diff --git a/resources/lib/UnityConfig.php b/resources/lib/UnityConfig.php
index ce8f05b5..e844400d 100644
--- a/resources/lib/UnityConfig.php
+++ b/resources/lib/UnityConfig.php
@@ -4,8 +4,10 @@
 
 class UnityConfig
 {
-    public static function getConfig($def_config_loc, $deploy_loc)
-    {
+    public static function getConfig(
+        string $def_config_loc,
+        string $deploy_loc,
+    ): array {
         $CONFIG = parse_ini_file(
             $def_config_loc . "/config.ini.default",
             true,
@@ -22,7 +24,7 @@ public static function getConfig($def_config_loc, $deploy_loc)
         return $CONFIG;
     }
 
-    private static function pullConfig($CONFIG, $loc)
+    private static function pullConfig(array $CONFIG, string $loc): array
     {
         $file_loc = $loc . "/config/config.ini";
         if (file_exists($file_loc)) {
diff --git a/resources/lib/UnityGithub.php b/resources/lib/UnityGithub.php
index 33417f77..cea01e4f 100644
--- a/resources/lib/UnityGithub.php
+++ b/resources/lib/UnityGithub.php
@@ -4,7 +4,7 @@
 
 class UnityGithub
 {
-    public function getSshPublicKeys($username)
+    public function getSshPublicKeys(string $username): array
     {
         $url = "https://api.github.com/users/$username/keys";
         $headers = ["User-Agent: Unity Cluster User Portal"];
diff --git a/resources/lib/UnityGroup.php b/resources/lib/UnityGroup.php
index 54f98d72..52dc3d1d 100644
--- a/resources/lib/UnityGroup.php
+++ b/resources/lib/UnityGroup.php
@@ -1,6 +1,7 @@
 <?php
 
 namespace UnityWebPortal\lib;
+use PHPOpenLDAPer\LDAPEntry;
 
 use Exception;
 
@@ -9,26 +10,24 @@
  */
 class UnityGroup
 {
-    public const PI_PREFIX = "pi_";
-
-    public $gid;
-    private $entry;
-
-    private $LDAP;
-    private $SQL;
-    private $MAILER;
-    private $WEBHOOK;
-    private $REDIS;
-
-    /**
-     * Constructor for the object
-     *
-     * @param string $gid  PI UID in the format <PI_PREFIX><OWNER_UID>
-     * @param LDAP   $LDAP LDAP Connection
-     * @param SQL    $SQL  SQL Connection
-     */
-    public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
-    {
+    public const string PI_PREFIX = "pi_";
+
+    public string $gid;
+    private LDAPEntry $entry;
+    private UnityLDAP $LDAP;
+    private UnitySQL $SQL;
+    private UnityMailer $MAILER;
+    private UnityWebhook $WEBHOOK;
+    private UnityRedis $REDIS;
+
+    public function __construct(
+        string $gid,
+        UnityLDAP $LDAP,
+        UnitySQL $SQL,
+        UnityMailer $MAILER,
+        UnityRedis $REDIS,
+        UnityWebhook $WEBHOOK,
+    ) {
         $gid = trim($gid);
         $this->gid = $gid;
         $this->entry = $LDAP->getPIGroupEntry($gid);
@@ -40,7 +39,7 @@ public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
         $this->WEBHOOK = $WEBHOOK;
     }
 
-    public function equals($other_group)
+    public function equals(UnityGroup $other_group): bool
     {
         if (!is_a($other_group, self::class)) {
             throw new Exception(
@@ -53,29 +52,27 @@ public function equals($other_group)
         return $this->gid == $other_group->gid;
     }
 
-    public function __toString()
+    public function __toString(): string
     {
         return $this->gid;
     }
 
     /**
      * Checks if the current PI is an approved and existent group
-     *
-     * @return bool true if yes, false if no
      */
-    public function exists()
+    public function exists(): bool
     {
         return $this->entry->exists();
     }
 
     public function requestGroup(
-        $firstname,
-        $lastname,
-        $email,
-        $org,
-        $send_mail_to_admins,
-        $send_mail = true,
-    ) {
+        string $firstname,
+        string $lastname,
+        string $email,
+        string $org,
+        bool $send_mail_to_admins,
+        bool $send_mail = true,
+    ): void {
         if ($this->exists()) {
             return;
         }
@@ -117,8 +114,10 @@ public function requestGroup(
     /**
      * This method will create the group (this is what is executed when an admin approved the group)
      */
-    public function approveGroup($operator = null, $send_mail = true)
-    {
+    public function approveGroup(
+        ?UnityUser $operator = null,
+        bool $send_mail = true,
+    ): void {
         $uid = $this->getOwner()->uid;
         $request = $this->SQL->getRequest($uid, UnitySQL::REQUEST_BECOME_PI);
         if ($this->exists()) {
@@ -152,8 +151,10 @@ public function approveGroup($operator = null, $send_mail = true)
     /**
      * This method is executed when an admin denys the PI group request
      */
-    public function denyGroup($operator = null, $send_mail = true)
-    {
+    public function denyGroup(
+        ?UnityUser $operator = null,
+        bool $send_mail = true,
+    ): void {
         $request = $this->SQL->getRequest(
             $this->getOwner()->uid,
             UnitySQL::REQUEST_BECOME_PI,
@@ -176,7 +177,7 @@ public function denyGroup($operator = null, $send_mail = true)
         }
     }
 
-    public function cancelGroupRequest($send_mail = true)
+    public function cancelGroupRequest(bool $send_mail = true): void
     {
         if (!$this->SQL->requestExists($this->getOwner()->uid)) {
             return;
@@ -189,8 +190,10 @@ public function cancelGroupRequest($send_mail = true)
         }
     }
 
-    public function cancelGroupJoinRequest($user, $send_mail = true)
-    {
+    public function cancelGroupJoinRequest(
+        UnityUser $user,
+        bool $send_mail = true,
+    ): void {
         if (!$this->requestExists($user)) {
             return;
         }
@@ -245,8 +248,10 @@ public function cancelGroupJoinRequest($user, $send_mail = true)
      * This method is executed when a user is approved to join the group
      * (either by admin or the group owner)
      */
-    public function approveUser($new_user, $send_mail = true)
-    {
+    public function approveUser(
+        UnityUser $new_user,
+        bool $send_mail = true,
+    ): void {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
         if (!$new_user->exists()) {
             $new_user->init(
@@ -277,7 +282,7 @@ public function approveUser($new_user, $send_mail = true)
         }
     }
 
-    public function denyUser($new_user, $send_mail = true)
+    public function denyUser(UnityUser $new_user, bool $send_mail = true): void
     {
         $request = $this->SQL->getRequest($new_user->uid, $this->gid);
         // remove request, this will fail silently if the request doesn't exist
@@ -300,8 +305,10 @@ public function denyUser($new_user, $send_mail = true)
         }
     }
 
-    public function removeUser($new_user, $send_mail = true)
-    {
+    public function removeUser(
+        UnityUser $new_user,
+        bool $send_mail = true,
+    ): void {
         if (!$this->memberExists($new_user)) {
             return;
         }
@@ -333,13 +340,13 @@ public function removeUser($new_user, $send_mail = true)
     }
 
     public function newUserRequest(
-        $new_user,
-        $firstname,
-        $lastname,
-        $email,
-        $org,
-        $send_mail = true,
-    ) {
+        UnityUser $new_user,
+        string $firstname,
+        string $lastname,
+        string $email,
+        string $org,
+        bool $send_mail = true,
+    ): void {
         if ($this->memberExists($new_user)) {
             UnityHTTPD::errorLog(
                 "warning",
@@ -377,7 +384,7 @@ public function newUserRequest(
         }
     }
 
-    public function getRequests()
+    public function getRequests(): array
     {
         $requests = $this->SQL->getRequests($this->gid);
         $out = [];
@@ -402,7 +409,7 @@ public function getRequests()
         return $out;
     }
 
-    public function getGroupMembers($ignorecache = false)
+    public function getGroupMembers(bool $ignorecache = false): array
     {
         $members = $this->getGroupMemberUIDs($ignorecache);
         $out = [];
@@ -420,7 +427,7 @@ public function getGroupMembers($ignorecache = false)
         return $out;
     }
 
-    public function getGroupMemberUIDs($ignorecache = false)
+    public function getGroupMemberUIDs(bool $ignorecache = false): array
     {
         if (!$ignorecache) {
             $cached_val = $this->REDIS->getCache($this->gid, "members");
@@ -440,7 +447,7 @@ public function getGroupMemberUIDs($ignorecache = false)
         return $members;
     }
 
-    public function requestExists($user)
+    public function requestExists(UnityUser $user): bool
     {
         $requesters = $this->getRequests();
         if (count($requesters) > 0) {
@@ -453,7 +460,7 @@ public function requestExists($user)
         return false;
     }
 
-    private function init()
+    private function init(): void
     {
         $owner = $this->getOwner();
         \ensure(!$this->entry->exists());
@@ -467,7 +474,7 @@ private function init()
         // we need to update the cache here with the memberuid
     }
 
-    private function addUserToGroup($new_user)
+    private function addUserToGroup(UnityUser $new_user): void
     {
         $this->entry->appendAttribute("memberuid", $new_user->uid);
         $this->entry->write();
@@ -475,7 +482,7 @@ private function addUserToGroup($new_user)
         $this->REDIS->appendCacheArray($new_user->uid, "groups", $this->gid);
     }
 
-    private function removeUserFromGroup($old_user)
+    private function removeUserFromGroup(UnityUser $old_user): void
     {
         $this->entry->removeAttributeEntryByValue("memberuid", $old_user->uid);
         $this->entry->write();
@@ -483,13 +490,18 @@ private function removeUserFromGroup($old_user)
         $this->REDIS->removeCacheArray($old_user->uid, "groups", $this->gid);
     }
 
-    public function memberExists($user)
+    public function memberExists(UnityUser $user): bool
     {
         return in_array($user->uid, $this->getGroupMemberUIDs());
     }
 
-    private function addRequest($uid, $firstname, $lastname, $email, $org)
-    {
+    private function addRequest(
+        string $uid,
+        string $firstname,
+        string $lastname,
+        string $email,
+        string $org,
+    ): void {
         $this->SQL->addRequest(
             $uid,
             $firstname,
@@ -500,7 +512,7 @@ private function addRequest($uid, $firstname, $lastname, $email, $org)
         );
     }
 
-    public function getOwner()
+    public function getOwner(): UnityUser
     {
         return new UnityUser(
             self::GID2OwnerUID($this->gid),
@@ -512,12 +524,12 @@ public function getOwner()
         );
     }
 
-    public static function ownerUID2GID($uid)
+    public static function ownerUID2GID(string $uid): string
     {
         return self::PI_PREFIX . $uid;
     }
 
-    public static function GID2OwnerUID($gid)
+    public static function GID2OwnerUID(string $gid): string
     {
         if (substr($gid, 0, strlen(self::PI_PREFIX)) != self::PI_PREFIX) {
             throw new Exception(
diff --git a/resources/lib/UnityHTTPD.php b/resources/lib/UnityHTTPD.php
index bdadb22b..6504f0cb 100644
--- a/resources/lib/UnityHTTPD.php
+++ b/resources/lib/UnityHTTPD.php
@@ -7,7 +7,7 @@
 
 class UnityHTTPD
 {
-    public static function die($x = null, $show_user = false)
+    public static function die(mixed $x = null, bool $show_user = false): never
     {
         if (CONFIG["site"]["allow_die"] == false) {
             if (is_null($x)) {
@@ -24,7 +24,7 @@ public static function die($x = null, $show_user = false)
         }
     }
 
-    public static function redirect($dest)
+    public static function redirect($dest): never
     {
         header("Location: $dest");
         self::errorToUser(
@@ -41,7 +41,7 @@ public static function errorLog(
         ?string $errorid = null,
         ?\Throwable $error = null,
         mixed $data = null,
-    ) {
+    ): void {
         if (!CONFIG["site"]["enable_verbose_error_log"]) {
             error_log("$title: $message");
             return;
@@ -93,7 +93,7 @@ private static function errorToUser(
         string $msg,
         int $http_response_code,
         ?string $errorid = null,
-    ) {
+    ): void {
         if (!CONFIG["site"]["enable_error_to_user"]) {
             return;
         }
@@ -110,8 +110,11 @@ private static function errorToUser(
         echo "<h1>$msg</h1><p>$notes</p>";
     }
 
-    public static function badRequest($message, $error = null, $data = null)
-    {
+    public static function badRequest(
+        string $message,
+        ?\Throwable $error = null,
+        ?array $data = null,
+    ): never {
         $errorid = uniqid();
         self::errorToUser(
             "Invalid requested action or submitted data.",
@@ -122,8 +125,11 @@ public static function badRequest($message, $error = null, $data = null)
         self::die($message);
     }
 
-    public static function forbidden($message, $error = null, $data = null)
-    {
+    public static function forbidden(
+        string $message,
+        ?\Throwable $error = null,
+        ?array $data = null,
+    ): never {
         $errorid = uniqid();
         self::errorToUser("Permission denied.", 403, $errorid);
         self::errorLog("forbidden", $message, $errorid, $error, $data);
@@ -131,10 +137,10 @@ public static function forbidden($message, $error = null, $data = null)
     }
 
     public static function internalServerError(
-        $message,
-        $error = null,
-        $data = null,
-    ) {
+        string $message,
+        ?\Throwable $error = null,
+        ?array $data = null,
+    ): never {
         $errorid = uniqid();
         self::errorToUser(
             "An internal server error has occurred.",
@@ -152,7 +158,7 @@ public static function internalServerError(
     }
 
     // https://www.php.net/manual/en/function.set-exception-handler.php
-    public static function exceptionHandler($e)
+    public static function exceptionHandler(\Throwable $e): void
     {
         ini_set("log_errors", true); // in case something goes wrong and error is not logged
         self::internalServerError(
@@ -162,7 +168,7 @@ public static function exceptionHandler($e)
         ini_set("log_errors", false); // error logged successfully
     }
 
-    public static function getPostData(...$keys)
+    public static function getPostData(...$keys): mixed
     {
         try {
             return \arrayGet($_POST, ...$keys);
@@ -174,10 +180,10 @@ public static function getPostData(...$keys)
     }
 
     public static function getUploadedFileContents(
-        $filename,
-        $do_delete_tmpfile_after_read = true,
-        $encoding = "UTF-8",
-    ) {
+        string $filename,
+        bool $do_delete_tmpfile_after_read = true,
+        string $encoding = "UTF-8",
+    ): string {
         try {
             $tmpfile_path = \arrayGet($_FILES, $filename, "tmp_name");
         } catch (ArrayKeyException $e) {
@@ -198,7 +204,7 @@ public static function getUploadedFileContents(
 
     // in firefox, the user can disable alert/confirm/prompt after the 2nd or 3rd popup
     // after I disable alerts, if I quit and reopen my browser, the alerts come back
-    public static function alert(string $message)
+    public static function alert(string $message): void
     {
         // jsonEncode escapes quotes
         echo "<script type='text/javascript'>alert(" .
diff --git a/resources/lib/UnityLDAP.php b/resources/lib/UnityLDAP.php
index 32641c7b..cd4a471b 100644
--- a/resources/lib/UnityLDAP.php
+++ b/resources/lib/UnityLDAP.php
@@ -10,32 +10,32 @@
  */
 class UnityLDAP extends ldapConn
 {
-    private const RDN = "cn"; // The defauls RDN for LDAP entries is set to "common name"
+    private const string RDN = "cn"; // The defauls RDN for LDAP entries is set to "common name"
 
-    public const POSIX_ACCOUNT_CLASS = [
+    public const array POSIX_ACCOUNT_CLASS = [
         "inetorgperson",
         "posixAccount",
         "top",
         "ldapPublicKey",
     ];
 
-    public const POSIX_GROUP_CLASS = ["posixGroup", "top"];
+    public const array POSIX_GROUP_CLASS = ["posixGroup", "top"];
 
-    private $custom_mappings_path =
+    private string $custom_mappings_path =
         __DIR__ . "/../../" . CONFIG["ldap"]["custom_user_mappings_dir"];
-    private $def_user_shell = CONFIG["ldap"]["def_user_shell"];
-    private $offset_UIDGID = CONFIG["ldap"]["offset_UIDGID"];
-    private $offset_PIGID = CONFIG["ldap"]["offset_PIGID"];
-    private $offset_ORGGID = CONFIG["ldap"]["offset_ORGGID"];
+    private string $def_user_shell = CONFIG["ldap"]["def_user_shell"];
+    private int $offset_UIDGID = CONFIG["ldap"]["offset_UIDGID"];
+    private int $offset_PIGID = CONFIG["ldap"]["offset_PIGID"];
+    private int $offset_ORGGID = CONFIG["ldap"]["offset_ORGGID"];
 
     // Instance vars for various ldapEntry objects
-    private $baseOU;
-    private $userOU;
-    private $groupOU;
-    private $pi_groupOU;
-    private $org_groupOU;
-    private $adminGroup;
-    private $userGroup;
+    private LDAPEntry $baseOU;
+    private LDAPEntry $userOU;
+    private LDAPEntry $groupOU;
+    private LDAPEntry $pi_groupOU;
+    private LDAPEntry $org_groupOU;
+    private LDAPEntry $adminGroup;
+    private LDAPEntry $userGroup;
 
     public function __construct()
     {
@@ -53,42 +53,42 @@ public function __construct()
         $this->userGroup = $this->getEntry(CONFIG["ldap"]["user_group"]);
     }
 
-    public function getUserOU()
+    public function getUserOU(): LDAPEntry
     {
         return $this->userOU;
     }
 
-    public function getGroupOU()
+    public function getGroupOU(): LDAPEntry
     {
         return $this->groupOU;
     }
 
-    public function getPIGroupOU()
+    public function getPIGroupOU(): LDAPEntry
     {
         return $this->pi_groupOU;
     }
 
-    public function getOrgGroupOU()
+    public function getOrgGroupOU(): LDAPEntry
     {
         return $this->org_groupOU;
     }
 
-    public function getAdminGroup()
+    public function getAdminGroup(): LDAPEntry
     {
         return $this->adminGroup;
     }
 
-    public function getUserGroup()
+    public function getUserGroup(): LDAPEntry
     {
         return $this->userGroup;
     }
 
-    public function getDefUserShell()
+    public function getDefUserShell(): string
     {
         return $this->def_user_shell;
     }
 
-    public function getNextUIDGIDNumber($uid)
+    public function getNextUIDGIDNumber(string $uid): int
     {
         $IDNumsInUse = array_merge(
             $this->getAllUIDNumbersInUse(),
@@ -120,7 +120,7 @@ public function getNextUIDGIDNumber($uid)
         );
     }
 
-    public function getNextPIGIDNumber()
+    public function getNextPIGIDNumber(): int
     {
         return $this->getNextIDNumber(
             $this->offset_PIGID,
@@ -131,7 +131,7 @@ public function getNextPIGIDNumber()
         );
     }
 
-    public function getNextOrgGIDNumber()
+    public function getNextOrgGIDNumber(): int
     {
         return $this->getNextIDNumber(
             $this->offset_ORGGID,
@@ -142,14 +142,14 @@ public function getNextOrgGIDNumber()
         );
     }
 
-    private function isIDNumberForbidden($id)
+    private function isIDNumberForbidden($id): bool
     {
         // 0-99 are probably going to be used for local system accounts instead of LDAP accounts
         // 100-999, 60000-64999 are reserved for debian packages
         return $id <= 999 || ($id >= 60000 && $id <= 64999);
     }
 
-    private function getNextIDNumber($start, $IDsToSkip)
+    private function getNextIDNumber($start, $IDsToSkip): int
     {
         $new_id = $start;
         while (
@@ -161,7 +161,7 @@ private function getNextIDNumber($start, $IDsToSkip)
         return $new_id;
     }
 
-    private function getCustomIDMappings()
+    private function getCustomIDMappings(): array
     {
         $output = [];
         $dir = new \DirectoryIterator($this->custom_mappings_path);
@@ -189,7 +189,7 @@ private function getCustomIDMappings()
         return $output_map;
     }
 
-    private function getAllUIDNumbersInUse()
+    private function getAllUIDNumbersInUse(): array
     {
         // use baseOU for awareness of externally managed entries
         return array_map(
@@ -202,7 +202,7 @@ private function getAllUIDNumbersInUse()
         );
     }
 
-    private function getAllGIDNumbersInUse()
+    private function getAllGIDNumbersInUse(): array
     {
         // use baseOU for awareness of externally managed entries
         return array_map(
@@ -215,7 +215,7 @@ private function getAllGIDNumbersInUse()
         );
     }
 
-    public function getAllUsersUIDs()
+    public function getAllUsersUIDs(): array
     {
         // should not use $user_ou->getChildren or $base_ou->getChildren(objectClass=posixAccount)
         // Unity users might be outside user ou, and not all users in LDAP tree are unity users
@@ -228,7 +228,7 @@ public function getAllUsers(
         $UnityRedis,
         $UnityWebhook,
         $ignorecache = false,
-    ) {
+    ): array {
         $out = [];
 
         if (!$ignorecache) {
@@ -267,7 +267,7 @@ public function getAllUsers(
         return $out;
     }
 
-    public function getAllUsersAttributes($attributes)
+    public function getAllUsersAttributes(array $attributes): array
     {
         $include_uids = $this->getAllUsersUIDs();
         $user_attributes = $this->baseOU->getChildrenArray(
@@ -284,11 +284,11 @@ public function getAllUsersAttributes($attributes)
     }
 
     public function getAllPIGroups(
-        $UnitySQL,
-        $UnityMailer,
-        $UnityRedis,
-        $UnityWebhook,
-        $ignorecache = false,
+        UnitySQL $UnitySQL,
+        UnityMailer $UnityMailer,
+        UnityRedis $UnityRedis,
+        UnityWebhook $UnityWebhook,
+        bool $ignorecache = false,
     ) {
         $out = [];
 
@@ -330,12 +330,12 @@ public function getAllPIGroups(
         return $out;
     }
 
-    public function getAllPIGroupsAttributes($attributes)
+    public function getAllPIGroupsAttributes(array $attributes): array
     {
         return $this->pi_groupOU->getChildrenArray($attributes);
     }
 
-    public function getPIGroupGIDsWithMemberUID($uid)
+    public function getPIGroupGIDsWithMemberUID(string $uid): array
     {
         return array_map(
             fn($x) => $x["cn"][0],
@@ -347,7 +347,7 @@ public function getPIGroupGIDsWithMemberUID($uid)
         );
     }
 
-    public function getAllPIGroupOwnerAttributes($attributes)
+    public function getAllPIGroupOwnerAttributes(array $attributes): array
     {
         // get the PI groups, filter for just the GIDs, then map the GIDs to owner UIDs
         $owner_uids = array_map(
@@ -382,7 +382,7 @@ public function getAllPIGroupOwnerAttributes($attributes)
     /**
      * Returns an associative array where keys are UIDs and values are arrays of PI GIDs
      */
-    public function getAllUID2PIGIDs()
+    public function getAllUID2PIGIDs(): array
     {
         // initialize output so each UID is a key with an empty array as its value
         $uids = $this->getAllUsersUIDs();
@@ -413,7 +413,7 @@ public function getAllOrgGroups(
         $UnityRedis,
         $UnityWebhook,
         $ignorecache = false,
-    ) {
+    ): array {
         $out = [];
 
         if (!$ignorecache) {
@@ -455,12 +455,12 @@ public function getAllOrgGroups(
         return $out;
     }
 
-    public function getAllOrgGroupsAttributes($attributes)
+    public function getAllOrgGroupsAttributes(array $attributes): array
     {
         return $this->org_groupOU->getChildrenArray($attributes);
     }
 
-    public function getUserEntry($uid)
+    public function getUserEntry(string $uid): LDAPEntry
     {
         $uid = ldap_escape($uid, "", LDAP_ESCAPE_DN);
         return $this->getEntry(
@@ -468,7 +468,7 @@ public function getUserEntry($uid)
         );
     }
 
-    public function getGroupEntry($gid)
+    public function getGroupEntry(string $gid): LDAPEntry
     {
         $gid = ldap_escape($gid, "", LDAP_ESCAPE_DN);
         return $this->getEntry(
@@ -476,7 +476,7 @@ public function getGroupEntry($gid)
         );
     }
 
-    public function getPIGroupEntry($gid)
+    public function getPIGroupEntry(string $gid): LDAPEntry
     {
         $gid = ldap_escape($gid, "", LDAP_ESCAPE_DN);
         return $this->getEntry(
@@ -484,7 +484,7 @@ public function getPIGroupEntry($gid)
         );
     }
 
-    public function getOrgGroupEntry($gid)
+    public function getOrgGroupEntry(string $gid): LDAPEntry
     {
         $gid = ldap_escape($gid, "", LDAP_ESCAPE_DN);
         return $this->getEntry(
diff --git a/resources/lib/UnityMailer.php b/resources/lib/UnityMailer.php
index 910293fd..a8e1d7b0 100644
--- a/resources/lib/UnityMailer.php
+++ b/resources/lib/UnityMailer.php
@@ -10,19 +10,19 @@
  */
 class UnityMailer extends PHPMailer
 {
-    private $template_dir = __DIR__ . "/../mail"; // location of all email templates
-    private $override_template_dir =
+    private string $template_dir = __DIR__ . "/../mail"; // location of all email templates
+    private string $override_template_dir =
         __DIR__ . "/../../deployment/mail_overrides";
 
-    private $MSG_LINKREF;
-    private $MSG_SENDER_EMAIL;
-    private $MSG_SENDER_NAME;
-    private $MSG_SUPPORT_EMAIL;
-    private $MSG_SUPPORT_NAME;
-    private $MSG_ADMIN_EMAIL;
-    private $MSG_ADMIN_NAME;
-    private $MSG_PI_APPROVAL_EMAIL;
-    private $MSG_PI_APPROVAL_NAME;
+    private string $MSG_LINKREF;
+    private string $MSG_SENDER_EMAIL;
+    private string $MSG_SENDER_NAME;
+    private string $MSG_SUPPORT_EMAIL;
+    private string $MSG_SUPPORT_NAME;
+    private string $MSG_ADMIN_EMAIL;
+    private string $MSG_ADMIN_NAME;
+    private string $MSG_PI_APPROVAL_EMAIL;
+    private string $MSG_PI_APPROVAL_NAME;
 
     public function __construct()
     {
@@ -80,8 +80,11 @@ public function __construct()
         }
     }
 
-    public function sendMail($recipients, $template = null, $data = null)
-    {
+    public function sendMail(
+        string $recipients,
+        ?string $template = null,
+        mixed $data = null,
+    ) {
         if (isset($template)) {
             $this->setFrom($this->MSG_SENDER_EMAIL, $this->MSG_SENDER_NAME);
             $this->addReplyTo(
diff --git a/resources/lib/UnityOrg.php b/resources/lib/UnityOrg.php
index 6d6760e0..e121ec37 100644
--- a/resources/lib/UnityOrg.php
+++ b/resources/lib/UnityOrg.php
@@ -1,22 +1,26 @@
 <?php
 
 namespace UnityWebPortal\lib;
-
-use Exception;
+use PHPOpenLDAPer\LDAPEntry;
 
 class UnityOrg
 {
-    public $gid;
-    private $entry;
-
-    private $MAILER;
-    private $SQL;
-    private $LDAP;
-    private $REDIS;
-    private $WEBHOOK;
+    public string $gid;
+    private LDAPEntry $entry;
+    private UnityLDAP $LDAP;
+    private UnitySQL $SQL;
+    private UnityMailer $MAILER;
+    private UnityWebhook $WEBHOOK;
+    private UnityRedis $REDIS;
 
-    public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
-    {
+    public function __construct(
+        string $gid,
+        UnityLDAP $LDAP,
+        UnitySQL $SQL,
+        UnityMailer $MAILER,
+        UnityRedis $REDIS,
+        UnityWebhook $WEBHOOK,
+    ) {
         $gid = trim($gid);
         $this->gid = $gid;
         $this->entry = $LDAP->getOrgGroupEntry($this->gid);
@@ -28,7 +32,7 @@ public function __construct($gid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
         $this->REDIS = $REDIS;
     }
 
-    public function init()
+    public function init(): void
     {
         \ensure(!$this->entry->exists());
         $nextGID = $this->LDAP->getNextOrgGIDNumber();
@@ -38,17 +42,17 @@ public function init()
         $this->REDIS->appendCacheArray("sorted_orgs", "", $this->gid);
     }
 
-    public function exists()
+    public function exists(): bool
     {
         return $this->entry->exists();
     }
 
-    public function inOrg($user, $ignorecache = false)
+    public function inOrg(UnityUser $user, bool $ignorecache = false): bool
     {
         return in_array($user->uid, $this->getOrgMemberUIDs($ignorecache));
     }
 
-    public function getOrgMembers($ignorecache = false)
+    public function getOrgMembers(bool $ignorecache = false): array
     {
         $members = $this->getOrgMemberUIDs($ignorecache);
         $out = [];
@@ -66,7 +70,7 @@ public function getOrgMembers($ignorecache = false)
         return $out;
     }
 
-    public function getOrgMemberUIDs($ignorecache = false)
+    public function getOrgMemberUIDs(bool $ignorecache = false): array
     {
         if (!$ignorecache) {
             $cached_val = $this->REDIS->getCache($this->gid, "members");
@@ -86,14 +90,14 @@ public function getOrgMemberUIDs($ignorecache = false)
         return $members;
     }
 
-    public function addUser($user)
+    public function addUser(UnityUser $user): void
     {
         $this->entry->appendAttribute("memberuid", $user->uid);
         $this->entry->write();
         $this->REDIS->appendCacheArray($this->gid, "members", $user->uid);
     }
 
-    public function removeUser($user)
+    public function removeUser(UnityUser $user): void
     {
         $this->entry->removeAttributeEntryByValue("memberuid", $user->uid);
         $this->entry->write();
diff --git a/resources/lib/UnityRedis.php b/resources/lib/UnityRedis.php
index 4397d566..47909052 100644
--- a/resources/lib/UnityRedis.php
+++ b/resources/lib/UnityRedis.php
@@ -24,7 +24,7 @@ public function __construct()
         }
     }
 
-    public function setCache($object, $key, $data)
+    public function setCache(string $object, string $key, mixed $data): void
     {
         if (!$this->enabled) {
             return;
@@ -41,7 +41,7 @@ public function setCache($object, $key, $data)
         $this->client->set($keyStr, serialize($data));
     }
 
-    public function getCache($object, $key)
+    public function getCache(string $object, string $key): mixed
     {
         if (!$this->enabled) {
             return null;
@@ -61,8 +61,11 @@ public function getCache($object, $key)
         return null;
     }
 
-    public function appendCacheArray($object, $key, $value)
-    {
+    public function appendCacheArray(
+        string $object,
+        string $key,
+        mixed $value,
+    ): void {
         if (!$this->enabled) {
             return;
         }
@@ -81,7 +84,8 @@ public function appendCacheArray($object, $key, $value)
         }
     }
 
-    public function removeCacheArray($object, $key, $value)
+    // TODO return void
+    public function removeCacheArray(string $object, string $key, mixed $value)
     {
         if (!$this->enabled) {
             return null;
@@ -100,7 +104,7 @@ public function removeCacheArray($object, $key, $value)
         }
     }
 
-    public function flushAll()
+    public function flushAll(): void
     {
         $this->client->flushAll();
     }
diff --git a/resources/lib/UnitySQL.php b/resources/lib/UnitySQL.php
index 3fcc5eac..b6a09cf4 100644
--- a/resources/lib/UnitySQL.php
+++ b/resources/lib/UnitySQL.php
@@ -6,13 +6,13 @@
 
 class UnitySQL
 {
-    private const TABLE_REQS = "requests";
-    private const TABLE_NOTICES = "notices";
-    private const TABLE_PAGES = "pages";
-    private const TABLE_AUDIT_LOG = "audit_log";
-    private const TABLE_ACCOUNT_DELETION_REQUESTS = "account_deletion_requests";
+    private const string TABLE_REQS = "requests";
+    private const string TABLE_NOTICES = "notices";
+    private const string TABLE_PAGES = "pages";
+    private const string TABLE_AUDIT_LOG = "audit_log";
+    private const string TABLE_ACCOUNT_DELETION_REQUESTS = "account_deletion_requests";
     // FIXME this string should be changed to something more intuitive, requires production change
-    public const REQUEST_BECOME_PI = "admin";
+    public const string REQUEST_BECOME_PI = "admin";
 
     private $conn;
 
@@ -29,7 +29,7 @@ public function __construct()
         $this->conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
     }
 
-    public function getConn()
+    public function getConn(): PDO
     {
         return $this->conn;
     }
@@ -38,13 +38,13 @@ public function getConn()
     // requests table methods
     //
     public function addRequest(
-        $requestor,
-        $firstname,
-        $lastname,
-        $email,
-        $org,
-        $dest = self::REQUEST_BECOME_PI,
-    ) {
+        string $requestor,
+        string $firstname,
+        string $lastname,
+        string $email,
+        string $org,
+        string $dest = self::REQUEST_BECOME_PI,
+    ): void {
         if ($this->requestExists($requestor, $dest)) {
             return;
         }
@@ -66,8 +66,10 @@ public function addRequest(
         $stmt->execute();
     }
 
-    public function removeRequest($requestor, $dest = self::REQUEST_BECOME_PI)
-    {
+    public function removeRequest(
+        $requestor,
+        string $dest = self::REQUEST_BECOME_PI,
+    ): void {
         if (!$this->requestExists($requestor, $dest)) {
             return;
         }
@@ -83,7 +85,7 @@ public function removeRequest($requestor, $dest = self::REQUEST_BECOME_PI)
         $stmt->execute();
     }
 
-    public function removeRequests($dest = self::REQUEST_BECOME_PI)
+    public function removeRequests(string $dest = self::REQUEST_BECOME_PI): void
     {
         $stmt = $this->conn->prepare(
             "DELETE FROM " .
@@ -95,7 +97,7 @@ public function removeRequests($dest = self::REQUEST_BECOME_PI)
         $stmt->execute();
     }
 
-    public function getRequest($user, $dest)
+    public function getRequest(string $user, string $dest): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " .
@@ -119,8 +121,10 @@ public function getRequest($user, $dest)
         return $result[0];
     }
 
-    public function requestExists($requestor, $dest = self::REQUEST_BECOME_PI)
-    {
+    public function requestExists(
+        string $requestor,
+        string $dest = self::REQUEST_BECOME_PI,
+    ): bool {
         try {
             $this->getRequest($requestor, $dest);
             return true;
@@ -130,14 +134,14 @@ public function requestExists($requestor, $dest = self::REQUEST_BECOME_PI)
         }
     }
 
-    public function getAllRequests()
+    public function getAllRequests(): array
     {
         $stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_REQS);
         $stmt->execute();
         return $stmt->fetchAll();
     }
 
-    public function getRequests($dest = self::REQUEST_BECOME_PI)
+    public function getRequests(string $dest = self::REQUEST_BECOME_PI): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " .
@@ -151,7 +155,7 @@ public function getRequests($dest = self::REQUEST_BECOME_PI)
         return $stmt->fetchAll();
     }
 
-    public function getRequestsByUser($user)
+    public function getRequestsByUser(string $user): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " . self::TABLE_REQS . " WHERE uid=:uid",
@@ -163,7 +167,7 @@ public function getRequestsByUser($user)
         return $stmt->fetchAll();
     }
 
-    public function deleteRequestsByUser($user)
+    public function deleteRequestsByUser(string $user): void
     {
         $stmt = $this->conn->prepare(
             "DELETE FROM " . self::TABLE_REQS . " WHERE uid=:uid",
@@ -173,8 +177,12 @@ public function deleteRequestsByUser($user)
         $stmt->execute();
     }
 
-    public function addNotice($title, $date, $content, $operator)
-    {
+    public function addNotice(
+        string $title,
+        string $date,
+        string $content,
+        UnityUser $operator,
+    ): void {
         $table = self::TABLE_NOTICES;
         $stmt = $this->conn->prepare(
             "INSERT INTO $table (date, title, message) VALUES (:date, :title, :message)",
@@ -193,8 +201,12 @@ public function addNotice($title, $date, $content, $operator)
         );
     }
 
-    public function editNotice($id, $title, $date, $content)
-    {
+    public function editNotice(
+        string $id,
+        string $title,
+        string $date,
+        string $content,
+    ): void {
         $table = self::TABLE_NOTICES;
         $stmt = $this->conn->prepare(
             "UPDATE $table SET date=:date, title=:title, message=:message WHERE id=:id",
@@ -207,7 +219,7 @@ public function editNotice($id, $title, $date, $content)
         $stmt->execute();
     }
 
-    public function deleteNotice($id)
+    public function deleteNotice(string $id): void
     {
         $stmt = $this->conn->prepare(
             "DELETE FROM " . self::TABLE_NOTICES . " WHERE id=:id",
@@ -217,7 +229,7 @@ public function deleteNotice($id)
         $stmt->execute();
     }
 
-    public function getNotice($id)
+    public function getNotice(string $id): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " . self::TABLE_NOTICES . " WHERE id=:id",
@@ -229,7 +241,7 @@ public function getNotice($id)
         return $stmt->fetchAll()[0];
     }
 
-    public function getNotices()
+    public function getNotices(): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " . self::TABLE_NOTICES . " ORDER BY date DESC",
@@ -239,7 +251,7 @@ public function getNotices()
         return $stmt->fetchAll();
     }
 
-    public function getPages()
+    public function getPages(): array
     {
         $stmt = $this->conn->prepare("SELECT * FROM " . self::TABLE_PAGES);
         $stmt->execute();
@@ -247,7 +259,7 @@ public function getPages()
         return $stmt->fetchAll();
     }
 
-    public function getPage($id)
+    public function getPage(string $id): array
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " . self::TABLE_PAGES . " WHERE page=:id",
@@ -259,8 +271,11 @@ public function getPage($id)
         return $stmt->fetchAll()[0];
     }
 
-    public function editPage($id, $content, $operator)
-    {
+    public function editPage(
+        string $id,
+        string $content,
+        UnityUser $operator,
+    ): void {
         $stmt = $this->conn->prepare(
             "UPDATE " .
                 self::TABLE_PAGES .
@@ -279,8 +294,12 @@ public function editPage($id, $content, $operator)
         );
     }
 
-    public function addLog($operator, $operator_ip, $action_type, $recipient)
-    {
+    public function addLog(
+        string $operator,
+        string $operator_ip,
+        string $action_type,
+        string $recipient,
+    ): void {
         $table = self::TABLE_AUDIT_LOG;
         $stmt = $this->conn->prepare(
             "INSERT INTO $table (operator, operator_ip, action_type, recipient)
@@ -294,7 +313,7 @@ public function addLog($operator, $operator_ip, $action_type, $recipient)
         $stmt->execute();
     }
 
-    public function addAccountDeletionRequest($uid)
+    public function addAccountDeletionRequest(string $uid): void
     {
         $stmt = $this->conn->prepare(
             "INSERT INTO " .
@@ -306,7 +325,7 @@ public function addAccountDeletionRequest($uid)
         $stmt->execute();
     }
 
-    public function accDeletionRequestExists($uid)
+    public function accDeletionRequestExists(string $uid): bool
     {
         $stmt = $this->conn->prepare(
             "SELECT * FROM " .
@@ -320,7 +339,7 @@ public function accDeletionRequestExists($uid)
         return count($stmt->fetchAll()) > 0;
     }
 
-    public function deleteAccountDeletionRequest($uid)
+    public function deleteAccountDeletionRequest(string $uid): void
     {
         if (!$this->accDeletionRequestExists($uid)) {
             return;
diff --git a/resources/lib/UnitySSO.php b/resources/lib/UnitySSO.php
index 6f98881f..cddb5cce 100644
--- a/resources/lib/UnitySSO.php
+++ b/resources/lib/UnitySSO.php
@@ -7,14 +7,14 @@
 
 class UnitySSO
 {
-    private static function eppnToUID($eppn)
+    private static function eppnToUID(string $eppn): string
     {
         $eppn_output = str_replace(".", "_", $eppn);
         $eppn_output = str_replace("@", "_", $eppn_output);
         return strtolower($eppn_output);
     }
 
-    private static function eppnToOrg($eppn)
+    private static function eppnToOrg(string $eppn): string
     {
         $parts = explode("@", $eppn);
         if (count($parts) != 2) {
@@ -31,8 +31,8 @@ private static function eppnToOrg($eppn)
     // https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335257/AttributeAccess
     // I have observed attributes to be set to empty strings while shibd complains of bad config
     private static function getAttributeRaw(
-        $attributeName,
-        $fallbackAttributeName = null,
+        string $attributeName,
+        ?string $fallbackAttributeName = null,
     ) {
         if (isset($_SERVER[$attributeName]) && $_SERVER[$attributeName] != "") {
             return $_SERVER[$attributeName];
@@ -55,9 +55,9 @@ private static function getAttributeRaw(
     }
 
     private static function getAttribute(
-        $attributeName,
-        $fallbackAttributeName = null,
-    ) {
+        string $attributeName,
+        ?string $fallbackAttributeName = null,
+    ): string {
         $attribute_raw = self::getAttributeRaw(
             $attributeName,
             $fallbackAttributeName,
@@ -67,7 +67,7 @@ private static function getAttribute(
         return explode(";", $attribute_raw)[0];
     }
 
-    public static function getSSO()
+    public static function getSSO(): array
     {
         return [
             "user" => self::eppnToUID(self::getAttribute("REMOTE_USER")),
diff --git a/resources/lib/UnityUser.php b/resources/lib/UnityUser.php
index a9e0693b..01ddd071 100644
--- a/resources/lib/UnityUser.php
+++ b/resources/lib/UnityUser.php
@@ -9,17 +9,22 @@ class UnityUser
 {
     private const HOME_DIR = "/home/";
 
-    public $uid;
-    private $entry;
-
-    private $LDAP;
-    private $SQL;
-    private $MAILER;
-    private $REDIS;
-    private $WEBHOOK;
-
-    public function __construct($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
-    {
+    public string $uid;
+    private LDAPEntry $entry;
+    private UnityLDAP $LDAP;
+    private UnitySQL $SQL;
+    private UnityMailer $MAILER;
+    private UnityWebhook $WEBHOOK;
+    private UnityRedis $REDIS;
+
+    public function __construct(
+        string $uid,
+        UnityLDAP $LDAP,
+        UnitySQL $SQL,
+        UnityMailer $MAILER,
+        UnityRedis $REDIS,
+        UnityWebhook $WEBHOOK,
+    ) {
         $uid = trim($uid);
         $this->uid = $uid;
         $this->entry = $LDAP->getUserEntry($uid);
@@ -31,7 +36,7 @@ public function __construct($uid, $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK)
         $this->WEBHOOK = $WEBHOOK;
     }
 
-    public function equals($other_user)
+    public function equals(UnityUser $other_user)
     {
         if (!is_a($other_user, self::class)) {
             throw new Exception(
@@ -51,16 +56,14 @@ public function __toString()
 
     /**
      * This is the method that is run when a new account is created
-     *
-     * @param  string $firstname First name of new account
-     * @param  string $lastname  Last name of new account
-     * @param  string $email     email of new account
-     * @param  string $org       organization name of new account
-     * @param  bool   $isPI      boolean value for if the user checked the "I am a PI box"
-     * @return void
      */
-    public function init($firstname, $lastname, $email, $org, $send_mail = true)
-    {
+    public function init(
+        string $firstname,
+        string $lastname,
+        string $email,
+        string $org,
+        bool $send_mail = true,
+    ) {
         $ldapGroupEntry = $this->getGroupEntry();
         $id = $this->LDAP->getNextUIDGIDNumber($this->uid);
         \ensure(!$ldapGroupEntry->exists());
@@ -160,14 +163,14 @@ public function exists()
         return $this->entry->exists() && $this->getGroupEntry()->exists();
     }
 
-    public function setOrg($org)
+    public function setOrg(UnityOrg $org)
     {
         $this->entry->setAttribute("o", $org);
         $this->entry->write();
         $this->REDIS->setCache($this->uid, "org", $org);
     }
 
-    public function getOrg($ignorecache = false)
+    public function getOrg(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -195,7 +198,7 @@ public function getOrg($ignorecache = false)
      *
      * @param string $firstname
      */
-    public function setFirstname($firstname, $operator = null)
+    public function setFirstname(string $firstname, ?UnityUser $operator = null)
     {
         $this->entry->setAttribute("givenname", $firstname);
         $operator = is_null($operator) ? $this->uid : $operator->uid;
@@ -216,7 +219,7 @@ public function setFirstname($firstname, $operator = null)
      *
      * @return string firstname
      */
-    public function getFirstname($ignorecache = false)
+    public function getFirstname(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -244,7 +247,7 @@ public function getFirstname($ignorecache = false)
      *
      * @param string $lastname
      */
-    public function setLastname($lastname, $operator = null)
+    public function setLastname(string $lastname, $operator = null)
     {
         $this->entry->setAttribute("sn", $lastname);
         $operator = is_null($operator) ? $this->uid : $operator->uid;
@@ -265,7 +268,7 @@ public function setLastname($lastname, $operator = null)
      *
      * @return string lastname
      */
-    public function getLastname($ignorecache = false)
+    public function getLastname(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -299,7 +302,7 @@ public function getFullname()
      *
      * @param string $mail
      */
-    public function setMail($email, $operator = null)
+    public function setMail(string $email, ?UnityUser $operator = null)
     {
         $this->entry->setAttribute("mail", $email);
         $operator = is_null($operator) ? $this->uid : $operator->uid;
@@ -320,7 +323,7 @@ public function setMail($email, $operator = null)
      *
      * @return string email address
      */
-    public function getMail($ignorecache = false)
+    public function getMail(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -348,7 +351,7 @@ public function getMail($ignorecache = false)
      *
      * @param array $keys String array of openssh-style ssh public keys
      */
-    public function setSSHKeys($keys, $operator = null, $send_mail = true)
+    public function setSSHKeys($keys, $operator = null, bool $send_mail = true)
     {
         $operator = is_null($operator) ? $this->uid : $operator->uid;
         $keys_filt = array_values(array_unique($keys));
@@ -377,7 +380,7 @@ public function setSSHKeys($keys, $operator = null, $send_mail = true)
      *
      * @return array String array of ssh keys
      */
-    public function getSSHKeys($ignorecache = false)
+    public function getSSHKeys(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -410,8 +413,11 @@ public function getSSHKeys($ignorecache = false)
      *
      * @param string $shell absolute path to shell
      */
-    public function setLoginShell($shell, $operator = null, $send_mail = true)
-    {
+    public function setLoginShell(
+        string $shell,
+        ?UnityUser $operator = null,
+        bool $send_mail = true,
+    ) {
         // ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
         if (!mb_check_encoding($shell, "ASCII")) {
             throw new Exception(
@@ -453,7 +459,7 @@ public function setLoginShell($shell, $operator = null, $send_mail = true)
      *
      * @return string absolute path to login shell
      */
-    public function getLoginShell($ignorecache = false)
+    public function getLoginShell(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -476,7 +482,7 @@ public function getLoginShell($ignorecache = false)
         return null;
     }
 
-    public function setHomeDir($home, $operator = null)
+    public function setHomeDir(string $home, ?UnityUser $operator = null)
     {
         \ensure($this->entry->exists());
         $this->entry->setAttribute("homedirectory", $home);
@@ -498,7 +504,7 @@ public function setHomeDir($home, $operator = null)
      *
      * @return string home directory of the user
      */
-    public function getHomeDir($ignorecache = false)
+    public function getHomeDir(bool $ignorecache = false)
     {
         $this->entry->ensureExists();
         if (!$ignorecache) {
@@ -571,7 +577,7 @@ public function getOrgGroup()
      *
      * @return string[]
      */
-    public function getPIGroupGIDs($ignorecache = false)
+    public function getPIGroupGIDs(bool $ignorecache = false)
     {
         if (!$ignorecache) {
             $cached_val = $this->REDIS->getCache($this->uid, "groups");
@@ -617,7 +623,7 @@ public function hasRequestedAccountDeletion()
      * @param  string  or object $group group to check
      * @return boolean true if user is in group, false if not
      */
-    public function isInGroup($uid, $group)
+    public function isInGroup(string $uid, UnityGroup $group)
     {
         if (gettype($group) == "string") {
             $group_checked = new UnityGroup(
diff --git a/resources/lib/UnityWebhook.php b/resources/lib/UnityWebhook.php
index 5a49c319..8c1b387e 100644
--- a/resources/lib/UnityWebhook.php
+++ b/resources/lib/UnityWebhook.php
@@ -4,18 +4,18 @@
 
 class UnityWebhook
 {
-    private $template_dir = __DIR__ . "/../mail";
-    private $override_template_dir =
+    private string $template_dir = __DIR__ . "/../mail";
+    private string $override_template_dir =
         __DIR__ . "/../../deployment/mail_overrides";
-    private $url = CONFIG["webhook"]["url"];
-    private $MSG_LINKREF;
-    private $Subject; // set by template
+    private string $url = CONFIG["webhook"]["url"];
+    private string $MSG_LINKREF;
+    private string $Subject; // set by template
 
     public function __construct()
     {
         $this->MSG_LINKREF = CONFIG["site"]["url"] . CONFIG["site"]["prefix"];
     }
-    public function htmlToMarkdown($html)
+    public function htmlToMarkdown(string $html): string
     {
         // Define regex patterns for each markdown format
         $bold = "/<(b|strong)\b[^>]*>(.*?)<\/(b|strong)>/s";
@@ -35,8 +35,10 @@ public function htmlToMarkdown($html)
         return $md;
     }
 
-    public function sendWebhook($template = null, $data = null)
-    {
+    public function sendWebhook(
+        ?string $template = null,
+        mixed $data = null,
+    ): bool {
         $template_filename = $template . ".php";
         if (
             file_exists($this->override_template_dir . "/" . $template_filename)
diff --git a/resources/lib/phpopenldaper b/resources/lib/phpopenldaper
index abd76194..9750e2d1 160000
--- a/resources/lib/phpopenldaper
+++ b/resources/lib/phpopenldaper
@@ -1 +1 @@
-Subproject commit abd7619407f885a156af980140a7d97a5e64cc41
+Subproject commit 9750e2d16e6dd9337095e64f48f1682ebc992fa6
diff --git a/resources/lib/utils.php b/resources/lib/utils.php
index 42acfed9..d8760b0b 100644
--- a/resources/lib/utils.php
+++ b/resources/lib/utils.php
@@ -6,7 +6,7 @@
 use UnityWebPortal\lib\exceptions\EncodingConversionException;
 use phpseclib3\Crypt\PublicKeyLoader;
 
-function arrayGet($array, ...$keys)
+function arrayGet(array $array, mixed ...$keys): mixed
 {
     $cursor = $array;
     $keysTraversed = [];
@@ -28,14 +28,14 @@ function arrayGet($array, ...$keys)
 }
 
 // like assert() but not subject to zend.assertions config
-function ensure(bool $condition, ?string $message = null)
+function ensure(bool $condition, ?string $message = null): void
 {
     if (!$condition) {
         throw new EnsureException($message ?? "ensure condition is false");
     }
 }
 
-function testValidSSHKey($key_str)
+function testValidSSHKey(string $key_str): bool
 {
     // key loader still throws, these just mute warnings for phpunit
     // https://github.com/phpseclib/phpseclib/issues/2079
@@ -59,14 +59,17 @@ function testValidSSHKey($key_str)
     }
 }
 
-function jsonEncode($value, $flags = 0, $depth = 512)
+function jsonEncode(mixed $value, int $flags = 0, int $depth = 512): string
 {
     $flags |= JSON_THROW_ON_ERROR | JSON_UNESCAPED_SLASHES;
     return json_encode($value, $flags, $depth);
 }
 
-function mbConvertEncoding($string, $to_encoding, $from_encoding = null)
-{
+function mbConvertEncoding(
+    string $string,
+    string $to_encoding,
+    ?string $from_encoding = null,
+): string {
     $output = mb_convert_encoding($string, $to_encoding, $from_encoding);
     if ($output === false) {
         throw new EncodingConversionException(
@@ -80,8 +83,11 @@ function mbConvertEncoding($string, $to_encoding, $from_encoding = null)
     return $output;
 }
 
-function mbDetectEncoding($string, $encodings = null, $_ = null)
-{
+function mbDetectEncoding(
+    string $string,
+    ?array $encodings = null,
+    mixed $_ = null,
+): string {
     $output = mb_detect_encoding($string, $encodings, strict: true);
     if ($output === false) {
         throw new EncodingUnknownException(base64_encode($string));