diff --git a/config.ini b/config.ini
index 8c3beb2e..248663aa 100644
--- a/config.ini
+++ b/config.ini
@@ -28,3 +28,5 @@ Kind regards,
 
 [privileges]
 uploadPost=registered
+listPosts=anonymous
+listUsers=registered
diff --git a/src/Controllers/IndexController.php b/src/Controllers/IndexController.php
index 25002e47..7592fdb4 100644
--- a/src/Controllers/IndexController.php
+++ b/src/Controllers/IndexController.php
@@ -7,7 +7,14 @@ class IndexController
 	*/
 	public function indexAction()
 	{
-		$this->context->activeSection = 'home';
 		$this->context->subTitle = 'home';
 	}
+
+	/**
+	* @route /help
+	*/
+	public function helpAction()
+	{
+		$this->context->subTitle = 'help';
+	}
 }
diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 0a77b1a8..ab5f1da2 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -26,7 +26,25 @@ class PostController
 
 		$this->context->subTitle = 'browsing posts';
 		$this->context->searchQuery = $query;
-		throw new Exception('Not implemented');
+
+		PrivilegesHelper::confirmWithException($this->context->user, Privilege::ListPosts);
+
+		$page = 1;
+		$params = [];
+		$params[':limit'] = 20;
+		$params[':offset'] = ($page - 1) * $params[':limit'];
+
+		//todo safety
+		//todo construct WHERE based on filters
+		$whereSql = '';
+
+		//todo construct ORDER based on filers
+		$orderSql = 'ORDER BY upload_date DESC';
+
+		$limitSql = 'LIMIT :limit OFFSET :offset';
+
+		$posts = R::findAll('post', sprintf('%s %s %s', $whereSql, $orderSql, $limitSql), $params);
+		$this->context->transport->posts = $posts;
 	}
 
 	/**
@@ -51,7 +69,7 @@ class PostController
 			$suppliedTags = array_filter($suppliedTags);
 			$suppliedTags = array_unique($suppliedTags);
 			foreach ($suppliedTags as $tag)
-				if (!preg_match('/^\w+$/i', $tag))
+				if (!preg_match('/^[a-zA-Z0-9_-]+$/i', $tag))
 					throw new SimpleException('Invalid tag "' . $tag . '"');
 
 			$suppliedFile = $_FILES['file'];
@@ -95,9 +113,11 @@ class PostController
 			$dbPost = R::dispense('post');
 			$dbPost->type = $postType;
 			$dbPost->name = $name;
-			$dbPost->mimeType = $suppliedFile['type'];
+			$dbPost->mime_type = $suppliedFile['type'];
 			$dbPost->safety = $suppliedSafety;
+			$dbPost->upload_date = time();
 			$dbPost->sharedTag = $dbTags;
+			$dbPost->ownUser = $this->context->user;
 
 			move_uploaded_file($suppliedFile['tmp_name'], $path);
 			R::store($dbPost);
@@ -109,12 +129,47 @@ class PostController
 	}
 
 	/**
+	* Action that decorates the page containing the post.
 	* @route /post/{id}
 	*/
-	public function showAction($id)
+	public function viewAction($id)
 	{
-		$this->context->subTitle = 'showing @' . $id;
-		throw new Exception('Not implemented');
+		$post = R::findOne('post', 'id = ?', [$id]);
+		if (!$post)
+			throw new SimpleException('Invalid post ID "' . $id . '"');
+
+		//todo: verify access rank...?
+		//todo: verify sketchy, nsfw, sfw
+
+		$this->context->subTitle = 'showing @' . $post->id;
+		$this->context->transport->post = $post;
+	}
+
+	/**
+	* Action that renders the requested file itself and sends it to user.
+	* @route /post/send/{name}
+	*/
+	public function sendAction($name)
+	{
+		$this->context->layoutName = 'layout-file';
+
+		$post = R::findOne('post', 'name = ?', [$name]);
+		if (!$post)
+			throw new SimpleException('Invalid post name "' . $name . '"');
+
+		//I guess access rank shouldn't be verified here. If someone arrives
+		//here, they already know the full name of the post (not just the ID)
+		//either by visiting the HTML container page or by having hotlink.
+		//Such users should be trusted.
+
+		$path = $this->config->main->filesPath . DIRECTORY_SEPARATOR . $post->name;
+		if (!file_exists($path))
+			throw new SimpleException('Post file does not exist');
+		if (!is_readable($path))
+			throw new SimpleException('Post file is not readable');
+
+		$this->context->transport->mimeType = $post->mimeType;
+		$this->context->transport->filePath = $path;
 	}
 
 	/**
@@ -123,5 +178,6 @@ class PostController
 	public function favoritesAction()
 	{
 		$this->listAction('favmin:1');
+		$this->context->viewName = 'post-list';
 	}
 }
diff --git a/src/Models/Privilege.php b/src/Models/Privilege.php
index 38217899..7315b1d6 100644
--- a/src/Models/Privilege.php
+++ b/src/Models/Privilege.php
@@ -2,4 +2,6 @@
 class Privilege
 {
 	const UploadPost = 1;
+	const ListPosts = 2;
+	const ListUsers = 3;
 }
diff --git a/src/Views/layout-normal.phtml b/src/Views/layout-normal.phtml
index 5bab8d1c..a31043a2 100644
--- a/src/Views/layout-normal.phtml
+++ b/src/Views/layout-normal.phtml
@@ -24,49 +24,44 @@
 			<div class="main-wrapper">
 				<ul>
 					<?php
-						$preNav = [];
-						$postNav = [];
+						$nav = [];
+
+						$nav []= ['Home', \Chibi\UrlHelper::route('index', 'index')];
+						$nav []= ['Browse', \Chibi\UrlHelper::route('post', 'list')];
+
+						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListPosts))
+						{
+							$nav []= ['Comments', \Chibi\UrlHelper::route('comment', 'list')];
+							$nav []= ['Favorites', \Chibi\UrlHelper::route('post', 'favorites')];
+						}
 
-						$preNav []= ['Home', \Chibi\UrlHelper::route('index', 'index')];
-						$preNav []= ['Browse', \Chibi\UrlHelper::route('post', 'list')];
-						$preNav []= ['Comments', \Chibi\UrlHelper::route('comment', 'list')];
-						$preNav []= ['Favorites', \Chibi\UrlHelper::route('post', 'favorites')];
 						if (PrivilegesHelper::confirm($this->context->user, Privilege::UploadPost))
-							$preNav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
+							$nav []= ['Upload', \Chibi\UrlHelper::route('post', 'upload')];
+
+						if (PrivilegesHelper::confirm($this->context->user, Privilege::ListUsers))
+							$nav []= ['Users', \Chibi\UrlHelper::route('user', 'list')];
 
 						if (!$this->context->loggedIn)
 						{
-							$postNav []= ['Log in', \Chibi\UrlHelper::route('auth', 'login')];
-							$postNav []= ['Register', \Chibi\UrlHelper::route('auth', 'register')];
+							$nav []= ['Log in', \Chibi\UrlHelper::route('auth', 'login')];
+							$nav []= ['Register', \Chibi\UrlHelper::route('auth', 'register')];
 						}
 						else
 						{
-							$postNav []= ['Account', \Chibi\UrlHelper::route('user', 'show', ['name' => $this->context->user->name])];
-							$postNav []= ['Log out', \Chibi\UrlHelper::route('auth', 'logout')];
+							$nav []= ['My account', \Chibi\UrlHelper::route('user', 'show', ['name' => $this->context->user->name])];
+							$nav []= ['Log out', \Chibi\UrlHelper::route('auth', 'logout')];
 						}
 
-						if (!function_exists('printNav'))
+						$nav []= ['Help', \Chibi\UrlHelper::route('index', 'help')];
+
+						foreach ($nav as $navItem)
 						{
-							function printNav($nav)
-							{
-								foreach ($nav as $navItem)
-								{
-									list ($text, $link) = $navItem;
-									echo '<li>';
-									echo '<a href="' . $link . '">' . $text . '</a>';
-									echo '</li>';
-								}
-							}
+							list ($text, $link) = $navItem;
+							echo '<li>';
+							echo '<a href="' . $link . '">' . $text . '</a>';
+							echo '</li>';
 						}
 					?>
-
-					<?php printNav($preNav); ?>
-					<li class="search">
-						<form action="<?php echo \Chibi\UrlHelper::route('post', 'list') ?>" method="get">
-							<input type="search" name="query" placeholder="search&hellip;" value="<?php if (isset($this->context->searchQuery)) echo $this->context->searchQuery ?>">
-						</form>
-					</li>
-					<?php printNav($postNav); ?>
 				</ul>
 				<div class="clear"></div>
 			</div>
diff --git a/src/Views/post-list.phtml b/src/Views/post-list.phtml
index c5fbe7c7..d910acd3 100644
--- a/src/Views/post-list.phtml
+++ b/src/Views/post-list.phtml
@@ -1 +1,5 @@
-Todo: view posts
+<?php foreach ($this->context->transport->posts as $post): ?>
+	<a href="<?php echo \Chibi\UrlHelper::route('post', 'view', ['id' => $post->id]) ?>">
+		Post&nbsp;<?php echo $post->id; ?>
+	</a>
+<?php endforeach ?>