Merge branch 'develop' into feature/new-router

# Conflicts:
#	composer.json
#	system/login.php

admin/pages/logs.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
+$use_datatable = true;
 
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';

admin/pages/pages.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
+$use_datatable = true;
 
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';

admin/pages/plugins.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
+$use_datatable = true;
 
 require_once LIBS . 'plugins.php';
 

admin/pages/reports.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
+$use_datatable = true;
 
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';

admin/pages/tools.php

@@ -10,18 +10,24 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
 
-$tool = $_GET['tool'];
-if (!isset($tool)) {
+if (!isset($_GET['tool'])) {
 	echo 'Tool not set.';
 	return;
 }
 
+$tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
 
-$file = BASE . 'admin/pages/tools/' . $tool . '.php';
-if (!@file_exists($file))
+$file = SYSTEM . 'pages/admin/tools/' . $tool . '.php';
+
+if (@file_exists($file)) {
 	require $file;
+	return;
+}
+
+echo 'Tool <strong>' . $tool . '</strong> not found.';
+
 ?>

admin/pages/visitors.php

@@ -9,6 +9,7 @@
  */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Visitors';
+$use_datatable = true;
 
 if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>

admin/template/menus.php

@@ -34,8 +34,10 @@ $menus = [
 	],
 	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
 		[
-			['name' => 'Notepad', 'link' => 'notepad', 'order' => 10],
-			['name' => 'phpinfo', 'link' => 'phpinfo', 'order' => 20],
+			['name' => 'Mass Account Actions', 'link' => 'tools&tool=account', 'order' => 10],
+			['name' => 'Mass Teleport Actions', 'link' => 'tools&tool=teleport', 'order' => 20],
+			['name' => 'Notepad', 'link' => 'notepad', 'order' => 30],
+			['name' => 'phpinfo', 'link' => 'phpinfo', 'order' => 40],
 		],
 	],
 	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>

admin/tools/upload_image.php

@@ -0,0 +1,53 @@
+<?php
+define('MYAAC_ADMIN', true);
+
+require '../../common.php';
+require SYSTEM . 'functions.php';
+require SYSTEM . 'init.php';
+require SYSTEM . 'login.php';
+
+if(!admin())
+	die('Access denied.');
+
+// Don't attempt to process the upload on an OPTIONS request
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+	header('Access-Control-Allow-Methods: POST, OPTIONS');
+	return;
+}
+
+$imageFolder = BASE . EDITOR_IMAGES_DIR;
+
+reset ($_FILES);
+$temp = current($_FILES);
+if (is_uploaded_file($temp['tmp_name'])) {
+	header('Access-Control-Allow-Credentials: true');
+	header('P3P: CP="There is no P3P policy."');
+
+	// Sanitize input
+	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
+		header('HTTP/1.1 400 Invalid file name.');
+		return;
+	}
+
+	// Verify extension
+	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
+	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
+		header('HTTP/1.1 400 Invalid extension.');
+		return;
+	}
+
+	do {
+		$randomName = generateRandomString(8). ".$ext";
+		$fileToWrite = $imageFolder . $randomName;
+	} while (file_exists($fileToWrite));
+
+	move_uploaded_file($temp['tmp_name'], $fileToWrite);
+
+	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
+	echo json_encode(['location' => $returnPathToImage]);
+} else {
+	// Notify editor that the upload failed
+	header('HTTP/1.1 500 Server Error');
+}
+
+