diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 000000000..6d97282b4
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,22 @@
+name: lint
+on:
+  push:
+  schedule:
+    - cron: "0 */6 * * *"
+  workflow_dispatch:
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: lint
+        run: |
+          cd src
+          find . -name "*.php" -exec php -l {} \;
+          curl -sSfL https://github.com/wapmorgan/PhpDeprecationDetector/releases/download/"$(git ls-remote --tags https://github.com/wapmorgan/PhpDeprecationDetector | cut -d/ -f3 | grep -v v1 | sort -V | tail -1)"/phpdd-"$(git ls-remote --tags https://github.com/wapmorgan/PhpDeprecationDetector | cut -d/ -f3 | grep -v v1 | sort -V | tail -1)".phar -o phpdd.phar
+          chmod +x phpdd.phar
+          find . -name "*.php" -exec ./phpdd.phar -n {} \;
+          curl -sSfL https://github.com/vimeo/psalm/releases/latest/download/psalm.phar -o psalm.phar
+          chmod +x psalm.phar
+          ./psalm.phar --no-cache
diff --git a/src/psalm.xml b/src/psalm.xml
new file mode 100644
index 000000000..a109a1db0
--- /dev/null
+++ b/src/psalm.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<psalm
+    errorLevel="7"
+    resolveFromConfigFile="true"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns="https://getpsalm.org/schema/config"
+    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+    findUnusedBaselineEntry="true"
+    findUnusedCode="true"
+>
+    <projectFiles>
+        <file name="config.php" />
+        <directory name="functions" />
+        <directory name="public" />
+        <directory name="require" />
+        <ignoreFiles>
+            <directory name="vendor" />
+        </ignoreFiles>
+    </projectFiles>
+</psalm>
diff --git a/src/public/auth/login/index.php b/src/public/auth/login/index.php
index 3e48fdfef..54807639a 100644
--- a/src/public/auth/login/index.php
+++ b/src/public/auth/login/index.php
@@ -12,6 +12,8 @@
     header("Location: /", true, 307);
     exit();
 } else {
+    require_once __DIR__ . "/../../../functions/email.php";
+    require_once __DIR__ . "/../../../functions/totp.php";
     session_unset(); ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -57,7 +59,6 @@ function login($msg): void
     if (!array_key_exists("email", $_POST) || !array_key_exists("pswd", $_POST)) {
         login("none");
     } else {
-        require_once __DIR__ . "/../../../functions/email.php";
         $_SESSION["LOGIN_TIME"] = time();
         $query = $db->prepare("SELECT * FROM auth WHERE email=:email");
         $query->bindValue(":email", $_POST["email"]);
@@ -78,7 +79,6 @@ function login($msg): void
                         sendMail($_POST["email"], "Failed Login", $_SERVER["REMOTE_ADDR"] . " failed to login into your account.");
                         login("mtotp");
                     } else {
-                        require_once __DIR__ . "/../../../functions/totp.php";
                         if ($_POST["totp"] === totp($queryresult["totp"])) {
                             sendMail($_POST["email"], "New Login", $_SERVER["REMOTE_ADDR"] . " logged into your account");
                             $_SESSION["AUTH_EMAIL"] = $_POST["email"];