From 84d502bf105f2a789481fba1acc820d236b4de66 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Sat, 24 May 2025 11:42:42 +0200
Subject: [PATCH] Fixes regarding csrf + refactor some parts of AAC (guilds +
 forum)

Replace $account_logged->getPlayers() with getPlayersList()
$_REQUEST['todo'] -> $_REQUEST['post']
$guild_errors -> $errors
---
 system/pages/forum/admin.php                  | 13 ++-
 system/pages/forum/edit_post.php              | 19 ++---
 system/pages/forum/move_thread.php            | 10 +--
 system/pages/forum/new_post.php               | 19 ++---
 system/pages/forum/new_thread.php             | 13 ++-
 system/pages/forum/remove_post.php            |  6 +-
 system/pages/forum/show_board.php             | 17 ++--
 system/pages/forum/show_thread.php            |  4 +-
 system/pages/guilds/accept_invite.php         | 12 +--
 system/pages/guilds/add_rank.php              |  4 +-
 system/pages/guilds/change_description.php    |  6 +-
 system/pages/guilds/change_logo.php           | 11 ++-
 system/pages/guilds/change_motd.php           |  6 +-
 system/pages/guilds/change_nick.php           |  4 +-
 system/pages/guilds/change_rank.php           | 27 +++---
 system/pages/guilds/cleanup_players.php       | 45 +++++-----
 system/pages/guilds/create.php                | 43 +++++-----
 system/pages/guilds/delete_by_admin.php       |  5 +-
 system/pages/guilds/delete_guild.php          |  4 +-
 system/pages/guilds/delete_invite.php         | 84 +++++++++----------
 system/pages/guilds/delete_rank.php           | 44 +++++-----
 system/pages/guilds/invite.php                |  8 +-
 system/pages/guilds/kick_player.php           |  4 +-
 system/pages/guilds/leave.php                 |  6 +-
 system/pages/guilds/list.php                  | 15 ++--
 system/pages/guilds/manager.php               | 14 ++--
 system/pages/guilds/pass_leadership.php       | 43 +++++-----
 system/pages/guilds/save_ranks.php            |  7 +-
 system/pages/guilds/show.php                  | 14 ++--
 system/templates/forum.new_thread.html.twig   |  2 +-
 system/templates/forum.remove_post.html.twig  | 12 +++
 system/templates/forum.show_thread.html.twig  |  7 +-
 .../templates/guilds.accept_invite.html.twig  |  9 +-
 system/templates/guilds.change_logo.html.twig |  2 +-
 system/templates/guilds.change_rank.html.twig |  3 +-
 system/templates/guilds.create.html.twig      |  3 +-
 .../templates/guilds.delete_invite.html.twig  |  7 +-
 system/templates/guilds.invite.html.twig      |  3 +-
 system/templates/guilds.kick_player.html.twig |  3 +-
 system/templates/guilds.leave_guild.html.twig |  3 +-
 system/templates/guilds.manager.html.twig     |  7 +-
 templates/tibiacom/account.login.html.twig    |  5 +-
 42 files changed, 301 insertions(+), 272 deletions(-)
 create mode 100644 system/templates/forum.remove_post.html.twig

diff --git a/system/pages/forum/admin.php b/system/pages/forum/admin.php
index 1260cfb2..73be2dc2 100644
--- a/system/pages/forum/admin.php
+++ b/system/pages/forum/admin.php
@@ -64,7 +64,7 @@ if(!empty($action)) {
 	else if($action == 'delete_board') {
 		Forum::delete_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'edit_board')
 	{
@@ -78,28 +78,27 @@ if(!empty($action)) {
 		else {
 			Forum::update_board($id, $name, $access, $guild, $description);
 			header('Location: ' . getLink('forum'));
-			$action = $name = $description = '';
-			$access = $guild = 0;
+			exit;
 		}
 	}
 	else if($action == 'hide_board') {
 		Forum::toggleHide_board($id, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'moveup_board') {
 		Forum::move_board($id, -1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 	else if($action == 'movedown_board') {
 		Forum::move_board($id, 1, $errors);
 		header('Location: ' . getLink('forum'));
-		$action = '';
+		exit;
 	}
 
 	if(!empty($errors)) {
-		$twig->display('error_box.html.twig', array('errors' => $errors));
+		$twig->display('error_box.html.twig', ['errors' => $errors]);
 		$action = '';
 	}
 }
diff --git a/system/pages/forum/edit_post.php b/system/pages/forum/edit_post.php
index d795aa99..b9f2890d 100644
--- a/system/pages/forum/edit_post.php
+++ b/system/pages/forum/edit_post.php
@@ -18,15 +18,14 @@ if ($ret === false) {
 	return;
 }
 
-csrfProtect();
-
 if(!$logged) {
 	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 
-if(Forum::canPost($account_logged))
-{
+csrfProtect();
+
+if(Forum::canPost($account_logged)) {
 	$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
 	if(!$post_id) {
 		$errors[] = 'Please enter post id.';
@@ -43,12 +42,12 @@ if(Forum::canPost($account_logged))
 			$char_id = $post_topic = $text = $smile = $html = null;
 			$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
 			$saved = false;
-			if(isset($_REQUEST['save'])) {
-				$text = stripslashes(trim($_REQUEST['text']));
-				$char_id = (int) $_REQUEST['char_id'];
-				$post_topic = stripslashes(trim($_REQUEST['topic']));
-				$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
-				$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
+			if(isset($_POST['save'])) {
+				$text = stripslashes(trim($_POST['text']));
+				$char_id = (int) $_POST['char_id'];
+				$post_topic = stripslashes(trim($_POST['topic']));
+				$smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0;
+				$html = isset($_POST['html']) ? (int)$_POST['html'] : 0;
 
 				if (!superAdmin()) {
 					$html = 0;
diff --git a/system/pages/forum/move_thread.php b/system/pages/forum/move_thread.php
index 7200fffb..aa101b08 100644
--- a/system/pages/forum/move_thread.php
+++ b/system/pages/forum/move_thread.php
@@ -18,22 +18,22 @@ if ($ret === false) {
 	return;
 }
 
-csrfProtect();
-
 if(!$logged) {
 	echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
 	return;
 }
 
+csrfProtect();
+
 if(!Forum::isModerator()) {
 	echo 'You are not logged in or you are not moderator.';
 	return;
 }
 
-$save = isset($_REQUEST['save']) && (int)$_REQUEST['save'] == 1;
+$save = isset($_POST['save']) && (int)$_POST['save'] == 1;
 if($save) {
-	$post_id = (int)$_REQUEST['id'];
-	$board = (int)$_REQUEST['section'];
+	$post_id = (int)$_POST['id'];
+	$board = (int)$_POST['section'];
 	if(!Forum::hasAccess($board)) {
 		$errors[] = "You don't have access to this board.";
 		displayErrorBoxWithBackButton($errors, getLink('forum'));
diff --git a/system/pages/forum/new_post.php b/system/pages/forum/new_post.php
index 6e373945..71bc3417 100644
--- a/system/pages/forum/new_post.php
+++ b/system/pages/forum/new_post.php
@@ -45,11 +45,11 @@ if(Forum::canPost($account_logged)) {
 		echo '<a href="' . getLink('forum') . '">Boards</a> >> <a href="' . getForumBoardLink($thread['section']) . '">'.$sections[$thread['section']]['name'].'</a> >> <a href="' . getForumThreadLink($thread_id) . '">'.htmlspecialchars($thread['post_topic']).'</a> >> <b>Post new reply</b><br /><h3>'.htmlspecialchars($thread['post_topic']).'</h3>';
 
 		$quote = isset($_REQUEST['quote']) ? (int) $_REQUEST['quote'] : NULL;
-		$text = isset($_REQUEST['text']) ? stripslashes(trim($_REQUEST['text'])) : NULL;
-		$char_id = (int) ($_REQUEST['char_id'] ?? 0);
-		$post_topic = isset($_REQUEST['topic']) ? stripslashes(trim($_REQUEST['topic'])) : '';
-		$smile = (int)($_REQUEST['smile'] ?? 0);
-		$html = (int)($_REQUEST['html'] ?? 0);
+		$text = isset($_POST['text']) ? stripslashes(trim($_POST['text'])) : NULL;
+		$char_id = (int) ($_POST['char_id'] ?? 0);
+		$post_topic = isset($_POST['topic']) ? stripslashes(trim($_POST['topic'])) : '';
+		$smile = (int)($_POST['smile'] ?? 0);
+		$html = (int)($_POST['html'] ?? 0);
 		$saved = false;
 
 		if (!superAdmin()) {
@@ -62,10 +62,10 @@ if(Forum::canPost($account_logged)) {
 				$text = '[i]Originally posted by ' . $quoted_post[0]['name'] . ' on ' . date('d.m.y H:i:s', $quoted_post[0]['post_date']) . ':[/i][quote]' . $quoted_post[0]['post_text'] . '[/quote]';
 			}
 		}
-		elseif(isset($_REQUEST['save'])) {
+		elseif(isset($_POST['save'])) {
 			$length = strlen($text);
 			if($length < 1 || strlen($text) > 15000) {
-				$errors[] = 'Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.';
+				$errors[] = "Too short or too long post (Length: $length letters). Minimum 1 letter, maximum 15000 letters.";
 			}
 
 			if($char_id == 0) {
@@ -81,15 +81,14 @@ if(Forum::canPost($account_logged)) {
 				}
 
 				if(!$player_on_account) {
-					$errors[] = 'Player with selected ID ' . $char_id . ' doesn\'t exist or isn\'t on your account';
+					$errors[] = "Player with selected ID $char_id doesn't exist or isn't on your account";
 				}
 			}
 
 			if(count($errors) == 0) {
 				$last_post = 0;
 				$query = $db->query('SELECT post_date FROM ' . FORUM_TABLE_PREFIX . 'forum ORDER BY post_date DESC LIMIT 1');
-				if($query->rowCount() > 0)
-				{
+				if($query->rowCount() > 0) {
 					$query = $query->fetch();
 					$last_post = $query['post_date'];
 				}
diff --git a/system/pages/forum/new_thread.php b/system/pages/forum/new_thread.php
index 2e9e74b3..4f311977 100644
--- a/system/pages/forum/new_thread.php
+++ b/system/pages/forum/new_thread.php
@@ -40,19 +40,18 @@ if(Forum::canPost($account_logged)) {
 			if ($sections[$section_id]['closed'] && !Forum::isModerator())
 				$errors[] = 'You cannot create topic on this board.';
 
-			$quote = (int)(isset($_REQUEST['quote']) ? $_REQUEST['quote'] : 0);
-			$text = isset($_REQUEST['text']) ? stripslashes($_REQUEST['text']) : '';
-			$char_id = (int)(isset($_REQUEST['char_id']) ? $_REQUEST['char_id'] : 0);
-			$post_topic = isset($_REQUEST['topic']) ? stripslashes($_REQUEST['topic']) : '';
-			$smile = (isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0);
-			$html = (isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0);
+			$text = isset($_POST['text']) ? stripslashes($_POST['text']) : '';
+			$char_id = (int)(isset($_POST['char_id']) ? $_POST['char_id'] : 0);
+			$post_topic = isset($_POST['topic']) ? stripslashes($_POST['topic']) : '';
+			$smile = (isset($_POST['smile']) ? (int)$_POST['smile'] : 0);
+			$html = (isset($_POST['html']) ? (int)$_POST['html'] : 0);
 
 			if (!superAdmin()) {
 				$html = 0;
 			}
 
 			$saved = false;
-			if (isset($_REQUEST['save'])) {
+			if (isset($_POST['save'])) {
 				$length = strlen($post_topic);
 				if ($length < 1 || $length > 60) {
 					$errors[] = "Too short or too long topic (Length: $length letters). Minimum 1 letter, maximum 60 letters.";
diff --git a/system/pages/forum/remove_post.php b/system/pages/forum/remove_post.php
index a1dc15af..ec3a38ec 100644
--- a/system/pages/forum/remove_post.php
+++ b/system/pages/forum/remove_post.php
@@ -26,10 +26,10 @@ if(!$logged) {
 csrfProtect();
 
 if(Forum::isModerator()) {
-	$id = (int) $_REQUEST['id'];
+	$id = (int) ($_POST['id'] ?? 0);
 	$post = $db->query("SELECT `id`, `first_post`, `section` FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$id." LIMIT 1")->fetch();
 
-	if($post['id'] == $id && Forum::hasAccess($post['section'])) {
+	if($post && $post['id'] == $id && Forum::hasAccess($post['section'])) {
 		if($post['id'] == $post['first_post']) {
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `first_post` = ".$post['id']);
 			header('Location: ' . getForumBoardLink($post['section']));
@@ -38,7 +38,7 @@ if(Forum::isModerator()) {
 			$post_page = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`id` < ".$id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $post['first_post'])->fetch();
 			$_page = (int) ceil($post_page['posts_count'] / setting('core.forum_threads_per_page')) - 1;
 			$db->query("DELETE FROM `" . FORUM_TABLE_PREFIX . "forum` WHERE `id` = ".$post['id']);
-			header('Location: ' . getForumThreadLink($post['first_post'], (int) $_page));
+			header('Location: ' . getForumThreadLink($post['first_post'], $_page));
 		}
 	}
 	else {
diff --git a/system/pages/forum/show_board.php b/system/pages/forum/show_board.php
index 5997bdba..e899cc99 100644
--- a/system/pages/forum/show_board.php
+++ b/system/pages/forum/show_board.php
@@ -33,7 +33,7 @@ if(!Forum::hasAccess($section_id)) {
 	return;
 }
 
-$_page = (int) (isset($_REQUEST['page']) ? $_REQUEST['page'] : 0);
+$_page = (int) ($_REQUEST['page'] ?? 0);
 $threads_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS threads_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".(int) $section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id`")->fetch();
 for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
@@ -50,7 +50,7 @@ if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 }
 
 echo '<br /><br />Page: '.$links_to_pages.'<br />';
-$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll();
+$last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(PDO::FETCH_ASSOC);
 
 if(isset($last_threads[0])) {
 	echo '<table width="100%">
@@ -67,8 +67,8 @@ if(isset($last_threads[0])) {
 	foreach($last_threads as $thread) {
 		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
 		if(Forum::isModerator()) {
-			echo '<a href="' . getLink('forum') . '?action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
-			echo '<a href="' . getLink('forum') . '?action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.htmlspecialchars($thread['post_topic']).' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
+			echo '<a href="' . getLink('forum') . '?action=move_thread&id=' . $thread['id'] . '" title="Move Thread"><img src="images/icons/arrow_right.gif"/></a>';
+			$twig->display('forum.remove_post.html.twig', ['post' => $thread]);
 		}
 
 		$player->load($thread['player_id']);
@@ -82,10 +82,13 @@ if(isset($last_threads[0])) {
 		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.htmlspecialchars($thread['post_topic']). '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
 		if($thread['last_post'] > 0) {
 			$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
-			if(isset($last_post['name']))
-				echo date('d.m.y H:i:s', $last_post['post_date']).'<br />by ' . getPlayerLink($last_post['name']);
-			else
+
+			if(isset($last_post['name'])) {
+				echo date('d.m.y H:i:s', $last_post['post_date']) . '<br />by ' . getPlayerLink($last_post['name']);
+			}
+			else {
 				echo 'No posts.';
+			}
 		}
 		else {
 			echo date('d.m.y H:i:s', $thread['post_date']) . '<br />by ' . getPlayerLink($thread['name']);
diff --git a/system/pages/forum/show_thread.php b/system/pages/forum/show_thread.php
index e4c53f16..ceeb2602 100644
--- a/system/pages/forum/show_thread.php
+++ b/system/pages/forum/show_thread.php
@@ -35,7 +35,7 @@ if(!Forum::hasAccess($thread_starter['section'])) {
 	return;
 }
 
-$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread_id)->fetch();
+$posts_count = $db->query("SELECT COUNT(`" . FORUM_TABLE_PREFIX . "forum`.`id`) AS posts_count FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id)->fetch();
 for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_page'); $i++) {
 	if($i != $_page)
 		$links_to_pages .= '<a href="' . getForumThreadLink($thread_id, $i) . '">'.($i + 1).'</a> ';
@@ -46,7 +46,7 @@ for($i = 0; $i < $posts_count['posts_count'] / setting('core.forum_threads_per_p
 $posts = $db->query("SELECT `players`.`id` as `player_id`, `" . FORUM_TABLE_PREFIX . "forum`.`id`,`" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`section`,`" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` AS `date`, `" . FORUM_TABLE_PREFIX . "forum`.`post_smile`, `" . FORUM_TABLE_PREFIX . "forum`.`post_html`, `" . FORUM_TABLE_PREFIX . "forum`.`author_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`author_guid`, `" . FORUM_TABLE_PREFIX . "forum`.`last_edit_aid`, `" . FORUM_TABLE_PREFIX . "forum`.`edit_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".$thread_id." ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`post_date` LIMIT " . setting('core.forum_posts_per_page') . " OFFSET ".($_page * setting('core.forum_posts_per_page')))->fetchAll();
 
 if(isset($posts[0]['player_id'])) {
-	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = ".(int) $thread_id);
+	$db->query("UPDATE `" . FORUM_TABLE_PREFIX . "forum` SET `views`=`views`+1 WHERE `id` = " . $thread_id);
 }
 
 $lookaddons = $db->hasColumn('players', 'lookaddons');
diff --git a/system/pages/guilds/accept_invite.php b/system/pages/guilds/accept_invite.php
index bc782480..14c55c25 100644
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@@ -12,11 +12,11 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 require __DIR__ . '/base.php';
 
-//set rights in guild
+// set rights in guild
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
 if(!$logged) {
-	$errors[] = 'You are not logged in. You can\'t accept invitations.';
+	$errors[] = "You are not logged in. You can't accept invitations.";
 }
 
 if(!Validator::guildName($guild_name)) {
@@ -27,11 +27,11 @@ if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>$guild_name</b> doesn't exist.";
 	}
 }
 
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(!Validator::characterName($name)) {
 		$errors[] = 'Invalid name format.';
 	}
@@ -51,7 +51,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 	}
 }
 
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(empty($errors)) {
 		$is_invited = false;
 		include(SYSTEM . 'libs/pot/InvitesDriver.php');
@@ -104,7 +104,7 @@ if(!empty($errors)) {
 	));
 }
 else {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->acceptInvite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Accept invitation',
diff --git a/system/pages/guilds/add_rank.php b/system/pages/guilds/add_rank.php
index e66ba49e..b24ff03d 100644
--- a/system/pages/guilds/add_rank.php
+++ b/system/pages/guilds/add_rank.php
@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$rank_name = isset($_REQUEST['rank_name']) ? $_REQUEST['rank_name'] : null;
+$rank_name = $_POST['rank_name'] ?? null;
 if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
 }
@@ -35,7 +35,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
 				$guild_vice = true;
diff --git a/system/pages/guilds/change_description.php b/system/pages/guilds/change_description.php
index 765665bf..e3c24522 100644
--- a/system/pages/guilds/change_description.php
+++ b/system/pages/guilds/change_description.php
@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -42,8 +42,8 @@ if(empty($errors)) {
 
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
-				$description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit'))));
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
+				$description = htmlspecialchars(stripslashes(substr(trim($_POST['description']),0, setting('core.guild_description_chars_limit'))));
 				$guild->setCustomField('description', $description);
 				$saved = true;
 			}
diff --git a/system/pages/guilds/change_logo.php b/system/pages/guilds/change_logo.php
index d8257e66..7fa72d99 100644
--- a/system/pages/guilds/change_logo.php
+++ b/system/pages/guilds/change_logo.php
@@ -30,7 +30,7 @@ if(empty($errors)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
@@ -40,14 +40,13 @@ if(empty($errors)) {
 			}
 		}
 
-		if($guild_leader)
-		{
+		if($guild_leader) {
 			$max_image_size_b = setting('core.guild_image_size_kb') * 1024;
 			$allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png');
 			$ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png');
 			$save_file_name = str_replace(' ', '_', strtolower($guild->getName()));
 			$save_path = GUILD_IMAGES_DIR . $save_file_name;
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save')
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save')
 			{
 				$file = $_FILES['newlogo'];
 				if(is_uploaded_file($file['tmp_name']))
@@ -97,13 +96,13 @@ if(empty($errors)) {
 
 			$guild_logo = $guild->getCustomField('logo_name');
 			if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
-				$guild_logo = "default.gif";
+				$guild_logo = 'default.gif';
 			}
 
 			$twig->display('guilds.change_logo.html.twig', array(
 				'guild_logo' => $guild_logo,
 				'guild' => $guild,
-				'max_image_size_b' => $max_image_size_b
+				//'max_image_size_b' => $max_image_size_b
 			));
 
 		}
diff --git a/system/pages/guilds/change_motd.php b/system/pages/guilds/change_motd.php
index babb806c..8d478377 100644
--- a/system/pages/guilds/change_motd.php
+++ b/system/pages/guilds/change_motd.php
@@ -34,7 +34,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -45,8 +45,8 @@ if(empty($errors)) {
 
 		$saved = false;
 		if($guild_leader) {
-			if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
-				$motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit'))));
+			if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
+				$motd = htmlspecialchars(stripslashes(substr($_POST['motd'],0, setting('core.guild_motd_chars_limit'))));
 				$guild->setCustomField('motd', $motd);
 				$saved = true;
 			}
diff --git a/system/pages/guilds/change_nick.php b/system/pages/guilds/change_nick.php
index bf773124..5016ef3e 100644
--- a/system/pages/guilds/change_nick.php
+++ b/system/pages/guilds/change_nick.php
@@ -20,17 +20,15 @@ if(!$logged) {
 }
 
 $name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : null;
-$new_nick = isset($_REQUEST['nick']) ? stripslashes($_REQUEST['nick']) : null;
+$new_nick = isset($_POST['nick']) ? stripslashes($_POST['nick']) : null;
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 
 if(!$name) {
 	$errors[] = 'Please enter new name.';
-	return;
 }
 
 if(!$new_nick) {
 	$errors[] = 'Please enter new nick.';
-	return;
 }
 
 if(empty($errors))
diff --git a/system/pages/guilds/change_rank.php b/system/pages/guilds/change_rank.php
index 4341db16..6d36bdf1 100644
--- a/system/pages/guilds/change_rank.php
+++ b/system/pages/guilds/change_rank.php
@@ -17,8 +17,9 @@ if(!$logged) {
 }
 else {
 	$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-	if(!Validator::guildName($guild_name))
+	if(!Validator::guildName($guild_name)) {
 		$errors[] = Validator::getLastError();
+	}
 }
 
 if(empty($errors))
@@ -42,7 +43,7 @@ $rank_list = $guild->getGuildRanksList();
 $rank_list->orderBy('level', POT::ORDER_DESC);
 $guild_leader = false;
 $guild_vice = false;
-$account_players = $account_logged->getPlayers();
+$account_players = $account_logged->getPlayersList();
 foreach($account_players as $player)
 {
 	$player_rank = $player->getRank();
@@ -65,22 +66,23 @@ foreach($account_players as $player)
 	}
 }
 
-if($guild_vice)
-{
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] === 'save')
-	{
+if($guild_vice) {
+	if(isset($_POST['todo']) && $_POST['todo'] === 'save') {
 		$player_name = stripslashes($_REQUEST['name']);
-		$new_rank = (int) $_REQUEST['rankid'];
-		if(!Validator::characterName($player_name))
+		$new_rank = (int) $_POST['rankid'];
+
+		if(!Validator::characterName($player_name)) {
 			$errors[] = 'Invalid player name format.';
+		}
+
 		$rank = new OTS_GuildRank();
 		$rank->load($new_rank);
 		if(!$rank->isLoaded())
 			$errors[] = "Rank with this ID doesn't exist.";
 		if($level_in_guild <= $rank->getLevel() && !$guild_leader)
 			$errors[] = "You can't set ranks with equal or higher level than your.";
-		if(empty($errors))
-		{
+
+		if(empty($errors)) {
 			$player_to_change = new OTS_Player();
 			$player_to_change->find($player_name);
 			if(!$player_to_change->isLoaded())
@@ -108,8 +110,7 @@ if($guild_vice)
 				$errors[] = 'This player has higher rank in guild than you. You can\'t change his/her rank.';
 		}
 
-		if(empty($errors))
-		{
+		if(empty($errors)) {
 			$player_to_change->setRank($rank);
 			$twig->display('success.html.twig', array(
 				'title' => 'Rank Changed',
@@ -125,7 +126,7 @@ if($guild_vice)
 	$result = getPlayersWithLowerRank($rank_list, $guild_leader, $db, $level_in_guild, $guild);
 
 	$twig->display('guilds.change_rank.html.twig', array(
-		'players' => isset($result['players']) ? $result['players'] : array(),
+		'players' => $result['players'] ?? [],
 		'guild_name' => $guild->getName(),
 		'ranks' => $result['ranks']
 	));
diff --git a/system/pages/guilds/cleanup_players.php b/system/pages/guilds/cleanup_players.php
index 7e02fbeb..ad110feb 100644
--- a/system/pages/guilds/cleanup_players.php
+++ b/system/pages/guilds/cleanup_players.php
@@ -12,33 +12,27 @@ defined('MYAAC') or die('Direct access not allowed!');
 
 require __DIR__ . '/base.php';
 
-if(!$logged)
-{
+if(!$logged) {
 	echo "You are not logged in.";
 	$twig->display('guilds.back_button.html.twig');
 	return;
 }
 
-if(admin())
-{
+if(admin()) {
 	$players_list = new OTS_Players_List();
 	$players_list->init();
 }
-else
+else {
 	$players_list = $account_logged->getPlayersList();
+}
 
-if(count($players_list) > 0)
-{
-	foreach($players_list as $player)
-	{
+if(count($players_list) > 0) {
+	foreach($players_list as $player) {
 		$player_rank = $player->getRank();
-		if($player_rank->isLoaded())
-		{
-			if($player_rank->isLoaded())
-			{
+		if($player_rank->isLoaded()) {
+			if($player_rank->isLoaded()) {
 				$rank_guild = $player_rank->getGuild();
-				if(!$rank_guild->isLoaded())
-				{
+				if(!$rank_guild->isLoaded()) {
 					$player->setRank();
 					$player->setGuildNick('');
 					$changed_ranks_of[] = $player->getName();
@@ -46,8 +40,7 @@ if(count($players_list) > 0)
 					$player_rank->delete();
 				}
 			}
-			else
-			{
+			else {
 				$player->setRank();
 				$player->setGuildNick('');
 				$changed_ranks_of[] = $player->getName();
@@ -55,14 +48,20 @@ if(count($players_list) > 0)
 
 		}
 	}
+
 	echo "<b>Deleted ranks (this ranks guilds doesn't exist [bug fix]):</b>";
-	if(!empty($deleted_ranks))
-		foreach($deleted_ranks as $rank)
-			echo "<li>".$rank;
+	if(!empty($deleted_ranks)) {
+		foreach ($deleted_ranks as $rank) {
+			echo "<li>" . $rank;
+		}
+	}
 	echo "<BR /><BR /><b>Changed ranks of players (rank or guild of rank doesn't exist [bug fix]):</b>";
-	if(!empty($changed_ranks_of))
-		foreach($changed_ranks_of as $name)
-			echo "<li>".$name;
+
+	if(!empty($changed_ranks_of)) {
+		foreach ($changed_ranks_of as $name) {
+			echo "<li>" . $name;
+		}
+	}
 }
 else
 	echo "0 players found.";
diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php
index b404c494..ef0117e8 100644
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@@ -14,15 +14,15 @@ use MyAAC\Models\GuildRank;
 
 require __DIR__ . '/base.php';
 
-$guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
-$name = isset($_REQUEST['name']) ? stripslashes($_REQUEST['name']) : NULL;
-$todo = isset($_REQUEST['todo']) ? $_REQUEST['todo'] : NULL;
+$guild_name = isset($_POST['guild']) ? urldecode($_POST['guild']) : NULL;
+$name = isset($_POST['name']) ? stripslashes($_POST['name']) : NULL;
+$todo = isset($_POST['todo']) ? $_POST['todo'] : NULL;
 if(!$logged) {
-	$guild_errors[] = 'You are not logged in. You can\'t create guild.';
+	$errors[] = 'You are not logged in. You can\'t create guild.';
 }
 
 $array_of_player_nig = array();
-if(empty($guild_errors))
+if(empty($errors))
 {
 	$account_players = $account_logged->getPlayersList(false);
 	foreach($account_players as $player)
@@ -41,45 +41,44 @@ if(empty($guild_errors))
 
 if(empty($todo)) {
 	if(count($array_of_player_nig) == 0) {
-		$guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.';
+		$errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.';
 	}
 }
 
 if($todo == 'save')
 {
 	if(!Validator::guildName($guild_name)) {
-		$guild_errors[] = Validator::getLastError();
+		$errors[] = Validator::getLastError();
 		$guild_name = '';
 	}
 
 	if(!Validator::characterName($name)) {
-		$guild_errors[] = 'Invalid character name format.';
+		$errors[] = 'Invalid character name format.';
 		$name = '';
 	}
 
-	if(empty($guild_errors)) {
+	if(empty($errors)) {
 		$player = new OTS_Player();
 		$player->find($name);
 		if(!$player->isLoaded()) {
-			$guild_errors[] = 'Character <b>'.$name.'</b> doesn\'t exist.';
+			$errors[] = 'Character <b>'.$name.'</b> doesn\'t exist.';
 		}
 	}
 
-
-	if(empty($guild_errors))
+	if(empty($errors))
 	{
 		$guild = new OTS_Guild();
 		$guild->find($guild_name);
 		if($guild->isLoaded()) {
-			$guild_errors[] = 'Guild <b>'.$guild_name.'</b> already exist. Select other name.';
+			$errors[] = 'Guild <b>'.$guild_name.'</b> already exist. Select other name.';
 		}
 	}
 
-	if(empty($guild_errors) && $player->isDeleted()) {
-		$guild_errors[] = "Character <b>$name</b> has been deleted.";
+	if(empty($errors) && $player->isDeleted()) {
+		$errors[] = "Character <b>$name</b> has been deleted.";
 	}
 
-	if(empty($guild_errors))
+	if(empty($errors))
 	{
 		$bad_char = true;
 		foreach($array_of_player_nig as $nick_from_list) {
@@ -88,22 +87,22 @@ if($todo == 'save')
 			}
 		}
 		if($bad_char) {
-			$guild_errors[] = 'Character <b>'.$name.'</b> isn\'t on your account or is already in guild.';
+			$errors[] = 'Character <b>'.$name.'</b> isn\'t on your account or is already in guild.';
 		}
 	}
 
-	if(empty($guild_errors)) {
+	if(empty($errors)) {
 		if($player->getLevel() < setting('core.guild_need_level')) {
-			$guild_errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.';
+			$errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.';
 		}
 		if(setting('core.guild_need_premium') && !$account_logged->isPremium()) {
-			$guild_errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.';
+			$errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.';
 		}
 	}
 }
 
-if(!empty($guild_errors)) {
-	$twig->display('error_box.html.twig', array('errors' => $guild_errors));
+if(!empty($errors)) {
+	$twig->display('error_box.html.twig', array('errors' => $errors));
 	unset($todo);
 }
 
diff --git a/system/pages/guilds/delete_by_admin.php b/system/pages/guilds/delete_by_admin.php
index e403cbda..f453cd7a 100644
--- a/system/pages/guilds/delete_by_admin.php
+++ b/system/pages/guilds/delete_by_admin.php
@@ -45,7 +45,10 @@ if(empty($errors)) {
 				$twig->display('success.html.twig', array(
 					'title' => 'Delete Guild',
 					'description' => 'Are you sure you want delete guild <b>' . $guild_name . '</b>?<br/>
-				<form action="' . getLink('guilds') . '?guild=' . $guild->getName() . '&action=delete_by_admin" METHOD="post"><input type="hidden" name="todo" value="save"><input type="submit" value="Yes, delete"></form>',
+				<form action="' . getLink('guilds') . '?guild=' . $guild->getName() . '&action=delete_by_admin" METHOD="post">
+					' . csrf(true) . '
+					<input type="hidden" name="todo" value="save"><input type="submit" value="Yes, delete">
+				</form>',
 					'custom_buttons' => $twig->render('guilds.back_button.html.twig')
 				));
 			}
diff --git a/system/pages/guilds/delete_guild.php b/system/pages/guilds/delete_guild.php
index 978ac513..0e4bd0ba 100644
--- a/system/pages/guilds/delete_guild.php
+++ b/system/pages/guilds/delete_guild.php
@@ -21,7 +21,7 @@ if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>$guild_name</b> doesn't exist.";
 	}
 }
 
@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
diff --git a/system/pages/guilds/delete_invite.php b/system/pages/guilds/delete_invite.php
index 7bf4067a..485ca9d0 100644
--- a/system/pages/guilds/delete_invite.php
+++ b/system/pages/guilds/delete_invite.php
@@ -15,47 +15,43 @@ require __DIR__ . '/base.php';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
 $name = stripslashes($_REQUEST['name']);
 
-if(!$logged)
+if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t delete invitations.';
+}
 
-if(!Validator::guildName($guild_name))
+if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
+}
 
-if(!Validator::characterName($name))
+if(!Validator::characterName($name)) {
 	$errors[] = 'Invalid name format.';
+}
 
-if(empty($errors))
-{
+if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded())
 		$errors[] = "Guild with name <b>" . $guild_name . "</b> doesn't exist.";
 }
 
-if(empty($errors))
-{
+if(empty($errors)) {
 	$rank_list = $guild->getGuildRanksList();
 	$rank_list->orderBy('level', POT::ORDER_DESC);
 	$guild_leader = false;
 	$guild_vice = false;
-	$account_players = $account_logged->getPlayers();
-	foreach($account_players as $player)
-	{
+	$account_players = $account_logged->getPlayersList();
+	foreach($account_players as $player) {
 		$player_rank = $player->getRank();
-		if($player_rank->isLoaded())
-		{
-			foreach($rank_list as $rank_in_guild)
-			{
-				if($rank_in_guild->getId() == $player_rank->getId())
-				{
+		if($player_rank->isLoaded()) {
+			foreach($rank_list as $rank_in_guild) {
+				if($rank_in_guild->getId() == $player_rank->getId()) {
 					$players_from_account_in_guild[] = $player->getName();
-					if($player_rank->getLevel() > 1)
-					{
+					if($player_rank->getLevel() > 1) {
 						$guild_vice = true;
 						$level_in_guild = $player_rank->getLevel();
 					}
-					if($guild->getOwner()->getId() == $player->getId())
-					{
+
+					if($guild->getOwner()->getId() == $player->getId()) {
 						$guild_vice = true;
 						$guild_leader = true;
 					}
@@ -64,44 +60,46 @@ if(empty($errors))
 		}
 	}
 
-	if(!$guild_vice)
+	if(!$guild_vice) {
 		$errors[] = 'You are not a leader or vice leader of guild <b>' . $guild_name . '</b>.';
-}
-if(empty($errors))
-{
-	$player = new OTS_Player();
-	$player->find($name);
-	if(!$player->isLoaded())
-		$errors[] = 'Player with name <b>' . $name . '</b> doesn\'t exist.';
+	}
 }
 
-if(empty($errors))
-{
+if(empty($errors)) {
+	$player = new OTS_Player();
+	$player->find($name);
+	if(!$player->isLoaded()) {
+		$errors[] = "Player with name <b>$name</b> doesn't exist.";
+	}
+}
+
+if(empty($errors)) {
 	include(SYSTEM . 'libs/pot/InvitesDriver.php');
 	new InvitesDriver($guild);
 	$invited_list = $guild->listInvites();
-	if(count($invited_list) > 0)
-	{
+	if(count($invited_list) > 0) {
 		$is_invited = false;
-		foreach($invited_list as $invited)
-			if($invited->getName() == $player->getName())
+		foreach($invited_list as $invited) {
+			if ($invited->getName() == $player->getName()) {
 				$is_invited = true;
-		if(!$is_invited)
-			$errors[] = '<b>'.$player->getName().'</b> isn\'t invited to your guild.';
+			}
+		}
+		if(!$is_invited) {
+			$errors[] = '<b>' . $player->getName() . '</b> isn\'t invited to your guild.';
+		}
 	}
-	else
+	else {
 		$errors[] = 'No one is invited to your guild.';
+	}
 }
-if(!empty($errors))
-{
+
+if(!empty($errors)) {
 	$twig->display('error_box.html.twig', array('errors' => $errors));
 
 	$twig->display('guilds.back_button.html.twig', array('action' => getLink('guilds') . '?action=show&guild=' . $guild_name));
 }
-else
-{
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save')
-	{
+else {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->deleteInvite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Deleted player invitation',
diff --git a/system/pages/guilds/delete_rank.php b/system/pages/guilds/delete_rank.php
index 56322cd9..ce783137 100644
--- a/system/pages/guilds/delete_rank.php
+++ b/system/pages/guilds/delete_rank.php
@@ -13,25 +13,27 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-$rank_to_delete = isset($_REQUEST['rankid']) ? (int) $_REQUEST['rankid'] : null;
+$rank_to_delete = isset($_POST['rankid']) ? (int) $_POST['rankid'] : null;
 
 if(!Validator::guildName($guild_name)) {
-	$guild_errors[] = Validator::getLastError();
+	$errors[] = Validator::getLastError();
 }
-if(empty($guild_errors)) {
+
+if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$guild_errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
 	}
 }
-if(empty($guild_errors)) {
+
+if(empty($errors)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild->getOwner()->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -39,21 +41,21 @@ if(empty($guild_errors)) {
 				$level_in_guild = 3;
 			}
 		}
+
 		if($guild_leader) {
 			$rank = new OTS_GuildRank();
 			$rank->load($rank_to_delete);
 			if(!$rank->isLoaded()) {
-				$guild_errors2[] = 'Rank with ID '.$rank_to_delete.' doesn\'t exist.';
+				$errors2[] = 'Rank with ID '.$rank_to_delete.' doesn\'t exist.';
 			}
-			else
-			{
+			else {
 				if($rank->getGuild()->getId() != $guild->getId()) {
-					$guild_errors2[] = 'Rank with ID '.$rank_to_delete.' isn\'t from your guild.';
+					$errors2[] = 'Rank with ID '.$rank_to_delete.' isn\'t from your guild.';
 				}
 				else
 				{
 					if(count($rank_list) < 2) {
-						$guild_errors2[] = 'You have only 1 rank in your guild. You can\'t delete this rank.';
+						$errors2[] = 'You have only 1 rank in your guild. You can\'t delete this rank.';
 					}
 					else
 					{
@@ -87,19 +89,21 @@ if(empty($guild_errors)) {
 									$player->setRank($new_rank);
 							}
 						}
+
 						$rank->delete();
 						$saved = true;
 					}
 				}
 			}
-			if($saved) {
+
+			if(isset($saved) && $saved) {
 				$twig->display('success.html.twig', array(
 					'title' => 'Rank Deleted',
 					'description' => 'Rank <b>'.$rank->getName().'</b> has been deleted. Players with this rank has now other rank.',
 					'custom_buttons' => ''
 				));
 			} else {
-				$twig->display('error_box.html.twig', array('errors' => $guild_errors2));
+				$twig->display('error_box.html.twig', array('errors' => $errors2));
 			}
 
 			$twig->display('guilds.back_button.html.twig', array(
@@ -107,18 +111,16 @@ if(empty($guild_errors)) {
 				'action' => getLink('guilds') . '?guild='.$guild->getName().'&action=manager'
 			));
 		}
-		else
-		{
-			$guild_errors[] = 'You are not a leader of guild!';
+		else {
+			$errors[] = 'You are not a leader of guild!';
 		}
 	}
-	else
-	{
-		$guild_errors[] = 'You are not logged. You can\'t manage guild.';
+	else {
+		$errors[] = 'You are not logged. You can\'t manage guild.';
 	}
 }
-if(!empty($guild_errors)) {
-	$twig->display('error_box.html.twig', array('errors' => $guild_errors));
+if(!empty($errors)) {
+	$twig->display('error_box.html.twig', array('errors' => $errors));
 
 	$twig->display('guilds.back_button.html.twig', array(
 		'new_line' => true,
diff --git a/system/pages/guilds/invite.php b/system/pages/guilds/invite.php
index 8fae8e27..9d6c9c06 100644
--- a/system/pages/guilds/invite.php
+++ b/system/pages/guilds/invite.php
@@ -36,7 +36,7 @@ if(empty($errors)) {
 	$rank_list->orderBy('level', POT::ORDER_DESC);
 	$guild_leader = false;
 	$guild_vice = false;
-	$account_players = $account_logged->getPlayers();
+	$account_players = $account_logged->getPlayersList();
 	foreach($account_players as $player) {
 		$player_rank = $player->getRank();
 		if($player_rank->isLoaded()) {
@@ -62,7 +62,7 @@ if(!$guild_vice) {
 	$errors[] = 'You are not a leader or vice leader of guild <b>'.$guild_name.'</b>.'.$level_in_guild;
 }
 
-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(!Validator::characterName($name)) {
 		$errors[] = 'Invalid name format.';
 	}
@@ -71,7 +71,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 		$player = new OTS_Player();
 		$player->find($name);
 		if(!$player->isLoaded()) {
-			$errors[] = 'Player with name <b>' . $name . '</b> doesn\'t exist.';
+			$errors[] = "Player with name <b>$name</b> doesn't exist.";
 		} else if ($player->isDeleted()) {
 			$errors[] = "Character with name <b>$name</b> has been deleted.";
 		}
@@ -102,7 +102,7 @@ if(!empty($errors)) {
 	$twig->display('error_box.html.twig', array('errors' => $errors));
 }
 else {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->invite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Invite player',
diff --git a/system/pages/guilds/kick_player.php b/system/pages/guilds/kick_player.php
index 5ce79187..736617b0 100644
--- a/system/pages/guilds/kick_player.php
+++ b/system/pages/guilds/kick_player.php
@@ -41,7 +41,7 @@ if(empty($errors)) {
 	$rank_list->orderBy('level', POT::ORDER_DESC);
 	$guild_leader = false;
 	$guild_vice = false;
-	$account_players = $account_logged->getPlayers();
+	$account_players = $account_logged->getPlayersList();
 	foreach($account_players as $player) {
 		$player_rank = $player->getRank();
 		if($player_rank->isLoaded()) {
@@ -102,7 +102,7 @@ if(!empty($errors)) {
 }
 else
 {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$player->setRank();
 
 		$twig->display('success.html.twig', array(
diff --git a/system/pages/guilds/leave.php b/system/pages/guilds/leave.php
index 9a11595d..50f52a6c 100644
--- a/system/pages/guilds/leave.php
+++ b/system/pages/guilds/leave.php
@@ -34,7 +34,7 @@ if(empty($errors)) {
 $array_of_player_ig = array();
 if(empty($errors)) {
 	$guild_owner_name = $guild->getOwner()->getName();
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		if(!Validator::characterName($name)) {
 			$errors[] = 'Invalid name format.';
 		}
@@ -72,7 +72,7 @@ if(empty($errors)) {
 	}
 	else
 	{
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player_fac) {
 			$player_rank = $player_fac->getRank();
 			if($player_rank->isLoaded()) {
@@ -94,7 +94,7 @@ if(!empty($errors)) {
 }
 else
 {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$player->setRank();
 		$twig->display('success.html.twig', array(
 			'title' => 'Leave guild',
diff --git a/system/pages/guilds/list.php b/system/pages/guilds/list.php
index 96d7bf08..26d77d3a 100644
--- a/system/pages/guilds/list.php
+++ b/system/pages/guilds/list.php
@@ -14,23 +14,24 @@ defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/base.php';
 
 $guilds_list = new OTS_Guilds_List();
-$guilds_list->orderBy("name");
+$guilds_list->orderBy('name');
 
 $guilds = array();
-if(count($guilds_list) > 0)
-{
+if(count($guilds_list) > 0) {
 	/**
 	 * @var OTS_Guild $guild
 	 */
 	foreach ($guilds_list as $guild) {
 		$guild_logo = $guild->getCustomField('logo_name');
-		if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))
-			$guild_logo = "default.gif";
+		if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) {
+			$guild_logo = 'default.gif';
+		}
 
 		$description = $guild->getCustomField('description');
 		$description_with_lines = str_replace(array("\r\n", "\n", "\r"), '<br />', $description, $count);
-		if ($count < setting('core.guild_description_lines_limit'))
+		if ($count < setting('core.guild_description_lines_limit')) {
 			$description = nl2br($description);
+		}
 
 		$guildName = $guild->getName();
 		$guilds[] = array('name' => $guildName, 'logo' => $guild_logo, 'link' => getGuildLink($guildName, false), 'description' => $description);
@@ -39,6 +40,6 @@ if(count($guilds_list) > 0)
 
 $twig->display('guilds.list.html.twig', array(
 	'guilds' => $guilds,
-	'logged' => isset($logged) ? $logged : false,
+	'logged' => $logged ?? false,
 	'isAdmin' => admin(),
 ));
diff --git a/system/pages/guilds/manager.php b/system/pages/guilds/manager.php
index 4d59c22e..cfcc00c6 100644
--- a/system/pages/guilds/manager.php
+++ b/system/pages/guilds/manager.php
@@ -21,7 +21,7 @@ if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
+		$errors[] = "Guild with name <b>$guild_name</b> doesn't exist.";
 	}
 }
 
@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -39,22 +39,22 @@ if(empty($errors)) {
 				$level_in_guild = 3;
 			}
 		}
+
 		if($guild_leader) {
 			$twig->display('guilds.manager.html.twig', array(
 				'guild' => $guild,
 				'rank_list' => $rank_list
 			));
 		}
-		else
-		{
+		else {
 			$errors[] = 'You are not a leader of guild!';
 		}
 	}
-	else
-	{
-		$errors[] = 'You are not logged. You can\'t manage guild.';
+	else {
+		$errors[] = "You are not logged. You can't manage guild.";
 	}
 }
+
 if(!empty($errors)) {
 	$twig->display('error_box.html.twig', array('errors' => $errors));
 }
diff --git a/system/pages/guilds/pass_leadership.php b/system/pages/guilds/pass_leadership.php
index c09b4285..40633b8a 100644
--- a/system/pages/guilds/pass_leadership.php
+++ b/system/pages/guilds/pass_leadership.php
@@ -15,51 +15,52 @@ require __DIR__ . '/base.php';
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : NULL;
 $pass_to = isset($_REQUEST['player']) ? stripslashes($_REQUEST['player']) : NULL;
 if(!Validator::guildName($guild_name)) {
-	$guild_errors[] = Validator::getLastError();
+	$errors[] = Validator::getLastError();
 }
 
-if(empty($guild_errors)) {
+if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded()) {
-		$guild_errors[] = "Guild with name <b>" . $guild_name . "</b> doesn't exist.";
+		$errors[] = "Guild with name <b>" . $guild_name . "</b> doesn't exist.";
 	}
 }
-if(empty($guild_errors)) {
+
+if(empty($errors)) {
 	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		if(!Validator::characterName($pass_to)) {
-			$guild_errors2[] = 'Invalid player name format.';
+			$errors2[] = 'Invalid player name format.';
 		}
 
-		if(empty($guild_errors2)) {
+		if(empty($errors2)) {
 			$to_player = new OTS_Player();
 			$to_player->find($pass_to);
 			if(!$to_player->isLoaded()) {
-				$guild_errors2[] = 'Player with name <b>'.$pass_to.'</b> doesn\'t exist.';
+				$errors2[] = 'Player with name <b>'.$pass_to.'</b> doesn\'t exist.';
 			} else if ($to_player->isDeleted()) {
-				$guild_errors2[] = "Character with name <b>$pass_to</b> has been deleted.";
+				$errors2[] = "Character with name <b>$pass_to</b> has been deleted.";
 			}
 
-			if(empty($guild_errors2)) {
+			if(empty($errors2)) {
 				$to_player_rank = $to_player->getRank();
 				if($to_player_rank->isLoaded()) {
 					$to_player_guild = $to_player_rank->getGuild();
 					if($to_player_guild->getId() != $guild->getId()) {
-						$guild_errors2[] = 'Player with name <b>'.$to_player->getName().'</b> isn\'t from your guild.';
+						$errors2[] = 'Player with name <b>'.$to_player->getName().'</b> isn\'t from your guild.';
 					}
 				}
 				else {
-					$guild_errors2[] = 'Player with name <b>'.$to_player->getName().'</b> isn\'t from your guild.';
+					$errors2[] = 'Player with name <b>'.$to_player->getName().'</b> isn\'t from your guild.';
 				}
 			}
 		}
 	}
 }
-if(empty($guild_errors) && empty($guild_errors2)) {
+if(empty($errors) && empty($errors2)) {
 	if($logged) {
 		$guild_leader_char = $guild->getOwner();
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
 				$guild_vice = true;
@@ -99,23 +100,23 @@ if(empty($guild_errors) && empty($guild_errors2)) {
 			}
 		}
 		else {
-			$guild_errors[] = 'You are not a leader of guild!';
+			$errors[] = 'You are not a leader of guild!';
 		}
 	}
 	else {
-		$guild_errors[] = "You are not logged. You can't manage guild.";
+		$errors[] = "You are not logged. You can't manage guild.";
 	}
 }
-if(empty($guild_errors) && !empty($guild_errors2)) {
-	$twig->display('error_box.html.twig', array('errors' => $guild_errors2));
+if(empty($errors) && !empty($errors2)) {
+	$twig->display('error_box.html.twig', array('errors' => $errors2));
 
 	echo '<br/><div style="text-align:center"><form action="' . getLink('guilds') . '?guild='.$guild->getName().'&action=pass_leadership" method="post">' . $twig->render('buttons.back.html.twig') . '</form></div>';
 }
-if(!empty($guild_errors)) {
-	if(!empty($guild_errors2)) {
-		$guild_errors = array_merge($guild_errors, $guild_errors2);
+if(!empty($errors)) {
+	if(!empty($errors2)) {
+		$errors = array_merge($errors, $errors2);
 	}
-	$twig->display('error_box.html.twig', array('errors' => $guild_errors));
+	$twig->display('error_box.html.twig', array('errors' => $errors));
 
 	echo '<br/><div style="text-align:center"><form action="' . getLink('guilds') . '" method="post">' . $twig->render('buttons.back.html.twig') . '</form></div>';
 }
diff --git a/system/pages/guilds/save_ranks.php b/system/pages/guilds/save_ranks.php
index e1483659..2a36e595 100644
--- a/system/pages/guilds/save_ranks.php
+++ b/system/pages/guilds/save_ranks.php
@@ -31,7 +31,7 @@ if(empty($errors)) {
 		$rank_list = $guild->getGuildRanksList();
 		$rank_list->orderBy('level', POT::ORDER_DESC);
 		$guild_leader = false;
-		$account_players = $account_logged->getPlayers();
+		$account_players = $account_logged->getPlayersList();
 
 		foreach($account_players as $player) {
 			if($guild_leader_char->getId() == $player->getId()) {
@@ -61,6 +61,7 @@ if(empty($errors)) {
 
 				$rank->save();
 			}
+
 			//show errors or redirect
 			if(empty($errors)) {
 				header("Location: " . getLink('guilds') . "?action=manager&guild=".$guild->getName());
@@ -73,10 +74,10 @@ if(empty($errors)) {
 	}
 	else
 	{
-		$errors[] = 'You are not logged. You can\'t manage guild.';
+		$errors[] = "You are not logged. You can't manage guild.";
 	}
 }
 
 if(!empty($errors)) {
-	$twig->display('error_box.html.twig', array('errors' => $errors));
+	$twig->display('error_box.html.twig', ['errors' => $errors]);
 }
diff --git a/system/pages/guilds/show.php b/system/pages/guilds/show.php
index 33039ad3..6fd07a91 100644
--- a/system/pages/guilds/show.php
+++ b/system/pages/guilds/show.php
@@ -16,19 +16,18 @@ $title = 'Guilds';
 require __DIR__ . '/base.php';
 
 $guild_name = isset($_REQUEST['guild']) ? urldecode($_REQUEST['guild']) : null;
-if(!Validator::guildName($guild_name))
+if(!Validator::guildName($guild_name)) {
 	$errors[] = Validator::getLastError();
+}
 
-if(empty($errors))
-{
+if(empty($errors)) {
 	$guild = new OTS_Guild();
 	$guild->find($guild_name);
 	if(!$guild->isLoaded())
 		$errors[] = 'Guild with name <b>'.$guild_name.'</b> doesn\'t exist.';
 }
 
-if(!empty($errors))
-{
+if(!empty($errors)) {
 	$twig->display('error_box.html.twig', array('errors' => $errors));
 	$twig->display('guilds.back_button.html.twig');
 	return;
@@ -47,9 +46,8 @@ $level_in_guild = 0;
 
 $players_from_account_in_guild = array();
 $players_from_account_ids = array();
-if($logged)
-{
-	$account_players = $account_logged->getPlayers();
+if($logged) {
+	$account_players = $account_logged->getPlayersList();
 	foreach($account_players as $player)
 	{
 		$players_from_account_ids[] = $player->getId();
diff --git a/system/templates/forum.new_thread.html.twig b/system/templates/forum.new_thread.html.twig
index 3b5e080d..e37bda08 100644
--- a/system/templates/forum.new_thread.html.twig
+++ b/system/templates/forum.new_thread.html.twig
@@ -1,4 +1,4 @@
-<form action="?" method="post">
+<form method="post">
 	{{ csrf() }}
 	<input type="hidden" name="action" value="new_thread" />
 	<input type="hidden" name="section_id" value="{{ section_id }}" />
diff --git a/system/templates/forum.remove_post.html.twig b/system/templates/forum.remove_post.html.twig
new file mode 100644
index 00000000..85684e41
--- /dev/null
+++ b/system/templates/forum.remove_post.html.twig
@@ -0,0 +1,12 @@
+<form action="{{ getLink('forum') }}" method="post" style="display: inline"
+	{% if post.first_post != post.id %}
+		onclick="return confirm('Are you sure you want remove post of {{ post.player.getName() }}?')"
+	{% else %}
+		onclick="return confirm('Are you sure you want remove thread > {{ post.post_topic}} <?')"
+	{% endif %}
+>
+	{{ csrf() }}
+	<input type="hidden" name="action" value="remove_post" />
+	<input type="hidden" name="id" value="{{ post.id }}" />
+	<input type="image" src="/images/del.png" border="0" alt="Delete" title="{% if post.first_post != post.id %}Remove Post{% else %}Remove Thread{% endif %}" />
+</form>
diff --git a/system/templates/forum.show_thread.html.twig b/system/templates/forum.show_thread.html.twig
index 2626c2de..71812be7 100644
--- a/system/templates/forum.show_thread.html.twig
+++ b/system/templates/forum.show_thread.html.twig
@@ -53,15 +53,16 @@ Page: {{ links_to_pages|raw }}<br/>
 			<td>
 				{% if is_moderator %}
 					{% if post.first_post != post.id %}
-						<a href="{{ getLink('forum') }}?action=remove_post&id={{ post.id }}" title="Remove Post" onclick="return confirm('Are you sure you want remove post of {{ post.player.getName() }}?')"><img src="images/del.png"/></a>
+						{{ include('forum.remove_post.html.twig') }}
 					{% else %}
 						<a href="{{ getLink('forum') }}?action=move_thread&id={{ post.id }}" title="Move Thread"><img src="images/icons/arrow_right.gif"/></a>
-						<a href="{{ getLink('forum') }}?action=remove_post&id={{ post.id }}" title="Remove Thread" target="_blank" onclick="return confirm('Are you sure you want remove thread > {{ post.post_topic}} <?')"><img src="images/del.png"/></a>
+						{{ include('forum.remove_post.html.twig') }}
 					{% endif %}
 				{% endif %}
 					{% if logged and (post.player.getAccount().getId() == account_logged.getId() or is_moderator) %}
 						<a href="{{ getLink('forum') }}?action=edit_post&id={{ post.id }}" title="Edit Post" target="_blank">
-							<img src="images/edit.png"/></a>
+							<img src="images/edit.png"/>
+						</a>
 					{% endif %}
 					{% if logged %}
 						<a href="{{ getLink('forum') }}?action=new_post&thread_id={{ thread_id }}&quote={{ post.id }}" title="Quote Post"><img src="images/icons/comment_add.png"/></a>
diff --git a/system/templates/guilds.accept_invite.html.twig b/system/templates/guilds.accept_invite.html.twig
index 0c2d0dc3..7a3acff5 100644
--- a/system/templates/guilds.accept_invite.html.twig
+++ b/system/templates/guilds.accept_invite.html.twig
@@ -7,12 +7,15 @@
 	</tr>
 	<tr bgcolor="{{ config.darkborder }}">
 		<td>
-			<form action="{{ getLink('guilds') }}?action=accept_invite&guild={{ guild_name }}&todo=save" method="post">
+			<form action="{{ getLink('guilds') }}?action=accept_invite&guild={{ guild_name }}" method="post">
 				{{ csrf() }}
+
+				<input type="hidden" name="todo" value="save" />
+
 				{% set i = 0 %}
 				{% for player in invited_players %}
-				<input type="radio" name="name" id="name_{{ i }}" value="{{ player }}" /><label for="name_{{ i }}">{{ player }}</label>
-				{% set i = i + 1 %}
+					<input type="radio" name="name" id="name_{{ i }}" value="{{ player }}" /><label for="name_{{ i }}">{{ player }}</label>
+					{% set i = i + 1 %}
 				{% endfor %}
 				{{ include('buttons.submit.html.twig') }}
 			</form>
diff --git a/system/templates/guilds.change_logo.html.twig b/system/templates/guilds.change_logo.html.twig
index 13813e9b..5cdc8eda 100644
--- a/system/templates/guilds.change_logo.html.twig
+++ b/system/templates/guilds.change_logo.html.twig
@@ -8,7 +8,7 @@
 			<form enctype="multipart/form-data" action="{{ getLink('guilds') }}?guild={{ guild.getName() }}&action=change_logo" method="post" id="upload_form">
 				{{ csrf() }}
 				<input type="hidden" name="todo" value="save" />
-				<input type="hidden" name="MAX_FILE_SIZE" value="{{ max_image_size_b }}" />
+				<!--input type="hidden" name="MAX_FILE_SIZE" value="{{ max_image_size_b }}" /-->
 				Select new logo: <input name="newlogo" id="newlogo" type="file" />
 				<input type="submit" value="Send new logo" />
 			</form>
diff --git a/system/templates/guilds.change_rank.html.twig b/system/templates/guilds.change_rank.html.twig
index 13ad7cf4..bbeb4602 100644
--- a/system/templates/guilds.change_rank.html.twig
+++ b/system/templates/guilds.change_rank.html.twig
@@ -1,5 +1,6 @@
-<form action="{{ getLink('guilds') }}?action=change_rank&guild={{ guild_name }}&todo=save" method="post">
+<form action="{{ getLink('guilds') }}?action=change_rank&guild={{ guild_name }}" method="post">
 	{{ csrf() }}
+	<input type="hidden" name="todo" value="save" />
 	<table border="0" cellspacing="1" cellpadding="4" width="100%">
 		<tr bgcolor="{{ config.vdarkborder }}"><td class="white"><b>Change Rank</b></td></tr>
 		<tr bgcolor="{{ config.darkborder }}">
diff --git a/system/templates/guilds.create.html.twig b/system/templates/guilds.create.html.twig
index c2326416..1f016567 100644
--- a/system/templates/guilds.create.html.twig
+++ b/system/templates/guilds.create.html.twig
@@ -1,5 +1,6 @@
-<form action="{{ getLink('guilds') }}?action=create&todo=save" method="post">
+<form action="{{ getLink('guilds') }}?action=create" method="post">
 	{{ csrf() }}
+	<input type="hidden" name="todo" value="save" />
 	<table width="100%" border="0" cellspacing="1" cellpadding="4">
 		<tr>
 			<td bgcolor="{{ config.vdarkborder }}" class="white"><B>Create a {{ config.lua.serverName }} Guild</b></td>
diff --git a/system/templates/guilds.delete_invite.html.twig b/system/templates/guilds.delete_invite.html.twig
index 012f7d46..7367ccf2 100644
--- a/system/templates/guilds.delete_invite.html.twig
+++ b/system/templates/guilds.delete_invite.html.twig
@@ -7,9 +7,10 @@
 	<table border="0" cellspacing="0" cellpadding="0" width="100%">
 		<tr>
 			<td align="right" width="50%">
-				<form action="{{ getLink('guilds') }}?action=delete_invite&guild={{ guild_name }}&name={{ player_name }}&todo=save" method="post">
-				{{ csrf() }}
-				{{ include('buttons.submit.html.twig') }}
+				<form action="{{ getLink('guilds') }}?action=delete_invite&guild={{ guild_name }}&name={{ player_name }}" method="post">
+					{{ csrf() }}
+					<input type="hidden" name="todo" value="save" />
+					{{ include('buttons.submit.html.twig') }}
 				</form>
 			</td>
 			<td style="width: 10px; "></td>
diff --git a/system/templates/guilds.invite.html.twig b/system/templates/guilds.invite.html.twig
index b0a35ac7..ee6af769 100644
--- a/system/templates/guilds.invite.html.twig
+++ b/system/templates/guilds.invite.html.twig
@@ -1,5 +1,6 @@
-<form action="{{ getLink('guilds') }}?action=invite&guild={{ guild_name }}&todo=save" method="post">
+<form action="{{ getLink('guilds') }}?action=invite&guild={{ guild_name }}" method="post">
 	{{ csrf() }}
+	<input type="hidden" name="todo" value="save" />
 	Invite player with name:&nbsp;&nbsp;<input type="text" name="name">&nbsp;&nbsp;&nbsp;&nbsp;
 	{{ include('buttons.submit.html.twig') }}
 </form>
diff --git a/system/templates/guilds.kick_player.html.twig b/system/templates/guilds.kick_player.html.twig
index ded31cc8..521631c2 100644
--- a/system/templates/guilds.kick_player.html.twig
+++ b/system/templates/guilds.kick_player.html.twig
@@ -7,8 +7,9 @@
 	<table border="0" cellspacing="0" cellpadding="0" width="100%">
 		<tr>
 			<td align="right" width="50%">
-				<form action="{{ getLink('guilds') }}?action=kick_player&guild={{ guild_name }}&name={{ player_name }}&todo=save" method="post">
+				<form action="{{ getLink('guilds') }}?action=kick_player&guild={{ guild_name }}&name={{ player_name }}" method="post">
 					{{ csrf() }}
+					<input type="hidden" name="todo" value="save" />
 					{{ include('buttons.submit.html.twig') }}
 				</form>
 			</td>
diff --git a/system/templates/guilds.leave_guild.html.twig b/system/templates/guilds.leave_guild.html.twig
index 86642156..4d865cef 100644
--- a/system/templates/guilds.leave_guild.html.twig
+++ b/system/templates/guilds.leave_guild.html.twig
@@ -1,5 +1,6 @@
-<form action="{{ getLink('guilds') }}?action=leave&guild={{ guild_name }}&todo=save" METHOD="post">
+<form action="{{ getLink('guilds') }}?action=leave&guild={{ guild_name }}" METHOD="post">
 	{{ csrf() }}
+	<input type="hidden" name="todo" value="save" />
 <table border="0" cellspacing="1" cellpadding="4" width="100%">
 	<tr bgcolor="{{ config.vdarkborder }}">
 		<td class="white"><b>Leave guild</b></td></tr>
diff --git a/system/templates/guilds.manager.html.twig b/system/templates/guilds.manager.html.twig
index c932ce2b..adebdff2 100644
--- a/system/templates/guilds.manager.html.twig
+++ b/system/templates/guilds.manager.html.twig
@@ -101,7 +101,12 @@ Here you can change names of ranks, delete and add ranks, pass leadership to oth
 		{% set i = 0 %}
 		{% for rank in rank_list %}
 		<tr bgcolor="{{ getStyle(i) }}">
-			<td align="center">{{ rank.getId() }} // <a href="{{ getLink('guilds') }}?guild={{ guild.getName() }}&action=delete_rank&rankid={{ rank.getId() }}" border="0"><img src="/images/news/delete.png" border="0" alt="Delete Rank"></a>
+			<td align="center">{{ rank.getId() }} //
+				<form action="{{ getLink('guilds') }}?guild={{ guild.getName() }}&action=delete_rank" method="post" style="display: inline;">
+					{{ csrf() }}
+					<input type="hidden" name="rankid" value="{{ rank.getId() }}" />
+					<input type="image" src="/images/news/delete.png" border="0" alt="Delete" />
+				</form>
 			</td>
 			<td>
 				<input type="text" name="{{ rank.getId() }}_name" value="{{ rank.getName() }}" size="35"/>
diff --git a/templates/tibiacom/account.login.html.twig b/templates/tibiacom/account.login.html.twig
index f406d0c1..505cb38a 100644
--- a/templates/tibiacom/account.login.html.twig
+++ b/templates/tibiacom/account.login.html.twig
@@ -1,8 +1,11 @@
 {{ hook('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE') }}
-<form action="{{ getLink('account/manage') }}" method="post" style="margin: 0px; padding: 0px;">
+<form action="{{ getLink('account/manage') }}" method="post" style="margin: 0; padding: 0;">
+	{{ csrf() }}
+
 	{% if redirect is not null %}
 		<input type="hidden" name="redirect" value="{{ redirect }}" />
 	{% endif %}
+
 	<div class="TableContainer" >
 		<div class="CaptionContainer" >
 			<div class="CaptionInnerContainer" >