audit_log.php';
-require_once 'src/base32.php';
 require_once 'src/changelog.php';
 require_once 'src/colour.php';
 require_once 'src/comments.php';
@@ -431,14 +430,14 @@ MIG;
     if(!empty($_COOKIE['msz_uid']) && !empty($_COOKIE['msz_sid'])
         && ctype_digit($_COOKIE['msz_uid']) && ctype_xdigit($_COOKIE['msz_sid'])
         && strlen($_COOKIE['msz_sid']) === 64) {
-        $_COOKIE['msz_auth'] = base64url_encode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']));
+        $_COOKIE['msz_auth'] = Base64::decode(user_session_cookie_pack($_COOKIE['msz_uid'], $_COOKIE['msz_sid']), true);
         setcookie('msz_auth', $_COOKIE['msz_auth'], strtotime('1 year'), '/', '', !empty($_SERVER['HTTPS']), true);
         setcookie('msz_uid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
         setcookie('msz_sid', '', -3600, '/', '', !empty($_SERVER['HTTPS']), true);
     }
 
     if(!empty($_COOKIE['msz_auth']) && is_string($_COOKIE['msz_auth'])) {
-        $cookieData = user_session_cookie_unpack(base64url_decode($_COOKIE['msz_auth']));
+        $cookieData = user_session_cookie_unpack(Base64::decode($_COOKIE['msz_auth'], true));
 
         if(!empty($cookieData) && user_session_start($cookieData['user_id'], $cookieData['session_token'])) {
             $userDisplayInfo = DB::prepare('
diff --git a/public/auth/login.php b/public/auth/login.php
index 8c70e721..d5f4d983 100644
--- a/public/auth/login.php
+++ b/public/auth/login.php
@@ -96,7 +96,7 @@ while(!empty($_POST['login']) && is_array($_POST['login'])) {
     user_session_start($userData->user_id, $sessionKey);
 
     $cookieLife = strtotime(user_session_current('session_expires'));
-    $cookieValue = base64url_encode(user_session_cookie_pack($userData->user_id, $sessionKey));
+    $cookieValue = Base64::encode(user_session_cookie_pack($userData->user_id, $sessionKey), true);
     setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
 
     if(!is_local_url($loginRedirect)) {
diff --git a/public/auth/twofactor.php b/public/auth/twofactor.php
index d9eab165..5ce88cd3 100644
--- a/public/auth/twofactor.php
+++ b/public/auth/twofactor.php
@@ -69,7 +69,7 @@ while(!empty($twofactor)) {
     user_session_start($tokenInfo['user_id'], $sessionKey);
 
     $cookieLife = strtotime(user_session_current('session_expires'));
-    $cookieValue = base64url_encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey));
+    $cookieValue = Base64::encode(user_session_cookie_pack($tokenInfo['user_id'], $sessionKey), true);
     setcookie('msz_auth', $cookieValue, $cookieLife, '/', '', !empty($_SERVER['HTTPS']), true);
 
     if(!is_local_url($redirect)) {
diff --git a/public/proxy.php b/public/proxy.php
index 3e37e3ce..9799873d 100644
--- a/public/proxy.php
+++ b/public/proxy.php
@@ -24,7 +24,7 @@ if(empty($proxyHash) || empty($proxyUrl)) {
     return;
 }
 
-$proxyUrlDecoded = base64url_decode($proxyUrl);
+$proxyUrlDecoded = Base64::decode($proxyUrl, true);
 $parsedUrl = parse_url($proxyUrlDecoded);
 
 if(empty($parsedUrl['scheme'])
diff --git a/src/Base32.php b/src/Base32.php
new file mode 100644
index 00000000..b1447a06
--- /dev/null
+++ b/src/Base32.php
@@ -0,0 +1,41 @@
+<?php
+namespace Misuzu;
+
+class Base32 {
+    public const CHARS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+
+    public static function decode(string $str): string {
+        $out = '';
+        $length = strlen($str);
+        $char = $shift = 0;
+
+        for($i = 0; $i < $length; $i++) {
+            $char <<= 5;
+            $char += stripos(self::CHARS, $str[$i]);
+            $shift = ($shift + 5) % 8;
+            $out .= $shift < 5 ? chr(($char & (0xFF << $shift)) >> $shift) : '';
+        }
+
+        return $out;
+    }
+
+    public static function encode(string $data): string {
+        $bin = '';
+        $encoded = '';
+        $length = strlen($data);
+
+        for($i = 0; $i < $length; $i++) {
+            $bin .= sprintf('%08b', ord($data[$i]));
+        }
+
+        $bin = str_split($bin, 5);
+        $last = array_pop($bin);
+        $bin[] = str_pad($last, 5, '0', STR_PAD_RIGHT);
+
+        foreach($bin as $part) {
+            $encoded .= self::CHARS[bindec($part)];
+        }
+
+        return $encoded;
+    }
+}
diff --git a/src/Base64.php b/src/Base64.php
new file mode 100644
index 00000000..9b8d1c60
--- /dev/null
+++ b/src/Base64.php
@@ -0,0 +1,28 @@
+<?php
+namespace Misuzu;
+
+class Base64 {
+    public static function encode(string $data, bool $url = false): string {
+        $data = base64_encode($data);
+
+        if($url)
+            $data = rtrim(strtr($data, '+/', '-_'), '=');
+
+        return $data;
+    }
+
+    public static function decode(string $data, bool $url = false): string {
+        if($url)
+            $data = str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT);
+
+        return base64_decode($data);
+    }
+
+    public static function jsonEncode($data): string {
+        return self::encode(json_encode($data), true);
+    }
+
+    public static function jsonDecode(string $data) {
+        return json_decode(self::decode($data, true));
+    }
+}
diff --git a/src/base32.php b/src/base32.php
deleted file mode 100644
index 2889f3ac..00000000
--- a/src/base32.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-define('MSZ_BASE32_CHARS', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567');
-
-function base32_decode(string $string): string {
-    $out = '';
-    $length = strlen($string);
-    $char = $shift = 0;
-
-    for($i = 0; $i < $length; $i++) {
-        $char <<= 5;
-        $char += stripos(MSZ_BASE32_CHARS, $string[$i]);
-        $shift = ($shift + 5) % 8;
-        $out .= $shift < 5 ? chr(($char & (0xFF << $shift)) >> $shift) : '';
-    }
-
-    return $out;
-}
-
-function base32_encode(string $data): string {
-    $bin = '';
-    $encoded = '';
-    $length = strlen($data);
-
-    for($i = 0; $i < $length; $i++) {
-        $bin .= sprintf('%08b', ord($data[$i]));
-    }
-
-    $bin = str_split($bin, 5);
-    $last = array_pop($bin);
-    $bin[] = str_pad($last, 5, '0', STR_PAD_RIGHT);
-
-    foreach($bin as $part) {
-        $encoded .= MSZ_BASE32_CHARS[bindec($part)];
-    }
-
-    return $encoded;
-}
diff --git a/src/otp.php b/src/otp.php
index d4b8039a..a69e9b41 100644
--- a/src/otp.php
+++ b/src/otp.php
@@ -1,4 +1,5 @@
 <?php
+use Misuzu\Base32;
 use chillerlan\QRCode\QRCode;
 use chillerlan\QRCode\QROptions;
 
@@ -12,7 +13,7 @@ function otp_generate(
     int $digits = MSZ_TOTP_DEFAULT_DIGITS,
     string $algo = MSZ_TOTP_DEFAULT_ALGO
 ): ?string {
-    $hash = hash_hmac($algo, pack('J', $data), base32_decode($secret), true);
+    $hash = hash_hmac($algo, pack('J', $data), Base32::decode($secret), true);
     $offset = ord($hash[strlen($hash) - 1]) & 0x0F;
 
     $bin = 0;
@@ -64,5 +65,5 @@ function totp_qrcode(string $uri): string {
 
 // will generate a 26 character code
 function totp_generate_key(): string {
-    return base32_encode(random_bytes(16));
+    return Base32::encode(random_bytes(16));
 }
diff --git a/src/string.php b/src/string.php
index eac4d6d6..87887558 100644
--- a/src/string.php
+++ b/src/string.php
@@ -41,15 +41,6 @@ function unique_chars(string $input, bool $multibyte = true): int {
     return count($chars);
 }
 
-// https://secure.php.net/manual/en/function.base64-encode.php#103849
-function base64url_encode(string $data): string {
-    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
-}
-
-function base64url_decode(string $data): string {
-    return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
-}
-
 function byte_symbol(int $bytes, bool $decimal = false, array $symbols = ['', 'K', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y']): string {
     if($bytes < 1) {
         return '0 B';
diff --git a/src/url.php b/src/url.php
index 3fae5e13..2616f221 100644
--- a/src/url.php
+++ b/src/url.php
@@ -253,7 +253,7 @@ function url_proxy_media(?string $url): ?string {
     }
 
     $secret = config_get('media_proxy.secret', MSZ_CFG_STR, 'insecure');
-    $url = base64url_encode($url);
+    $url = Base64::encode($url, true);
     $hash = hash_hmac('sha256', $url, $secret);
 
     return url('media-proxy', compact('hash', 'url'));