Merge pull request #2 from Znote/master

k
2025-06-16 09:44:30 +02:00 · 2015-03-06 16:31:29 +02:00 · 2015-03-06 16:31:29 +02:00 · 493601c143
commit 493601c143
parent 782e335810 80d6d04832
43 changed files with 1514 additions and 1373 deletions
--- a/firstitems/firstitems.lua
+++ b/firstitems/firstitems.lua
@ -1,77 +1,72 @@
 -- With Rookgaard
 --[[
 local firstItems = {2050, 2382}
 function onLogin(cid)
-	local storage = 30055 -- storage value
+	local player = Player(cid)
-	
+	if player:getLastLoginSaved() <= 0 then
-	local sorcItems = {
+		for i = 1, #firstItems do
-			2460, -- Brass helmet
+			player:addItem(firstItems[i], 1)
 			2465, -- Brass armor
 			2190, -- Wand of vortex
 			2511, -- Brass shield
 			2478, -- Brass legs
 			2643, -- Leather boots
 			1988, -- Brown backpack
 			2050 -- torch
 		}
 	local druidItems = {
 			2460, -- Brass helmet
 			2465, -- Brass armor
 			2511, -- Brass shield
 			2182, -- Snakebite rod
 			2478, -- Brass legs
 			2643, -- Leather boots
 			1988, -- Brown backpack
 			2050 -- torch
 		}
 	local pallyItems = {
 			2460, -- Brass helmet
 			2465, -- Brass armor
 			2456, -- Bow
 			2478, -- Brass legs
 			2643, -- Leather boots
 			1988, -- Brown backpack
 		}
 	local kinaItems = {
 			2460, -- Brass helmet
 			2465, -- Brass armor
 			2511, -- Brass shield
 			2412, -- Katana
 			2478, -- Brass legs
 			2643, -- Leather boots
 			1988, -- Brown backpack
 			2050 -- torch
 		}
 	if getPlayerStorageValue(cid, storage) == -1 then
 		setPlayerStorageValue(cid, storage, 1)
 		if getPlayerVocation(cid) == 1 then
 			-- Sorcerer
 			for i = 1, table.getn(sorcItems), 1 do
 				doPlayerAddItem(cid, sorcItems[i], 1, FALSE)
 		end
-		
+		player:addItem(player:getSex() == 0 and 2651 or 2650, 1)
-		elseif getPlayerVocation(cid) == 2 then
+		player:addItem(1987, 1)
-			-- Druid
+		player:addItem(2674, 1)
-			for i = 1, table.getn(druidItems), 1 do
+	end
-				doPlayerAddItem(cid, druidItems[i], 1, FALSE)
+	return true
-			end
+end
-		
+]]--
-		elseif getPlayerVocation(cid) == 3 then
+
-			-- Paladin
+-- Without Rookgaard
-			for i = 1, table.getn(pallyItems), 1 do
+local config = {
-				doPlayerAddItem(cid, pallyItems[i], 1, FALSE)
+		[1] = {
-			end
+				--equipment spellbook, wand of vortex, magician's robe, mage hat, studded legs, leather boots, scarf
-			-- 8 arrows
+				items = {{2175, 1}, {2190, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}},
-			doPlayerAddItem(cid, 2544, 8, FALSE)
+				--container rope, shovel, mana potion
-		
+				container = {{2120, 1}, {2554, 1}, {7620, 1}}
-		elseif getPlayerVocation(cid) == 4 then
+		},
-			-- Knight
+		[2] = {
-			for i = 1, table.getn(kinaItems), 1 do
+				--equipment spellbook, snakebite rod, magician's robe, mage hat, studded legs, leather boots scarf
-				doPlayerAddItem(cid, kinaItems[i], 1, FALSE)
+				items = {{2175, 1}, {2182, 1}, {8819, 1}, {8820, 1}, {2468, 1}, {2643, 1}, {2661, 1}},
-			end
+				--container rope, shovel, mana potion
-		end
+				container = {{2120, 1}, {2554, 1}, {7620, 1}}
-		
+		},
-		-- Common for all
+		[3] = {
-		doPlayerAddItem(cid, 2674, 5, FALSE) -- 5 apples
+				--equipment dwrven shield, 5 spear, ranger's cloak, ranger legs scarf, legion helmet
-		doPlayerAddItem(cid, 2120, 1, FALSE) -- 1 rope
+				items = {{2525, 1}, {2389, 5}, {2660, 1}, {8923, 1}, {2643, 1}, {2661, 1}, {2480, 1}},
 				--container rope, shovel, health potion, bow, 50 arrow
 				container = {{2120, 1}, {2554, 1}, {7618, 1}, {2456, 1}, {2544, 50}}
 		},
 		[4] = {
 				--equipment dwarven shield, steel axe, brass armor, brass helmet, brass legs scarf
 				items = {{2525, 1}, {8601, 1}, {2465, 1}, {2460, 1}, {2478, 1}, {2643, 1}, {2661, 1}},
 				--container jagged sword, daramian mace, rope, shovel, health potion
 				container = {{8602, 1}, {2439, 1}, {2120, 1}, {2554, 1}, {7618, 1}}
 		}
 }
 function onLogin(cid)
 	local player = Player(cid)
 	local targetVocation = config[player:getVocation():getId()]
 	if not targetVocation then
 		return true
 	end
 	if player:getLastLoginSaved() ~= 0 then
 		return true
 	end
 	for i = 1, #targetVocation.items do
 		player:addItem(targetVocation.items[i][1], targetVocation.items[i][2])
 	end
 	local backpack = player:addItem(1988)
 	if not backpack then
 		return true
 	end
 	for i = 1, #targetVocation.container do
 		backpack:addItem(targetVocation.container[i][1], targetVocation.container[i][2])
 	end
 	return true
 end
--- a/playerdeath/playerdeath.lua
+++ b/playerdeath/playerdeath.lua
@ -86,7 +86,7 @@ function onDeath(cid, corpse, killer, mostDamage, unjustified, mostDamage_unjust
 					end
 					if guildKills1 >= fragLimit or guildKills2 >= fragLimit then
-						broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE)
+						Game.broadcastMessage(string.format("%s has just won the war against %s.", killerGuild:getName(), playerGuild:getName()), MESSAGE_EVENT_ADVANCE)
 						db.query("UPDATE `guild_wars` SET `status` = 4, `ended` = " .. os.time() .. " WHERE `status` = 1 AND `id` = " .. warId)
 					end
 				end
--- a/LUA/TFS_10/other.md/powergamers.lua
+++ b/LUA/TFS_10/other.md/powergamers.lua
@ -1,6 +1,7 @@
 function onThink(interval, lastExecution, thinkInterval)
-	if (tonumber(os.date("%d")) ~= getGlobalStorageValue(23856)) then
+	if tonumber(os.date("%d")) ~= Game.getStorageValue(23856) then
-		setGlobalStorageValue(23856, (tonumber(os.date("%d"))))
+		Game.setStorageValue(23856, (tonumber(os.date("%d"))))
 		db.query("UPDATE `znote_players` SET `onlinetime7`=`onlinetime6`, `onlinetime6`=`onlinetime5`, `onlinetime5`=`onlinetime4`, `onlinetime4`=`onlinetime3`, `onlinetime3`=`onlinetime2`, `onlinetime2`=`onlinetime1`, `onlinetime1`=`onlinetimetoday`, `onlinetimetoday`=0;")
 		db.query("UPDATE `znote_players` `z` INNER JOIN `players` `p` ON `p`.`id`=`z`.`player_id` SET `z`.`exphist7`=`z`.`exphist6`,  `z`.`exphist6`=`z`.`exphist5`, `z`.`exphist5`=`z`.`exphist4`, `z`.`exphist4`=`z`.`exphist3`, `z`.`exphist3`=`z`.`exphist2`, `z`.`exphist2`=`z`.`exphist1`, `z`.`exphist1`=`p`.`experience`-`z`.`exphist_lastexp`, `z`.`exphist_lastexp`=`p`.`experience`;")
 	end
--- a/system/adminreport.lua
+++ b/system/adminreport.lua
@ -1,21 +1,19 @@
 -- <talkaction words="!report" separator=" " script="adminreport.lua"/>
 -- Coded by Dark ShaoOz, modified by Znote
 function onSay(cid, words, param, channel)
-	local storage = 6708 -- (You can change the storage if its already in use)
+	local player = Player(cid)
-	local delaytime = 30 -- (Exhaust In Seconds.)
+	local storage = 6708 -- You can change the storage if its already in use
-	local x = getPlayerPosition(cid).x -- (Do not edit this.)
+	local delaytime = 30 -- Exhaust In Seconds.
-	local y = getPlayerPosition(cid).y -- (Do not edit this.)
+	if param == '' then
-	local z =  getPlayerPosition(cid).z -- (Do not edit this.)
+		player:sendTextMessage(MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.")
 	if(param == '') then
 		doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_ORANGE, "Command param required.")
 		return true
 	end
-	if (getPlayerStorageValue(cid, storage) <= os.time()) then
+	if player:getStorageValue(storage) <= os.time() then
-		doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Your report has been received successfully!")
+		player:sendTextMessage(MESSAGE_INFO_DESCR, "Your report has been received successfully!")
-		db.query("INSERT INTO  `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL ,  '" .. getPlayerName(cid) .. "',  '" .. x .. "',  '" .. y .. "',  '" .. z .. "',  " .. db.escapeString(param) .. ",  '" .. os.time() .. "')")
+		db.query("INSERT INTO `znote_player_reports` (`id` ,`name` ,`posx` ,`posy` ,`posz` ,`report_description` ,`date`)VALUES (NULL ,  " .. db.escapeString(player:getName()) .. ",  '" .. player:getPosition().x .. "',  '" .. player:getPosition().y .. "',  '" .. player:getPosition().z .. "',  " .. db.escapeString(param) .. ",  '" .. os.time() .. "')")
-		setPlayerStorageValue(cid,storage,os.time()+delaytime)
+		player:setStorageValue(storage, os.time() + delaytime)
 	else
-		doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have to wait "..getPlayerStorageValue(cid, storage) - os.time().." seconds to report again.")
+		player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have to wait " .. player:getStorageValue(storage) - os.time() .. " seconds to report again.")
 	end
-	return TRUE
+	return true
 end
--- a/shopsystem/znoteshop.lua
+++ b/shopsystem/znoteshop.lua
@ -2,13 +2,13 @@
 function onSay(cid, words, param)
 	local storage = 54073 -- Make sure to select non-used storage. This is used to prevent SQL load attacks.
 	local cooldown = 15 -- in seconds.
 	local player = Player(cid)
-	if getPlayerStorageValue(cid, storage) <= os.time() then
+	if player:getStorageValue(storage) <= os.time() then
-		setPlayerStorageValue(cid, storage, os.time() + cooldown)
+		player:setStorageValue(storage, os.time() + cooldown)
 		local accid = getAccountNumberByPlayerName(getCreatureName(cid))
 		-- Create the query
-		local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. accid .. " LIMIT 1;")
+		local orderQuery = db.storeQuery("SELECT `id`, `type`, `itemid`, `count` FROM `znote_shop_orders` WHERE `account_id` = " .. player:getAccountId() .. " LIMIT 1;")
 		-- Detect if we got any results
 		if orderQuery ~= false then
@ -22,14 +22,12 @@ function onSay(cid, words, param)
 			-- ORDER TYPE 1 (Regular item shop products)
 			if q_type == 1 then
 				-- Get wheight
-				local playerCap = getPlayerFreeCap(cid)
+				if player:getFreeCapacity() >= ItemType(q_itemid):getWeight(q_count) then
 				local itemweight = getItemWeight(q_itemid, q_count)
 					if playerCap >= itemweight then
 					db.query("DELETE FROM `znote_shop_orders` WHERE `id` = " .. q_id .. ";")
-						doPlayerAddItem(cid, q_itemid, q_count)
+					player:addItem(q_itemid, q_count)
-						doPlayerSendTextMessage(cid, MESSAGE_INFO_DESCR, "Congratulations! You have recieved ".. q_count .." "..getItemName(q_itemid).."(s)!")
+					player:sendTextMessage(MESSAGE_INFO_DESCR, "Congratulations! You have received " .. q_count .. " x " .. ItemType(q_itemid):getName() .. "!")
 				else
-						doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "Need more CAP!")
+					player:sendTextMessage(MESSAGE_STATUS_WARNING, "Need more CAP!")
 				end
 			end
 			-- Add custom order types here
@ -39,11 +37,10 @@ function onSay(cid, words, param)
 			-- if q_type == 4 then
 			-- end
 		else
-			doPlayerSendTextMessage(cid, MESSAGE_STATUS_WARNING, "You have no orders.")
+			player:sendTextMessage(MESSAGE_STATUS_WARNING, "You have no orders.")
 		end
 	else
-		doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every "..cooldown.." seconds. Remaining cooldown: ".. getPlayerStorageValue(cid, storage) - os.time())
+		player:sendTextMessage(MESSAGE_STATUS_CONSOLE_BLUE, "Can only be executed once every " .. cooldown .. " seconds. Remaining cooldown: " .. player:getStorageValue(storage) - os.time())
 	end
 	return false
 end
--- a/admin.php
+++ b/admin.php
@ -50,7 +50,7 @@ if (empty($_POST) === false) {
 			$acc_id = user_character_account_id($_POST['reset_pass']);
 			if ($acc_id != $session_user_id) {
-				if ($config['TFSVersion'] == 'TFS_02') {
+				if ($config['TFSVersion'] == 'TFS_02' || $config['TFSVersion'] == 'TFS_10') {
 					user_change_password($acc_id, $_POST['new_pass']);
 				} else if ($config['TFSVersion'] == 'TFS_03') {
 					user_change_password03($acc_id, $_POST['new_pass']);
--- a/admin_helpdesk.php
+++ b/admin_helpdesk.php
@ -3,35 +3,41 @@ protect_page();
 admin_only($user_data);
 // Declare as int
-$view = (int)$_GET['view'];
+$view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
-if ($view){
+if ($view !== false){
 	if (!empty($_POST['reply_text'])) {
 		sanitize($_POST['reply_text']);
 		// Save ticket reply on database
 		$query = array(
-			'tid'   =>	$_GET['view'],
+			'tid'   =>	$view,
-			'username'=>	$_POST['username'],
+			'username'=>	getValue($_POST['username']),
-			'message' =>	$_POST['reply_text'],
+			'message' =>	getValue($_POST['reply_text']),
 			'created' =>	time(),
 		);
 		//Sanitize array
 		array_walk($query, 'array_sanitize');
 		$fields = '`'. implode('`, `', array_keys($query)) .'`';
 		$data = '\''. implode('\', \'', $query) .'\'';
 	mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
 	mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`=". $_GET['view']);
 		mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
 		mysql_update("UPDATE `znote_tickets` SET `status`='Staff-Reply' WHERE `id`='$view' LIMIT 1;");
 	} else if (!empty($_POST['admin_ticket_close'])) {
 		$ticketId = (int) $_POST['admin_ticket_id'];
 		mysql_update("UPDATE `znote_tickets` SET `status` = 'CLOSED' WHERE `id` ='$ticketId' LIMIT 1;");
 	} else if (!empty($_POST['admin_ticket_open'])) {
 		$ticketId = (int) $_POST['admin_ticket_id'];
 		mysql_update("UPDATE `znote_tickets` SET `status` = 'Open' WHERE `id` ='$ticketId' LIMIT 1;");
 	} else if (!empty($_POST['admin_ticket_delete'])) {
 		$ticketId = (int) $_POST['admin_ticket_id'];
 		mysql_delete("DELETE FROM `znote_tickets` WHERE `id`='$ticketId' LIMIT 1;");
 		header("Location: admin_helpdesk.php");
 	}
-$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
+	$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
 	?>
 	<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
 	<table class="znoteTable ThreadTable table table-striped">
 		<tr class="yellow">
 			<th>
@ -50,9 +56,8 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
 			</td>
 		</tr>
 	</table>
 	<?php
-				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". addslashes((int)$_GET['view']) ."' ORDER BY `created`;");
+	$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
 	if ($replies !== false) {
 		foreach($replies as $reply) {
 			?>
@ -74,32 +79,49 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
 					</td>
 				</tr>
 			</table>
 						<hr class="bighr">
 		<?php
 		}
 	}
 	?>
 	<!-- Open/Close Ticket -->
 	<table class="znoteTable ThreadTable table table-striped">
 		<tr>
 			<td>
 				<form action="" method="post" align="center">
 					<input type="hidden" name="admin_ticket_id" value="<?php echo $ticketData['id']; ?>">
 				<?php if ($ticketData['status'] !== 'CLOSED') { ?>
 					<input type="submit" name="admin_ticket_close" value="Close Ticket" class="btn btn-warning">
 				<?php } else { ?>
 					<input type="submit" name="admin_ticket_open" value="Open Ticket" class="btn btn-success">
 				<?php } ?>
 				</form>
 			</td>
 			<td>
 				<form action="" method="post" align="center" onClick="return confirm('Are you sure you want to delete this ticket?');">
 					<input type="hidden" name="admin_ticket_id" value="<?php echo $ticketData['id']; ?>">
 					<input type="submit" name="admin_ticket_delete" value="Delete Ticket" class="btn btn-danger">
 				</form>
 			</td>
 		</tr>
 	</table>
 	<?php if ($ticketData['status'] !== 'CLOSED') { ?>
 		<hr class="bighr">
 		<form action="" method="post">
 			<input type="hidden" name="username" value="ADMIN"><br>
 			<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
 			<input name="" type="submit" value="Post Reply" class="btn btn-primary">
 		</form>
 	<?php } ?>
 	<?php
 } else {
 	?>
 	<h1>Latest Tickets</h1>
 	<?php
 	$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets ORDER BY creation DESC");
 	if ($tickets !== false) {
 		?>
 		<table>
 			<tr class="yellow">
 				<td>ID:</td>
@ -114,11 +136,12 @@ $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tick
 						echo '<td><a href="admin_helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
 						echo '<td>'. getClock($ticket['creation'], true) .'</td>';
 						echo '<td>'. $ticket['status'] .'</td>';
-		}}
+					echo '</tr>';
 				}
 				?>
 		</table>
 		<?php
 	} else echo 'No helpdesk tickets has been submitted.';
 }
 include 'layout/overall/footer.php';
 ?>
--- a/admin_news.php
+++ b/admin_news.php
@ -41,7 +41,7 @@ if (empty($_POST) === false) {
 			}
 			?>
 			</select>		
-			<input type="text" name="title" value="" placeholder="Title"><br />
+			<input type="text" name="title" value="" placeholder="Title"> [youtube]wK0w0x62PjA[/youtube] <br />
 			<textarea name="text" id="area1" cols="75" rows="10" placeholder="Contents..." style="width: 100%"></textarea><br />
 			<input type="submit" value="Create News">
 		</form>
--- a/admin_reports.php
+++ b/admin_reports.php
@ -41,9 +41,9 @@ if (!empty($_POST)) {
    $customPoints = getValue($_POST['customPoints']);
    $reportId = getValue($_POST['id']);
-    $changelogReportId = &$_POST['changelogReportId'];
+    $changelogReportId = (int)$_POST['changelogReportId'];
    $changelogValue = &$_POST['changelogValue'];
-    $changelogText = &$_POST['changelogText'];
+    $changelogText = getValue($_POST['changelogText']);
    $changelogStatus = ($changelogReportId !== false && $changelogValue === '2' && $changelogText !== false) ? true : false;
    if ($customPoints !== false) $price = (int)($price + $customPoints);
--- a/buypoints.php
+++ b/buypoints.php
@ -43,7 +43,7 @@ if ($paypal['enabled']) {
 				<input type="hidden" name="cancel_return" value="<?php echo $paypal['failed']; ?>">
 				<input type="hidden" name="rm" value="2">
 				<input type="hidden" name="notify_url" value="<?php echo $paypal['ipn']; ?>" />
-				<input type="hidden" name="custom" value="<?php echo (int)$_SESSION['user_id']; ?>">
+				<input type="hidden" name="custom" value="<?php echo (int)$session_user_id; ?>">
 				<input type="submit" value="  PURCHASE  ">
 			</form>
 		</td>
--- a/captcha/examples/display_value.php
+++ b/captcha/examples/display_value.php
@ -1,60 +0,0 @@
 <?php
 /**
 * Display Value Captcha Example
 * 2012-04-18
 * @version 3.2RC2 (April 2012)
 *
 * This example shows how to use the "display_value" option in Securimage which
 * allows the application to define the code that will be displayed on the
 * captcha image.
 *
 * Note: This value is not stored in the session or database!  The display_value
 * parameter would be used by a 3rd party application that uses Securimage only
 * to display captcha images, but generates and manages the codes independently.
 *
 */
 // Set debugging
 error_reporting(E_ALL);
 ini_set('display_errors', 1);
 // Defines Securimage class
 require_once '../securimage.php';
 // Create an array of options to give to Securimage
 // This example sets the captcha text to the current time
 // In order to use the display_value, a captchaId must be supplied so a random one is created
 // Next we set turn off some unnecessary options and set properties of captcha
 // image_width makes the image wide enough to hold the time
 // no_session tells Securimage not to start or use a session to store codes
 // no_exit tells Securimage not to terminate after calling Securimage::show()
 // use_sqlite_db tells Securimage not to use SQLite
 // send_headers tells Securimage not to send HTTP headers for the image; by not
 // sending headers, you can capture the output and save it to file or serve it
 // to the browser
 $options = array('display_value' => date('h:i:s a'),
                 'captchaId'     => sha1(uniqid($_SERVER['REMOTE_ADDR'] . $_SERVER['REMOTE_PORT'])),
                 'image_width'   => 250,
                 'no_session'    => true,
                 'no_exit'       => true,
                 'use_sqlite_db' => false,
                 'send_headers'  => false);
 // construct new Securimage object with the given options
 $img = new Securimage($options);
 // show the image using the supplied display_value
 // this demonstrates how to use output buffering to capture the output
 ob_start();   // start the output buffer
 $img->show(); // output the image so it is captured by the buffer
 $imgBinary = ob_get_contents(); // get contents of the buffer
 ob_end_clean(); // turn off buffering and clear the buffer
 header('Content-Type: image/png');
 header('Content-Length: ' . strlen($imgBinary));
 echo $imgBinary;
--- a/captcha/examples/securimage_show_example.php
+++ b/captcha/examples/securimage_show_example.php
@ -1,65 +0,0 @@
 <?php
 /**
 * Project:     Securimage: A PHP class for creating and managing form CAPTCHA images<br />
 * File:        securimage_show_example.php<br />
 *
 * Copyright (c) 2012, Drew Phillips
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 *
 *  - Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *  - Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * Any modifications to the library should be indicated clearly in the source code
 * to inform users that the changes are not a part of the original software.<br /><br />
 *
 * If you found this script useful, please take a quick moment to rate it.<br />
 * http://www.hotscripts.com/rate/49400.html  Thanks.
 *
 * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
 * @link http://www.phpcaptcha.org/latest.zip Download Latest Version
 * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
 * @copyright 2012 Drew Phillips
 * @author Drew Phillips <drew@drew-phillips.com>
 * @version 3.2RC2 (April 2012)
 * @package Securimage
 *
 */
 require_once '../securimage.php';
 $img = new Securimage();
 //Change some settings
 $img->image_width = 250;
 $img->image_height = 80;
 $img->perturbation = 0.85;
 $img->image_bg_color = new Securimage_Color("#f6f6f6");
 $img->use_transparent_text = true;
 $img->text_transparency_percentage = 30; // 100 = completely transparent
 $img->num_lines = 7;
 $img->line_color = new Securimage_Color("#eaeaea");
 $img->image_signature = 'phpcaptcha.org';
 $img->signature_color = new Securimage_Color(rand(0, 64), rand(64, 128), rand(128, 255));
 $img->use_wordlist = true;
 $img->show('backgrounds/bg3.jpg'); // alternate use:  $img->show('/path/to/background_image.jpg');
--- a/captcha/examples/securimage_show_example2.php
+++ b/captcha/examples/securimage_show_example2.php
@ -1,63 +0,0 @@
 <?php
 /**
 * Project:     Securimage: A PHP class for creating and managing form CAPTCHA images<br />
 * File:        securimage_show_example2.php<br />
 *
 * Copyright (c) 2012, Drew Phillips
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without modification,
 * are permitted provided that the following conditions are met:
 *
 *  - Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *  - Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * Any modifications to the library should be indicated clearly in the source code
 * to inform users that the changes are not a part of the original software.<br /><br />
 *
 * If you found this script useful, please take a quick moment to rate it.<br />
 * http://www.hotscripts.com/rate/49400.html  Thanks.
 *
 * @link http://www.phpcaptcha.org Securimage PHP CAPTCHA
 * @link http://www.phpcaptcha.org/latest.zip Download Latest Version
 * @link http://www.phpcaptcha.org/Securimage_Docs/ Online Documentation
 * @copyright 2012 Drew Phillips
 * @author Drew Phillips <drew@drew-phillips.com>
 * @version 3.2RC2 (April 2012)
 * @package Securimage
 *
 */
 require_once '../securimage.php';
 $img = new Securimage();
 //Change some settings
 $img->image_width     = 280;
 $img->image_height    = 100;
 $img->perturbation    = 0.9;      // high level of distortion
 $img->code_length     = rand(5,6); // random code length
 $img->image_bg_color  = new Securimage_Color("#ffffff");
 $img->num_lines       = 12;
 $img->noise_level     = 5;
 $img->text_color      = new Securimage_Color("#000000");
 $img->noise_color     = $img->text_color;
 $img->line_color      = new Securimage_Color("#cccccc");
 $img->show();
--- a/captcha/examples/static_captcha.php
+++ b/captcha/examples/static_captcha.php
@ -1,98 +0,0 @@
 <?php
 /**
 * Static Captcha Example Script
 * 2012-04-18
 * @version 3.2RC2 (April 2012)
 *
 * The static captcha exposes an easy to use interface that applications can
 * use to generate captcha challenges and validate them by a unique ID.  A
 * captcha image can be associated with an ID and no PHP sessions are required.
 * The captcha ID can be stored in a SQLite database by Securimage.
 *
 * Tip: To give the user a refresh captcha button, use Ajax to request a new ID,
 * update the hidden form input with the new captcha ID, and update the image source
 * to securimage_show.php providing the captcha ID.
 */
 // set debugging
 error_reporting(E_ALL);
 ini_set('display_errors', 1);
 // defines Securimage class
 require_once '../securimage.php';
 // get the captcha ID from the url (if supplied)
 $captchaId = (isset($_GET['id'])) ? $_GET['id'] : '';
 // if the validate option is set
 if (isset($_GET['validate'])) {
    // get the user input of the captcha code
    $input = (isset($_GET['input'])) ? $_GET['input'] : '';
    // call Securimage::checkCaptchaId to validate input
    // returns true if the code and id are a valid pair, false if not
    if (Securimage::checkByCaptchaId($captchaId, $input) == true) {
        echo "<h2>Success</h2>"
            ."<span style='color: #33cc00'>The captcha code entered was correct!</span>"
            ."<br /><br />";
    } else {
        echo "<h2>Incorrect Code</h2>"
            ."<span style='color: #f00'>Incorrect captcha code, try again.</span>"
            ."<br /><br />";
    }
 } else if (isset($_GET['display'])) {
    // display the captcha with the supplied ID from the URL
    // construct options specifying the existing captcha ID
    // also tell securimage not to start a session
    $options = array('captchaId'  => $captchaId,
                     'no_session' => true);
    $captcha = new Securimage($options);
    // show the image, this sends proper HTTP headers
    $captcha->show();
    exit;
 }
 // generate a new captcha ID and challenge
 $captchaId = Securimage::getCaptchaId();
 // output the captcha ID, and a form to validate it
 // the form submits to itself and is validated above
 echo <<<EOD
    <!DOCTYPE html>
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
    <title>Static Captcha Example</title>
    </head>
    <body>
    <h2>Static Captcha Example</h2>
    <div>
      Synopsis:
      <ul>
        <li>Request new captchaId using <em>Securimage::getCaptchaId()</em></li>
        <li>Display form with hidden field containing captchaId</li>
        <li>Display captcha image passing the captchaId to the image</li>
        <li>Validate captcha input against captchaId using <em>Securimage::checkByCaptchaId()</em></li>
      </ul>
    </div>
    <p>&nbsp;</p>
    <div>
      Captcha ID: $captchaId<br /><br />
      <img src="{$_SERVER['PHP_SELF']}?display&amp;id=$captchaId" alt="Captcha Image" /><br />
      <form method="get" action="{$_SERVER['PHP_SELF']}">
        <input type="hidden" name="validate" value="1" />
        <input type="hidden" name="id" value="$captchaId" />
        Enter Code:
        <input type="text" name="input" value="" />
        <input type="submit" name="submit" value="Check Captcha" />
      </form>
    </div>
    </body>
    </html>
 EOD;
--- a/changepassword.php
+++ b/changepassword.php
@ -29,14 +29,12 @@ if (empty($_POST) === false) {
 			$errors[] = 'Your new passwords do not match.';
 		} else if (strlen($_POST['new_password']) < 6) {
 			$errors[] = 'Your new passwords must be at least 6 characters.';
-		} else if (strlen($_POST['new_password']) > 32) {
+		} else if (strlen($_POST['new_password']) > 100) {
-			$errors[] = 'Your new passwords must be less than 33 characters.';
+			$errors[] = 'Your new passwords must be less than 100 characters.';
 		}
 	} else {
 		$errors[] = 'Your current password is incorrect.';
 	}
 	print_r($errors);
 }
 include 'layout/overall/header.php'; ?>
--- a/characterprofile.php
+++ b/characterprofile.php
@ -51,33 +51,47 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) {
 						echo 'Never.';
 					}
-				?></font></li>
+				?></font>
 				</li>
 				<!-- Achievement start -->
-				<?php if ($config['Ach'] == true) { 
+				<?php 
-				foreach ($achievementPoints as $achievement) 
+				if ($config['Ach'] == true) { 
-				{
+					foreach ($achievementPoints as $achievement) {
 						if ($achievement > 0) //if player doesn't have any achievement points it won't echo the line below.
-					echo '<tr><td>Achievement Points</td><td>' .$achievement. '				</td></tr>';
+							echo '<li>Achievement Points: ' .$achievement. '</li>';
 					}
 				}
 				?>
 				<!-- Achievement end -->
-				<?php		$houses = array();
+				<!-- Display house start -->
-			$houses = mysql_select_multi("SELECT `id`, `owner`, `name`, `town_id` FROM `houses` WHERE `owner` = $user_id ;");
+				<?php
 				if ($config['TFSVersion'] !== 'TFS_02') {
 					$townid = ($config['TFSVersion'] === 'TFS_03') ? 'town' : 'town_id';
 					$houses = mysql_select_multi("SELECT `id`, `owner`, `name`, `$townid` AS `town_id` FROM `houses` WHERE `owner` = $user_id;");
 					if ($houses !== false) {
 						$playerlist = array();
-				foreach ($houses as $h)
+						foreach ($houses as $h) {
 							if ($h['owner'] > 0)
 								$playerlist[] = $h['owner'];
-				if ($profile_data['id'] = $h['owner']) { ?>
+							if ($profile_data['id'] = $h['owner']) {
 								?>
 								<li>House: <?php echo $h['name']; ?>, <?php 
 									foreach ($config['towns'] as $key=>$value) {
 										if ($key == $h['town_id']) {
 											echo $value;
 										}
-				} ?></li>
+									}
-				<li><font class="profile_font" name="profile_font_status">Status:</font> <?php }}
+								 ?>
 								</li>
 								<?php
 							}
 						}
 					}
 				}
 				?>
 				<!-- Display house end -->
 				<li><font class="profile_font" name="profile_font_status">Status:</font> <?php
 				if ($config['TFSVersion'] == 'TFS_10') {
 					if ($profile_data['online']) {
 						echo '<font class="profile_font" name="profile_font_online" color="green"><b>ONLINE</b></font>';
@ -91,11 +105,12 @@ if (isset($_GET['name']) === true && empty($_GET['name']) === false) {
 						echo '<font class="profile_font" name="profile_font_online" color="red"><b>OFFLINE</b></font>';
 					}
 				}
-					?></li>
+				?>
 				</li>
 				<li><font class="profile_font" name="profile_font_created">Created: <?php echo getClock($profile_znote_data['created'], true); ?></font></li>
 				<li><font class="profile_font" name="profile_font_comment">Comment:</font> <br><textarea name="profile_comment_textarea" cols="70" rows="10" readonly="readonly" class="span12"><?php echo $profile_znote_data['comment']; ?></textarea></li>
 <!-- Achievements start -->
-<?php if ($config['Ach'] == true) { ?>			
+<?php if ($config['Ach']) { ?>			
 	<h3 class="header-ok">Achievements</h3>
 	<div id="accordion">
 		<h3>Show/hide player achievements</h3>
@ -110,25 +125,26 @@ margin-left:0px;
 						<?php
 						foreach ($config['achievements'] as $key => $achiv) {
 							$uery = mysql_select_single("SELECT `player_id`, `value`, `key` FROM `player_storage` WHERE `player_id`='$user_id' AND `key`='$key' LIMIT 1;");
-	foreach ($uery as $luery) 
+							if (!empty($uery) || $uery !== false) {
-		if (($luery) == $key)
+								foreach ($uery as $luery) {
-		{
+									if ($luery == $key) {
-			if (!array_key_exists(($achiv), $config['achievements'])) {
+										if (!array_key_exists($key, $achiv)) {
 											echo '<tr><td width="17%">' .$achiv[0]. '</td><td>' .$achiv[1]. '</td>';
-			if ($achiv['secret'] == true) {
+											if (!isset($achiv['secret'])) {
 												echo '<td><img id="secondD" src="http://img04.imgland.net/PuMz0mVqSG.gif"></td>';
 			echo '<td>'. $achiv['points'] .'</td>';
 				} else {
 			echo '<td></td><td>'. $achiv['points'] .'</td>';	
 											}
 											echo '<td>'. $achiv['points'] .'</td>';
 											echo '<tr>';
 										}
 									}
 								}
 							}
 						}
 						?>
 				</tbody>
 			</table>
-</div></div>
+		</div>
 	</div>
 <br>
 <?php } ?>
 	<!-- Achievements end -->
--- a/config.php
+++ b/config.php
@ -123,7 +123,6 @@
 	'points' => '1', //points
 	'img' => 'http://www.tibia-wiki.net/images/Dragon.gif', //img link or folder (example)> 'images/dragon.png'
 	),
 	35001 => array(
 	'Uniwheel',
 	'You\'re probably one of the very few people with this classic and unique ride, hope it doesn\'t break anytime soon.', //comment
@ -131,7 +130,6 @@
 	'img' => 'http://img1.wikia.nocookie.net/__cb20140214234600/tibia/en/images/e/e5/Uniwheel.gif', //img link or folder (example)> 'images/dragon.png'
 	'secret' => true
 	),
 	30001 => array(
 	'Allow Cookies?', 
 	'With a perfectly harmless smile you fooled all of those wicecrackers into eating your exploding cookies. Consider a boy or girl scout outfit next time to make the trick even better.', 
@ -255,8 +253,6 @@
 		'limit' => 20, //Number of players that it will show.
 	);
 	// Vocation ids and names.
 	$config['vocations'] = array(
 		0 => 'No vocation',
@ -346,7 +342,7 @@
 	);
 	$config['war_status'] = array(
-		0 => 'Pending..',
+		0 => 'Pending',
 		1 => 'Accepted',
 		2 => 'Rejected',
 		3 => 'Cancelled',
@ -461,7 +457,7 @@
 	// What client version and server port are you using on this OT?
 	// Used for the Downloads page.
-	$config['client'] = 1037; // 954 = tibia 9.54
+	$config['client'] = 1041; // 954 = tibia 9.54
 	 // Download link to client. Recommended:
 	 // Select download link from remere map editor website!
@ -517,6 +513,23 @@
 	$config['api'] = array(
 		'debug' => false,
 	);
 	// Email Server configurations (SMTP)
 	/* Download PHPMailer: https://github.com/PHPMailer/PHPMailer/archive/master.zip
 		Extract to Znote AAC directory (where this config.php file is located)
 		Rename the folder to "PHPMailer". Then configure this with your SMTP mail settings from your email provider.
 	*/
 	$config['mailserver'] = array(
 		'register' => false, // Send activation mail
 		'accountRecovery' => false, // Recover username or password through mail
 		'host' => "mailserver.znote.eu", // Outgoing mail server host.
 		'securityType' => 'ssl', // ssl or tls
 		'port' => 465, // SMTP port number - likely to be 465(ssl) or 587(tls)
 		'username' => 'noreply@znote.eu', // Likely the email address
 		'password' => 'emailpassword', // The password.
 		'debug' => false, // Enable debugging if you have problems and are looking for errors.
 		'fromName' => $config['site_title'],
 	);
 	// Use Znote's External Open Tibia Services Server
 	// Currently in Alpha and is pretty useless, but will contain paypal blacklist etc in future.
 	// You can use the official server: http://zeotss.znote.eu/
@ -549,7 +562,7 @@
 	// BAN STUFF - Don't touch this unless you know what you are doing.
 	// You can order the lines the way you want, from top to bot, in which order you
-	// wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion.
+	// wish for them to be displayed in admin panel. Just make sure key[#] represent your description.
 	$config['ban_type'] = array(
 		4 => 'NOTATION_ACCOUNT',
 		2 => 'NAMELOCK_PLAYER',
@ -560,7 +573,7 @@
 	// BAN STUFF - Don't touch this unless you know what you are doing.
 	// You can order the lines the way you want, from top to bot, in which order you
-	// wish for them to be displayed in admin panel. Just make sure key[#] represent your describtion.
+	// wish for them to be displayed in admin panel. Just make sure key[#] represent your description.
 	$config['ban_action'] = array(
 		0 => 'Notation',
 		1 => 'Name Report',
@ -600,7 +613,7 @@
 	// BAN STUFF
 	// Ban time duration selection in admin panel
-	// seconds => describtion
+	// seconds => description
 	$config['ban_time'] = array(
 		3600 => '1 hour',
 		21600 => '6 hours',
@ -612,13 +625,15 @@
 		2592000 => '1 month',
 	);
 		// --------------- \\
 		// SECURITY STUFF  \\
 		// --------------- \\
 	$config['use_token'] = false;
 	$config['use_captcha'] = false;
 	// Session prefix, if you are hosting multiple sites, make the session name different to avoid conflict.
 	$config['session_prefix'] = 'znote_';
 	/*	Store visitor data
 		Store visitor data in the database, logging every IP visitng site, 
 		and how many times they have visited the site. And sometimes what
@ -631,7 +646,6 @@
 		if table never gets flushed once in a while. So I highly recommend you
 		to configure flush_ip_logs if IPs are logged.
 	*/
 	$config['log_ip'] = false;
 	// Flush IP logs each configured seconds, 60 * 15 = 15 minutes.
@ -732,7 +746,7 @@
 			'type' => 1, // 1 = item id offers, 2 = premium days [itemid ignored], 3 = sex change[itemid & count ignored], 4+ = custom.
 			'itemid' => 2160, // item to get in-game
 			'count' => 5, //if type is 2, this represents premium days
-			'describtion' => "Crystal coin.", // Describtion shown on website
+			'description' => "Crystal coin.", // Description shown on website
 			'points' => 100, // How many points this offer costs
 		),
@ -741,7 +755,7 @@
 			'type' => 1,
 			'itemid' => 2392,
 			'count' => 1,
-			'describtion' => "Fire sword.",
+			'description' => "Fire sword.",
 			'points' => 10,
 		),
@ -750,7 +764,7 @@
 			'type' => 2,
 			'itemid' => 12466, // Item to display on page
 			'count' => 7,
-			'describtion' => "Premium membership.",
+			'description' => "Premium membership.",
 			'points' => 25,
 		),
@ -759,21 +773,21 @@
 			'type' => 3,
 			'itemid' => 12666,
 			'count' => 3,
-			'describtion' => "Change character gender.",
+			'description' => "Change character gender.",
 			'points' => 10,
 		),
 		5 => array(
 			'type' => 3,
 			'itemid' => 12666,
 			'count' => 0,
-			'describtion' => "Change character gender.",
+			'description' => "Change character gender.",
 			'points' => 20,
 		),
 		5 => array(
 			'type' => 4,
 			'itemid' => 12666,
 			'count' => 1,
-			'describtion' => "Change character name.",
+			'description' => "Change character name.",
 			'points' => 20,
 		),
 	);
--- a/createcharacter.php
+++ b/createcharacter.php
@ -28,7 +28,7 @@ if (empty($_POST) === false) {
 				$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
 			}
 			if (strlen($_POST['name']) < $config['minL'] || strlen($_POST['name']) > $config['maxL']) {
-				$errors[] = 'Your character name must be between 4 - 20 characters long.';
+				$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
 			}
 			// name restriction
 			$resname = explode(" ", $_POST['name']);
--- a/engine/database/connect.php
+++ b/engine/database/connect.php
@ -30,6 +30,8 @@ CREATE TABLE IF NOT EXISTS `znote_accounts` (
  `created` int(10) NOT NULL,
  `points` int(10) DEFAULT 0,
  `cooldown` int(10) DEFAULT 0,
  `active` tinyint(4) NOT NULL DEFAULT '0',
  `activekey` int(11) NOT NULL,
  PRIMARY KEY (`id`)
 ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
@ -121,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `znote_shop` (
  `type` int(11) NOT NULL,
  `itemid` int(11) DEFAULT NULL,
  `count` int(11) NOT NULL DEFAULT '1',
-  `describtion` varchar(255) NOT NULL,
+  `description` varchar(255) NOT NULL,
  `points` int(11) NOT NULL DEFAULT '10',
  PRIMARY KEY (`id`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
--- a/engine/function/general.php
+++ b/engine/function/general.php
@ -1,4 +1,12 @@
 <?php
 function setSession($key, $data) {
 	global $sessionPrefix;
 	$_SESSION[$sessionPrefix.$key] = $data;
 }
 function getSession($key) {
 	global $sessionPrefix;
 	return (isset($_SESSION[$sessionPrefix.$key])) ? $_SESSION[$sessionPrefix.$key] : false;
 }
 // Fetch and sanitize POST and GET values
 function getValue($value) {
 	return (!empty($value)) ? sanitize($value) : false;
@ -152,7 +160,7 @@ function znote_visitor_insert_detailed_data($type) {
 	$time = time();
 	$ip = ip2long(getIP());
 	if (user_logged_in()) {
-		$acc = $_SESSION['user_id'];
+		$acc = (int)getSession('user_id');
 		mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '$acc')");
 	} else mysql_insert("INSERT INTO `znote_visitors_details` (`ip`, `time`, `type`, `account_id`) VALUES ('$ip', '$time', '$type', '0')");
 }
@ -495,7 +503,7 @@ function check_image($image) {
 // Check guild logo
 function logo_exists($guild) {
-
+	$guild = sanitize($guild);
 	if (file_exists('engine/guildimg/'.$guild.'.gif')) {
 		echo'engine/guildimg/'.$guild.'.gif';
--- a/engine/function/mail.php
+++ b/engine/function/mail.php
@ -0,0 +1,93 @@
 <?php
 class Mail {
 	protected $_config = false;
 	/**
 	 * @param  array $config
 	 * @access public
 	 * @return void
 	**/
 	public function __construct($config) {
 		$this->_config = $config;
 	}
 	/**
 	 * Sets the cache expiration limit (IMPORTANT NOTE: seconds, NOT ms!).
 	 *
 	 * @param  string $to, string $title, string $text, string $accname
 	 * @access public
 	 * @return boolean
 	**/
 	public function sendMail($to, $title, $text, $accname = '') {
 		//SMTP needs accurate times, and the PHP time zone MUST be set
 		//This should be done in your php.ini, but this is how to do it if you don't have access to that
 		//date_default_timezone_set('Etc/UTC');
 		require 'PHPMailer/PHPMailerAutoload.php';
 		//Create a new PHPMailer instance
 		$mail = new PHPMailer();
 		//Tell PHPMailer to use SMTP
 		$mail->isSMTP();
 		//Enable SMTP debugging
 		// 0 = off (for production use)
 		// 1 = client messages
 		// 2 = client and server messages
 		$mail->SMTPDebug = ($this->_config['debug']) ? 2 : 0;
 		//Ask for HTML-friendly debug output
 		$mail->Debugoutput = 'html';
 		//Set the hostname of the mail server
 		$mail->Host = $this->_config['host'];
 		//Set the SMTP port number - likely to be 25, 465 or 587
 		$mail->Port = $this->_config['port'];
 		//Whether to use SMTP authentication
 		$mail->SMTPAuth = true;
 		$mail->SMTPSecure = $this->_config['securityType'];
 		//Username to use for SMTP authentication
 		$mail->Username = $this->_config['username'];
 		//Password to use for SMTP authentication
 		$mail->Password = $this->_config['password'];
 		//Set who the message is to be sent from
 		$mail->setFrom($this->_config['username'], $this->_config['fromName']);
 		//Set who the message is to be sent to
 		$mail->addAddress($to, $accname);
 		//Set the subject line
 		$mail->Subject = $title;
 		// Body
 		$mail->Body = $text;
 		// Convert HTML -> plain for legacy mail recievers
 		// Create new lines instead of <br> html tags.
 		$text = str_replace("<br>", "\n", $text);
 		$text = str_replace("<br\>", "\n", $text);
 		$text = str_replace("<br \>", "\n", $text);
 		// Then get rid of the rest of the html tags.
 		$text = strip_tags($text);
 		//Replace the plain text body with one created manually
 		$mail->AltBody = $text;
 		//send the message, check for errors
 		$status = false;
 		if (!$mail->send()) {
 		    echo "Mailer Error: " . $mail->ErrorInfo;
 		    exit();
 		} else {
 		    $status = true;
 		}
 		return $status;
 	}
 }
--- a/engine/function/users.php
+++ b/engine/function/users.php
@ -241,7 +241,7 @@ function shop_account_gender_tickets($accid) {
 //
 function guild_remove_member($cid) {
 	$cid = (int)$cid;
-	mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid");
+	mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid");
 }
 function guild_remove_member_10($cid) {
 	$cid = (int)$cid;
@ -330,7 +330,7 @@ function guild_delete($gid) {
 // Player leave guild
 function guild_player_leave($cid) {
 	$cid = (int)$cid;
-	mysql_update("UPDATE `players` SET `rank_id`='0' WHERE `id`=$cid LIMIT 1;");
+	mysql_update("UPDATE `players` SET `rank_id`='0', `guildnick`= NULL WHERE `id`=$cid LIMIT 1;");
 }
 function guild_player_leave_10($cid) {
 	$cid = (int)$cid;
@ -409,6 +409,27 @@ function update_player_guild_position_10($cid, $rid) {
 	mysql_update("UPDATE `guild_membership` SET `rank_id`='$rid' WHERE `player_id`=$cid");
 }
 // Update player's guild nick
 function update_player_guildnick($cid, $nick) {
    $cid = (int)$cid;
    $nick = sanitize($nick);
    if (!empty($nick)) { 
    mysql_update("UPDATE `players` SET `guildnick`='$nick' WHERE `id`=$cid");
    } else {
    mysql_update("UPDATE `players` SET `guildnick`= NULL WHERE `id`=$cid");
    }
 }
 function update_player_guildnick_10($cid, $nick) {
    $cid = (int)$cid;
    $nick = sanitize($nick);
    if (!empty($nick)) { 
    mysql_update("UPDATE `guild_membership` SET `nick`='$nick' WHERE `player_id`=$cid");
    } else {
    mysql_update("UPDATE `guild_membership` SET `nick`= NULL WHERE `player_id`=$cid");
    }
 }
 // Get guild data, using guild id.
 function get_guild_rank_data($gid) {
 	$gid = (int)$gid;
@ -422,7 +443,7 @@ function create_guild($cid, $name) {
 	$time = time();
 	// Create the guild
-	mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', 'The guild has been created!');");
+	mysql_insert("INSERT INTO `guilds` (`name`, `ownerid`, `creationdata`, `motd`) VALUES ('$name', '$cid', '$time', '');");
 	// Get guild id
 	$gid = get_guild_id($name);
@ -505,8 +526,23 @@ function get_guilds_list() {
 // Get array of player data related to a guild.
 function get_guild_players($gid) {
    $gid = (int)$gid; // Sanitizing the parameter id
-    if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;");
+    if (config('TFSVersion') !== 'TFS_10') return mysql_select_multi("SELECT p.rank_id, p.name, p.level, p.guildnick, p.vocation, p.online, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid' ORDER BY gr.id, p.name;");
-    else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name");
+    else return mysql_select_multi("SELECT p.id, p.name, p.level, p.vocation, gm.rank_id, gm.nick AS `guildnick`, gr.name AS `rank_name` FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id LEFT JOIN guild_ranks AS gr ON gr.id = gm.rank_id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name");
 }
 // Get guild level data (avg level, total level, count of players)
 function get_guild_level_data($gid) {
 	$gid = (int)$gid;
 	$data = (config('TFSVersion') !== 'TFS_10') ? mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id ='$gid';") : mysql_select_multi("SELECT p.level FROM players AS p LEFT JOIN guild_membership AS gm ON gm.player_id = p.id WHERE gm.guild_id = '$gid' ORDER BY gm.rank_id, p.name;");
 	$members = 0;
 	$totallevels = 0;
 	if ($data !== false) {
 		foreach ($data as $player) {
 			$members++;
 			$totallevels += $player['level'];
 		}
 		return array('avg' => (int)($totallevels / $members), 'total' => $totallevels, 'players' => $members);
 	} else return false;
 }
 // Returns total members in a guild (integer)
@ -772,7 +808,7 @@ function user_delete_character_soft($char_id) {
 	$char_name = user_character_name($char_id);
 	$original_acc_id = user_character_account_id($char_name);
 	if(!user_character_pending_delete($char_name))
-		mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . Config('delete_character_interval') . '), 0)');
+		mysql_insert('INSERT INTO `znote_deleted_characters`(`original_account_id`, `character_name`, `time`, `done`) VALUES(' . $original_acc_id . ', "' . $char_name . '", (NOW() + INTERVAL ' . config('delete_character_interval') . '), 0)');
 	else
 		return false;
 }
@ -994,7 +1030,7 @@ function user_update_account($update_data) {
 		$update[] = '`'. $field .'` = \''. $data .'\'';
 	}
-	$user_id = sanitize($_SESSION['user_id']);
+	$user_id = (int)getSession('user_id');
 	mysql_update("UPDATE `accounts` SET ". implode(', ', $update) ." WHERE `id`=". $user_id .";");
 }
@ -1008,7 +1044,7 @@ function user_update_znote_account($update_data) {
 		$update[] = '`'. $field .'` = \''. $data .'\'';
 	}
-	$user_id = sanitize($_SESSION['user_id']);
+	$user_id = (int)getSession('user_id');
 	mysql_update("UPDATE `znote_accounts` SET ". implode(', ', $update) ." WHERE `account_id`=". $user_id .";");
 }
@ -1042,7 +1078,7 @@ function user_character_set_hide($char_id, $value) {
 }
 // CREATE ACCOUNT
-function user_create_account($register_data) {
+function user_create_account($register_data, $maildata) {
 	array_walk($register_data, 'array_sanitize');
 	if (config('TFSVersion') == 'TFS_03' && config('salt') === true) {
@ -1064,10 +1100,25 @@ function user_create_account($register_data) {
 	mysql_insert("INSERT INTO `accounts` ($fields) VALUES ($data)");
 	$account_id = user_id($register_data['name']);
-	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$account_id', '$ip', '$created')");
+	$activeKey = rand(100000000,999999999);
 	mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`, `activekey`) VALUES ('$account_id', '$ip', '$created', '$activeKey')");
-	//TO-DO: mail server and verification.
+	if ($maildata['register']) {
-	// http://www.web-development-blog.com/archives/send-e-mail-messages-via-smtp-with-phpmailer-and-gmail/
+
 		$thisurl = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
 		$thisurl .= "?authenticate&u=".$account_id."&k=".$activeKey;
 		$mailer = new Mail($maildata);
 		$title = "Please authenticate your account at $_SERVER[HTTP_HOST].";
 		$body = "<h1>Please click on the following link to authenticate your account:</h1>";
 		$body .= "<p><a href='$thisurl'>$thisurl</a></p>";
 		$body .= "<p>Thank you for registering and enjoy your stay at $maildata[fromName].</p>";
 		$body .= "<hr><p>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
 		$mailer->sendMail($register_data['email'], $title, $body, $register_data['name']);
 	}
 }
 // CREATE CHARACTER
@ -1197,7 +1248,7 @@ function user_count_accounts() {
 */
 function user_character_data($user_id) {
 	$data = array();
-	$user_id = sanitize($user_id);
+	$user_id = (int)$user_id;
 	$func_num_args = func_num_args();
 	$func_get_args = func_get_args();
 	if ($func_num_args > 1)  {
@ -1449,7 +1500,7 @@ function user_login_03($username, $password) {
 // Verify that user is logged in
 function user_logged_in() {
-	return (isset($_SESSION['user_id'])) ? true : false;
+	return (getSession('user_id') !== false) ? true : false;
 }
 function guild_war_invitation($cid, $gid) {
--- a/engine/init.php
+++ b/engine/init.php
@ -1,7 +1,4 @@
-<?php
+<?php if (version_compare(phpversion(), '5.3.3', '<')) die('PHP version 5.3.3 or higher is required.');
 // Verify the PHP version, gives tutorial if fail.
 if (version_compare(phpversion(), '5.3.3', '<')) die('PHP 5.3.3 is required<br><br>WINDOWS:<br>Download and use the latest Uniform Server.<br><a href="http://www.uniformserver.com/">CLICK ME</a> to get to their website. <br> XAMPP sucks and is insecure. Kthxbye.<br><br>LINUX DEBIAN:<br>Edit /etc/apt/sources.list<br>etc if you use nano text editor, make sure you are root and do<br>nano /etc/apt/sources.list<br><br>At the bottom, add this:<br><br>deb http://packages.dotdeb.org stable all<br>deb-src http://packages.dotdeb.org stable all<br><br>save file. <br><br>Then in terminal, do these 2 commands:<br>gpg --keyserver keys.gnupg.net --recv-key 89DF5277<br><br>gpg -a --export 89DF5277 | sudo apt-key add -<br><br>And then do these 2 commands:<br><br>apt-get update<br>apt-get upgrade<br><br>You now have the latest stable PHP version.<br>');
 $time = time();
 $version = '1.5_SVN';
@ -11,34 +8,33 @@ $accQueriesData = array();
 session_start();
 ob_start();
-require 'config.php';
+require_once 'config.php';
 $sessionPrefix = $config['session_prefix'];
 if ($config['paypal']['enabled'] || $config['zeotss']['enabled']) {
 	$curlcheck = function_exists('curl_version') ? true : false;
 	if (!$curlcheck) die("php cURL is not enabled. It is required to for paypal and ZEOTSS services.<br>1. Find your php.ini file.<br>2. Uncomment extension=php_curl<br>Restart web server.<br><br><b>If you don't want this then disable zeotss and paypal in config.php.</b>");
 }
-require 'database/connect.php';
+require_once 'database/connect.php';
-require 'function/general.php';
+require_once 'function/general.php';
-require 'function/users.php';
+require_once 'function/users.php';
-require 'function/cache.php';
+require_once 'function/cache.php';
-require 'function/token.php';
+require_once 'function/mail.php';
-require 'function/itemparser/itemlistparser.php';
+require_once 'function/token.php';
 require_once 'function/itemparser/itemlistparser.php';
 if (isset($_SESSION['token'])) {
 	$_SESSION['old_token'] = $_SESSION['token'];
 	//var_dump($_SESSION['old_token'], $_SESSION['token']);
 }
 Token::generate();
 if (user_logged_in() === true) {
-	$session_user_id = $_SESSION['user_id'];
+	$session_user_id = getSession('user_id');
 	$user_data = user_data($session_user_id, 'id', 'name', 'password', 'email', 'premdays');
 	$user_znote_data = user_znote_account_data($session_user_id, 'ip', 'created', 'points', 'cooldown');
 }
 $errors = array();
 // Log IP
 if ($config['log_ip']) {
 	$visitor_config = $config['ip_security'];
@ -113,4 +109,31 @@ if ($config['log_ip']) {
 	//var_dump($v_activity, $v_register, $v_highscore, $v_c_char, $v_s_char, $v_form);
 	//echo ' <--- IP logging activity past 10 seconds.';
 }
 // Sub page override system
 if ($config['allowSubPages']) {
 	require_once 'layout/sub.php';
 	$filename = explode('/', $_SERVER['PHP_SELF']);
 	$filename = $filename[count($filename)-1];
 	if (isset($subpages) && !empty($subpages)) {
 		foreach ($subpages as $page) {
 			if ($page['override'] && $page['file'] === $filename) {
 				require_once 'layout/overall/header.php';
 				require_once 'layout/sub/'.$page['file'];
 				require_once 'layout/overall/footer.php';
 				exit;
 			}
 		}
 	} else {
 		?>
 		<div style="background-color: white; padding: 20px; width: 100%; float:left;">
 			<h2 style="color: black;">Old layout!</h2>
 			<p style="color: black;">The layout is running an outdated sub system which is not compatible with this version of Znote AAC.</p>
 			<p style="color: black;">The file /layout/sub.php is outdated.
 			<br>Please update it to look like <a style="color: orange;" target="_BLANK" href="https://github.com/Znote/ZnoteAAC/blob/master/layout/sub.php">THIS.</a>
 			</p>
 		</div>
 		<?php
 	}
 }
 ?>
--- a/forum.php
+++ b/forum.php
@ -23,6 +23,7 @@ function TransformToBBCode($string) {
 		'[link={$1}]{$2}[/link]'   => '<a href="$1" target="_BLANK">$2</a>',
 		'[color={$1}]{$2}[/color]' => '<font color="$1">$2</font>',
 		'[*]{$1}[/*]' => '<li>$1</li>',
 		'[youtube]{$1}[/youtube]' => '<div class="youtube"><div class="aspectratio"><iframe src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe></div></div>',
 	);
 	foreach ($tags as $tag => $value) {
--- a/gallery.php
+++ b/gallery.php
@ -9,7 +9,7 @@ if ($logged_in === true) {
 		<form action="" method="post">
 			Image URL:<br /><input type="text" name="image" size="70"><br />
 			Image Title:<br /><input type="text" name="title" size="70"><br />
-			Image Describtion:<br /><textarea name="desc" cols="55" rows="15"></textarea><br />
+			Image Description:<br /><textarea name="desc" cols="55" rows="15"></textarea><br />
 			<input type="submit" name="Submit" value="Post Image Article">
 		</form>
 		<?php
@ -101,5 +101,5 @@ echo $url;
 $url = explode("!", $url);
 <a href="<?php echo 'http://'. $url[0] .'.imgland.net/'. $url[1] .'.'. $url[2]; ?>"><img src="<?php echo 'http://'. $url[0] .'.imgland.net/'. $url[1] .'.'. $url[2]; ?>" width="650"/></a>
 echo time();
-//insertImage(2, "Yaay!", "Super describtion!", "1!pxpmul!jpg");
+//insertImage(2, "Yaay!", "Super description!", "1!pxpmul!jpg");
 */?>
--- a/guilds.php
+++ b/guilds.php
@ -1,6 +1,26 @@
 <?php require_once 'engine/init.php';
 if ($config['require_login']['guilds']) protect_page();
 $isOtx = ($config['CustomVersion'] == 'OTX') ? true : false;
 function guild_list($TFSVersion) {
 	$cache = new Cache('engine/cache/guildlist');
 	if ($cache->hasExpired()) {
 		if ($TFSVersion != 'TFS_10') $guilds = mysql_select_multi("SELECT `t`.`id`, `t`.`name`, `t`.`creationdata`, `motd`, (SELECT count(p.rank_id) FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id =`t`.`id`) AS `total` FROM `guilds` as `t` ORDER BY `t`.`name`;");
 		else $guilds = mysql_select_multi("SELECT `id`, `name`, `creationdata`, `motd`, (SELECT COUNT('guild_id') FROM `guild_membership` WHERE `guild_id`=`id`) AS `total` FROM `guilds` ORDER BY `name`;");
 		// Add level data info to guilds
 		if ($guilds !== false) 
 			for ($i = 0; $i < count($guilds); $i++) 
 				$guilds[$i]['level'] = get_guild_level_data($guilds[$i]['id']);
 		$cache->setContent($guilds);
 		$cache->save();
 	} else {
 		$guilds = $cache->load();
 	}
 	return $guilds;
 }
 include 'layout/overall/header.php';
 if (user_logged_in() === true) {
@ -21,31 +41,42 @@ if (user_logged_in() === true) {
 if (empty($_GET['name'])) {
 // Display the guild list
 ?>
 <h1>Guild List:</h1>
 <?php
 //data_dump($guild, false, "guild data");
 if ($config['TFSVersion'] != 'TFS_10') $guilds = mysql_select_multi("SELECT `t`.`id`, `t`.`name`, `t`.`creationdata`, (SELECT count(p.rank_id) FROM players AS p LEFT JOIN guild_ranks AS gr ON gr.id = p.rank_id WHERE gr.guild_id =`t`.`id`) AS `total` FROM `guilds` as `t` ORDER BY `t`.`name`;");
 else $guilds = mysql_select_multi("SELECT `id`, `name`, `creationdata`, (SELECT COUNT('guild_id') FROM `guild_membership` WHERE `guild_id`=`id`) AS `total` FROM `guilds` ORDER BY `name`;");
-if ($guilds !== false) {
+$guilds = guild_list($config['TFSVersion']);
 if (isset($guilds) && !empty($guilds) && $guilds !== false) {
 	//data_dump($guilds, false, "Guilds");
 ?>
 <table id="guildsTable" class="table table-striped table-hover">
 	<tr class="yellow">
-		<th>Guild name:</th>
+		<th>Logo</th>
-		<th>Members:</th>
+		<th>Description</th>
-		<th>Founded:</th>
+		<th>Guild data</th>
 		<!-- <th>Founded:</th> -->
 	</tr>
 		<?php
 		foreach ($guilds as $guild) {
 			if ($guild['total'] >= 1) {
 				$url = url("guilds.php?name=". $guild['name']);
-				echo '<tr class="special" onclick="javascript:window.location.href=\'' . $url . '\'">';
+				?>
-				echo '<td>'. $guild['name'] .'</td>';
+				<tr class="special" onclick="javascript:window.location.href='<?php echo $url; ?>'">
-				echo '<td>'. $guild['total'] .'</td>';
+					<td style="width: 100px;">
-				echo '<td>'. getClock($guild['creationdata'], true) .'</td>';
+						<img style="max-height: 100px; margin: auto; display: block;" src="<?php logo_exists($guild['name']); ?>">
-				echo '</tr>';
+					</td>
 					<td>
 						<b><?php echo $guild['name']; ?></b>
 						<?php if (strlen($guild['motd']) > 0) echo '<br>'.$guild['motd']; ?>
 					</td>
 					<td>
 						<?php echo "Total members: ".$guild['level']['players']; ?>
 						<br><?php echo "Average level: ".$guild['level']['avg'].""; ?>
 						<br><?php echo "Guild level: ".$guild['level']['total']; ?>
 					</td>
 				</tr>
 				<?php
 				//echo '<td>'. getClock($guild['creationdata'], true) .'</td>';
 			}
 		}
 		?>
@ -87,6 +118,8 @@ if (user_logged_in() === true) {
 								$gid = get_guild_id($guildname);
 								if ($gid === false) {
 									create_guild($user_id, $guildname);
 									// Re-cache the guild list
 									$guilds = guild_list($config['TFSVersion']);
 									header('Location: success.php');
 									exit();
 								} else echo 'A guild with that name already exist.';
@ -176,7 +209,7 @@ if (user_logged_in() === true) {
 	<?php echo (isset($_GET['error'])) ? "<font size='5' color='red'>".sanitize($_GET['error'])."</font><br><br>" : ""; ?>
 	<?php if ($config['use_guild_logos']): ?>
 	<div id="guildImageDiv" style="float: left; margin-right: 10px;">
-		<img style="max-width: 100px; max-height: 100px;" src="<?php logo_exists(sanitize($_GET['name'])); ?>"></img>
+		<img style="max-width: 100px; max-height: 100px;" src="<?php logo_exists(sanitize($_GET['name'])); ?>">
 	</div>
 	<?php endif; ?>
 	<div id="guildDescription">
@ -206,13 +239,19 @@ if (user_logged_in() === true) {
 			}
 		}
 		//data_dump($players, false, "Data");
 		$rankName = '';
 		foreach ($players as $player) {
 			if ($config['TFSVersion'] !== 'TFS_10') {
 				$chardata['online'] = $player['online'];
 			} else $chardata['online'] = (in_array($player['id'], $onlinelist)) ? 1 : 0;
 			echo '<tr>';
-			echo '<td>'. $player['rank_name'] .'</td>';
+			echo '<td>' . ($rankName !== $player['rank_name'] ? $player['rank_name'] : '') . '</td>';
-			echo '<td><a href="characterprofile.php?name='. $player['name'] .'">'. $player['name'] .'</a></td>';
+			$rankName = $player['rank_name'];
 			echo '<td><a href="characterprofile.php?name='. $player['name'] .'">'. $player['name'] .'</a>';
 			if (!empty($player['guildnick'])) {
 				echo ' ('. $player['guildnick'] .')';
 			}
 			echo '</td>';
 			echo '<td>'. $player['level'] .'</td>';
 			echo '<td>'. $config['vocations'][$player['vocation']] .'</td>';
 			if ($chardata['online'] == 1) echo '<td> <b><font color="green"> Online </font></b></td>';
@ -341,6 +380,26 @@ if (user_logged_in() === true) {
 if ($highest_access >= 2) {
 	// Guild leader stuff
 	// Change Guild Nick
 	if (!empty($_POST['player_guildnick'])) {
 		$p_cid = user_character_id($_POST['player_guildnick']);
 		$p_guild = get_player_guild_data($p_cid);
 		if (preg_match("/^[a-zA-Z_ ]+$/", $_POST['guildnick']) || empty($_POST['guildnick'])) { 
 			// Only allow normal symbols as guild nick
 			$p_nick = sanitize($_POST['guildnick']);
 			if ($p_guild['guild_id'] == $gid) {
 				if ($config['TFSVersion'] !== 'TFS_10') $chardata = user_character_data($p_cid, 'online');
 				else $chardata['online'] = (user_is_online_10($p_cid)) ? 1 : 0;
 				if ($chardata['online'] == 0) {
 					if ($config['TFSVersion'] !== 'TFS_10') update_player_guildnick($p_cid, $p_nick);
 					else update_player_guildnick_10($p_cid, $p_nick);
 					header('Location: guilds.php?name='. $_GET['name']);
 					exit();
 				} else echo '<font color="red" size="4">Character not offline.</font>';
 			}       
 		} else echo '<font color="red" size="4">Character guild nick may only contain a-z, A-Z and spaces.</font>';
 	}
 	// Promote character to guild position
 	if (!empty($_POST['promote_character']) && !empty($_POST['promote_position'])) {
 		// Verify that promoted character is from this guild.
@ -617,6 +676,33 @@ if ($highest_access >= 2) {
 				</li>
 			</ul>
 		</form>
 		<!-- FORMS TO CHANGE GUILD NICK -->
 		<form action="" method="post">
 			<ul>
 				<li>
 					Change Guild Nick:<br>
 					<select name="player_guildnick">
 					<?php
 					//$gid = get_guild_id($_GET['name']);
 					//$players = get_guild_players($gid);
 					foreach ($players as $player) {
 						$pl_data = get_player_guild_data(user_character_id($player['name']));
 						if ($pl_data['rank_level'] != 3) {
 							echo '<option value="'. $player['name'] .'">'. $player['name'] .'</option>'; 
 						} else {
 							if ($highest_access == 3) {
 								echo '<option value="'. $player['name'] .'">'. $player['name'] .'</option>'; 
 							}
 						}
 					}
 					?>
 					</select>
 					<input type="text" name="guildnick" maxlength="15" placeholder="leave blank to erase">
 					<input type="submit" value="Change Nick">
 				</li>
 			</ul>
 		</form>
 		<!-- END FORMS TO CHANGE GUILD NICK -->
 		<?php if ($members > 1) { ?>
 		<!-- FORMS TO PROMOTE CHARACTER-->
 		<form action="" method="post">
--- a/helpdesk.php
+++ b/helpdesk.php
@ -1,45 +1,41 @@
 <?php
 require_once 'engine/init.php';
 if (user_logged_in() === false) {
 	header('Location: register.php');
 }
 include 'layout/overall/header.php';
-$view = (int)$_GET['view'];
+$view = (isset($_GET['view']) && (int)$_GET['view'] > 0) ? (int)$_GET['view'] : false;
-if ($view) {
+if ($view !== false) {
 	if (!empty($_POST['reply_text'])) {
 	sanitize($_POST['reply_text']);
 		// Save ticket reply on database
 		$query = array(
-			'tid'   =>	$_GET['view'],
+			'tid'   =>	$view,
-			'username'=>	$_POST['username'],
+			'username'=>	getValue($_POST['username']),
-			'message' =>	$_POST['reply_text'],
+			'message' =>	getValue($_POST['reply_text']),
 			'created' =>	time(),
 		);
 		//Sanitize array
 		array_walk($query, 'array_sanitize');
 		$fields = '`'. implode('`, `', array_keys($query)) .'`';
 		$data = '\''. implode('\', \'', $query) .'\'';
 		mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
-	mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`=". $_GET['view']);
+		mysql_update("UPDATE `znote_tickets` SET `status`='Player-Reply' WHERE `id`='$view' LIMIT 1;");
 	}
-
+	$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id='$view' LIMIT 1;");
 $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
 	if($ticketData['owner'] != $session_user_id) {
 		echo 'You can not view this ticket!';
 		include 'layout/overall/footer.php';
 		die;
 	}
 	?>
-<h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
+	<h1>View Ticket #
-
+	<?php 
 		echo $ticketData['id'];
 		if ($ticketData['status'] === 'CLOSED') {
 			echo '<span style="color:red">[CLOSED]</SPAN>';
 		}
 	?></h1>
 	<table class="znoteTable ThreadTable table table-striped">
 		<tr class="yellow">
 			<th>
@ -58,9 +54,8 @@ die;
 			</td>
 		</tr>
 	</table>
 	<?php
-				$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". (int)$_GET['view'] ."' ORDER BY `created`;");
+	$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='$view' ORDER BY `created`;");
 	if ($replies !== false) {
 		foreach($replies as $reply) {
 			?>
@ -88,21 +83,18 @@ die;
 	}
 	?>
 	<?php if ($ticketData['status'] !== 'CLOSED') { ?>
 		<form action="" method="post">
 			<input type="hidden" name="username" value="<?php echo $ticketData['username']; ?>"><br>
 			<textarea class="forumReply" name="reply_text" style="width: 610px; height: 150px"></textarea><br>
 			<input name="" type="submit" value="Post Reply" class="btn btn-primary">
 		</form>
 	<?php } ?>
 	<?php
 } else {
 	$account = mysql_select_single("SELECT name,email FROM accounts WHERE id = $session_user_id");
-
+	if (!empty($_POST)) {
 if (empty($_POST) === false) {
 	// $_POST['']
 		$required_fields = array('username', 'email', 'subject', 'message');
 		foreach($_POST as $key=>$value) {
 			if (empty($value) && in_array($key, $required_fields) === true) {
@ -124,21 +116,18 @@ if (empty($_POST) === false) {
 				  $errors[] = 'Captcha image verification was submitted wrong.';
 				}
 			}
-		if (validate_ip(getIP()) === false && $config['validate_IP'] === true) {
+			// Reversed this if, so: first check if you need to validate, then validate. 
 			if ($config['validate_IP'] === true && validate_ip(getIP()) === false) {
 				$errors[] = 'Failed to recognize your IP address. (Not a valid IPv4 address).';
 			}
 		}
 	}
 	?>
 	<h1>Latest Tickets</h1>
 	<?php
 	$tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tickets WHERE owner=$session_user_id ORDER BY creation DESC");
 	if ($tickets !== false) {
 		?>
 		<table>
 			<tr class="yellow">
 				<td>ID:</td>
@ -153,37 +142,36 @@ $tickets = mysql_select_multi("SELECT id,subject,creation,status FROM znote_tick
 						echo '<td><a href="helpdesk.php?view='. $ticket['id'] .'">'. $ticket['subject'] .'</a></td>';
 						echo '<td>'. getClock($ticket['creation'], true) .'</td>';
 						echo '<td>'. $ticket['status'] .'</td>';
-		}}
+					echo '</tr>';
 				}
 				?>
 		</table>
-
+		<?php
-
+	}
-
+	?>
 	<h1>Helpdesk</h1>
 	<?php
 	if (isset($_GET['success']) && empty($_GET['success'])) {
 		echo 'Congratulations! Your ticket has been created. We will reply up to 24 hours.';
 	} else {
 		if (empty($_POST) === false && empty($errors) === true) {
 			if ($config['log_ip']) {
 				znote_visitor_insert_detailed_data(1);
 			}
 			//Save ticket on database
 			$query = array(
 				'owner'   =>	$session_user_id,
-			'username'=>	$_POST['username'],
+				'username'=>	getValue($_POST['username']),
-			'subject' =>	$_POST['subject'],
+				'subject' =>	getValue($_POST['subject']),
-			'message' =>	$_POST['message'],
+				'message' =>	getValue($_POST['message']),
 				'ip'	  =>	ip2long(getIP()),
 				'creation' =>	time(),
 				'status'  =>	'Open'
 			);
 		//Sanitize array
 		array_walk($query, 'array_sanitize');
 			$fields = '`'. implode('`, `', array_keys($query)) .'`';
 			$data = '\''. implode('\', \'', $query) .'\'';
 			mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
@ -238,6 +226,7 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 			</ul>
 		</form>
 		<?php 
-}}
+	}
 }
 include 'layout/overall/footer.php';
 ?>
--- a/index.php
+++ b/index.php
@ -63,6 +63,7 @@
 					'[link={$1}]{$2}[/link]'   => '<a href="$1" target="_BLANK">$2</a>',
 					'[color={$1}]{$2}[/color]' => '<font color="$1">$2</font>',
 					'[*]{$1}[/*]' => '<li>$1</li>',
 					'[youtube]{$1}[/youtube]' => '<div class="youtube"><div class="aspectratio"><iframe src="//www.youtube.com/embed/$1" frameborder="0" allowfullscreen></iframe></div></div>',
 				);
 				foreach ($tags as $tag => $value) {
 					$code = preg_replace('/placeholder([0-9]+)/', '(.*?)', preg_quote(preg_replace('/\{\$([0-9]+)\}/', 'placeholder$1', $tag), '/'));
--- a/ipn.php
+++ b/ipn.php
@ -1,4 +1,7 @@
 <?php
 	if (gethostbyaddr($_SERVER['REMOTE_ADDR']) !== 'notify.paypal.com') {
 		exit();
 	}
 	// Require the functions to connect to database and fetch config values
 	require 'config.php';
@ -65,9 +68,9 @@
 	$payment_status   = $_POST['payment_status'];
 	$payment_amount   = $_POST['mc_gross'];
 	$payment_currency = $_POST['mc_currency'];
-	$txn_id           = $_POST['txn_id'];
+	$txn_id           = getValue($_POST['txn_id']);
-	$receiver_email   = $_POST['receiver_email'];
+	$receiver_email   = getValue($_POST['receiver_email']);
-	$payer_email      = $_POST['payer_email'];
+	$payer_email      = getValue($_POST['payer_email']);
 	$custom           = (int)$_POST['custom'];
 	$connectedIp = $_SERVER['REMOTE_ADDR'];
--- a/killers.php
+++ b/killers.php
@ -85,7 +85,6 @@ if ($latests) {
 } else echo 'No player kills exist.';
 } else if ($config['TFSVersion'] == 'TFS_03') {
 	/////////
 	$cache = new Cache('engine/cache/killers');
 	if ($cache->hasExpired()) {
 		$deaths = fetchLatestDeaths_03(30, true);
@ -94,8 +93,9 @@ if ($latests) {
 	} else {
 		$deaths = $cache->load();
 	}
 	?>
 	if ($deaths && !empty($deaths)) {
 	?>	
 		<h1>Latest Killers</h1>
 		<table id="deathsTable" class="table table-striped">
 			<tr class="yellow">
@ -111,8 +111,7 @@ if ($latests) {
 				echo '</tr>';
 			} ?>
 		</table>
 		<?php
-	/////////
+	} else echo 'No player deaths exist.';
 }
 include 'layout/overall/footer.php'; ?>
--- a/layout/css/style.css
+++ b/layout/css/style.css
@ -628,3 +628,25 @@ hr {
        background-color: green;
        border: 1px solid black;
 }
 /* ///////////\/\\\\\\\\\\\
   //  Znote YOUTUBE BB  \\
   ///////////\/\\\\\\\\\\\ */
 div.youtube {
  width: 100%;
  max-width: 560px;
 }
 div.aspectratio {
  width: 100%;
  padding-bottom: 56.25%; /* 16:9 */
  position: relative;
 }
 div.aspectratio > iframe {
  position: absolute;
  top: 0; bottom: 0; left: 0; right: 0;
  width: 100%;
  height: 100%;
 }
--- a/layout/sub.php
+++ b/layout/sub.php
@ -1,19 +1,37 @@
 <?php
-switch ($_GET['page'])
+/* Znote AAC Sub System
-{
+	-	Used to create custom pages
-	case 'blank':
+	-	Place the contents of the page in /layout/sub/ folder.
-		include 'layout/sub/blank.php';
+		: You don't need to include init, header or footer. 
-	break;
+		Its already taken care of, just write the contents you want.
-	case 'houses':
+	Then add that page to the configuration below. Config syntax:
-		include 'layout/sub/houses.php';
+	'PAGENAME' => array(
-	break;
+		'file' => 'fileName.php',
 		'override' => false
 	),
 	................
 	There are 2 ways to view your page, by using sub.php file, or by overriding an existing default page.
 	1: yourwebiste.com/sub.php?page=PAGENAME
 	2: By having override => true, then it will load your sub file instead of the default znote aac file. 
-	case 'bomberman':
+*/
 		include 'layout/sub/bomberman.php';
 	break;
-	default:
+$subpages = array(
-		echo '<h2>Sub page not recognized.</h2><p>The sub page you requested is not recognized.</p>';
+	// website.com/sub.php?page=blank
-}
+	'blank' => array(
 		// layout/sub/blank.php
 		'file' => 'blank.php',
 		// false means don't run this file instead of the regular file at website.com/blank.php
 		'override' => false
 	),
 	'houses' => array(
 		'file' => 'houses.php',
 		'override' => false
 	),
 	'downloads' => array(
 		'file' => 'downloads.php',
 		'override' => false
 	),
 );
 ?>
--- a/layout/sub/downloads.php
+++ b/layout/sub/downloads.php
@ -0,0 +1,35 @@
 <div style="background-color: pink;">
 	<h1>Downloads</h1>
 	<h2>Sub system Override DEMO</h2>
 	<p>In order to play, you need an compatible IP changer and a Tibia client.</p>
 	<p>Download otland IP changer <a href="http://static0.otland.net/ipchanger.exe">HERE</a>.</p>
 	<p>Download Tibia client <?php echo ($config['client'] / 100); ?> for windows <a href="<?php echo $config['client_download']; ?>">HERE</a>.</p>
 	<p>Download Tibia client <?php echo ($config['client'] / 100); ?> for linux <a href="<?php echo $config['client_download_linux']; ?>">HERE</a>.</p>
 	<h2>How to connect and play:</h2>
 	<ol>
 		<li>
 			<a href="<?php echo $config['client_download']; ?>">Download</a> and install the tibia client if you havent already.
 		</li>
 		<li>
 			<a href="http://static0.otland.net/ipchanger.exe">Download</a> and run the IP changer.
 		</li>
 		<li>
 			In the IP changer, write this in the IP field: <?php echo $_SERVER['SERVER_NAME']; ?>
 		</li>
 		<li>
 			In the IP changer, click on <strong>Settings</strong> and then <strong>Add new Tibia client.</strong>
 		</li>
 		<li>
 			In the IP changer, in the Version field, write your desired version.
 		</li>
 		<li>
 			In the IP changer, click on <strong>Browse</strong>, navigate to your desired Tibia version folder, select Tibia.exe and click <strong>Add</strong>. Then click <strong>Close</strong>
 		</li>
 		<li>
 			Now you can successfully login on the tibia client and play clicking on <strong>Apply</strong> every time you want.<br>
 			If you do not have an account to login with, you need to register an account <a href="register.php">HERE</a>.
 		</li>
 	</ol>
 </div>
--- a/login.php
+++ b/login.php
@ -30,10 +30,22 @@ if (empty($_POST) === false) {
 		if ($login === false) {
 			$errors[] = 'Username and password combination is wrong.';
 		} else {
-		$_SESSION['user_id'] = $login;
+			// Check if user have access to login
 			$status = false;
 			if ($config['mailserver']['register']) {
 				$authenticate = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$login' AND `active`='1' LIMIT 1;");
 				if ($authenticate !== false) {
 					$status = true;
 				} else {
 					$errors[] = "Your account is not activated. An email should have been sent to you when you registered. Please find it and click the activation link to activate your account.";
 				}
 			} else $status = true;
 			if ($status) {
 				setSession('user_id', $login);
 				// if IP is not set (etc acc created before Znote AAC was in use)
-		$znote_data = user_znote_account_data($_SESSION['user_id']);
+				$znote_data = user_znote_account_data($login);
 				if ($znote_data['ip'] == 0) {
 					$update_data = array(
 					'ip' => ip2long(getIP()),
@ -46,6 +58,7 @@ if (empty($_POST) === false) {
 				exit();
 			}
 		}
 	}
 } else {
 	header('Location: index.php');
 }
--- a/myaccount.php
+++ b/myaccount.php
@ -1,34 +1,56 @@
 <?php require_once 'engine/init.php';
 protect_page();
 include 'layout/overall/header.php'; 
-// Change character comment PAGE2 (Success).
+#region CANCEL CHARACTER DELETE
-if (!empty($_POST['comment']) &&!empty($_POST['charn'])) {
+$undelete_id = @$_GET['cancel_delete_id'];
 if($undelete_id) {
 	$undelete_id = (int)$undelete_id;
 	$undelete_q1 = mysql_select_single('SELECT `character_name` FROM `znote_deleted_characters` WHERE `done` = 0 AND `id` = ' . $undelete_id . ' AND `original_account_id` = ' . $session_user_id . ' AND NOW() < `time`');
 	if($undelete_q1) {
 		mysql_delete('DELETE FROM `znote_deleted_characters` WHERE `id` = ' . $undelete_id);
 		echo 'Pending delete of ' . $undelete_q1['character_name'] . ' has been successfully cancelled.<br/>';
 	}
 }
 #endregion
 // Variable used to check if main page should be rendered after handling POST (Change comment page)
 $render_page = true;
 // Handle POST
 if (!empty($_POST['selected_character'])) {
 	if (!empty($_POST['action'])) {
 		// Validate token
 		if (!Token::isValid($_POST['token'])) {
 			exit();
 		}
-	if (user_character_account_id($_POST['charn']) === $session_user_id) {
+		// Sanitize values
-		user_update_comment(user_character_id($_POST['charn']), $_POST['comment']);
+		$action = getValue($_POST['action']);
 		$char_name = getValue($_POST['selected_character']);
 		// Handle actions
 		switch($action) {
 			// Change character comment PAGE2 (Success).
 			case 'update_comment':
 				if (user_character_account_id($char_name) === $session_user_id) {
 					user_update_comment(user_character_id($char_name), getValue($_POST['comment']));
 					echo 'Successfully updated comment.';
 				}
-} else {
+				break;
 // Hide character
 if (!empty($_POST['selected_hide'])) {
 	if (!Token::isValid($_POST['token'])) {
 		exit();
 	}
 	$hide_array = explode("!", $_POST['selected_hide']);	
 	if (user_character_account_id($hide_array[0]) === $session_user_id) {
 		user_character_set_hide(user_character_id($hide_array[0]), $hide_array[1]);
 	}
 }
 			// end
-// DELETE character
+
-if (!empty($_POST['selected_delete'])) {
+			// Hide character
-	if (!Token::isValid($_POST['token'])) {
+			case 'toggle_hide':
-		exit();
+				$hide = (user_character_hide($char_name) == 1 ? 0 : 1);
 				if (user_character_account_id($char_name) === $session_user_id) {
 					user_character_set_hide(user_character_id($char_name), $hide);
 				}
-	if (user_character_account_id($_POST['selected_delete']) === $session_user_id) {
+				break;
-		$charid = user_character_id($_POST['selected_delete']);
+			// end
 			// DELETE character
 			case 'delete_character':
 				if (user_character_account_id($char_name) === $session_user_id) {
 					$charid = user_character_id($char_name);
 					if ($charid !== false) {
 						if ($config['TFSVersion'] === 'TFS_10') {
 							if (!user_is_online_10($charid)) {
@ -44,96 +66,87 @@ if (!empty($_POST['selected_delete'])) {
 						}
 					}
 				}
-}
+				break;
 			// end
 #region CANCEL CHARACTER DELETE
 $undelete_id = @$_GET['cancel_delete_id'];
 if($undelete_id) {
 	$undelete_id = (int)$undelete_id;
 	$undelete_q1 = mysql_select_single('SELECT `character_name` FROM `znote_deleted_characters` WHERE `done` = 0 AND `id` = ' . $undelete_id . ' AND `original_account_id` = ' . $session_user_id . ' AND NOW() < `time`');
 	if($undelete_q1) {
 		mysql_delete('DELETE FROM `znote_deleted_characters` WHERE `id` = ' . $undelete_id);
 		echo 'Pending delete of ' . $undelete_q1['character_name'] . ' has been successfully cancelled.<br/>';
 	}
 }
 #endregion
 			// CHANGE character name
-if (!empty($_POST['change_name'])) {
+			case 'change_name':
-	if (!Token::isValid($_POST['token'])) {
+				$oldname = $char_name;
-		exit();
+				$newname = isset($_POST['newName']) ? getValue($_POST['newName']) : '';
 	}
 	$oldname = getValue($_POST['change_name']);
 	$newname = getValue($_POST['newName']);
 	// Check if user is online
 				$player = false;
 				if ($config['TFSVersion'] === 'TFS_10') {
 					$player = mysql_select_single("SELECT `id`, `account_id` FROM `players` WHERE `name` = '$oldname'");
 					$player['online'] = (user_is_online_10($player['id'])) ? 1 : 0;
 				} else $player = mysql_select_single("SELECT `id`, `account_id`, `online` FROM `players` WHERE `name` = '$oldname'");
 				// Check if user is online
 				if ($player['online'] == 1) {
 					$errors[] = 'Character must be offline first.';
 				}
 				// Check if player has bough ticket
-	$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id`='".$player['account_id']."' LIMIT 1;");
+				$accountId = $player['account_id'];
-	if ($order !== false) {
+				$order = mysql_select_single("SELECT `id`, `account_id` FROM `znote_shop_orders` WHERE `type`='4' AND `account_id` = '$accountId' LIMIT 1;");
-		//data_dump($order, array($player['account_id'], $session_user_id), "data");
+				if ($order === false) {
 					$errors[] = 'Did not find any name change tickets, buy them in our <a href="shop.php">shop!</a>';
 				}
 				// Check if player and account matches
-		if ($session_user_id == $player['account_id'] && $session_user_id == $order['account_id']) {
+				if ($session_user_id != $accountId || $session_user_id != $order['account_id']) {
-			// Check if new name is not occupied
+					$errors[] = 'Failed to sync your account. :|';
-			$exist = mysql_select_single("SELECT `id` FROM `players` WHERE `name`='$newname';");
+				}
-			if (!$exist) {
+
 				// Check if new name follow rules
 				$newname = validate_name($newname);
-				if ($newname !== false) {
+				if ($newname === false) {
-					$error = false;
+					$errors[] = 'Your name can not contain more than 2 words.';
 				} else {
 					if (empty($newname)) {
 						$errors[] = 'Please enter a name!';
 					} else if (user_character_exist($newname) !== false) {
 						$errors[] = 'Sorry, that character name already exist.';
 					} else if (!preg_match("/^[a-zA-Z_ ]+$/", $newname)) {
 						$errors[] = 'Your name may only contain a-z, A-Z and spaces.';
 					} else if (strlen($newname) < $config['minL'] || strlen($newname) > $config['maxL']) {
 						$errors[] = 'Your character name must be between ' . $config['minL'] . ' - ' . $config['maxL'] . ' characters long.';
 					} else if (!ctype_upper($newname{0})) {
 						$errors[] = 'The first letter of a name has to be a capital letter!';
 					}
 					// name restriction
-					$resname = explode(" ", $newname);
+					$resname = explode(" ", $_POST['newName']);
 					foreach($resname as $res) {
 						if(in_array(strtolower($res), $config['invalidNameTags'])) {
-							$error = true;
+							$errors[] = 'Your username contains a restricted word.';
-						}
+						} else if(strlen($res) == 1) {
-						else if(strlen($res) == 1) {
+							$errors[] = 'Too short words in your name.';
 							$error = true;
 						}
 					}
 					// Check name for illegal characters.
 					function checkNewNameForIllegal($name) {
 						if (preg_match('#^[\0-9åäö&()+%/*$€é,.\'"-]*$#i', $name)) {
 							return true;
 				}
-						return false;
+
-					}
+				if (!empty($newname) && empty($errors)) {
-					if (checkNewNameForIllegal($newname)) {
+					echo 'You have successfully changed your character name to ' . $newname . '.';
 						$error = true;
 						echo 'This name contains illegal characters.';
 					}
 					if ($error === false) {
 						// Change the name!
 					mysql_update("UPDATE `players` SET `name`='$newname' WHERE `id`='".$player['id']."' LIMIT 1;");
 					mysql_delete("DELETE FROM `znote_shop_orders` WHERE `id`='".$order['id']."' LIMIT 1;");
 				} else if (!empty($errors)) {
 					echo '<font color="red"><b>';
 					echo output_errors($errors);
 					echo '</b></font>';
 				}
-				} else echo "Name validation failed, use another name.";
+
-			} else echo "The character name you wish to change to already exist.";
+				break;
 		} else echo "Failed to sync your account. :|";
 	} else echo "Did not find any name change tickets, but them in our <a href='shop.php'>shop!</a>";
 }
 			// end
 			// Change character sex
-if (!empty($_POST['change_gender'])) {
+			case 'change_gender':
-	if (!Token::isValid($_POST['token'])) {
+				if (user_character_account_id($char_name) === $session_user_id) {
 		exit();
 	}
 	if (user_character_account_id($_POST['change_gender']) === $session_user_id) {
 		$char_name = sanitize($_POST['change_gender']);
 					$char_id = (int)user_character_id($char_name);
 					$account_id = user_character_account_id($char_name);
 					if ($config['TFSVersion'] == 'TFS_10') {
-			$chr_data = user_is_online_10($char_id);
+						$chr_data['online'] = user_is_online_10($char_id) ? 1 : 0;
 					} else $chr_data = user_character_data($char_id, 'online');
 					if ($chr_data['online'] != 1) {
 						// Verify that we are not messing around with data
 						if ($account_id != $user_data['id']) die("wtf? Something went wrong, try relogging.");
@ -171,22 +184,22 @@ if (!empty($_POST['change_gender'])) {
 						} else echo 'You don\'t have any character gender tickets, buy them in the <a href="shop.php">SHOP</a>!';
 					} else echo 'Your character must be offline.';
 				}
-}
+				break;
 			// end
 			// Change character comment PAGE1:
-if (!empty($_POST['selected_comment'])) {
+			case 'change_comment':
-	if (!Token::isValid($_POST['token'])) {
+				$render_page = false; // Regular "myaccount" page should not render
-		exit();
+				if (user_character_account_id($char_name) === $session_user_id) {
-	}
+					$comment_data = user_znote_character_data(user_character_id($char_name), 'comment');
 	if (user_character_account_id($_POST['selected_comment']) === $session_user_id) {
 		$comment_data = user_znote_character_data(user_character_id($_POST['selected_comment']), 'comment');
 					?>
 					<!-- Changing comment MARKUP -->
 					<h1>Change comment on:</h1>
 					<form action="" method="post">
 						<ul>
 							<li>
-					<input name ="charn" type="text" value="<?php echo $_POST['selected_comment']; ?>" readonly="readonly">
+								<input name="action" type="hidden" value="update_comment">
 								<input name ="selected_character" type="text" value="<?php echo $char_name; ?>" readonly="readonly">
 							</li>
 							<li>
 								<font class="profile_font" name="profile_font_comment">Comment:</font> <br>
@ -201,11 +214,16 @@ if (!empty($_POST['selected_comment'])) {
 					</form>
 					<?php
 				}
-} else {
+				break;
 			//end
 		}
 	}
 }
 if ($render_page) {
 	$char_count = user_character_list_count($session_user_id);
 	$pending_delete = user_pending_deletes($session_user_id);
-	if($pending_delete)
+	if ($pending_delete) {
 		foreach($pending_delete as $delete) {
 			if(new DateTime($delete['time']) > new DateTime())
 				echo '<b>CAUTION!</b> Your character with name <b>' . $delete['character_name'] . ' will be deleted on ' . $delete['time'] . '</b>. <a href="myaccount.php?cancel_delete_id=' . $delete['id'] . '">Cancel this operation.</a><br/>';
@ -216,6 +234,8 @@ if (!empty($_POST['selected_comment'])) {
 				$char_count--;
 			}
 		}
 	}
 	?>
 	<div id="myaccount">
 		<h1>My account</h1>
@ -223,7 +243,6 @@ if (!empty($_POST['selected_comment'])) {
 			You have <?php echo $user_data['premdays']; ?> days remaining premium account.</p>
 		<h2>Character List: <?php echo $char_count; ?> characters.</h2>
 		<?php
 		//data_dump($user_data, false, "data");
 		// Echo character list!
 		$char_array = user_character_list($user_data['id']);
 		// Design and present the list
@ -244,133 +263,80 @@ if (!empty($_POST['selected_comment'])) {
 				}
 			?>
 			</table>
-			<!-- FORMS TO HIDE CHARACTER-->
+			<!-- FORMS TO EDIT CHARACTER-->
 			<form action="" method="post">
-				<ul>
+				<table class="table">
-					<li>
+					<tr>
-						Character hide:<br>
+						<td>
-						<select name="selected_hide" multiple="multiple">
+							<select id="selected_character" name="selected_character" class="form-control">
 							<?php
 							for ($i = 0; $i < $char_count; $i++) {
 								if (user_character_hide($characters[$i]) == 1) {
-								echo '<option value="'. $characters[$i] .'!0">'. $characters[$i] .'</option>'; 	
+									echo '<option value="'. $characters[$i] . '">'. $characters[$i] .'</option>'; 	
 								} else {
 								echo '<option value="'. $characters[$i] .'!1">'. $characters[$i] .'</option>'; 	
 							}
 						}
 						?>
 						</select>
 						<?php
 							/* Form file */
 							Token::create();
 						?>
 						<input type="submit" value="Toggle hide" class="btn btn-info">
 					</li>
 				</ul>
 			</form>
 			<!-- FORMS TO CHANGE CHARACTER COMMENT-->
 			<form action="" method="post">
 				<ul>
 					<li>
 						Character comment:<br>
 						<select name="selected_comment" multiple="multiple">
 						<?php
 						for ($i = 0; $i < $char_count; $i++) {
 									echo '<option value="'. $characters[$i] . '">'. $characters[$i] .'</option>'; 	
 								}
 							}
 							?>
 							</select>
 						</td>
 						<td>
 							<select id="action" name="action" class="form-control" onChange="changedOption(this)">
 								<option value="none" selected>Select action</option>
 								<option value="toggle_hide">Toggle hide</option>
 								<option value="change_comment">Change comment</option>
 								<option value="change_gender">Change gender</option>
 								<option value="change_name">Change name</option>
 								<option value="delete_character" class="needconfirmation">Delete character</option>
 							</select>
 						</td>
 						<td id="submit_form">
 							<?php
 								/* Form file */
 								Token::create();
 							?>
-						<input type="submit" value="Change comment" class="btn btn-info">
+							<input id="submit_button" type="submit" value="Submit" class="btn btn-primary btn-block"></input>
-					</li>
+						</td>
-				</ul>
+					</tr>
 				</table>
 			</form>
 			<!-- FORMS TO CHANGE CHARACTER GENDER-->
 			<form action="" method="post">
 				<ul>
 					<li>
 						Change character gender:<br>
 						<select name="change_gender" multiple="multiple">
 						<?php
 						for ($i = 0; $i < $char_count; $i++) {
 							echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>'; 	
 						}
 						?>
 						</select>
 						<?php
 							/* Form file */
 							Token::create();
 						?>
 						<input type="submit" value="Change gender" class="btn btn-info">
 					</li>
 				</ul>
 			</form>
 			<!-- FORMS TO CHANGE CHARACTER NAME-->
 			<form action="" method="post">
 				<ul>
 					<li>
 						Change character name:<br>
 						<select name="change_name" multiple="multiple">
 						<?php
 						for ($i = 0; $i < $char_count; $i++) {
 							echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>'; 	
 						}
 						?>
 						</select>
 						<input type="text" name="newName" placeholder="New Name">
 						<?php
 							/* Form file */
 							Token::create();
 						?>
 						<input type="submit" value="Change name" class="btn btn-info">
 					</li>
 				</ul>
 			</form>
 			<!-- FORMS TO DELETE CHARACTER-->
 			<form action="" method="post">
 				<ul>
 					<li>
 						Delete character:<br>
 						<select id="selected_delete" name="selected_delete" multiple="multiple">
 						<?php
 						for ($i = 0; $i < $char_count; $i++) {
 							echo '<option value="'. $characters[$i] .'">'. $characters[$i] .'</option>'; 	
 						}
 						?>
 						</select>
 						<?php
 							/* Form file */
 							Token::create();
 						?>
 						<input type="submit" value="Delete Character" class="btn btn-danger needconfirmation">
 					</li>
 				</ul>
 			</form>
 			<script src="engine/js/jquery-1.10.2.min.js" type="text/javascript"></script>
 			<script>
 			    $(document).ready(function(){
 			        $(".needconfirmation").each(function(e){
 			            $(this).click(function(e){
 			                var itemname = $(this).attr("data-item-name");
 							var r = confirm("Do you really want to DELETE character: "+$('#selected_delete').find(":selected").text()+"?")
 							if(r == false){
 								e.preventDefault();
 							}			
 			            });
 			        });
 			    });
 			</script>
 			<?php
 		} else {
 			echo 'You don\'t have any characters. Why don\'t you <a href="createcharacter.php">create one</a>?';
 		}
 			//Done.
 		}
 		?>
 	</div>
 	<script>
 		function changedOption(e) {
 			// If selection is 'Change name' add a name field in the form
 			// Else remove name field if it exists
 			if (e.value == 'change_name') {
 				var lastCell = document.getElementById('submit_form');
 				var x = document.createElement('TD');
 				x.id = "new_name";
 				x.innerHTML = '<input type="text" name="newName" placeholder="New Name" class="form-control">';
 				lastCell.parentNode.insertBefore(x, lastCell);
 			} else {
 				var child = document.getElementById('new_name');
 				if (child) {
 					child.parentNode.removeChild(child);
 				}
 			}
 		}
 	</script>
 	<script src="engine/js/jquery-1.10.2.min.js" type="text/javascript"></script>
 	<script>
 		$(document).ready(function(){
 			$("#submit_button").click(function(e){
 				if ($("#action").find(":selected").attr('class') == "needconfirmation") {
 					var r = confirm("Do you really want to DELETE character: "+$('#selected_character').find(":selected").text()+"?")
 					if (r == false) {
 						e.preventDefault();
 					}
 				}
 			});
 		});
 	</script>
 	<?php
 }
 include 'layout/overall/footer.php'; 
--- a/paygol_ipn.php
+++ b/paygol_ipn.php
@ -10,18 +10,18 @@ if(!in_array($_SERVER['REMOTE_ADDR'],
 }
 // get the variables from PayGol system
-$message_id	= $_GET['message_id'];
+$message_id	= getValue($_GET['message_id']);
-$service_id	= $_GET['service_id'];
+$service_id	= getValue($_GET['service_id']);
-$shortcode	= $_GET['shortcode'];
+$shortcode	= getValue($_GET['shortcode']);
-$keyword	= $_GET['keyword'];
+$keyword	= getValue($_GET['keyword']);
-$message	= $_GET['message'];
+$message	= getValue($_GET['message']);
-$sender	 = $_GET['sender'];
+$sender	 = getValue($_GET['sender']);
-$operator	= $_GET['operator'];
+$operator	= getValue($_GET['operator']);
-$country	= $_GET['country'];
+$country	= getValue($_GET['country']);
-$custom	 = $_GET['custom'];
+$custom	 = getValue($_GET['custom']);
-$points	 = $_GET['points'];
+$points	 = getValue($_GET['points']);
-$price	 = $_GET['price'];
+$price	 = getValue($_GET['price']);
-$currency	= $_GET['currency'];
+$currency	= getValue($_GET['currency']);
 $paygol = $config['paygol'];
 $new_points = $paygol['points'];
--- a/recovery.php
+++ b/recovery.php
@ -1,92 +1,142 @@
 <?php require_once 'engine/init.php';
 logged_in_redirect();
-include 'layout/overall/header.php'; ?>
+include 'layout/overall/header.php';
 if ($config['mailserver']['accountRecovery']) {
 	// Fetch, sanitize and assign POST and GET variables.
 	$mode = (isset($_GET['mode']) && !empty($_GET['mode'])) ? getValue($_GET['mode']) : false;
 	$email = (isset($_POST['email']) && !empty($_POST['email'])) ? getValue($_POST['email']) : false;
 	$character = (isset($_POST['character']) && !empty($_POST['character'])) ? getValue($_POST['character']) : false;
 	$password = (isset($_POST['password']) && !empty($_POST['password'])) ? getValue($_POST['password']) : false;
 	$username = (isset($_POST['username']) && !empty($_POST['username'])) ? getValue($_POST['username']) : false;
 	//data_dump($_GET, $_POST, "Posted data.");
 	if (!empty($_POST)) {
 		$status = true;
 		if ($config['use_captcha']) {
 			include_once 'captcha/securimage.php';
 			$securimage = new Securimage();
 			if ($securimage->check($_POST['captcha_code']) == false) {
 			  $status = false;
 			}
 		}
 		if ($status) {
 			if (!$username) {
 				// Recover username
 				$salt = '';
 				if ($config['TFSVersion'] != 'TFS_03') {
 					// TFS 0.2 and 1.0
 					$password = sha1($password);
 				} else {
 					// TFS 0.3/4
 					if (config('salt') === true) {
 						$saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;");
 						if ($saltdata !== false) $salt .= $saltdata['salt'];
 					}
 					$password = sha1($salt.$password);
 				}
 				$user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`password` = '$password' LIMIT 1;");
 				if ($user !== false) {
 					// Found user
 					$mailer = new Mail($config['mailserver']);
 					$title = "$_SERVER[HTTP_HOST]: Your username";
 					$body = "<h1>Account Recovery</h1>";
 					$body .= "<p>Your username is: <b>$user[name]</b><br>";
 					$body .= "Enjoy your stay at ".$config['mailserver']['fromName'].". <br>";
 					$body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
 					$mailer->sendMail($email, $title, $body, $user['name']);
 					?>
 					<h1>Account Found!</h1>
 					<p>We have sent your username to <b><?php echo $email; ?></b>.</p>
 					<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
 					<?php
 				} else {
 					// Wrong submitted info
 					?>
 					<h1>Account recovery failed!</h1>
 					<p>Submitted data is wrong.</p>
 					<?php
 				}
 			} else {
 				// Recover password
 				$newpass = rand(100000000, 999999999);
 				$salt = '';
 				if ($config['TFSVersion'] != 'TFS_03') {
 					// TFS 0.2 and 1.0
 					$password = sha1($newpass);
 				} else {
 					// TFS 0.3/4
 					if (config('salt') === true) {
 						$saltdata = mysql_select_single("SELECT `salt` FROM `accounts` WHERE `email`='$email' LIMIT 1;");
 						if ($saltdata !== false) $salt .= $saltdata['salt'];
 					}
 					$password = sha1($salt.$newpass);
 				}
 				$user = mysql_select_single("SELECT `p`.`id` AS `player_id`, `a`.`name`, `a`.`id` AS `account_id` FROM `players` `p` INNER JOIN `accounts` `a` ON `p`.`account_id` = `a`.`id` WHERE `p`.`name` = '$character' AND `a`.`email` = '$email' AND `a`.`name` = '$username' LIMIT 1;");
 				if ($user !== false) {
 					// Found user
 					// Give him the new password
 					mysql_update("UPDATE `accounts` SET `password`='$password' WHERE `id`='".$user['account_id']."' LIMIT 1;");
 					// Send him a mail with the new password
 					$mailer = new Mail($config['mailserver']);
 					$title = "$_SERVER[HTTP_HOST]: Your new password";
 					$body = "<h1>Account Recovery</h1>";
 					$body .= "<p>Your new password is: <b>$newpass</b><br>";
 					$body .= "We recommend you to login and change it before you continue playing. <br>";
 					$body .= "Enjoy your stay at ".$config['mailserver']['fromName'].". <br>";
 					$body .= "<hr>I am an automatic no-reply e-mail. Any emails sent back to me will be ignored.</p>";
 					$mailer->sendMail($email, $title, $body, $user['name']);
 					?>
 					<h1>Account Found!</h1>
 					<p>We have sent your new password to <b><?php echo $email; ?></b>.</p>
 					<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
 					<?php
 				} else {
 					// Wrong submitted info
 					?>
 					<h1>Account recovery failed!</h1>
 					<p>Submitted data is wrong.</p>
 					<?php
 				}
 			}
 		} else echo "Captcha image verification was submitted wrong.";
 	} else {
 		?>
 		<h1>Account Recovery</h1>
-<!-- Success markup -->
+		<!-- HTML code -->
 		<?php
 		if (in_array($mode, array('username', 'password'))) {
 			?>
 			<form action="" method="POST">
 				<label for="email">Email:</label><input type="text" name="email" placeholder="name@mail.com"><br>
 				<label for="Character">Character: </label><input type="text" name="character"><br>
 				<?php
 				if ($mode === 'password') echo '<label for="username">Username:</label> <input type="text" name="username"><br>';
 				else echo '<label for="password">Password:</label> <input type="password" name="password"><br>';
 				if ($config['use_captcha']) {
 					?>
 						<b>Write the image symbols in the text field to verify that you are a human:</b>
 						<img id="captcha" src="captcha/securimage_show.php" alt="CAPTCHA Image" /><br>
 						<input type="text" name="captcha_code" size="10" maxlength="6" />
 						<a href="#" onclick="document.getElementById('captcha').src = 'captcha/securimage_show.php?' + Math.random(); return false">[ Different Image ]</a><br><br>
 					<?php
 $mode_allowed = array('username', 'password');
 if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
 	if (isset($_POST['email']) === true && empty($_POST['email']) === false) {
 		if (user_email_exist($_POST['email']) === true) {
 		znote_visitor_insert_detailed_data(5);
 		$mail = $_POST['email'];
 		$acc_id = user_id_from_email($mail);
 			if (isset($_POST['character']) === true && empty($_POST['character']) === false) {
 				if (user_character_exist($_POST['character']) === true) {
 					// EDOM
 					if ($_GET['mode'] === 'username') { // Recover password, edom == username
 						// edom == password
 						if (isset($_POST['edom']) === true && empty($_POST['edom']) === false) {
 							if (user_password_match($_POST['edom'], $acc_id) === true) {
 								// User exist, email exist, character exist. Lets start the recovery function
 								user_recover($_GET['mode'], $_POST['edom'], $_POST['email'], $_POST['character'], ip2long(getIP()));
 								//echo 'password';
 							} else {
 								echo 'That password is incorrect.';
 							}
 						} else { echo 'You forgot to write password.'; }
 						//echo 'username';
 					} else {
 						if (isset($_POST['edom']) === true && empty($_POST['edom']) === false) {
 							if (user_exist($_POST['edom']) === true) {
 								// User exist, email exist, character exist. Lets start the recovery function
 								user_recover($_GET['mode'], $_POST['edom'], $_POST['email'], $_POST['character'], ip2long(getIP()));
 								//echo 'password';
 							} else { echo 'That username ['. $_POST['edom'] .'] is incorrect.'; }
 						} else { echo 'You forgot to write username.'; }
 					}
 					// end EDOM
 				} else { echo 'That character name does not exist.'; }
 			} else { echo 'You need to type in a character name from your account.'; }
 		} else {
 			echo 'We couldn\'t find that email address!';
 		}
 				}
 				?>
-
+				<input type="submit" value="Recover Account">
 	<form action="" method="post">
 		<ul>
 			<li>
 				Please enter your email address:<br>
 				<input type="text" name="email">
 			</li>
 			<li>
 				Please enter your <?php
 					if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
 						if ($_GET['mode'] === 'username') {
 							echo 'password';
 						} else {
 							echo 'username';
 						}
 					} else { echo'[Error: Mode not recognized.]'; exit(); }
 				?>:<br>
 				<input type="<?php
 					if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
 						if ($_GET['mode'] === 'username') {
 							echo 'password';
 						} else {
 							echo 'text';
 						}
 					} else { echo'[Error: Mode not recognized.]'; }
 				?>" name="edom">
 			</li>
 			<li>
 				Character name on your account:<br>
 				<input type="text" name="character">
 			</li>
 			<li>
 				<input type="submit" value="Recover">
 			</li>
 		</ul>
 			</form>
 			<?php
 		} else {
 	header('Location: index.php');
 	exit();
 }
 			?>
-
+			<p>Do you wish to recover your <a href="?mode=username">username</a> or <a href="?mode=password">password</a>?</p>
-<?php include 'layout/overall/footer.php'; ?>
+			<?php
 		}
 	}
 } else {
 	?>
 	<h1>System Disabled</h1>
 	<p>The admin have disabled automatic account recovery.</p>
 	<?php
 }
 include 'layout/overall/footer.php'; ?>
--- a/register.php
+++ b/register.php
@ -57,8 +57,8 @@ if (empty($_POST) === false) {
 		if (strlen($_POST['password']) < 6) {
 			$errors[] = 'Your password must be at least 6 characters.';
 		}
-		if (strlen($_POST['password']) > 33) {
+		if (strlen($_POST['password']) > 100) {
-			$errors[] = 'Your password must be less than 33 characters.';
+			$errors[] = 'Your password must be less than 100 characters.';
 		}
 		if ($_POST['password'] !== $_POST['password_again']) {
 			$errors[] = 'Your passwords do not match.';
@ -82,7 +82,27 @@ if (empty($_POST) === false) {
 <h1>Register Account</h1>
 <?php
 if (isset($_GET['success']) && empty($_GET['success'])) {
-	echo 'Congratulations! Your account has been created. You may now login to create a character.';
+	if ($config['mailserver']['register']) {
 		?>
 		<h1>Email authentication required</h1>
 		<p>We have sent you an email with an activation link to your submitted email address.</p>
 		<p>If you can't find the email within 5 minutes, check your junk/trash inbox as it may be mislocated there.</p>
 		<?php
 	} else echo 'Congratulations! Your account has been created. You may now login to create a character.';
 } elseif (isset($_GET['authenticate']) && empty($_GET['authenticate'])) {
 	// Authenticate user, fetch user id and activation key
 	$auid = (isset($_GET['u']) && (int)$_GET['u'] > 0) ? (int)$_GET['u'] : false;
 	$akey = (isset($_GET['k']) && (int)$_GET['k'] > 0) ? (int)$_GET['k'] : false;
 	// Find a match
 	$user = mysql_select_single("SELECT `id` FROM `znote_accounts` WHERE `account_id`='$auid' AND `activekey`='$akey' AND `active`='0' LIMIT 1;");
 	if ($user !== false) {
 		$user = $user['id'];
 		// Enable the account to login
 		mysql_update("UPDATE `znote_accounts` SET `active`='1' WHERE `id`='$user' LIMIT 1;");
 		echo '<h1>Congratulations!</h1> <p>Your account has been created. You may now login to create a character.</p>';
 	} else {
 		echo '<h1>Authentication failed</h1> <p>Either the activation link is wrong, or your account is already activated.</p>';
 	}
 } else {
 	if (empty($_POST) === false && empty($errors) === true) {
 		if ($config['log_ip']) {
@ -97,8 +117,8 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
 			'created'	=>	time()
 		);
-		user_create_account($register_data);
+		user_create_account($register_data, $config['mailserver']);
-		header('Location: register.php?success');
+		if (!$config['mailserver']['debug']) header('Location: register.php?success');
 		exit();
 		//End register
--- a/settings.php
+++ b/settings.php
@ -24,8 +24,6 @@ if (empty($_POST) === false) {
 			$errors[] = 'That email address is already in use.';
 		}
 	}
 	print_r($errors);
 }
 ?>
 <h1>Settings</h1>
--- a/shop.php
+++ b/shop.php
@ -95,7 +95,7 @@ if ($config['shop_auction']['characterAuction']) {
 		<?php
 		foreach ($shop_list as $key => $offers) {
 		echo '<tr class="special">';
-		echo '<td>'. $offers['describtion'] .'</td>';
+		echo '<td>'. $offers['description'] .'</td>';
 		if ($config['shop']['showImage']) echo '<td><img src="http://'. $config['shop']['imageServer'] .'/'. $offers['itemid'] .'.'. $config['shop']['imageType'] .'" alt="img"></td>';
 		if ($offers['type'] == 2) echo '<td>'. $offers['count'] .' Days</td>';
 		else if ($offers['type'] == 3 && $offers['count'] == 0) echo '<td>Unlimited</td>';
@ -105,7 +105,7 @@ if ($config['shop_auction']['characterAuction']) {
 		?>
 		<form action="" method="POST">
 			<input type="hidden" name="buy" value="<?php echo (int)$key; ?>">
-			<input type="submit" value="  PURCHASE  "  class="needconfirmation" data-item-name="<?php echo $offers['describtion']; ?>" data-item-cost="<?php echo $offers['points']; ?>">
+			<input type="submit" value="  PURCHASE  "  class="needconfirmation" data-item-name="<?php echo $offers['description']; ?>" data-item-cost="<?php echo $offers['points']; ?>">
 		</form>
 		<?php
 		echo '</td>';
--- a/special/database2znoteaac.php
+++ b/special/database2znoteaac.php
@ -82,23 +82,25 @@ require '../engine/function/users.php';
 	if (isset($old_accounts) && $old_accounts !== false) {
 		$time = time();
 		foreach ($old_accounts as $old) {
 			// Get acc id
 			$old_id = $old['id'];
 			// Make acc data compatible:
-			mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old', '0', '$time')");
+			mysql_insert("INSERT INTO `znote_accounts` (`account_id`, `ip`, `created`) VALUES ('$old_id', '0', '$time')");
 			$updated_acc += 1;
 			// Fetch unsalted password
 			if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) {
-				$password = user_data($old, 'password', 'salt');
+				$password = user_data($old_id, 'password', 'salt');
 				$p_pass = str_replace($password['salt'],"",$password['password']);
 			}
 			if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) {
-				$password = user_data($old, 'password');
+				$password = user_data($old_id, 'password');
 				$p_pass = $password['password'];
 			}
 			// Verify lenght of password is less than 28 characters (most likely a plain password)
-			if (strlen($p_pass) < 28 && $old > 1) {
+			if (strlen($p_pass) < 28 && $old_id > 1) {
 				// encrypt it with sha1
 				if ($config['TFSVersion'] == 'TFS_02' || $config['salt'] === false) $p_pass = sha1($p_pass);
 				if ($config['TFSVersion'] == 'TFS_03' && $config['salt'] === true) $p_pass = sha1($password['salt'].$p_pass);
--- a/sub.php
+++ b/sub.php
@ -1,6 +1,10 @@
-<?php require_once 'engine/init.php'; include 'layout/overall/header.php'; 
+<?php require_once 'engine/init.php'; require_once 'layout/overall/header.php'; 
-
+if ($config['allowSubPages']) {
-if ($config['allowSubPages']) include 'layout/sub.php';
+	$page = (isset($_GET['page']) && !empty($_GET['page'])) ? getValue($_GET['page']) : '';
 	if (isset($subpages[$page]['file'])) require_once 'layout/sub/'.$subpages[$page]['file'];
 	else {
 		if (isset($subpages)) echo '<h2>Sub page not recognized.</h2><p>The sub page you requested is not recognized.</p>';
 	}
 }
 else echo '<h2>System disabled.</h2><p>The sub page system is disabled.</p>';
-
+require_once 'layout/overall/footer.php'; ?>
 include 'layout/overall/footer.php'; ?>
--- a/success.php
+++ b/success.php
@ -1,3 +1,4 @@
 <?php require_once 'engine/init.php'; include 'layout/overall/header.php'; ?>
 <h1>Success!</h1>
 Go <script> document.write('<a href="' + document.referrer + '">back</a>'); </script>
 <?php include 'layout/overall/footer.php'; ?>