diff --git a/src/_h5ai/client/js/inc/ext/preview-img.js b/src/_h5ai/client/js/inc/ext/preview-img.js
index f62b3ff2..5c23c77e 100644
--- a/src/_h5ai/client/js/inc/ext/preview-img.js
+++ b/src/_h5ai/client/js/inc/ext/preview-img.js
@@ -27,7 +27,7 @@ modulejs.define('ext/preview-img', ['_', '$', 'core/event', 'core/server', 'core
             height: 0
         }, function (json) {
 
-            callback(json && json.code === 0 ? json.absHref : null);
+            callback(json && json.code === 'RC_SUCCESS' ? json.absHref : null);
         });
     }
 
diff --git a/src/_h5ai/client/js/inc/ext/thumbnails.js b/src/_h5ai/client/js/inc/ext/thumbnails.js
index ea0fd930..444b7f7f 100644
--- a/src/_h5ai/client/js/inc/ext/thumbnails.js
+++ b/src/_h5ai/client/js/inc/ext/thumbnails.js
@@ -21,7 +21,7 @@ modulejs.define('ext/thumbnails', ['_', 'core/event', 'core/server', 'core/setti
             height: settings.size
         }, function (json) {
 
-            callback(json && json.code === 0 ? json.absHref : null);
+            callback(json && json.code === 'RC_SUCCESS' ? json.absHref : null);
         });
     }
 
diff --git a/src/_h5ai/server/php/inc/class-api.php b/src/_h5ai/server/php/inc/class-api.php
index a2512ed1..56469ce9 100644
--- a/src/_h5ai/server/php/inc/class-api.php
+++ b/src/_h5ai/server/php/inc/class-api.php
@@ -15,8 +15,8 @@ class Api {
 
     public function apply() {
 
-        $action = Util::use_request_param("action");
-        Util::json_fail(101, "unsupported action", !in_array($action, $this->actions));
+        $action = Util::get_request_param("action");
+        Util::json_fail(Util::RC_UNSUPPORTED, "unsupported action", !in_array($action, $this->actions));
 
         $methodname = "on_${action}";
         $this->$methodname();
@@ -25,7 +25,7 @@ class Api {
 
     private function on_login() {
 
-        $pass = Util::use_request_param("pass");
+        $pass = Util::get_request_param("pass");
         $_SESSION[AS_ADMIN_SESSION_KEY] = sha1($pass) === PASSHASH;
         Util::json_exit(array("as_admin" => $_SESSION[AS_ADMIN_SESSION_KEY]));
     }
@@ -42,63 +42,54 @@ class Api {
 
         $response = array();
 
-        if (Util::has_request_param("setup")) {
+        if (Util::get_boolean_request_param("setup", false)) {
 
-            Util::use_request_param("setup");
             $response["setup"] = $this->app->get_setup();
         }
 
-        if (Util::has_request_param("options")) {
+        if (Util::get_boolean_request_param("options", false)) {
 
-            Util::use_request_param("options");
             $response["options"] = $this->app->get_options();
         }
 
-        if (Util::has_request_param("types")) {
+        if (Util::get_boolean_request_param("types", false)) {
 
-            Util::use_request_param("types");
             $response["types"] = $this->app->get_types();
         }
 
-        if (Util::has_request_param("theme")) {
+        if (Util::get_boolean_request_param("theme", false)) {
 
-            Util::use_request_param("theme");
             $response["theme"] = $this->app->get_theme();
         }
 
-        if (Util::has_request_param("langs")) {
+        if (Util::get_boolean_request_param("langs", false)) {
 
-            Util::use_request_param("langs");
             $response["langs"] = $this->app->get_l10n_list();
         }
 
-        if (Util::has_request_param("l10n")) {
+        if (Util::get_boolean_request_param("l10n", false)) {
 
-            Util::use_request_param("l10n");
-            $iso_codes = Util::use_request_param("l10nCodes");
+            $iso_codes = Util::get_request_param("l10nCodes");
             $iso_codes = explode(":", $iso_codes);
             $response["l10n"] = $this->app->get_l10n($iso_codes);
         }
 
-        if (Util::has_request_param("custom")) {
+        if (Util::get_boolean_request_param("custom", false)) {
 
-            Util::use_request_param("custom");
-            $url = Util::use_request_param("customHref");
+            $url = Util::get_request_param("customHref");
             $response["custom"] = $this->app->get_customizations($url);
         }
 
-        if (Util::has_request_param("items")) {
+        if (Util::get_boolean_request_param("items", false)) {
 
-            Util::use_request_param("items");
-            $url = Util::use_request_param("itemsHref");
-            $what = Util::use_request_param("itemsWhat");
+            $url = Util::get_request_param("itemsHref");
+            $what = Util::get_request_param("itemsWhat");
             $what = is_numeric($what) ? intval($what, 10) : 1;
             $response["items"] = $this->app->get_items($url, $what);
         }
 
-        if (Util::has_request_param("all_items")) {
+        if (Util::get_boolean_request_param("all_items", false)) {
 
-            Util::use_request_param("all_items");
             $response["all_items"] = $this->app->get_all_items();
         }
 
@@ -108,17 +99,17 @@ class Api {
 
     private function on_getThumbHref() {
 
-        Util::json_fail(1, "thumbnails disabled", !$this->options["thumbnails"]["enabled"]);
-        Util::json_fail(2, "thumbnails not supported", !HAS_PHP_JPG);
+        Util::json_fail(Util::RC_DISABLED, "thumbnails disabled", !$this->options["thumbnails"]["enabled"]);
+        Util::json_fail(Util::RC_UNSUPPORTED, "thumbnails not supported", !HAS_PHP_JPG);
 
-        $type = Util::use_request_param("type");
-        $src_url = Util::use_request_param("href");
-        $width = Util::use_request_param("width");
-        $height = Util::use_request_param("height");
+        $type = Util::get_request_param("type");
+        $src_url = Util::get_request_param("href");
+        $width = Util::get_request_param("width");
+        $height = Util::get_request_param("height");
 
         $thumb = new Thumb($this->app);
         $thumb_url = $thumb->thumb($type, $src_url, $width, $height);
-        Util::json_fail(3, "thumbnail creation failed", $thumb_url === null);
+        Util::json_fail(Util::RC_FAILED, "thumbnail creation failed", $thumb_url === null);
 
         Util::json_exit(array("absHref" => $thumb_url));
     }
@@ -126,11 +117,11 @@ class Api {
 
     private function on_download() {
 
-        Util::json_fail(1, "downloads disabled", !$this->options["download"]["enabled"]);
+        Util::json_fail(Util::RC_DISABLED, "downloads disabled", !$this->options["download"]["enabled"]);
 
-        $as = Util::use_request_param("as");
-        $type = Util::use_request_param("type");
-        $hrefs = Util::use_request_param("hrefs");
+        $as = Util::get_request_param("as");
+        $type = Util::get_request_param("type");
+        $hrefs = Util::get_request_param("hrefs");
 
         $archive = new Archive($this->app);
 
@@ -142,7 +133,7 @@ class Api {
         header("Connection: close");
         $rc = $archive->output($type, $hrefs);
 
-        Util::json_fail(2, "packaging failed", $rc !== 0);
+        Util::json_fail(Util::RC_FAILED, "packaging failed", $rc !== 0);
         exit;
     }
 }
diff --git a/src/_h5ai/server/php/inc/class-bootstrap.php b/src/_h5ai/server/php/inc/class-bootstrap.php
index 11d774e6..ee89c8eb 100644
--- a/src/_h5ai/server/php/inc/class-bootstrap.php
+++ b/src/_h5ai/server/php/inc/class-bootstrap.php
@@ -101,7 +101,7 @@ class Bootstrap {
 
         // EXTERNAL COMMANDS
         $cmds = Util::load_commented_json(CMDS_PATH);
-        if (sizeof($cmds) === 0 || Util::has_request_param("updatecmds")) {
+        if (sizeof($cmds) === 0 || Util::get_boolean_request_param("updatecmds", false)) {
             $cmds["command"] = Util::exec_0("command -v command");
             $cmds["which"] = Util::exec_0("which which");
 
diff --git a/src/_h5ai/server/php/inc/class-util.php b/src/_h5ai/server/php/inc/class-util.php
index ce84898d..9717ae7a 100644
--- a/src/_h5ai/server/php/inc/class-util.php
+++ b/src/_h5ai/server/php/inc/class-util.php
@@ -2,6 +2,14 @@
 
 class Util {
 
+
+    const RC_SUCCESS = "RC_SUCCESS";
+    const RC_MISSING_PARAM = "RC_MISSING_PARAM";
+    const RC_FAILED = "RC_FAILED";
+    const RC_DISABLED = "RC_DISABLED";
+    const RC_UNSUPPORTED = "RC_UNSUPPORTED";
+
+
     public static function normalize_path($path, $trailing_slash = false) {
 
         $path = preg_replace("#[\\\\/]+#", "/", $path);
@@ -12,7 +20,7 @@ class Util {
     public static function json_exit($obj = array()) {
 
         if (!isset($obj["code"])) {
-            $obj["code"] = 0;
+            $obj["code"] = Util::RC_SUCCESS;
         }
 
         header("Content-type: application/json;charset=utf-8");
@@ -31,26 +39,24 @@ class Util {
 
     public static function is_post_request() {
 
-        return (strtolower($_SERVER['REQUEST_METHOD']) === 'post');
+        return (strtolower($_SERVER["REQUEST_METHOD"]) === "post");
     }
 
 
-    public static function has_request_param($key) {
-
-        return array_key_exists($key, $_POST);
-    }
-
-
-    public static function use_request_param($key, $default = null) {
+    public static function get_request_param($key, $default = null) {
 
         if (!array_key_exists($key, $_POST)) {
-            Util::json_fail(100, "parameter '$key' is missing", $default === null);
+            Util::json_fail(Util::RC_MISSING_PARAM, "parameter '$key' is missing", $default === null);
             return $default;
         }
 
-        $value = $_POST[$key];
-        unset($_POST[$key]);
-        return $value;
+        return $_POST[$key];
+    }
+
+
+    public static function get_boolean_request_param($key, $default = null) {
+
+        return filter_var(Util::get_request_param($key, $default), FILTER_VALIDATE_BOOLEAN);
     }