Create validate_id() and use everywhere possible.

We don't do any input checking on the $id's we receive. We should. Function should check that the $id is twenty characters long, and consists of alphanumerics only. It should return 0 on failure, and 1 on success. It should also be used in almost every function that accepts an $id as a parameter. Which is, like, all of 'em, g-thang.