diff --git a/classes/Security.php b/classes/Security.php
index 2d2a84e..41777d6 100644
--- a/classes/Security.php
+++ b/classes/Security.php
@@ -139,34 +139,7 @@ class Security
 	 */
 	private static function checkLevel(&$access_level)
 	{
-		if (is_int($access_level))
-		{
-			return true;
-		}
-		else
-		{
-			$config = Config::getInstance();
-
-			// Attempts to validate the string passed
-			if (isset($config->security[$access_level]))
-			{
-				if (is_numeric($config->security[$access_level]))
-				{
-					$access_level = (int)$config->security[$access_level];
-					return true;
-				}
-				else
-				{
-					throw new Exception('Level "' . $access_level . '" is not numeric in config.ini');
-				}
-			}
-			else
-			{
-				throw new Exception('Level "' . $access_level . '" is not defined in config.ini');
-			}
-		}
-
-		return false;
+		return is_int($access_level);
 	}
 
 	/**
@@ -343,7 +316,6 @@ class Security
 					if (self::getUserLevel() == $access_level)
 					{
 						$is_level = true;
-						break;
 					}
 				}
 			}
@@ -380,7 +352,6 @@ class Security
 					if (self::getUserLevel() >= $access_level)
 					{
 						$has_level = true;
-						break;
 					}
 				}
 			}
@@ -412,7 +383,6 @@ class Security
 				if ($user_level >= $low && $user_level <= $high)
 				{
 					$between_level = true;
-					break;
 				}
 			}
 		}
diff --git a/tests/classes/SecurityTest.php b/tests/classes/SecurityTest.php
new file mode 100644
index 0000000..70a03a8
--- /dev/null
+++ b/tests/classes/SecurityTest.php
@@ -0,0 +1,99 @@
+<?php
+
+class SecurityTest extends PHPUnit_Framework_TestCase
+{
+	public function testGenerateHashWithDefaultSalts()
+	{
+		$this->assertEquals(
+			'4940e793006aa897db22751bba80dff4cb6a3e08',
+			Security::generateHash('source')
+		);
+	}
+
+	public function testGenerateHashWithCustomSalts()
+	{
+		$config = Config::getInstance();
+		$config->data['security']['salt'] = 'salt';
+
+		$this->assertEquals(
+			'4eac88c934c33cfa9a80c0b2eb322f23ac3b13c5',
+			Security::generateHash('source')
+		);
+	}
+
+	public function testGenerateSHA256Hash()
+	{
+		$this->assertEquals(
+			'3d04f805aff4838ecaf98c7260a813fffd2b7a8a7f957add8018908a1bbdad04',
+			Security::generateSHA256Hash('source', 'salt')
+		);
+	}
+
+	public function testLogin()
+	{
+		$this->assertTrue(Security::login(1, 10, 'USER'));
+		$this->assertTrue(isset($_SESSION['__pickles']['security']));
+	}
+
+	public function testLoginNoSession()
+	{
+		session_destroy();
+		$this->assertFalse(Security::login(1, 10, 'USER'));
+	}
+
+	public function testLogout()
+	{
+		session_start();
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::logout());
+		$this->assertFalse(isset($_SESSION['__pickles']['security']));
+	}
+
+	public function testIsLevel()
+	{
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::isLevel(SECURITY_LEVEL_USER));
+	}
+
+	public function testIsLevelArray()
+	{
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::isLevel([SECURITY_LEVEL_USER, SECURITY_LEVEL_ADMIN]));
+	}
+
+	public function testHasLevel()
+	{
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::hasLevel(SECURITY_LEVEL_USER));
+	}
+
+	public function testHasLevelArray()
+	{
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::hasLevel([SECURITY_LEVEL_USER, SECURITY_LEVEL_ADMIN]));
+	}
+
+	public function testBetweenLevel()
+	{
+		Security::login(1, 10, 'USER');
+
+		$this->assertTrue(Security::betweenLevel(SECURITY_LEVEL_USER, SECURITY_LEVEL_ADMIN));
+	}
+
+	public function testTokenMismatch()
+	{
+		Security::login(1, 10, 'USER');
+
+		$_SESSION['__pickles']['security']['token'] = 'foo';
+		$_COOKIE['pickles_security_token']          = 'bar';
+
+		$this->assertFalse(Security::isLevel(SECURITY_LEVEL_USER));
+	}
+}
+
+?>