Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-14 09:44:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

CSRF Protection (#235)

Browse Source 
* Fix alert class name

* feature: csrf protection

* Cosmetics

* Fix token generate

* Admin Panel: changelogs csrf protection

* news/id route

* Refactor admin newses + add csrf

* Use admin.links instead

* Admin panel: Pages csrf

* Menus: better csrf + add success message on reset colors

* Plugins csrf

* Move definitions

* add info function, same as note($message)

* Update mailer.php

* Fix new page/news links

* clear_cache & maintenance csrf

* Formatting

* Fix news type

* Fix changelog link

* Add new changelog link

* More info to confirm dialog

* This is always true
This commit is contained in:
Slawomir Boczek
2023-11-11 10:57:57 +01:00
committed by GitHub
parent a04fbde607
commit 790d85a88a
89 changed files with 789 additions and 504 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
system/templates/account.back_button.html.twig
View File

@@ -2,5 +2,6 @@
<br/>
{% endif %}
<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>

2
system/templates/account.change_comment.html.twig
View File

@@ -1,6 +1,7 @@
Here you can see and edit the information about your character.<br/>
If you do not want to specify a certain field, just leave it blank.<br/><br/>
<form action="{{ getLink('account/character/comment') }}" method="post">
{{ csrf() }}
<div class="TableContainer" >
<table class="Table5" cellpadding="0" cellspacing="0">
<div class="CaptionContainer">
@@ -99,6 +100,7 @@ If you do not want to specify a certain field, just leave it blank.<br/><br/>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

4
system/templates/account.change_info.html.twig
View File

@@ -1,5 +1,6 @@
Here you can tell other players about yourself. This information will be displayed alongside the data of your characters. If you do not want to fill in a certain field, just leave it blank.<br/><br/>
<form action="{{ getLink('account/info') }}" method=post>
<form action="{{ getLink('account/info') }}" method="post">
{{ csrf() }}
<div class="TableContainer" >
<table class="Table1" cellpadding="0" cellspacing="0" >
<div class="CaptionContainer" >
@@ -88,6 +89,7 @@ Here you can tell other players about yourself. This information will be display
</form>
<table border="0" cellspacing="0" cellpadding="0" >
<form action="{{ getLink('account/manage') }}" method="post" >
{{ csrf() }}
<tr>
<td style="border:0px;" >
{{ include('buttons.back.html.twig') }}

2
system/templates/account.change_mail.html.twig
View File

@@ -1,5 +1,6 @@
Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to. <br/><b>For security reasons, the actual change will be finalised after a waiting period of {{ setting('core.account_mail_change') }} days.</b><br/><br/>
<form action="{{ getLink('account/email') }}" method="post">
{{ csrf() }}
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0">
<div class="CaptionContainer">
@@ -58,6 +59,7 @@ Please enter your password and the new email address. Make sure that you enter a
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

2
system/templates/account.change_name.html.twig
View File

@@ -1,6 +1,7 @@
To change a name of character select player and choose a new name.<br/>
<span style="color: red">Change name cost {{ setting('core.account_change_character_name_price') }} premium points. You have {{ points }} premium points.</span><br/><br/>
<form action="{{ getLink('account/character/name') }}" method="post">
{{ csrf() }}
<input type="hidden" name="changenamesave" value="1">
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0">
@@ -64,6 +65,7 @@ To change a name of character select player and choose a new name.<br/>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

2
system/templates/account.change_password.html.twig
View File

@@ -1,6 +1,7 @@
Please enter your current password and a new password. For your security, please enter the new password twice.<br/>
<br/>
<form action="{{ getLink('account/password') }}" method="post">
{{ csrf() }}
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0">
<div class="CaptionContainer">
@@ -66,6 +67,7 @@ Please enter your current password and a new password. For your security, please
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

2
system/templates/account.change_sex.html.twig
View File

@@ -1,6 +1,7 @@
To change a sex of character select player and choose a new sex.<br/>
<span style="color: red">Change sex cost {{ setting('core.account_change_character_sex_price') }} premium points. You have {{ points }} premium points.</span><br/><br/>
<form action="{{ getLink('account/character/sex') }}" method="post">
{{ csrf() }}
<input type="hidden" name="changesexsave" value="1"/>
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0">
@@ -64,6 +65,7 @@ To change a sex of character select player and choose a new sex.<br/>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;" >
{{ include('buttons.back.html.twig') }}

1
system/templates/account.create.html.twig
View File

@@ -1,5 +1,6 @@
{{ hook('HOOK_ACCOUNT_CREATE_BEFORE_FORM') }}
<form action="{{ getLink('account/create') }}" method="post" id="createaccount">
{{ csrf() }}
<div class="TableContainer" >
<table class="Table5" cellpadding="0" cellspacing="0" >
<div class="CaptionContainer" >

2
system/templates/account.create_character.html.twig
View File

@@ -7,6 +7,7 @@ In any case the name must not violate the naming conventions stated in the <a hr
{% endif %}
<br/><br/>
<form action="{{ getLink('account/character/create') }}" method="post">
{{ csrf() }}
<input type="hidden" name="save" value="1">
<div class="TableContainer">
<table class="Table3" cellpadding="0" cellspacing="0">
@@ -135,6 +136,7 @@ In any case the name must not violate the naming conventions stated in the <a hr
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

4
system/templates/account.delete_character.html.twig
View File

@@ -1,5 +1,6 @@
To delete a character enter the name of the character and your password.<br/><br/>
<form action="{{ getLink('account/character/delete') }}" method="post">
{{ csrf() }}
<input type="hidden" name="deletecharactersave" value="1"/>
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0" >
@@ -54,6 +55,7 @@ To delete a character enter the name of the character and your password.<br/><br
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}
@@ -63,4 +65,4 @@ To delete a character enter the name of the character and your password.<br/><br
</table>
</td>
</tr>
</table>
</table>

2
system/templates/account.generate_new_recovery_key.html.twig
View File

@@ -1,6 +1,7 @@
To generate new recovery key for your account please enter your password.<br/>
<span style="color: red"><b>New recovery key cost {{ setting('core.account_generate_new_reckey_price') }} Premium Points.</span> You have {{ points }} premium points. You will receive e-mail with this recovery key.</b><br/>
<form action="{{ getLink('account/register/new') }}" method="post">
{{ csrf() }}
<input type="hidden" name="registeraccountsave" value="1">
<div class="TableContainer" >
<table class="Table1" cellpadding="0" cellspacing="0">
@@ -47,6 +48,7 @@ To generate new recovery key for your account please enter your password.<br/>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.back.html.twig') }}

4
system/templates/account.generate_recovery_key.html.twig
View File

@@ -1,5 +1,6 @@
To generate recovery key for your account please enter your password.<br/><br/>
<form action="{{ getLink('account/register') }}" method="post">
{{ csrf() }}
<input type="hidden" name="registeraccountsave" value="1"/>
<div class="TableContainer">
<table class="Table1" cellpadding="0" cellspacing="0">
@@ -50,6 +51,7 @@ To generate recovery key for your account please enter your password.<br/><br/>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
<tr>
<td style="border: 0px;">
{{ include('buttons.back.html.twig') }}
@@ -59,4 +61,4 @@ To generate recovery key for your account please enter your password.<br/><br/>
</table>
</td>
</tr>
</table>
</table>

4
system/templates/account.login.html.twig
View File

@@ -1,6 +1,7 @@
{{ hook('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE') }}
Please enter your account {{ account|lower }} and your password.<br/><a href="{{ getLink('account/create') }}">Create an account</a> if you do not have one yet.<br/><br/>
<form action="{{ getLink('account/manage') }}" method="post" >
<form action="{{ getLink('account/manage') }}" method="post">
{{ csrf() }}
{% if redirect is not null %}
<input type="hidden" name="redirect" value="{{ redirect }}" />
{% endif %}
@@ -66,6 +67,7 @@ Please enter your account {{ account|lower }} and your password.<br/><a href="{{
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('account/lost') }}" method="post">
{{ csrf() }}
<tr>
<td style="border:0px;">
{{ include('buttons.account_lost.html.twig') }}

5
system/templates/account.lost.form.html.twig
View File

@@ -1,5 +1,6 @@
The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.<br/>
<form action="?subtopic=lostaccount&action=step1" method=post>
<form action="?subtopic=lostaccount&action=step1" method="post">
{{ csrf() }}
<input type="hidden" name="character" value="">
<table cellspacing="1" cellpadding="4" border="0" width="100%">
<tr>
@@ -32,4 +33,4 @@ The Lost Account Interface can help you to get back your account name and passwo
</td>
</tr>
</table>
</form>
</form>

8
system/templates/account.management.html.twig
View File

@@ -68,6 +68,7 @@
<div style="text-align:center">
You can register your account for increased protection. Click on "Register Account" and get your free recovery key today!<br/>
<form action="{{ getLink('account/register') }}" method="post">
{{ csrf() }}
{% set button_name = 'Register Account' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -80,6 +81,7 @@
A request has been submitted to change the email address of this account to <b>{{ email_new }}</b>. After <b>{{ email_new_time|date("j F Y, G:i:s") }}</b> you can accept the new email address and finish the process. Please cancel the request if you do not want your email address to be changed! Also cancel the request if you have no access to the new email address!
<form action="{{ getLink('account/email') }}" method="post">
{{ csrf() }}
{% set button_name = 'Edit' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -99,6 +101,7 @@
<td style="width: 90px;">Email Address:</td>
<td>{{ account_email ~ email_change }}
<form action="{{ getLink('account/email') }}" method="post">
{{ csrf() }}
{% set button_name = 'Change Email' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -137,6 +140,7 @@
</tr>
</table>
<form action="{{ getLink('account/info') }}" method="post">
{{ csrf() }}
{% set button_name = 'Change Info' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -188,6 +192,7 @@
<tr>
<td>
<form action="{{ getLink('account/character/create') }}" method="post" >
{{ csrf() }}
{% set button_name = 'Create Character' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -195,6 +200,7 @@
{% if setting('core.account_change_character_name') %}
<td>
<form action="{{ getLink('account/character/name') }}" method="post" >
{{ csrf() }}
{% set button_name = 'Change Name' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -203,6 +209,7 @@
{% if setting('core.account_change_character_sex') %}
<td>
<form action="{{ getLink('account/character/sex') }}" method="post" >
{{ csrf() }}
{% set button_name = 'Change Sex' %}
{% include('buttons.base.html.twig') %}
</form>
@@ -210,6 +217,7 @@
{% endif %}
<td>
<form action="{{ getLink('account/character/delete') }}" method="post">
{{ csrf() }}
{% set button_name = 'Delete Character' %}
{% include('buttons.base.html.twig') %}
</form>

9
system/templates/admin-bar.html.twig
View File

@@ -98,6 +98,7 @@ html { margin-top: 32px !important; }
<div class="dropdown-content">
<a href="{{ constant('ADMIN_URL') }}?p=news&action=new">News</a>
<a href="{{ constant('ADMIN_URL') }}?p=pages&action=new">Page</a>
<a href="{{ constant('ADMIN_URL') }}?p=changelog&action=new">Changelog</a>
</div>
</li>
<li>
@@ -106,9 +107,11 @@ html { margin-top: 32px !important; }
</a>
</li>
<li>
<a class="ab-item" href="{{ constant('ADMIN_URL') }}?p=dashboard&clear_cache">
Clear Cache
</a>
<form method="post" action="{{ constant('ADMIN_URL') }}?p=dashboard">
{{ csrf() }}
<input type="hidden" name="clear_cache" value="1" />
<a class="ab-item" href="#" onclick="confirm('Are you sure that you want to clear cache?') && $(this).closest('form').submit()" title="Clear Cache">Clear Cache</a>
</form>
</li>
</ul>
<ul class="ab-top-secondary">

2
system/templates/admin.changelog.form.html.twig
View File

@@ -4,6 +4,8 @@
<h5 class="m-0">{{ (action == 'edit') ? 'Edit' : 'Add' }}</h5>
</div>
<form role="form" method="post" action="{{ cl_link_form }}" id="cl-edit-form">
{{ csrf() }}
<input type="hidden" name="action" value="{{ action }}" />
<div class="card-body">
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ cl_id }}"/>

48
system/templates/admin.changelog.html.twig
View File

@@ -1,8 +1,11 @@
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">News:
<a href="{{ constant('ADMIN_URL') }}?p=changelog&action=new" class="float-right"><span
class="btn btn-sm btn-success">New</span></a>
<form method="post" class="float-right">
{{ csrf() }}
<input type="hidden" name="action" value="new" />
<button type="submit" class="btn btn-sm btn-success">New</button>
</form>
</h5>
</div>
@@ -30,15 +33,26 @@
<td><img src="{{ constant('BASE_URL') }}images/changelog/{{ log.where }}.png" alt="icon" title="{{ log.where|capitalize }}"/> {{ log.where|capitalize }}</td>
<td>
<div class="btn-group">
<a href="{{ constant('ADMIN_URL') }}?p=changelog&action=edit&id={{ log.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="{{ constant('ADMIN_URL') }}?p=changelog&action=delete&id={{ log.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="{{ constant('ADMIN_URL') }}?p=changelog&action=hide&id={{ log.id }}" class="btn btn-{{ (log.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if log.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (log.hidden != 1) ? '' : '-slash' }}"></i>
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ log.id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ log.id }}" />
<button type="submit" class="btn btn-danger btn-sm" title="Delete" onclick="return confirm('Are you sure?');"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ log.id }}" />
<button type="submit" class="btn btn-{{ (log.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if log.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (log.hidden != 1) ? '' : '-slash' }}"></i></button>
</form>
</div>
</td>
</tr>
@@ -53,3 +67,15 @@
</table>
</div>
</div>
<link rel="stylesheet" type="text/css" href="{{ constant('BASE_URL') }}tools/css/jquery.datetimepicker.css"/ >
<script src="{{ constant('BASE_URL') }}tools/js/jquery.datetimepicker.js"></script>
<script>
$(document).ready(function () {
$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
$('.tb_datatable').DataTable({
"order": [[0, "desc"]],
"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
});
});
</script>

22
system/templates/admin.links.html.twig Normal file
View File

@@ -0,0 +1,22 @@
<br/><br/>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><img src="images/edit.png"/> Edit</button>
</form>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><img src="images/del.png"/>Delete</button>
</form>
<form action="{{ constant('ADMIN_URL') }}?p={{ page }}" method="post" style="float: left">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ id }}" />
<button type="submit" class="btn btn-{{ (hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if hidden != 1 %}Hide{% else %}Show{% endif %}"><img src="images/{{ hidden != 1 ? 'success' : 'error' }}.png"/>{{ hidden != 1 ? 'Hide' : 'Show' }}</button>
</form>

1
system/templates/admin.login.html.twig
View File

@@ -19,6 +19,7 @@
<p class="login-box-msg">Please login.</p>
<form method="post" action="{{ constant('ADMIN_URL') }}">
{{ csrf() }}
<div class="input-group mb-3">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-lock"></i></span>

1
system/templates/admin.mailer.html.twig
View File

@@ -9,6 +9,7 @@
<h5 class="m-0">Mailer</h5>
</div>
<form id="form" method="post">
{{ csrf() }}
<div class="card-body">
<div class="form-group row">
<label for="mail_to">To: (enter email, or leave empty to all)</label>

1
system/templates/admin.menus.form.html.twig
View File

@@ -4,6 +4,7 @@
</div>
<div class="card-body">
<form method="post" action="?p=menus">
{{ csrf() }}
<p>Please choose template in which you want to edit menu items.</p>
<div class="col-md-6">
<div class="input-group input-group-sm">

14
system/templates/admin.news.form.html.twig
View File

@@ -1,9 +1,11 @@
{% if action %}
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} news</h5>
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} {% if type == constant('NEWS') %}News{% elseif type == constant('TICKER') %}Ticker{% else %}Article{% endif %}</h5>
</div>
<form id="form" role="form" method="post" action="{{ news_link_form }}">
<form id="form" role="form" method="post">
{{ csrf() }}
<input type="hidden" name="action" value="{{ action == 'edit' ? 'edit' : 'new' }}" />
<div class="card-body " id="page-edit-table">
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ news_id }}"/>
@@ -22,9 +24,9 @@
<div class="form-group row">
<label for="select-type">Type</label>
<select class="form-control" name="type" id="select-type">
<option value="{{ constant('NEWS') }}" {% if type is defined and type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
<option value="{{ constant('TICKER') }}" {% if type is defined and type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
<option value="{{ constant('NEWS') }}" {% if type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
<option value="{{ constant('TICKER') }}" {% if type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
<option value="{{ constant('ARTICLE') }}" {% if type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
</select>
</div>
@@ -85,7 +87,7 @@
</div>
</div>
<div class="card-footer">
<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> {{ action == 'edit' ? 'Update' : 'Add' }}</button>
<button type="button" onclick="window.location = '{{ constant('ADMIN_URL') }}?p=news';" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</button>
</div>
</form>

136
system/templates/admin.news.html.twig
View File

@@ -1,136 +1,6 @@
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">News:
<a href="?p=news&action=new&type=1" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for news in newses[constant('NEWS')] %}
<tr>
<td>{{ news.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ news.id }}">{{ news.title }}</a></i></td>
<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ news.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ news.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ news.id }}" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Tickers:
<a href="?p=news&action=new&type=2" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for ticker in newses[constant('TICKER')] %}
<tr>
<td>{{ ticker.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ ticker.id }}">{{ ticker.title }}</a></i></td>
<td>{{ ticker.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ ticker.player_link }}">{{ ticker.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ ticker.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ ticker.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ ticker.id }}" class="btn btn-{{ (ticker.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if ticker.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (ticker.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Articles: <a href="?p=news&action=new&type=3" class="float-right"><span class="btn btn-sm btn-success">New</span></a>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for article in newses[constant('ARTICLE')] %}
<tr>
<td>{{ article.id|raw }}</td>
<td><i><a href="?p=news&action=edit&id={{ article.id }}">{{ article.title }}</a></i></td>
<td>{{ article.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" rel="noopener noreferrer" href="{{ article.player_link }}">{{ article.player_name }}</a></td>
<td>
<div class="btn-group">
<a href="?p=news&action=edit&id={{ article.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=news&action=delete&id={{ article.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=news&action=hide&id={{ article.id }}" class="btn btn-{{ (article.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if article.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (article.hidden != 1) ? '' : '-slash' }}"></i>
</a>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{{ include('admin.news.table.html.twig', {type: 1, title: 'News'}) }}
{{ include('admin.news.table.html.twig', {type: 2, title: 'Tickers'}) }}
{{ include('admin.news.table.html.twig', {type: 3, title: 'Articles'}) }}
<script>
$(function () {

64
system/templates/admin.news.table.html.twig Normal file
View File

@@ -0,0 +1,64 @@
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">{{ title }}:
<form method="post" class="float-right">
{{ csrf() }}
<input type="hidden" name="action" value="new" />
<input type="hidden" name="type" value="{{ type }}" />
<button type="submit" class="btn btn-sm btn-success">New</button>
</form>
</h5>
</div>
<div class="card-body">
<table class="tb_datatable table table-striped table-bordered table-responsive d-md-table">
<thead>
<tr>
<th width="5%">ID</th>
<th>Title</th>
<th>Date</th>
<th>Player</th>
<th style="width: 150px;">Options</th>
</tr>
</thead>
<tbody>
{% for news in newses[type] %}
<tr>
<td>{{ news.id|raw }}</td>
<td>
<i>
<a href="{{ getLink('news') }}/{{ news.id }}" target="_blank">{{ news.title }}</a>
</i>
</td>
<td>{{ news.date|date(setting('core.news_date_format')) }}</td>
<td><a target="_blank" href="{{ news.player_link }}">{{ news.player_name }}</a></td>
<td>
<div class="btn-group">
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete"><i class="fas fa-trash"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ news.id }}" />
<button type="submit" class="btn btn-{{ (news.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if news.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (news.hidden != 1) ? '' : '-slash' }}"></i></button>
</form>
</div>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>

1
system/templates/admin.notepad.html.twig
View File

@@ -3,6 +3,7 @@
<h5 class="m-0">Notepad</h5>
</div>
<form method="post">
{{ csrf() }}
<div class="card-body">
<div class="form-group">
<label>This is your personal notepad. Be sure to save it each time you modify something.</label>

4
system/templates/admin.pages.form.html.twig
View File

@@ -3,7 +3,9 @@
<div class="card-header">
<h5 class="m-0">{% if action == 'edit' %}Edit{% else %}Add{% endif %} page</h5>
</div>
<form id="form" class="form-horizontal" method="post" action="?p=pages&action={% if action == 'edit' %}edit{% else %}new{% endif %}">
<form id="form" class="form-horizontal" method="post">
{{ csrf() }}
<input type="hidden" name="action" value="{{ action }}" />
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ id }}"/>
{% endif %}

36
system/templates/admin.pages.html.twig
View File

@@ -1,7 +1,12 @@
<div class="card card-info card-outline">
<div class="card-header">
<h5 class="m-0">Pages
<a href="?p=pages&action=new" class="float-right"><span class="btn btn-sm btn-success">New</span></a></h5>
<form method="post" class="float-right">
{{ csrf() }}
<input type="hidden" name="action" value="new" />
<button type="submit" class="btn btn-sm btn-success">New</button>
</form>
</h5>
</div>
<div class="card-body">
<table class="table table-striped table-bordered table-responsive d-md-table" id="tb_pages">
@@ -21,15 +26,26 @@
<td>{% if page.php %}Yes{% else %}No{% endif %}</td>
<td>
<div class="btn-group">
<a href="?p=pages&action=edit&id={{ page.id }}" class="btn btn-success btn-sm" title="Edit">
<i class="fas fa-pencil-alt"></i>
</a>
<a href="?p=pages&action=delete&id={{ page.id }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure?');" title="Delete">
<i class="fas fa-trash"></i>
</a>
<a href="?p=pages&action=hide&id={{ page.id }}" class="btn btn-{{ (page.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if page.hidden != 1 %}Hide{% else %}Show{% endif %}">
<i class="fas fa-eye{{ (page.hidden != 1) ? '' : '-slash' }}"></i>
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="edit" />
<input type="hidden" name="id" value="{{ page.id }}" />
<button type="submit" class="btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="delete" />
<input type="hidden" name="id" value="{{ page.id }}" />
<button type="submit" class="btn btn-danger btn-sm" title="Delete" onclick="return confirm('Are you sure?');"><i class="fas fa-pencil-alt"></i></button>
</form>
<form method="post">
{{ csrf() }}
<input type="hidden" name="action" value="hide" />
<input type="hidden" name="id" value="{{ page.id }}" />
<button type="submit" class="btn btn-{{ (page.hidden != 1) ? 'info' : 'default' }} btn-sm" title="{% if page.hidden != 1 %}Hide{% else %}Show{% endif %}"><i class="fas fa-eye{{ (log.hidden != 1) ? '' : '-slash' }}"></i></button>
</form>
</div>
</td>
</tr>

14
system/templates/admin.pages.links.html.twig
View File

@@ -1,14 +0,0 @@
<div style="text-align: right;">
<a href="{{ constant('ADMIN_URL') }}?p=pages&action=edit&id={{ page.id }}" title="Edit in Admin Panel" target="_blank">
<img src="images/edit.png"/>Edit
</a>
<a id="delete" href="{{ constant('ADMIN_URL') }}?p=pages&action=delete&id={{ page.id }}" onclick="return confirm('Are you sure?');"
title="Delete in Admin Panel" target="_blank">
<img src="images/del.png"/>Delete
</a>
<a href="{{ constant('ADMIN_URL') }}?p=pages&action=hide&id={{ page.id }}"
title="{% if page.hidden != 1 %}Hide{% else %}Show{% endif %} in Admin Panel" target="_blank">
<img src="images/{% if page.hidden != 1 %}success{% else %}error{% endif %}.png"/>{% if page.hidden != 1 %}Hide{% else %}Show{% endif %}
</a>
<br/>
</div>

1
system/templates/admin.plugins.form.html.twig
View File

@@ -4,6 +4,7 @@
<h5 class="m-0">Install plugin</h5>
</div>
<form enctype="multipart/form-data" method="post" action="{{ constant('ADMIN_URL') }}?p=plugins">
{{ csrf() }}
<div class="card-body">
<input type="hidden" name="upload_plugin"/>

24
system/templates/admin.plugins.html.twig
View File

@@ -19,13 +19,17 @@
<tr>
<td>
{% if plugin.enabled %}
<a href="?p=plugins&disable={{ plugin.file }}" class="btn btn-success" onclick="return confirm('Are you sure you want to disable plugin {{ plugin.name }}?');" title="Disable">
<i class="fas fa-check"></i> Enabled
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="disable" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-success" onclick="return confirm('Are you sure you want to disable plugin {{ plugin.name }}?');" title="Disable"><i class="fas fa-check"></i> Enabled</button>
</form>
{% else %}
<a href="?p=plugins&enable={{ plugin.file }}" class="btn btn-danger" onclick="return confirm('Are you sure you want to enable plugin {{ plugin.name }}?');" title="Enable">
<i class="fas fa-ban"></i> Disabled
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="enable" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-danger" onclick="return confirm('Are you sure you want to enable plugin {{ plugin.name }}?');" title="Enable"><i class="fas fa-ban"></i> Disabled</button>
</form>
{% endif %}
</td>
<td><b>{{ plugin.name }}</b><br>
@@ -38,9 +42,11 @@
<td>{{ plugin.file }}.json</td>
<td>
{% if plugin.uninstall %}
<a href="?p=plugins&uninstall={{ plugin.file }}" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to uninstall {{ plugin.name }}?');" title="Uninstall">
<i class="fas fa-trash"></i>
</a>
<form method="post">
{{ csrf() }}
<input type="hidden" name="uninstall" value="{{ plugin.file }}" />
<button type="submit" class="btn btn-danger btn-sm" onclick="return confirm('Are you sure you want to uninstall {{ plugin.name }}?');" title="Uninstall"><i class="fas fa-trash"></i></button>
</form>
{% endif %}
</td>
</tr>

6
system/templates/admin.settings.html.twig
View File

@@ -74,6 +74,12 @@
<link rel="stylesheet" type="text/css" href="{{ constant('BASE_URL') }}tools/css/toastify.min.css">
<script type="text/javascript" src="{{ constant('BASE_URL') }}tools/js/toastify.min.js"></script>
<script>
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
$('#settings').submit(function(e) {
e.preventDefault();

3
system/templates/admin.tools.account.html.twig
View File

@@ -6,6 +6,7 @@
<h5 class="m-0">Give Premium Points</h5>
</div>
<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
{{ csrf() }}
<div class="card-body">
<div class="form-group">
<label>Premium Points</label>
@@ -28,6 +29,7 @@
<h5 class="m-0">Give Coins</h5>
</div>
<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
{{ csrf() }}
<div class="card-body">
<div class="form-group">
<label>Coins</label>
@@ -50,6 +52,7 @@
<h5 class="m-0">Give Premium Days</h5>
</div>
<form method="post" action="{{ constant('ADMIN_URL') }}?p=mass_account">
{{ csrf() }}
<div class="card-body">
<div class="form-group">
<label>Premium Days</label>

4
system/templates/characters.html.twig
View File

@@ -106,6 +106,7 @@
<td>{{ house.name ~ house.town ~ house.add }}</td>
<td>
<form action="?subtopic=houses&page=view" method="post">
{{ csrf() }}
<input type="hidden" name="house" value="{{ house.name }}">
<input type="image" name="View" alt="View" src="{{ template_path }}/images/global/buttons/sbutton_view.gif" border="0" width="120">
</form>
@@ -402,7 +403,8 @@
<td>{% if player.isOnline() %}<b><span style="color: green">Online</span></b>{% endif %}</td>
<td>
<table border="0" cellspacing="0" cellpadding="0">
<form action="{{ getLink('characters') }}" method=post>
<form action="{{ getLink('characters') }}" method="post">
{{ csrf() }}
<tr>
<td>
<input type="hidden" name="name" value="{{ player.getName() }}"/>

9
system/templates/faq.form.html.twig
View File

@@ -1,7 +1,8 @@
<form method="post" action="{{ link }}">
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ id }}" />
{% endif %}
{{ csrf() }}
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ id }}" />
{% endif %}
<table width="100%" border="0" cellspacing="1" cellpadding="4">
<tr>
<td bgcolor="{{ config.vdarkborder }}" class="white"><b>{% if action == 'edit' %}Edit{% else %}Add{% endif %} FAQ</b></td>
@@ -23,4 +24,4 @@
</td>
</tr>
</table>
</form>
</form>

3
system/templates/forum.add_board.html.twig
View File

@@ -1,4 +1,5 @@
<form method="post" action="{{ link }}">
{{ csrf() }}
{% if action == 'edit_board' %}
<input type="hidden" name="id" value="{{ id }}" />
{% endif %}
@@ -44,4 +45,4 @@
</td>
</tr>
</table>
</form>
</form>

3
system/templates/forum.edit_post.html.twig
View File

@@ -1,5 +1,6 @@
<br/>
<form action="{{ getLink('forum') }}" method="post">
{{ csrf() }}
<input type="hidden" name="action" value="edit_post" />
<input type="hidden" name="id" value="{{ post_id }}" />
<input type="hidden" name="save" value="save" />
@@ -49,4 +50,4 @@
<div style="text-align:center">
<input type="submit" value="Save Post" />
</div>
</form>
</form>

3
system/templates/forum.move_thread.html.twig
View File

@@ -25,6 +25,7 @@
<input type="submit" value="Move Thread">
</form>
<form action="{{ section_link }}" method="post">
{{ csrf() }}
<input type="submit" value="Cancel">
</form>
</td>
@@ -32,4 +33,4 @@
</table>
</td>
</tr>
</table>
</table>

1
system/templates/forum.new_post.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?" method="post">
{{ csrf() }}
<input type="hidden" name="action" value="new_post" />
<input type="hidden" name="thread_id" value=" {{ thread_id }}" />
<input type="hidden" name="subtopic" value="forum" />

3
system/templates/forum.new_thread.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?" method="post">
{{ csrf() }}
<input type="hidden" name="action" value="new_thread" />
<input type="hidden" name="section_id" value="{{ section_id }}" />
<input type="hidden" name="subtopic" value="forum" />
@@ -45,4 +46,4 @@
<div style="text-align:center">
<input type="submit" value="Post Thread" />
</div>
</form>
</form>

3
system/templates/gallery.form.html.twig
View File

@@ -1,4 +1,5 @@
<form method="post" action="{{ link }}">
{{ csrf() }}
{% if action == 'edit' %}
<input type="hidden" name="id" value="{{ id }}" />
{% endif %}
@@ -29,4 +30,4 @@
</tr>
</table>
</form>
<br/><br/>
<br/><br/>

4
system/templates/guilds.accept_invite.html.twig
View File

@@ -8,6 +8,7 @@
<tr bgcolor="{{ config.darkborder }}">
<td>
<form action="?subtopic=guilds&action=accept_invite&guild={{ guild_name }}&todo=save" method="post">
{{ csrf() }}
{% set i = 0 %}
{% for player in invited_players %}
<input type="radio" name="name" id="name_{{ i }}" value="{{ player }}" /><label for="name_{{ i }}">{{ player }}</label>
@@ -24,9 +25,10 @@
<tr>
<td>
<form action="{{ getLink('guilds') ~ '/' ~ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</td>
</tr>
</table>
</div>
</div>

3
system/templates/guilds.back_button.html.twig
View File

@@ -3,6 +3,7 @@
{% endif %}
<div style="text-align:center">
<form action="{% if action is not defined %}{{ getLink('guilds') }}{% else %}{{ action }}{% endif %}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>
</div>

2
system/templates/guilds.change_description.html.twig
View File

@@ -1,12 +1,14 @@
<div style="text-align:center"><h2>Change guild description</h2></div>
Here you can change description of your guild.<br/>
<form enctype="multipart/form-data" action="?subtopic=guilds&guild={{ guild.getName() }}&action=change_description" method="post">
{{ csrf() }}
<input type="hidden" name="todo" value="save"/>
<textarea name="description" cols="60" rows="{{ setting('core.guild_description_lines_limit') - 1 }}">{{ guild.getCustomField('description')|raw }}</textarea><br>
(max. {{ setting('core.guild_description_lines_limit') }} lines, max. {{ setting('core.guild_description_chars_limit') }} chars) <input type="submit" value="Save description"/></form><br/>
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>

2
system/templates/guilds.change_logo.html.twig
View File

@@ -1,6 +1,7 @@
<div style="text-align:center"><h2>Change guild logo</h2></div>
Here you can change logo of your guild.<br/>Actuall logo: <img src="{{ constant('GUILD_IMAGES_DIR') }}{{ guild_logo }}" height="64" width="64"><br/><br/>
<form enctype="multipart/form-data" action="?subtopic=guilds&guild={{ guild.getName() }}&action=change_logo" method="post" id="upload_form">
{{ csrf() }}
<input type="hidden" name="todo" value="save" />
<input type="hidden" name="MAX_FILE_SIZE" value="{{ max_image_size_b }}" />
Select new logo: <input name="newlogo" id="newlogo" type="file" />
@@ -10,6 +11,7 @@ Only <b>jpg, gif, png, bmp</b> pictures. Max. size: <b>{{ setting('core.guild_im
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>

2
system/templates/guilds.change_motd.html.twig
View File

@@ -1,12 +1,14 @@
<div style="text-align:center"><h2>Change guild MOTD</h2></div>
Here you can change MOTD (Message of the Day, showed in game!) of your guild.<br/>
<form enctype="multipart/form-data" action="?subtopic=guilds&guild={{ guild.getName() }}&action=change_motd" method="post">
{{ csrf() }}
<input type="hidden" name="todo" value="save"/>
<textarea name="motd" cols="60" rows="3">{{ guild.getCustomField('motd')|raw }}</textarea><br/>
(max. {{ setting('core.guild_motd_chars_limit') }} chars) <input type="submit" value="Save MOTD" /></form><br/>
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>

4
system/templates/guilds.change_rank.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?subtopic=guilds&action=change_rank&guild={{ guild_name }}&todo=save" method="post">
{{ csrf() }}
<table border="0" cellspacing="1" cellpadding="4" width="100%">
<tr bgcolor="{{ config.vdarkborder }}"><td class="white"><b>Change Rank</b></td></tr>
<tr bgcolor="{{ config.darkborder }}">
@@ -29,9 +30,10 @@
<td>
<div style="text-align:center">
<form action="?subtopic=guilds&action=show&guild={{ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>
</td>
</tr>
</table>
</table>

4
system/templates/guilds.create.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?subtopic=guilds&action=create&todo=save" method="post">
{{ csrf() }}
<table width="100%" border="0" cellspacing="1" cellpadding="4">
<tr>
<td bgcolor="{{ config.vdarkborder }}" class="white"><B>Create a {{ config.lua.serverName }} Guild</b></td>
@@ -47,6 +48,7 @@
</td>
<td align="center">
<form action="?subtopic=guilds" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</td>
@@ -54,4 +56,4 @@
<img src="{{ template_path }}/images/general/blank.gif" width="120" height="1" border="0"><br>
</td>
</tr>
</table>
</table>

3
system/templates/guilds.create.success.html.twig
View File

@@ -14,9 +14,10 @@
<td>
<div style="text-align:center">
<form action="{{ getLink('guilds') ~ '/' ~ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.submit.html.twig') }}
</form>
</div>
</td>
</tr>
</table>
</table>

4
system/templates/guilds.delete_guild.html.twig
View File

@@ -20,6 +20,7 @@
<tr>
<td>Are you sure you want delete guild <b>{{ guild.getName() }}</b>?<br/>
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=delete_guild" method="post">
{{ csrf() }}
<input type="hidden" name="todo" value="save"/>
<input type="submit" value="Yes, delete"/>
</form>
@@ -34,6 +35,7 @@
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>
</div>

4
system/templates/guilds.delete_invite.html.twig
View File

@@ -8,15 +8,17 @@
<tr>
<td align="right" width="50%">
<form action="?subtopic=guilds&action=delete_invite&guild={{ guild_name }}&name={{ player_name }}&todo=save" method="post">
{{ csrf() }}
{{ include('buttons.submit.html.twig') }}
</form>
</td>
<td style="width: 10px; "></td>
<td>
<form action="?subtopic=guilds&action=show&guild={{ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</td>
</tr>
</table>
</div>
</div>

3
system/templates/guilds.invite.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?subtopic=guilds&action=invite&guild={{ guild_name }}&todo=save" method="post">
{{ csrf() }}
Invite player with name:&nbsp;&nbsp;<input type="text" name="name">&nbsp;&nbsp;&nbsp;&nbsp;
{{ include('buttons.submit.html.twig') }}
</form>
</form>

4
system/templates/guilds.kick_player.html.twig
View File

@@ -8,15 +8,17 @@
<tr>
<td align="right" width="50%">
<form action="?subtopic=guilds&action=kick_player&guild={{ guild_name }}&name={{ player_name }}&todo=save" method="post">
{{ csrf() }}
{{ include('buttons.submit.html.twig') }}
</form>
</td>
<td style="width: 10px;"></td>
<td>
<form action="{{ getLink('guilds') ~ '/' ~ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</td>
</tr>
</table>
</div>
</div>

4
system/templates/guilds.leave_guild.html.twig
View File

@@ -1,4 +1,5 @@
<form action="?subtopic=guilds&action=leave_guild&guild={{ guild_name }}&todo=save" METHOD="post">
{{ csrf() }}
<table border="0" cellspacing="1" cellpadding="4" width="100%">
<tr bgcolor="{{ config.vdarkborder }}">
<td class="white"><b>Leave guild</b></td></tr>
@@ -27,8 +28,9 @@
</form>
<td>
<form action="?subtopic=guilds&action=show&guild={{ guild_name }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</td>
</tr>
</table>
</table>

12
system/templates/guilds.list.html.twig
View File

@@ -61,6 +61,7 @@
<tr>
<td style="border:0;">
<form action="{{ guild.link }}" method="post">
{{ csrf() }}
{{ include('buttons.view.html.twig') }}
</form>
</td>
@@ -82,11 +83,10 @@
<td>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<form action="?subtopic=guilds&action=create" method="post">
<form action="?subtopic=guilds&action=create" method="post">
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
</form>
{{ csrf() }}
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
</form>
</table>
</td>
@@ -128,6 +128,7 @@
{% if logged %}
No guild found that suits your needs?
<form action="?subtopic=guilds&action=create" method="post">
{{ csrf() }}
{% set button_name = 'Found Guild' %}
{% set button_image = '_sbutton_foundguild' %}
{% include('buttons.base.html.twig') %}
@@ -136,6 +137,7 @@
<b>Before you can create a guild you must login.</b>
<br/>
<form action="?subtopic=accountmanagement&redirect={{ getLink('guilds') }}" method="post">
{{ csrf() }}
{% include('buttons.login.html.twig') %}
</form>
{% endif %}

5
system/templates/guilds.manager.html.twig
View File

@@ -76,6 +76,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
<td width="120" valign="top">New rank name:</td>
<td>
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=add_rank" method="post">
{{ csrf() }}
<input type="text" name="rank_name" size="20"/>
<input type="submit" value="Add"/>
</form>
@@ -89,6 +90,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
</div>
<div style="text-align:center"><h3>Change rank names and levels</h3></div>
<form action="?subtopic=guilds&action=save_ranks&guild={{ guild.getName() }}" method="post">
{{ csrf() }}
<table style="clear:both" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr bgcolor="{{ config.vdarkborder }}">
<td rowspan="2" width="120" align="center">
@@ -163,6 +165,7 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&action=show&guild={{ guild.getName() }}" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>
</div>

4
system/templates/guilds.pass_leadership.html.twig
View File

@@ -20,6 +20,7 @@
<tr>
<td>Pass leadership to: </b><br>
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=pass_leadership" method="post">
{{ csrf() }}
<input type="hidden" name="todo" value="save"/>
<input type="text" size="40" name="player"/>
<input type="submit" value="Save">
@@ -35,6 +36,7 @@
<br/>
<div style="text-align:center">
<form action="?subtopic=guilds&guild={{ guild.getName() }}&action=manager" method="post">
{{ csrf() }}
{{ include('buttons.back.html.twig') }}
</form>
</div>
</div>

7
system/templates/guilds.view.html.twig
View File

@@ -142,6 +142,7 @@
<td>
{% set playerName = player.getName() %}
<form action="?subtopic=guilds&action=change_nick&name={{ playerName }}&guild={{ guild_name }}" method="post">
{{ csrf() }}
{{ getPlayerLink(playerName, true)|raw }}
{% set showGuildNick = false %}
@@ -290,6 +291,7 @@
<tr>
{% if not logged %}
<form action="?subtopic=accountmanagement&redirect={{ getGuildLink(guild_name|url_encode, false) }}" method="post">
{{ csrf() }}
<td>
{{ include('buttons.login.html.twig') }}
</td>
@@ -297,6 +299,7 @@
{% else %}
{% if show_accept_invite > 0 %}
<form action="?subtopic=guilds&action=accept_invite&guild={{ guild_name|url_encode }}" method="post">
{{ csrf() }}
<td>
<input type="image" name="Accept Invite" alt="Accept Invite" src="{{ template_path }}/images/global/buttons/sbutton_acceptinvite.png" style="width: 120px; height: 20px;">
</td>
@@ -305,6 +308,7 @@
{% if isVice %}
<form action="?subtopic=guilds&action=invite&guild={{ guild_name|url_encode }}" method="post">
{{ csrf() }}
<td>
{% set button_name = 'Invite Character' %}
{% set button_image = '_sbutton_invitecharacter' %}
@@ -313,6 +317,7 @@
</form>
<form action="?subtopic=guilds&action=change_rank&guild={{ guild_name|url_encode }}" method="post">
{{ csrf() }}
<td>
{% set button_name = 'Edit Ranks' %}
{% set button_image = '_sbutton_editranks' %}
@@ -323,6 +328,7 @@
{% if players_from_account_in_guild|length > 0 %}
<form action="?subtopic=guilds&action=leave_guild&guild={{ guild_name|url_encode }}" method="post">
{{ csrf() }}
<td>
{% set button_name = 'Leave Guild' %}
{% set button_image = '_sbutton_leaveguild' %}
@@ -333,6 +339,7 @@
{% endif %}
<form action="{{ getLink('guilds') }}" method="post">
{{ csrf() }}
<td style="float: right">
{{ include('buttons.back.html.twig') }}
</td>

2
system/templates/templates.header.html.twig
View File

@@ -1,6 +1,8 @@
<meta charset="{{ charset }}">
<meta http-equiv="content-language" content="{{ config.language }}" />
<meta http-equiv="content-type" content="text/html; charset={{ charset }}" />
<!-- CSRF Token -->
<meta name="csrf-token" content="{{ csrfToken() }}">
{% if not is_admin %}
<base href="{{ constant('BASE_URL') }}" />
<title>{{ title }}</title>