From 43353b4f536fa1a24a395c4ce0a26dc96d002386 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 22 Aug 2023 13:19:03 +0200 Subject: [PATCH 01/41] Update .gitattributes --- .gitattributes | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitattributes b/.gitattributes index 40090cd9..0525e2d2 100644 --- a/.gitattributes +++ b/.gitattributes @@ -9,6 +9,5 @@ release.sh export-ignore # cypress cypress export-ignore cypress.config.js export-ignore -cypress.env.json *.sh text eol=lf From f43a5d1221a0bc1c04dc11d46b995ab50edf45b5 Mon Sep 17 00:00:00 2001 From: slawkens Date: Wed, 23 Aug 2023 11:57:37 +0200 Subject: [PATCH 02/41] Option to disable settings saving with hooks for next.my-aac.org --- admin/tools/settings_save.php | 11 +++++++++-- system/hooks.php | 1 + system/libs/Settings.php | 10 ++++++++++ system/settings.php | 2 +- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/admin/tools/settings_save.php b/admin/tools/settings_save.php index 83be1de3..2fdd5fc4 100644 --- a/admin/tools/settings_save.php +++ b/admin/tools/settings_save.php @@ -6,6 +6,11 @@ require SYSTEM . 'functions.php'; require SYSTEM . 'init.php'; require SYSTEM . 'login.php'; +// event system +require_once SYSTEM . 'hooks.php'; +$hooks = new Hooks(); +$hooks->load(); + if(!admin()) { http_response_code(500); die('Access denied.'); @@ -23,7 +28,7 @@ if (!isset($_POST['settings'])) { $settings = Settings::getInstance(); -$settings->save($_REQUEST['plugin'], $_POST['settings']); +$success = $settings->save($_REQUEST['plugin'], $_POST['settings']); $errors = $settings->getErrors(); if (count($errors) > 0) { @@ -31,4 +36,6 @@ if (count($errors) > 0) { die(implode('
', $errors)); } -echo 'Saved at ' . date('H:i'); +if ($success) { + echo 'Saved at ' . date('H:i'); +} diff --git a/system/hooks.php b/system/hooks.php index 81bbeac9..0ef6827d 100644 --- a/system/hooks.php +++ b/system/hooks.php @@ -68,6 +68,7 @@ define('HOOK_ADMIN_LOGIN_AFTER_ACCOUNT', ++$i); define('HOOK_ADMIN_LOGIN_AFTER_PASSWORD', ++$i); define('HOOK_ADMIN_LOGIN_AFTER_SIGN_IN', ++$i); define('HOOK_ADMIN_ACCOUNTS_SAVE_POST', ++$i); +define('HOOK_ADMIN_SETTINGS_BEFORE_SAVE', ++$i); define('HOOK_EMAIL_CONFIRMED', ++$i); define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i); define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i); diff --git a/system/libs/Settings.php b/system/libs/Settings.php index 3ed320d2..60b2e58c 100644 --- a/system/libs/Settings.php +++ b/system/libs/Settings.php @@ -60,6 +60,16 @@ class Settings implements ArrayAccess } $settings = $this->settingsFile[$pluginName]; + + global $hooks; + if (!$hooks->trigger(HOOK_ADMIN_SETTINGS_BEFORE_SAVE, [ + 'name' => $pluginName, + 'values' => $values, + 'settings' => $settings, + ])) { + return false; + } + if (isset($settings['callbacks']['beforeSave'])) { if (!$settings['callbacks']['beforeSave']($settings, $values)) { return false; diff --git a/system/settings.php b/system/settings.php index 83a1d85e..bbd72e2f 100644 --- a/system/settings.php +++ b/system/settings.php @@ -1602,7 +1602,7 @@ Sent by MyAAC,
if ($key == 'server_path') { $server_path = $values[$key]; } - elseif (strpos($key, 'database_') !== false) { + elseif (str_contains($key, 'database_')) { $database[$key] = $values[$key]; } From 3ef53aff6cb37d5aa9d33b2f2232844843f87802 Mon Sep 17 00:00:00 2001 From: slawkens Date: Wed, 23 Aug 2023 11:58:03 +0200 Subject: [PATCH 03/41] Allow hooks to be prefixed with HOOK_ --- system/libs/plugins.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/libs/plugins.php b/system/libs/plugins.php index d06ddf41..c1d458e1 100644 --- a/system/libs/plugins.php +++ b/system/libs/plugins.php @@ -152,6 +152,10 @@ class Plugins { foreach(self::getAllPluginsJson() as $plugin) { if (isset($plugin['hooks'])) { foreach ($plugin['hooks'] as $_name => $info) { + if (str_contains($info['type'], 'HOOK_')) { + $info['type'] = str_replace('HOOK_', '', $info['type']); + } + if (defined('HOOK_'. $info['type'])) { $hook = constant('HOOK_'. $info['type']); $hooks[] = ['name' => $_name, 'type' => $hook, 'file' => $info['file']]; From 0746708743462d9ebb4daa4fdb3955d6fd3a934f Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 24 Aug 2023 17:20:32 +0200 Subject: [PATCH 04/41] Reviewed some settings again, fixing many glitches --- admin/pages/accounts.php | 4 +- admin/pages/mailer.php | 2 +- admin/pages/players.php | 4 +- plugins/account-create-hint/hint.html.twig | 2 +- plugins/email-confirmed-reward/reward.php | 30 +++++++----- system/compat/config.php | 2 + system/functions.php | 19 ++++---- system/init.php | 7 ++- system/libs/CreateCharacter.php | 4 +- system/libs/forum.php | 8 ++-- system/libs/usage_statistics.php | 6 +-- system/pages/account/change_email.php | 2 +- system/pages/account/change_info.php | 4 +- system/pages/account/create.php | 47 ++++++++++--------- system/pages/characters.php | 6 +-- system/pages/creatures.php | 4 +- system/pages/forum/show_thread.php | 2 +- system/pages/guilds/change_description.php | 2 +- system/pages/guilds/change_logo.php | 4 +- system/pages/guilds/change_motd.php | 2 +- system/pages/guilds/create.php | 14 +++--- system/pages/guilds/list.php | 2 +- system/pages/guilds/show.php | 2 +- system/pages/highscores.php | 2 +- system/pages/lastkills.php | 8 ++-- system/pages/news.php | 8 ++-- system/pages/online.php | 16 +++---- system/pages/spells.php | 2 +- system/pages/team.php | 2 +- system/router.php | 6 +-- system/settings.php | 10 ++-- system/status.php | 2 +- system/template.php | 4 +- .../templates/account.change_info.html.twig | 4 +- .../templates/account.change_mail.html.twig | 4 +- system/templates/account.create.html.twig | 6 +-- .../account.create_character.html.twig | 2 +- system/templates/admin.news.html.twig | 6 +-- system/templates/characters.html.twig | 2 +- system/templates/creature.html.twig | 2 +- system/templates/forum.show_thread.html.twig | 2 +- .../guilds.change_description.html.twig | 4 +- system/templates/guilds.change_logo.html.twig | 4 +- system/templates/guilds.change_motd.html.twig | 2 +- system/templates/highscores.html.twig | 10 ++-- system/templates/news.html.twig | 4 +- system/templates/online.html.twig | 18 +++---- system/templates/serverinfo.html.twig | 4 +- system/templates/team.html.twig | 12 ++--- system/templates/templates.header.html.twig | 4 +- templates/kathrine/menu.js.html.twig | 2 +- templates/tibiacom/boxes/highscores.php | 4 +- .../boxes/templates/highscores.html.twig | 4 +- templates/tibiacom/index.php | 6 +-- tools/news_preview.php | 4 +- tools/validate.php | 2 +- 56 files changed, 181 insertions(+), 170 deletions(-) diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index 7f47b3d0..66a60558 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -16,7 +16,7 @@ $title = 'Account editor'; $admin_base = ADMIN_URL . '?p=accounts'; $use_datatable = true; -if ($config['account_country']) +if (setting('core.account_country')) require SYSTEM . 'countries.conf.php'; $nameOrNumberColumn = 'name'; @@ -30,7 +30,7 @@ $hasPointsColumn = $db->hasColumn('accounts', 'premium_points'); $hasTypeColumn = $db->hasColumn('accounts', 'type'); $hasGroupColumn = $db->hasColumn('accounts', 'group_id'); -if ($config['account_country']) { +if (setting('core.account_country')) { $countries = array(); foreach (array('pl', 'se', 'br', 'us', 'gb') as $c) $countries[$c] = $config['countries'][$c]; diff --git a/admin/pages/mailer.php b/admin/pages/mailer.php index 7d12f14b..732b7461 100644 --- a/admin/pages/mailer.php +++ b/admin/pages/mailer.php @@ -54,7 +54,7 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) { $failed = 0; $add = ''; - if (config('account_mail_verify')) { + if (setting('core.account_mail_verify')) { note('Note: Sending only to users with verified E-Mail.'); $add = ' AND `email_verified` = 1'; } diff --git a/admin/pages/players.php b/admin/pages/players.php index 48b0f1f5..b409c15e 100644 --- a/admin/pages/players.php +++ b/admin/pages/players.php @@ -569,7 +569,7 @@ else if (isset($_REQUEST['search'])) {
- getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?> + getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
player outfit
@@ -858,7 +858,7 @@ else if (isset($_REQUEST['search'])) { look_addons = '&addons=' + $('#look_addons').val(); - $("#player_outfit").attr("src", '?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet); + $("#player_outfit").attr("src", '?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet); } diff --git a/plugins/account-create-hint/hint.html.twig b/plugins/account-create-hint/hint.html.twig index 5c31dfb1..ffc85434 100644 --- a/plugins/account-create-hint/hint.html.twig +++ b/plugins/account-create-hint/hint.html.twig @@ -1,3 +1,3 @@ To play on {{ config.lua.serverName }} you need an account. -All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if config.account_country %}, country{% endif %} and your email address. +All you have to do to create your new account is to enter an account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %}, password{% if setting('core.account_country') %}, country{% endif %} and your email address. Also you have to agree to the terms presented below. If you have done so, your account {% if constant('USE_ACCOUNT_NAME') %}name{% else %}number{% endif %} will be shown on the following page and your account password will be sent to your email address along with further instructions. If you do not receive the email with your password, please check your spam filter.

diff --git a/plugins/email-confirmed-reward/reward.php b/plugins/email-confirmed-reward/reward.php index 107ab8d7..11af5b34 100644 --- a/plugins/email-confirmed-reward/reward.php +++ b/plugins/email-confirmed-reward/reward.php @@ -1,33 +1,37 @@ hasColumn('accounts', 'coins'); -if ($reward['coins'] > 0 && $hasCoinsColumn) { - log_append('email_confirm_error.log', 'accounts.coins column does not exist.'); +$rewardCoins = setting('core.account_mail_confirmed_reward_coins'); +if ($rewardCoins > 0 && !$hasCoinsColumn) { + log_append('error.log', 'email_confirm: accounts.coins column does not exist.'); } if (!isset($account) || !$account->isLoaded()) { - log_append('email_confirm_error.log', 'Account not loaded.'); return; } -if ($reward['premium_points'] > 0) { - $account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $reward['premium_points']); +$rewardMessage = 'You received %d %s for confirming your E-Mail address.'; - success(sprintf($reward['message'], $reward['premium_points'], 'premium points')); +$rewardPremiumPoints = setting('core.account_mail_confirmed_reward_premium_points'); +if ($rewardPremiumPoints > 0) { + $account->setCustomField('premium_points', (int)$account->getCustomField('premium_points') + $rewardPremiumPoints); + + success(sprintf($rewardMessage, $rewardPremiumPoints, 'premium points')); } -if ($reward['coins'] > 0 && $hasCoinsColumn) { - $account->setCustomField('coins', (int)$account->getCustomField('coins') + $reward['coins']); +if ($rewardCoins > 0 && $hasCoinsColumn) { + $account->setCustomField('coins', (int)$account->getCustomField('coins') + $rewardCoins); - success(sprintf($reward['message'], $reward['coins'], 'coins')); + success(sprintf($rewardMessage, $rewardCoins, 'coins')); } -if ($reward['premium_days'] > 0) { - $account->setPremDays($account->getPremDays() + $reward['premium_days']); +$rewardPremiumDays = setting('core.account_mail_confirmed_reward_premium_days'); +if ($rewardPremiumDays > 0) { + $account->setPremDays($account->getPremDays() + $rewardPremiumDays); $account->save(); - success(sprintf($reward['message'], $reward['premium_days'], 'premium days')); + success(sprintf($rewardMessage, $rewardPremiumDays, 'premium days')); } diff --git a/system/compat/config.php b/system/compat/config.php index b6cf29f7..9d58f4d6 100644 --- a/system/compat/config.php +++ b/system/compat/config.php @@ -68,10 +68,12 @@ $deprecatedConfig = [ 'status_ip', 'status_port', 'mail_enabled', + 'mail_address', 'account_login_by_email', 'account_login_by_email_fallback', 'account_mail_verify', 'account_mail_unique', + 'account_mail_change', 'account_premium_days', 'account_premium_points', 'account_create_character_create', diff --git a/system/functions.php b/system/functions.php index 70a67f32..5ea941cf 100644 --- a/system/functions.php +++ b/system/functions.php @@ -151,8 +151,7 @@ function getItemImage($id, $count = 1) if($count > 1) $file_name .= '-' . $count; - global $config; - return '' .$id . ''; + return '' .$id . ''; } function getItemRarity($chance) { @@ -490,8 +489,8 @@ function template_place_holder($type): string */ function template_header($is_admin = false): string { - global $title_full, $config, $twig; - $charset = $config['charset'] ?? 'utf-8'; + global $title_full, $twig; + $charset = setting('core.charset') ?? 'utf-8'; return $twig->render('templates.header.html.twig', [ @@ -1036,14 +1035,14 @@ function get_browser_real_ip() { return '0'; } function setSession($key, $data) { - $_SESSION[config('session_prefix') . $key] = $data; + $_SESSION[setting('core.session_prefix') . $key] = $data; } function getSession($key) { - $key = config('session_prefix') . $key; + $key = setting('core.session_prefix') . $key; return isset($_SESSION[$key]) ? $_SESSION[$key] : false; } function unsetSession($key) { - unset($_SESSION[config('session_prefix') . $key]); + unset($_SESSION[setting('core.session_prefix') . $key]); } function getTopPlayers($limit = 5) { @@ -1270,7 +1269,7 @@ function getCustomPage($name, &$success): string set_error_handler('error_handler'); global $config; - if($config['backward_support']) { + if(setting('core.backward_support')) { global $SQL, $main_content, $subtopic; } @@ -1527,8 +1526,8 @@ function right($str, $length) { } function getCreatureImgPath($creature){ - $creature_path = config('monsters_images_url'); - $creature_gfx_name = trim(strtolower($creature)) . config('monsters_images_extension'); + $creature_path = setting('core.monsters_images_url'); + $creature_gfx_name = trim(strtolower($creature)) . setting('core.monsters_images_extension'); if (!file_exists($creature_path . $creature_gfx_name)) { $creature_gfx_name = str_replace(" ", "", $creature_gfx_name); if (file_exists($creature_path . $creature_gfx_name)) { diff --git a/system/init.php b/system/init.php index bda1f85c..cf4b3f9b 100644 --- a/system/init.php +++ b/system/init.php @@ -137,7 +137,12 @@ require_once SYSTEM . 'compat/config.php'; date_default_timezone_set(setting('core.date_timezone')); -$config['account_create_character_create'] = config('account_create_character_create') && (!setting('core.mail_enabled') || !config('account_mail_verify')); +setting( + [ + 'core.account_create_character_create', + setting('core.account_create_character_create') && (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) + ] +); $settingsItemImagesURL = setting('core.item_images_url'); if($settingsItemImagesURL[strlen($settingsItemImagesURL) - 1] !== '/') { diff --git a/system/libs/CreateCharacter.php b/system/libs/CreateCharacter.php index a4a1f87a..994c4a61 100644 --- a/system/libs/CreateCharacter.php +++ b/system/libs/CreateCharacter.php @@ -140,8 +140,8 @@ class CreateCharacter if(empty($errors)) { $number_of_players_on_account = $account->getPlayersList(true)->count(); - if($number_of_players_on_account >= config('characters_per_account')) - $errors[] = 'You have too many characters on your account ('.$number_of_players_on_account.'/'.config('characters_per_account').')!'; + if($number_of_players_on_account >= setting('core.characters_per_account')) + $errors[] = 'You have too many characters on your account ('.$number_of_players_on_account . '/' . setting('core.characters_per_account') . ')!'; } if(empty($errors)) diff --git a/system/libs/forum.php b/system/libs/forum.php index c7f303f7..3f80c927 100644 --- a/system/libs/forum.php +++ b/system/libs/forum.php @@ -10,13 +10,13 @@ */ defined('MYAAC') or die('Direct access not allowed!'); -$configForumTablePrefix = setting('core.forum_table_prefix'); -if(null !== $configForumTablePrefix && !empty(trim($configForumTablePrefix))) { - if(!in_array($configForumTablePrefix, array('myaac_', 'z_'))) { +$settingForumTablePrefix = setting('core.forum_table_prefix'); +if(null !== $settingForumTablePrefix && !empty(trim($settingForumTablePrefix))) { + if(!in_array($settingForumTablePrefix, array('myaac_', 'z_'))) { throw new RuntimeException('Invalid value for forum_table_prefix in config.php. Can be only: "myaac_" or "z_".'); } - define('FORUM_TABLE_PREFIX', $configForumTablePrefix); + define('FORUM_TABLE_PREFIX', $settingForumTablePrefix); } else { if($db->hasTable('z_forum')) { diff --git a/system/libs/usage_statistics.php b/system/libs/usage_statistics.php index 0002c1c7..29afc51b 100644 --- a/system/libs/usage_statistics.php +++ b/system/libs/usage_statistics.php @@ -106,8 +106,8 @@ WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";'); } $ret['templates'] = get_templates(); - $ret['date_timezone'] = $config['date_timezone']; - $ret['backward_support'] = $config['backward_support']; + $ret['date_timezone'] = setting('core.date_timezone'); + $ret['backward_support'] = setting('core.backward_support'); $cache_engine = strtolower($config['cache_engine']); if($cache_engine == 'auto') { @@ -117,4 +117,4 @@ WHERE TABLE_SCHEMA = "' . $config['database_name'] . '";'); $ret['cache_engine'] = $cache_engine; return $ret; } -} \ No newline at end of file +} diff --git a/system/pages/account/change_email.php b/system/pages/account/change_email.php index 3bc8edd7..95ce48fc 100644 --- a/system/pages/account/change_email.php +++ b/system/pages/account/change_email.php @@ -43,7 +43,7 @@ if($email_new_time < 10) { } if(empty($errors)) { - $email_new_time = time() + $config['account_mail_change'] * 24 * 3600; + $email_new_time = time() + setting('account_mail_change') * 24 * 3600; $account_logged->setCustomField("email_new", $email_new); $account_logged->setCustomField("email_new_time", $email_new_time); $twig->display('success.html.twig', array( diff --git a/system/pages/account/change_info.php b/system/pages/account/change_info.php index 8b61ea1c..2a8d4a07 100644 --- a/system/pages/account/change_info.php +++ b/system/pages/account/change_info.php @@ -20,7 +20,7 @@ if(!$logged) { return; } -if($config['account_country']) +if(setting('core.account_country')) require SYSTEM . 'countries.conf.php'; $account = Account::find($account_logged->getId()); @@ -55,7 +55,7 @@ if(isset($_POST['changeinfosave']) && $_POST['changeinfosave'] == 1) { if($show_form) { $account_rlname = $account->rlname; $account_location = $account->location; - if ($config['account_country']) { + if (setting('core.account_country')) { $account_country = $account->country; $countries = array(); diff --git a/system/pages/account/create.php b/system/pages/account/create.php index 2aa7c544..aff92145 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Create Account'; -if($config['account_country']) +if (setting('core.account_country')) require SYSTEM . 'countries.conf.php'; if($logged) @@ -20,7 +20,7 @@ if($logged) return; } -if(config('account_create_character_create')) { +if(setting('core.account_create_character_create')) { require_once LIBS . 'CreateCharacter.php'; $createCharacter = new CreateCharacter(); } @@ -68,7 +68,7 @@ if($save) // country $country = ''; - if($config['account_country']) + if (setting('core.account_country')) { $country = $_POST['country']; if(!isset($country)) @@ -93,7 +93,7 @@ if($save) $errors['password'] = 'Password may not be the same as account name.'; } - if($config['account_mail_unique']) + if(setting('core.account_mail_unique')) { $test_email_account = new OTS_Account(); $test_email_account->findByEMail($email); @@ -115,7 +115,7 @@ if($save) } if($account_db->isLoaded()) { - if (config('account_login_by_email') && !config('account_mail_unique')) { + if (config('account_login_by_email') && !setting('core.account_mail_unique')) { $errors['account'] = 'Account with this email already exist.'; } else if (!config('account_login_by_email')) { @@ -150,7 +150,7 @@ if($save) return; } - if(config('account_create_character_create')) { + if(setting('core.account_create_character_create')) { $character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null; $character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null; $character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null; @@ -191,27 +191,28 @@ if($save) $new_account->setCustomField('created', time()); $new_account->logAction('Account created.'); - if($config['account_country']) { + if(setting('core.account_country')) { $new_account->setCustomField('country', $country); } - if($config['account_premium_days'] && $config['account_premium_days'] > 0) { + $settingAccountPremiumDays = setting('core.account_premium_days'); + if($settingAccountPremiumDays && $settingAccountPremiumDays > 0) { if($db->hasColumn('accounts', 'premend')) { // othire - $new_account->setCustomField('premend', time() + $config['account_premium_days'] * 86400); + $new_account->setCustomField('premend', time() + $settingAccountPremiumDays * 86400); } else { // rest if ($db->hasColumn('accounts', 'premium_ends_at')) { // TFS 1.4+ - $new_account->setCustomField('premium_ends_at', time() + $config['account_premium_days'] * (60 * 60 * 24)); + $new_account->setCustomField('premium_ends_at', time() + $settingAccountPremiumDays * (60 * 60 * 24)); } else { - $new_account->setCustomField('premdays', $config['account_premium_days']); + $new_account->setCustomField('premdays', $settingAccountPremiumDays); $new_account->setCustomField('lastday', time()); } } } - if($config['account_premium_points']) { - $new_account->setCustomField('premium_points', $config['account_premium_points']); + if(setting('account_premium_points') && setting('account_premium_points') > 0) { + $new_account->setCustomField('premium_points', setting('account_premium_points')); } $tmp_account = $email; @@ -219,7 +220,7 @@ if($save) $tmp_account = (USE_ACCOUNT_NAME ? $account_name : $account_id); } - if(setting('core.mail_enabled') && $config['account_mail_verify']) + if(setting('core.mail_enabled') && setting('core.account_mail_verify')) { $hash = md5(generateRandomString(16, true, true) . $email); $new_account->setCustomField('email_hash', $hash); @@ -238,7 +239,7 @@ if($save) 'description' => 'Your account ' . $account_type . ' is ' . $tmp_account . '
You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '. Please keep your account ' . $account_type . ' and password in a safe place and never give your account ' . $account_type . ' or password to anybody.', - 'custom_buttons' => config('account_create_character_create') ? '' : null + 'custom_buttons' => setting('core.account_create_character_create') ? '' : null )); } else @@ -249,7 +250,7 @@ if($save) } else { - if(config('account_create_character_create')) { + if(setting('core.account_create_character_create')) { // character creation $character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors); if (!$character_created) { @@ -258,7 +259,7 @@ if($save) } } - if(config('account_create_auto_login')) { + if(setting('core.account_create_auto_login')) { if ($hasBeenCreatedByEMail) { $_POST['account_login'] = $email; } @@ -273,7 +274,7 @@ if($save) } echo 'Your account'; - if(config('account_create_character_create')) { + if(setting('core.account_create_character_create')) { echo ' and character have'; } else { @@ -281,7 +282,7 @@ if($save) } echo ' been created.'; - if(!config('account_create_character_create')) { + if(!setting('core.account_create_character_create')) { echo ' Now you can login and create your first character.'; } @@ -291,10 +292,10 @@ if($save) 'description' => 'Your account ' . $account_type . ' is ' . $tmp_account . '
You will need the account ' . $account_type . ' and your password to play on ' . configLua('serverName') . '. Please keep your account ' . $account_type . ' and password in a safe place and never give your account ' . $account_type . ' or password to anybody.', - 'custom_buttons' => config('account_create_character_create') ? '' : null + 'custom_buttons' => setting('core.account_create_character_create') ? '' : null )); - if(setting('core.mail_enabled') && $config['account_welcome_mail']) + if(setting('core.mail_enabled') && setting('account_welcome_mail')) { $mailBody = $twig->render('account.welcome_mail.html.twig', array( 'account' => $tmp_account @@ -330,7 +331,7 @@ if(setting('core.account_country_recognize')) { if(!empty($errors)) $twig->display('error_box.html.twig', array('errors' => $errors)); -if($config['account_country']) { +if (setting('core.account_country')) { $countries = array(); foreach (array('pl', 'se', 'br', 'us', 'gb') as $c) $countries[$c] = $config['countries'][$c]; @@ -353,7 +354,7 @@ $params = array( 'save' => $save ); -if($save && config('account_create_character_create')) { +if($save && setting('core.account_create_character_create')) { $params = array_merge($params, array( 'name' => $character_name, 'sex' => $character_sex, diff --git a/system/pages/characters.php b/system/pages/characters.php index 3411c043..2cb5e084 100644 --- a/system/pages/characters.php +++ b/system/pages/characters.php @@ -77,10 +77,10 @@ if($player->isLoaded() && !$player->isDeleted()) $rows = 0; if($config['characters']['outfit']) - $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); + $outfit = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); $flag = ''; - if($config['account_country']) { + if(setting('core.account_country')) { $flag = getFlagImage($account->getCountry()); } @@ -423,7 +423,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil if($db->hasColumn('players', 'deletion')) $deleted = 'deletion'; - $query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';'); + $query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)setting('core.characters_search_limit') . ';'); if($query->rowCount() > 0) { echo 'Did you mean:
    '; foreach($query as $player) { diff --git a/system/pages/creatures.php b/system/pages/creatures.php index 1b0e0ae8..672ea1a8 100644 --- a/system/pages/creatures.php +++ b/system/pages/creatures.php @@ -17,7 +17,7 @@ $title = 'Creatures'; if (empty($_REQUEST['name'])) { // display list of monsters - $preview = config('monsters_images_preview'); + $preview = setting('core.monsters_images_preview'); $creatures = Monster::where('hidden', '!=', 1)->when(!empty($_REQUEST['boss']), function ($query) { $query->where('rewardboss', 1); })->get()->toArray(); @@ -65,7 +65,7 @@ if (isset($creature['name'])) { $item['name'] = getItemNameById($item['id']); $item['rarity_chance'] = round($item['chance'] / 1000, 2); $item['rarity'] = getItemRarity($item['chance']); - $item['tooltip'] = ucfirst($item['name']) . '
    Chance: ' . $item['rarity'] . (config('monsters_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '
    Max count: ' . $item['count']; + $item['tooltip'] = ucfirst($item['name']) . '
    Chance: ' . $item['rarity'] . (setting('core.monsters_loot_percentage') ? ' ('. $item['rarity_chance'] .'%)' : '') . '
    Max count: ' . $item['count']; } $creature['loot'] = isset($loot) ? $loot : null; diff --git a/system/pages/forum/show_thread.php b/system/pages/forum/show_thread.php index 263683ee..124928bc 100644 --- a/system/pages/forum/show_thread.php +++ b/system/pages/forum/show_thread.php @@ -57,7 +57,7 @@ foreach($posts as &$post) { } if($config['characters']['outfit']) { - $post['outfit'] = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); + $post['outfit'] = setting('core.outfit_images_url') . '?id=' . $player->getLookType() . ($lookaddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); } $groupName = ''; diff --git a/system/pages/guilds/change_description.php b/system/pages/guilds/change_description.php index 9f6fc0dc..a1e7b1d7 100644 --- a/system/pages/guilds/change_description.php +++ b/system/pages/guilds/change_description.php @@ -43,7 +43,7 @@ if(empty($errors)) { $saved = false; if($guild_leader) { if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { - $description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0,$config['guild_description_chars_limit']))); + $description = htmlspecialchars(stripslashes(substr(trim($_REQUEST['description']),0, setting('core.guild_description_chars_limit')))); $guild->setCustomField('description', $description); $saved = true; } diff --git a/system/pages/guilds/change_logo.php b/system/pages/guilds/change_logo.php index fea3005f..eee33582 100644 --- a/system/pages/guilds/change_logo.php +++ b/system/pages/guilds/change_logo.php @@ -42,7 +42,7 @@ if(empty($errors)) { if($guild_leader) { - $max_image_size_b = $config['guild_image_size_kb'] * 1024; + $max_image_size_b = setting('core.guild_image_size_kb') * 1024; $allowed_ext = array('image/gif', 'image/jpg', 'image/pjpeg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png'); $ext_name = array('image/gif' => 'gif', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/pjpeg' => 'jpg', 'image/bmp' => 'bmp', 'image/png' => 'png', 'image/x-png' => 'png'); $save_file_name = str_replace(' ', '_', strtolower($guild->getName())); @@ -62,7 +62,7 @@ if(empty($errors)) { } } else { - $upload_errors[] = 'You didn\'t send file or file is too big. Limit: '.$config['guild_image_size_kb'].' KB.'; + $upload_errors[] = 'You didn\'t send file or file is too big. Limit: '.setting('core.guild_image_size_kb').' KB.'; } if(empty($upload_errors)) { diff --git a/system/pages/guilds/change_motd.php b/system/pages/guilds/change_motd.php index 84581485..7d546670 100644 --- a/system/pages/guilds/change_motd.php +++ b/system/pages/guilds/change_motd.php @@ -46,7 +46,7 @@ if(empty($errors)) { $saved = false; if($guild_leader) { if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') { - $motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, $config['guild_motd_chars_limit']))); + $motd = htmlspecialchars(stripslashes(substr($_REQUEST['motd'],0, setting('core.guild_motd_chars_limit')))); $guild->setCustomField('motd', $motd); $saved = true; } diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php index d7319fce..dcecf988 100644 --- a/system/pages/guilds/create.php +++ b/system/pages/guilds/create.php @@ -28,8 +28,8 @@ if(empty($guild_errors)) $player_rank = $player->getRank(); if(!$player_rank->isLoaded()) { - if($player->getLevel() >= $config['guild_need_level']) { - if(!$config['guild_need_premium'] || $account_logged->isPremium()) { + if($player->getLevel() >= setting('core.guild_need_level')) { + if(!setting('core.guild_need_premium') || $account_logged->isPremium()) { $array_of_player_nig[] = $player->getName(); } } @@ -39,7 +39,7 @@ if(empty($guild_errors)) if(empty($todo)) { if(count($array_of_player_nig) == 0) { - $guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . ($config['guild_need_premium'] ? ' or you don\' have a premium account' : '') . '.'; + $guild_errors[] = 'On your account all characters are in guilds, have too low level to create new guild' . (setting('core.guild_need_premium') ? ' or you don\' have a premium account' : '') . '.'; } } @@ -91,10 +91,10 @@ if($todo == 'save') } if(empty($guild_errors)) { - if($player->getLevel() < $config['guild_need_level']) { - $guild_errors[] = 'Character '.$name.' has too low level. To create guild you need character with level '.$config['guild_need_level'].'.'; + if($player->getLevel() < setting('core.guild_need_level')) { + $guild_errors[] = 'Character '.$name.' has too low level. To create guild you need character with level ' . setting('core.guild_need_level') . '.'; } - if($config['guild_need_premium'] && !$account_logged->isPremium()) { + if(setting('core.guild_need_premium') && !$account_logged->isPremium()) { $guild_errors[] = 'Character '.$name.' is on FREE account. To create guild you need PREMIUM account.'; } } @@ -112,7 +112,7 @@ if(isset($todo) && $todo == 'save') $new_guild->setName($guild_name); $new_guild->setOwner($player); $new_guild->save(); - $new_guild->setCustomField('description', config('guild_description_default')); + $new_guild->setCustomField('description', setting('core.guild_description_default')); //$new_guild->setCustomField('creationdata', time()); $ranks = $new_guild->getGuildRanksList(); $ranks->orderBy('level', POT::ORDER_DESC); diff --git a/system/pages/guilds/list.php b/system/pages/guilds/list.php index e91b644d..e8425dc4 100644 --- a/system/pages/guilds/list.php +++ b/system/pages/guilds/list.php @@ -26,7 +26,7 @@ if(count($guilds_list) > 0) $description = $guild->getCustomField('description'); $description_with_lines = str_replace(array("\r\n", "\n", "\r"), '
    ', $description, $count); - if ($count < $config['guild_description_lines_limit']) + if ($count < setting('core.guild_description_lines_limit')) $description = nl2br($description); $guildName = $guild->getName(); diff --git a/system/pages/guilds/show.php b/system/pages/guilds/show.php index 8a519c61..58a4b45f 100644 --- a/system/pages/guilds/show.php +++ b/system/pages/guilds/show.php @@ -85,7 +85,7 @@ if(empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo)) $description = $guild->getCustomField('description'); $description_with_lines = str_replace(array("\r\n", "\n", "\r"), '
    ', $description, $count); -if($count < $config['guild_description_lines_limit']) +if($count < setting('core.guild_description_lines_limit')) $description = nl2br($description); //$description = $description_with_lines; diff --git a/system/pages/highscores.php b/system/pages/highscores.php index 090da010..e3b64e3c 100644 --- a/system/pages/highscores.php +++ b/system/pages/highscores.php @@ -239,7 +239,7 @@ foreach($highscores as $id => &$player) $player['link'] = getPlayerLink($player['name'], false); $player['flag'] = getFlagImage($player['country']); if($settingHighscoresOutfit) { - $player['outfit'] = ''; + $player['outfit'] = ''; } $player['rank'] = $offset + $i; } diff --git a/system/pages/lastkills.php b/system/pages/lastkills.php index b325f506..798d91c3 100644 --- a/system/pages/lastkills.php +++ b/system/pages/lastkills.php @@ -21,7 +21,7 @@ if($cache->enabled() && $cache->fetch('last_kills', $tmp)) { else { if($db->hasTable('player_killers')) // tfs 0.3 { - $players_deaths = $db->query('SELECT `player_deaths`.`id`, `player_deaths`.`date`, `player_deaths`.`level`, `players`.`name`' . ($db->hasColumn('players', 'world_id') ? ', `players`.`world_id`' : '') . ' FROM `player_deaths` LEFT JOIN `players` ON `player_deaths`.`player_id` = `players`.`id` ORDER BY `date` DESC LIMIT 0, ' . $config['last_kills_limit']); + $players_deaths = $db->query('SELECT `player_deaths`.`id`, `player_deaths`.`date`, `player_deaths`.`level`, `players`.`name`' . ($db->hasColumn('players', 'world_id') ? ', `players`.`world_id`' : '') . ' FROM `player_deaths` LEFT JOIN `players` ON `player_deaths`.`player_id` = `players`.`id` ORDER BY `date` DESC LIMIT 0, ' . setting('core.last_kills_limit')); if(!empty($players_deaths)) { foreach($players_deaths as $death) { @@ -82,9 +82,9 @@ else { } } } else { - //$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";"); + //$players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `player_deaths`.`killed_by` as `killed_by`, `player_deaths`.`time` as `time`, `player_deaths`.`is_player` as `is_player`, `player_deaths`.`level` as `level` FROM `player_deaths`, `players` as `d` INNER JOIN `players` as `p` ON player_deaths.player_id = p.id WHERE player_deaths.`is_player`='1' ORDER BY `time` DESC LIMIT " . setting('core.last_kills_limit') . ";"); - $players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . $config['last_kills_limit'] . ";"); + $players_deaths = $db->query("SELECT `p`.`name` AS `victim`, `d`.`killed_by` as `killed_by`, `d`.`time` as `time`, `d`.`level`, `d`.`is_player` FROM `player_deaths` as `d` INNER JOIN `players` as `p` ON d.player_id = p.id ORDER BY `time` DESC LIMIT " . setting('core.last_kills_limit') . ";"); if(!empty($players_deaths)) { foreach($players_deaths as $death) { $players_deaths_count++; @@ -114,4 +114,4 @@ else { $twig->display('lastkills.html.twig', array( 'lastkills' => $last_kills -)); \ No newline at end of file +)); diff --git a/system/pages/news.php b/system/pages/news.php index db04092d..5f30454f 100644 --- a/system/pages/news.php +++ b/system/pages/news.php @@ -62,7 +62,7 @@ if(isset($_GET['archive'])) 'content' => $content_, 'date' => $news['date'], 'icon' => $categories[$news['category']]['icon_id'], - 'author' => $config['news_author'] ? $author : '', + 'author' => setting('core.news_author') ? $author : '', 'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null, )); } @@ -116,7 +116,7 @@ if(!$news_cached) ); } - $tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hidden` != 1') .' ORDER BY `date` DESC LIMIT ' . $config['news_ticker_limit']); + $tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hidden` != 1') .' ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit')); $tickers_content = ''; if($tickers_db->rowCount() > 0) { @@ -167,7 +167,7 @@ else { if(!$news_cached) { ob_start(); - $newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hidden != 1') . ' ORDER BY date' . ' DESC LIMIT ' . $config['news_limit']); + $newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hidden != 1') . ' ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit')); if($newses->rowCount() > 0) { foreach($newses as $news) @@ -211,7 +211,7 @@ if(!$news_cached) 'content' => $content_ . $admin_options, 'date' => $news['date'], 'icon' => $categories[$news['category']]['icon_id'], - 'author' => $config['news_author'] ? $author : '', + 'author' => setting('core.news_author') ? $author : '', 'comments' => $news['comments'] != 0 ? getForumThreadLink($news['comments']) : null, 'hidden'=> $news['hidden'] )); diff --git a/system/pages/online.php b/system/pages/online.php index 0ca74127..77f01a2a 100644 --- a/system/pages/online.php +++ b/system/pages/online.php @@ -15,7 +15,7 @@ use MyAAC\Models\ServerRecord; defined('MYAAC') or die('Direct access not allowed!'); $title = 'Who is online?'; -if($config['account_country']) +if (setting('core.account_country')) require SYSTEM . 'countries.conf.php'; $promotion = ''; @@ -42,7 +42,7 @@ if($db->hasColumn('players', 'skull_time')) { $outfit_addons = false; $outfit = ''; -if($config['online_outfit']) { +if (setting('core.online_outfit')) { $outfit = ', lookbody, lookfeet, lookhead, looklegs, looktype'; if($db->hasColumn('players', 'lookaddons')) { $outfit .= ', lookaddons'; @@ -50,7 +50,7 @@ if($config['online_outfit']) { } } -if($config['online_vocations']) { +if (setting('core.online_vocations')) { $vocs = array(); foreach($config['vocations'] as $id => $name) { $vocs[$id] = 0; @@ -67,7 +67,7 @@ $players = 0; $data = ''; foreach($playersOnline as $player) { $skull = ''; - if($config['online_skulls']) + if (setting('core.online_skulls')) { if($player['skulltime'] > 0) { @@ -90,18 +90,18 @@ foreach($playersOnline as $player) { 'player' => $player, 'level' => $player['level'], 'vocation' => $config['vocations'][$player['vocation']], - 'country_image' => $config['account_country'] ? getFlagImage($player['country']) : null, - 'outfit' => $config['online_outfit'] ? $config['outfit_images_url'] . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null + 'country_image' => setting('core.account_country') ? getFlagImage($player['country']) : null, + 'outfit' => setting('core.online_outfit') ? setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null ); - if($config['online_vocations']) { + if (setting('core.online_vocations')) { $vocs[($player['vocation'] > $config['vocations_amount'] ? $player['vocation'] - $config['vocations_amount'] : $player['vocation'])]++; } } $record = ''; if($players > 0) { - if($config['online_record']) { + if( setting('core.online_record')) { $result = null; $timestamp = false; if($db->hasTable('server_record')) { diff --git a/system/pages/spells.php b/system/pages/spells.php index 692df7cd..28bcbb23 100644 --- a/system/pages/spells.php +++ b/system/pages/spells.php @@ -71,7 +71,7 @@ $twig->display('spells.html.twig', array( 'post_vocation_id' => $vocation_id, 'post_vocation' => $vocation, 'spells' => $spells, - 'item_path' => $config['item_images_url'], + 'item_path' => setting('core.item_images_url'), )); ?> diff --git a/system/pages/team.php b/system/pages/team.php index b1fd15dc..ae0c9d93 100644 --- a/system/pages/team.php +++ b/system/pages/team.php @@ -11,7 +11,7 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Support in game'; -if($config['account_country']) +if(setting('core.account_country')) require SYSTEM . 'countries.conf.php'; $groups = new OTS_Groups_List(); diff --git a/system/router.php b/system/router.php index a24a3b1b..d45889f9 100644 --- a/system/router.php +++ b/system/router.php @@ -170,7 +170,7 @@ if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) { $_REQUEST['subtopic'] = $_REQUEST['p']; } - if (config('backward_support')) { + if (setting('core.backward_support')) { require SYSTEM . 'compat/pages.php'; } @@ -271,7 +271,7 @@ if($hooks->trigger(HOOK_BEFORE_PAGE)) { unset($file); -if(config('backward_support') && isset($main_content[0])) +if(setting('core.backward_support') && isset($main_content[0])) $content .= $main_content; $content .= ob_get_contents(); @@ -282,7 +282,7 @@ if(!isset($title)) { $title = ucfirst($page); } -if(config('backward_support')) { +if(setting('core.backward_support')) { $main_content = $content; $topic = $title; } diff --git a/system/settings.php b/system/settings.php index bbd72e2f..d62dda9e 100644 --- a/system/settings.php +++ b/system/settings.php @@ -1047,12 +1047,12 @@ Sent by MyAAC,
    'desc' => 'Show player outfit?', 'default' => true, ], - 'highscores_country_box' => [ // not implemented yet + /*'highscores_country_box' => [ // not implemented yet 'name' => 'Display Country Box', 'type' => 'hidden', 'desc' => 'Show player outfit?', 'default' => false, - ], + ],*/ 'highscores_groups_hidden' => [ 'name' => 'Hidden Groups', 'type' => 'number', @@ -1225,9 +1225,9 @@ Sent by MyAAC,
    'team_style' => [ 'name' => 'Style', 'type' => 'options', - 'desc' => '', - 'options' => ['normal table', 'in boxes, grouped by group id'], - 'default' => 1, + 'desc' => 'How to show groups', + 'options' => [1 => 'normal table', 2 => 'in boxes, grouped by group id'], + 'default' => 2, ], 'team_status' => [ 'name' => 'Display Online Status', diff --git a/system/status.php b/system/status.php index 88a48917..d55f68e1 100644 --- a/system/status.php +++ b/system/status.php @@ -125,7 +125,7 @@ function updateStatus() { $status['playersMax'] = $serverStatus->getMaxPlayers(); // for status afk thing - if($config['online_afk']) + if (setting('core.online_afk')) { $status['playersTotal'] = 0; // get amount of players that are currently logged in-game, including disconnected clients (exited) diff --git a/system/template.php b/system/template.php index 0fbb0477..0a8775b0 100644 --- a/system/template.php +++ b/system/template.php @@ -54,7 +54,7 @@ if(file_exists(BASE . $template_path . '/index.php')) { elseif(file_exists(BASE . $template_path . '/template.php')) { $template_index = 'template.php'; } -elseif($config['backward_support'] && file_exists(BASE . $template_path . '/layout.php')) { +elseif(setting('core.backward_support') && file_exists(BASE . $template_path . '/layout.php')) { $template_index = 'layout.php'; } else { @@ -77,7 +77,7 @@ if ($cache->enabled() && $cache->fetch('template_ini_' . $template_name, $tmp)) else { $file = BASE . $template_path . '/config.ini'; $exists = file_exists($file); - if ($exists || ($config['backward_support'] && file_exists(BASE . $template_path . '/layout_config.ini'))) { + if ($exists || (setting('core.backward_support') && file_exists(BASE . $template_path . '/layout_config.ini'))) { if (!$exists) { $file = BASE . $template_path . '/layout_config.ini'; } diff --git a/system/templates/account.change_info.html.twig b/system/templates/account.change_info.html.twig index 80be0bd2..fb503e8e 100644 --- a/system/templates/account.change_info.html.twig +++ b/system/templates/account.change_info.html.twig @@ -31,7 +31,7 @@ Here you can tell other players about yourself. This information will be display - {% if config.account_country %} + {% if setting('core.account_country') %} Country: @@ -97,4 +97,4 @@ Here you can tell other players about yourself. This information will be display - \ No newline at end of file + diff --git a/system/templates/account.change_mail.html.twig b/system/templates/account.change_mail.html.twig index 1c0d1c12..35d64854 100644 --- a/system/templates/account.change_mail.html.twig +++ b/system/templates/account.change_mail.html.twig @@ -1,4 +1,4 @@ -Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to.
    For security reasons, the actual change will be finalised after a waiting period of {{ config.account_mail_change }} days.

    +Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to.
    For security reasons, the actual change will be finalised after a waiting period of {{ setting('core.account_mail_change') }} days.

    @@ -67,4 +67,4 @@ Please enter your password and the new email address. Make sure that you enter a
    - \ No newline at end of file + diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig index a43d6e7d..290809c3 100644 --- a/system/templates/account.create.html.twig +++ b/system/templates/account.create.html.twig @@ -59,13 +59,13 @@ {% if errors.email is defined %}{{ errors.email }}{% endif %} - {% if setting('core.mail_enabled') and config.account_mail_verify %} + {% if setting('core.mail_enabled') and setting('account_mail_verify') %} Please use real address!
    We will send a link to validate your Email.     {% endif %} {{ hook('HOOK_ACCOUNT_CREATE_AFTER_EMAIL') }} - {% if config.account_country %} + {% if setting('core.account_country') %} Country: @@ -122,7 +122,7 @@ {{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }} - {% if (not setting('core.mail_enabled') or not config.account_mail_verify) and config.account_create_character_create %} + {% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('account_create_character_create') %}
    diff --git a/system/templates/account.create_character.html.twig b/system/templates/account.create_character.html.twig index acb57f5c..c116cec2 100644 --- a/system/templates/account.create_character.html.twig +++ b/system/templates/account.create_character.html.twig @@ -2,7 +2,7 @@ Please choose a name{% if config.character_samples|length > 1 %}, vocation{% end {% if config.character_towns|length > 1 %}, town{% endif %} and sex for your character.
    In any case the name must not violate the naming conventions stated in the {{ config.lua.serverName }} Rules, or your character might get deleted or name locked. -{% if account_logged.getPlayersList(true)|length >= config.characters_per_account %} +{% if account_logged.getPlayersList(true)|length >= setting('core.characters_per_account') %} You have maximum number of characters per account on your account. Delete one before you make new. {% endif %}

    diff --git a/system/templates/admin.news.html.twig b/system/templates/admin.news.html.twig index 4436c262..0eb16d3f 100644 --- a/system/templates/admin.news.html.twig +++ b/system/templates/admin.news.html.twig @@ -21,7 +21,7 @@ {{ news.id|raw }} {{ news.title }} - {{ news.date|date(config.news_date_format) }} + {{ news.date|date(setting('core.news_date_format')) }} {{ news.player_name }}
    @@ -66,7 +66,7 @@ {{ ticker.id|raw }} {{ ticker.title }} - {{ ticker.date|date(config.news_date_format) }} + {{ ticker.date|date(setting('core.news_date_format')) }} {{ ticker.player_name }}
    @@ -110,7 +110,7 @@ {{ article.id|raw }} {{ article.title }} - {{ article.date|date(config.news_date_format) }} + {{ article.date|date(setting('core.news_date_format')) }} {{ article.player_name }}
    diff --git a/system/templates/characters.html.twig b/system/templates/characters.html.twig index 9553d20c..865c39ca 100644 --- a/system/templates/characters.html.twig +++ b/system/templates/characters.html.twig @@ -17,7 +17,7 @@ {% endif %} {% if config.characters.outfit %} -
    player outfit
    +
    player outfit
    {% endif %} diff --git a/system/templates/creature.html.twig b/system/templates/creature.html.twig index 46e2e508..18828e0c 100644 --- a/system/templates/creature.html.twig +++ b/system/templates/creature.html.twig @@ -155,7 +155,7 @@ {% if (item.count > 1) %} {{ item.count }} {% endif %} - + {% endfor %} diff --git a/system/templates/forum.show_thread.html.twig b/system/templates/forum.show_thread.html.twig index 80985d43..ddcb3be5 100644 --- a/system/templates/forum.show_thread.html.twig +++ b/system/templates/forum.show_thread.html.twig @@ -24,7 +24,7 @@ Page: {{ links_to_pages|raw }}
    {% set i = i + 1 %} - {% if setting('core.mail_enabled') and setting('account_mail_verify') %} + {% if setting('core.mail_enabled') and setting('core.account_mail_verify') %} {% endif %} @@ -122,7 +122,7 @@ {{ hook('HOOK_ACCOUNT_CREATE_BETWEEN_BOXES_1') }} - {% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('account_create_character_create') %} + {% if (not setting('core.mail_enabled') or not setting('core.account_mail_verify')) and setting('core.account_create_character_create') %}
    {{ post.player_link|raw }}
    {% if post.outfit is defined %} - player outfit + player outfit
    {% endif %} diff --git a/system/templates/guilds.change_description.html.twig b/system/templates/guilds.change_description.html.twig index b6d43dd0..97cb866c 100644 --- a/system/templates/guilds.change_description.html.twig +++ b/system/templates/guilds.change_description.html.twig @@ -2,8 +2,8 @@ Here you can change description of your guild.
    -
    - (max. {{ config.guild_description_lines_limit }} lines, max. {{ config.guild_description_chars_limit }} chars)
    +
    + (max. {{ setting('core.guild_description_lines_limit') }} lines, max. {{ setting('core.guild_description_chars_limit') }} chars)

    diff --git a/system/templates/guilds.change_logo.html.twig b/system/templates/guilds.change_logo.html.twig index f8aa002e..3194858f 100644 --- a/system/templates/guilds.change_logo.html.twig +++ b/system/templates/guilds.change_logo.html.twig @@ -6,7 +6,7 @@ Here you can change logo of your guild.
    Actuall logo:
    -Only jpg, gif, png, bmp pictures. Max. size: {{ config.guild_image_size_kb }} KB
    +Only jpg, gif, png, bmp pictures. Max. size: {{ setting('core.guild_image_size_kb') }} KB

    @@ -16,7 +16,7 @@ Only jpg, gif, png, bmp pictures. Max. size: {{ config.guild_image_siz diff --git a/templates/kathrine/menu.js.html.twig b/templates/kathrine/menu.js.html.twig index 7cd25c59..adf7ceb0 100644 --- a/templates/kathrine/menu.js.html.twig +++ b/templates/kathrine/menu.js.html.twig @@ -1,7 +1,7 @@ var list = new Array(); {% set i = 0 %} {% for cat in categories %} - {% if cat.id != 'shops' or config.gifts_system %} + {% if cat.id != 'shops' or setting('core.gifts_system') %} list[{{ i }}] = '{{ cat.id }}'; {% endif %} {% set i = i + 1 %} diff --git a/templates/tibiacom/boxes/highscores.php b/templates/tibiacom/boxes/highscores.php index 808bb237..a2f371fa 100644 --- a/templates/tibiacom/boxes/highscores.php +++ b/templates/tibiacom/boxes/highscores.php @@ -3,8 +3,8 @@ $topPlayers = getTopPlayers(5); foreach($topPlayers as &$player) { $outfit_url = ''; - if($config['online_outfit']) { - $outfit_url = $config['outfit_images_url'] . '?id=' . $player['looktype'] . (!empty + if (setting('core.online_outfit')) { + $outfit_url = setting('core.outfit_images_url') . '?id=' . $player['looktype'] . (!empty ($player['lookaddons']) ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet']; $player['outfit'] = $outfit_url; diff --git a/templates/tibiacom/boxes/templates/highscores.html.twig b/templates/tibiacom/boxes/templates/highscores.html.twig index 0cac1f0a..c5eb5516 100644 --- a/templates/tibiacom/boxes/templates/highscores.html.twig +++ b/templates/tibiacom/boxes/templates/highscores.html.twig @@ -45,8 +45,8 @@
    {% for player in topPlayers %}
    - {% if config.online_outfit %} - player outfit + {% if setting('core.online_outfit') %} + player outfit {% endif %} {{ player['rank'] }} - {{ player['name'] }} diff --git a/templates/tibiacom/index.php b/templates/tibiacom/index.php index 6bb5f445..95c73c33 100644 --- a/templates/tibiacom/index.php +++ b/templates/tibiacom/index.php @@ -124,7 +124,7 @@ if(isset($config['boxes'])) document.getElementById("ActiveSubmenuItemIcon_"+activeSubmenuItem).style.visibility = "visible"; menus = localStorage.getItem('menus'); if(menus.lastIndexOf("&") === -1) { - menus = "news=1&account=0&community=0&library=0&forum=0&"; + menus = "news=1&account=0&community=0&library=0&forum=0&"; } FillMenuArray(); InitializeMenu(); @@ -329,7 +329,7 @@ if(isset($config['boxes'])) $menus = get_template_menus(); foreach($config['menu_categories'] as $id => $cat) { - if(!isset($menus[$id]) || ($id == MENU_CATEGORY_SHOP && !$config['gifts_system'])) { + if(!isset($menus[$id]) || ($id == MENU_CATEGORY_SHOP && !setting('core.gifts_system'))) { continue; } ?> @@ -368,7 +368,7 @@ foreach($config['menu_categories'] as $id => $cat) { ?>
    $_GET['body'], 'date' => time(), 'icon' => $categories[$_GET['category']]['icon_id'], - 'author' => $config['news_author'] ? $author : '', + 'author' => setting('core.news_author') ? $author : '', 'comments' => null, - 'news_date_format' => $config['news_date_format'], + 'news_date_format' => setting('core.news_date_format'), 'hidden'=> 0 ))); } diff --git a/tools/validate.php b/tools/validate.php index ff9176e6..43c965d0 100644 --- a/tools/validate.php +++ b/tools/validate.php @@ -46,7 +46,7 @@ else if(isset($_GET['email'])) if(!Validator::email($email)) error_(Validator::getLastError()); - if($config['account_mail_unique']) + if(setting('core.account_mail_unique')) { if(Account::where('email', '=', $email)->exists()) error_('Account with this e-mail already exist.'); From 9e2a87f448b508cbb7076144c0df7ddd0229631c Mon Sep 17 00:00:00 2001 From: slawkens Date: Fri, 25 Aug 2023 17:09:31 +0200 Subject: [PATCH 05/41] Add forgotten prefix for some settings --- system/pages/account/change_email.php | 2 +- system/pages/account/create.php | 6 +++--- system/templates/account.create.html.twig | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/system/pages/account/change_email.php b/system/pages/account/change_email.php index 95ce48fc..4168131c 100644 --- a/system/pages/account/change_email.php +++ b/system/pages/account/change_email.php @@ -43,7 +43,7 @@ if($email_new_time < 10) { } if(empty($errors)) { - $email_new_time = time() + setting('account_mail_change') * 24 * 3600; + $email_new_time = time() + setting('core.account_mail_change') * 24 * 3600; $account_logged->setCustomField("email_new", $email_new); $account_logged->setCustomField("email_new_time", $email_new_time); $twig->display('success.html.twig', array( diff --git a/system/pages/account/create.php b/system/pages/account/create.php index aff92145..5775855f 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -211,8 +211,8 @@ if($save) } } - if(setting('account_premium_points') && setting('account_premium_points') > 0) { - $new_account->setCustomField('premium_points', setting('account_premium_points')); + if(setting('core.account_premium_points') && setting('core.account_premium_points') > 0) { + $new_account->setCustomField('premium_points', setting('core.account_premium_points')); } $tmp_account = $email; @@ -295,7 +295,7 @@ if($save) 'custom_buttons' => setting('core.account_create_character_create') ? '' : null )); - if(setting('core.mail_enabled') && setting('account_welcome_mail')) + if(setting('core.mail_enabled') && setting('core.account_welcome_mail')) { $mailBody = $twig->render('account.welcome_mail.html.twig', array( 'account' => $tmp_account diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig index 290809c3..5f9ea910 100644 --- a/system/templates/account.create.html.twig +++ b/system/templates/account.create.html.twig @@ -59,7 +59,7 @@
    		{% if errors.email is defined %}{{ errors.email }}{% endif %}
    Please use real address!
    We will send a link to validate your Email.
    From 8a3986932d4ed6433e04508ca93a2d04770052fb Mon Sep 17 00:00:00 2001 From: slawkens Date: Fri, 25 Aug 2023 17:13:21 +0200 Subject: [PATCH 06/41] My fault was commenting this --- system/settings.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/settings.php b/system/settings.php index d62dda9e..e12514cd 100644 --- a/system/settings.php +++ b/system/settings.php @@ -1047,12 +1047,12 @@ Sent by MyAAC,
    'desc' => 'Show player outfit?', 'default' => true, ], - /*'highscores_country_box' => [ // not implemented yet + 'highscores_country_box' => [ // not implemented yet 'name' => 'Display Country Box', 'type' => 'hidden', 'desc' => 'Show player outfit?', 'default' => false, - ],*/ + ], 'highscores_groups_hidden' => [ 'name' => 'Hidden Groups', 'type' => 'number', From 5f10773189c47fddce39005cfc7a97e26c81f728 Mon Sep 17 00:00:00 2001 From: Slawomir Boczek Date: Thu, 31 Aug 2023 08:33:32 +0200 Subject: [PATCH 07/41] feature: plugin cronjobs (#215) --- composer.json | 3 +- system/bin/cronjob.php | 19 +++++++++++++ system/bin/install_cronjob.php | 50 ++++++++++++++++++++++++++++++++++ system/hooks.php | 1 + 4 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 system/bin/cronjob.php create mode 100644 system/bin/install_cronjob.php diff --git a/composer.json b/composer.json index 52fd0820..ec34d395 100644 --- a/composer.json +++ b/composer.json @@ -12,7 +12,8 @@ "erusev/parsedown": "^1.7", "nikic/fast-route": "^1.3", "matomo/device-detector": "^6.0", - "illuminate/database": "^10.18" + "illuminate/database": "^10.18", + "peppeocchi/php-cron-scheduler": "4.*" }, "require-dev": { "filp/whoops": "^2.15" diff --git a/system/bin/cronjob.php b/system/bin/cronjob.php new file mode 100644 index 00000000..0bea2b03 --- /dev/null +++ b/system/bin/cronjob.php @@ -0,0 +1,19 @@ +load(); + +use GO\Scheduler; + +// Create a new scheduler +$scheduler = new Scheduler(); + +$hooks->trigger(HOOK_CRONJOB, ['scheduler' => $scheduler]); + +// Let the scheduler execute jobs which are due. +$scheduler->run(); diff --git a/system/bin/install_cronjob.php b/system/bin/install_cronjob.php new file mode 100644 index 00000000..dff2604a --- /dev/null +++ b/system/bin/install_cronjob.php @@ -0,0 +1,50 @@ +> ' . SYSTEM . 'logs/cron.log 2>&1'; + +if (cronjob_exists($job)) { + echo 'MyAAC cronjob already installed.' . PHP_EOL; + exit(0); +} + +exec ('crontab -l', $content); + +$content = implode(' ', $content); +$content .= PHP_EOL . $job; + +file_put_contents(CACHE . 'cronjob', $content . PHP_EOL); +exec('crontab ' . CACHE. 'cronjob'); + +echo 'Installed crontab successfully.' . PHP_EOL; + +function cronjob_exists($command) +{ + $cronjob_exists=false; + + exec('crontab -l', $crontab); + if(isset($crontab)&&is_array($crontab)) { + + $crontab = array_flip($crontab); + + if(isset($crontab[$command])){ + $cronjob_exists = true; + } + + } + + return $cronjob_exists; +} diff --git a/system/hooks.php b/system/hooks.php index 0ef6827d..b6480ae4 100644 --- a/system/hooks.php +++ b/system/hooks.php @@ -69,6 +69,7 @@ define('HOOK_ADMIN_LOGIN_AFTER_PASSWORD', ++$i); define('HOOK_ADMIN_LOGIN_AFTER_SIGN_IN', ++$i); define('HOOK_ADMIN_ACCOUNTS_SAVE_POST', ++$i); define('HOOK_ADMIN_SETTINGS_BEFORE_SAVE', ++$i); +define('HOOK_CRONJOB', ++$i); define('HOOK_EMAIL_CONFIRMED', ++$i); define('HOOK_GUILDS_BEFORE_GUILD_HEADER', ++$i); define('HOOK_GUILDS_AFTER_GUILD_HEADER', ++$i); From 09627bdb1e3bb1e501c536a22d1bffc226474a24 Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 31 Aug 2023 11:03:36 +0200 Subject: [PATCH 08/41] Linux is case-sensitive! --- install/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/index.php b/install/index.php index 22440101..9c2e5048 100644 --- a/install/index.php +++ b/install/index.php @@ -12,7 +12,7 @@ require SYSTEM . 'functions.php'; require BASE . 'install/includes/functions.php'; require BASE . 'install/includes/locale.php'; require SYSTEM . 'clients.conf.php'; -require LIBS . 'settings.php'; +require LIBS . 'Settings.php'; // ignore undefined index from Twig autoloader $config['env'] = 'prod'; From 574e35ba353f0742616e803ffde71b3c96eeec96 Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 31 Aug 2023 13:49:32 +0200 Subject: [PATCH 09/41] Fix: forgot to remove those menu items --- install/includes/schema.sql | 5 ----- 1 file changed, 5 deletions(-) diff --git a/install/includes/schema.sql b/install/includes/schema.sql index 2645d1a9..fbbcad37 100644 --- a/install/includes/schema.sql +++ b/install/includes/schema.sql @@ -127,11 +127,6 @@ CREATE TABLE `myaac_menu` PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8; -/* MENU_CATEGORY_SHOP tibiacom */ -INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Buy Points', 'points', 6, 0); -INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop Offer', 'gifts', 6, 1); -INSERT INTO `myaac_menu` (`template`, `name`, `link`, `category`, `ordering`) VALUES ('tibiacom', 'Shop History', 'gifts/history', 6, 2); - CREATE TABLE `myaac_monsters` ( `id` int(11) NOT NULL AUTO_INCREMENT, `hidden` tinyint(1) NOT NULL default 0, From 63e69c97b72f9ab51c815527f5215d16b5d215af Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 31 Aug 2023 14:01:30 +0200 Subject: [PATCH 10/41] Fix login.php @gpedro <3 --- login.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/login.php b/login.php index c342a8e9..8be4d1f3 100644 --- a/login.php +++ b/login.php @@ -2,6 +2,8 @@ use MyAAC\Models\BoostedCreature; use MyAAC\Models\PlayerOnline; +use MyAAC\Models\Account; +use MyAAC\Models\Player; require_once 'common.php'; require_once SYSTEM . 'functions.php'; From fd25e6e881a9b12b97cf5b075f32ca4326c510c6 Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 31 Aug 2023 14:08:02 +0200 Subject: [PATCH 11/41] Fix highscores country box to be hidden --- system/settings.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/settings.php b/system/settings.php index e12514cd..4f0d7597 100644 --- a/system/settings.php +++ b/system/settings.php @@ -1048,8 +1048,9 @@ Sent by MyAAC,
    'default' => true, ], 'highscores_country_box' => [ // not implemented yet + 'hidden' => true, 'name' => 'Display Country Box', - 'type' => 'hidden', + 'type' => 'boolean', 'desc' => 'Show player outfit?', 'default' => false, ], From d90810cf8499c188937c5e18a0e0d5389557166a Mon Sep 17 00:00:00 2001 From: slawkens Date: Thu, 31 Aug 2023 14:20:24 +0200 Subject: [PATCH 12/41] Add latest clients versions --- system/clients.conf.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/system/clients.conf.php b/system/clients.conf.php index b3ec18d5..a7d2bf0c 100644 --- a/system/clients.conf.php +++ b/system/clients.conf.php @@ -99,4 +99,10 @@ $config['clients'] = [ 1291, 1300, + 1310, + 1311, + 1312, + 1316, + 1320, + 1321, ]; From 8c3b73ca9eb7419e2c36e67141e01f16241978ac Mon Sep 17 00:00:00 2001 From: slawkens Date: Sun, 3 Sep 2023 21:18:58 +0200 Subject: [PATCH 13/41] Add account logs to admin panel accounts editor --- admin/pages/accounts.php | 31 +++++++++++++++++++++++++++++ system/src/Models/AccountAction.php | 14 +++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 system/src/Models/AccountAction.php diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index 66a60558..f3022e9c 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -266,6 +266,9 @@ else if (isset($_REQUEST['search'])) {
  • Account
    • +
  • + Logs +
  • Characters
    • @@ -423,6 +426,34 @@ else if (isset($_REQUEST['search'])) { Cancel
    +
    +
    + + + + + + + + + + + getId())->orderByDesc('date')->get(); + foreach ($accountActions as $i => $log): + $log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6)); + ?> + + + + + + + + +
    #DateActionIP
    date); ?>action; ?>ip; ?>
    +
    +
    Date: Sun, 3 Sep 2023 21:33:41 +0200 Subject: [PATCH 14/41] Fix creatures datatable --- system/templates/creatures.html.twig | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/system/templates/creatures.html.twig b/system/templates/creatures.html.twig index 4c3f3c24..398fbc38 100644 --- a/system/templates/creatures.html.twig +++ b/system/templates/creatures.html.twig @@ -52,9 +52,8 @@ }); }); - {{ generateLink('?creatures', 'All', false)|raw }} - Bosses -
    - + {{ generateLink(getLink('creatures'), 'All', false)|raw }} - Bosses +
    @@ -83,7 +82,15 @@
    Name
    {% endif %} - + + + + {% else %} From f7cbe5170d4ce7c059c81e97e69a90901f59beee Mon Sep 17 00:00:00 2001 From: slawkens Date: Mon, 11 Sep 2023 16:16:38 +0200 Subject: [PATCH 15/41] set display quest default to false --- system/settings.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/settings.php b/system/settings.php index 4f0d7597..29149e1f 100644 --- a/system/settings.php +++ b/system/settings.php @@ -1127,7 +1127,7 @@ Sent by MyAAC,
    'name' => 'Display Quests', 'type' => 'boolean', 'desc' => 'Show characters quests. Can be configured below', - 'default' => true, + 'default' => false, ], 'quests' => [ 'name' => 'Quests List', From 673e40350ac2479f41adbf43debf0f443955d98d Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 12 Sep 2023 11:42:03 +0200 Subject: [PATCH 16/41] Small adjustment to menus install --- system/migrations/17.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/system/migrations/17.php b/system/migrations/17.php index 6ff83b84..8c7cf8a0 100644 --- a/system/migrations/17.php +++ b/system/migrations/17.php @@ -14,8 +14,9 @@ CREATE TABLE `myaac_menu` PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8; "); - - require_once LIBS . 'plugins.php'; - Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php'); - Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php'); } + +require_once LIBS . 'plugins.php'; +Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php'); +Plugins::installMenus('tibiacom', require TEMPLATES . 'tibiacom/menus.php'); + From 95b1460b1302e44d3cb5a4db10cc4082e5d83011 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 12 Sep 2023 12:08:09 +0200 Subject: [PATCH 17/41] Fix news delete message --- system/libs/news.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/system/libs/news.php b/system/libs/news.php index 352b2a1e..fb4afc5d 100644 --- a/system/libs/news.php +++ b/system/libs/news.php @@ -78,12 +78,14 @@ class News if(isset($id)) { $row = ModelsNews::find($id); - if($row) + if($row) { if (!$row->delete()) { $errors[] = 'Fail during delete News.'; } - else + } + else { $errors[] = 'News with id ' . $id . ' does not exists.'; + } } else $errors[] = 'News id not set.'; From 2d02d8d8b3f7bb3a02adb9884eaa3b6985dbd0fa Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 12 Sep 2023 12:09:39 +0200 Subject: [PATCH 18/41] Fix news delete message part 2 --- admin/pages/news.php | 5 +++-- system/libs/news.php | 6 +++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/admin/pages/news.php b/admin/pages/news.php index 66398b09..2c5102e6 100644 --- a/admin/pages/news.php +++ b/admin/pages/news.php @@ -56,8 +56,9 @@ if(!empty($action)) } } else if($action == 'delete') { - News::delete($id, $errors); - success("Deleted successful."); + if (News::delete($id, $errors)) { + success("Deleted successful."); + } } else if($action == 'edit') { diff --git a/system/libs/news.php b/system/libs/news.php index fb4afc5d..b42fefc6 100644 --- a/system/libs/news.php +++ b/system/libs/news.php @@ -75,8 +75,7 @@ class News static public function delete($id, &$errors) { - if(isset($id)) - { + if(isset($id)) { $row = ModelsNews::find($id); if($row) { if (!$row->delete()) { @@ -87,8 +86,9 @@ class News $errors[] = 'News with id ' . $id . ' does not exists.'; } } - else + else { $errors[] = 'News id not set.'; + } if(count($errors)) { return false; From 4c4089a155e3a9c054131afd3da8bfc33a7d0ac7 Mon Sep 17 00:00:00 2001 From: slawkens Date: Tue, 12 Sep 2023 12:11:49 +0200 Subject: [PATCH 19/41] Quotes & const --- admin/pages/news.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/admin/pages/news.php b/admin/pages/news.php index 2c5102e6..81153e4f 100644 --- a/admin/pages/news.php +++ b/admin/pages/news.php @@ -23,10 +23,10 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) { header('X-XSS-Protection:0'); // some constants, used mainly by database (cannot by modified without schema changes) -define('NEWS_TITLE_LIMIT', 100); -define('NEWS_BODY_LIMIT', 65535); // maximum news body length -define('ARTICLE_TEXT_LIMIT', 300); -define('ARTICLE_IMAGE_LIMIT', 100); +const NEWS_TITLE_LIMIT = 100; +const NEWS_BODY_LIMIT = 65535; // maximum news body length +const ARTICLE_TEXT_LIMIT = 300; +const ARTICLE_IMAGE_LIMIT = 100; $name = $p_title = ''; if(!empty($action)) @@ -52,12 +52,12 @@ if(!empty($action)) $p_title = $body = $comments = $article_text = $article_image = ''; $type = $category = $player_id = 0; - success("Added successful."); + success('Added successful.'); } } else if($action == 'delete') { if (News::delete($id, $errors)) { - success("Deleted successful."); + success('Deleted successful.'); } } else if($action == 'edit') @@ -83,7 +83,7 @@ if(!empty($action)) $action = $p_title = $body = $comments = $article_text = $article_image = ''; $type = $category = $player_id = 0; - success("Updated successful."); + success('Updated successful.'); } } } From f76615e59bceaad13672e3dcf4dd08e682359d14 Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 16 Sep 2023 05:54:41 +0200 Subject: [PATCH 20/41] Fix getGuildLogoById --- system/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/functions.php b/system/functions.php index 5ea941cf..bb8b018d 100644 --- a/system/functions.php +++ b/system/functions.php @@ -1606,7 +1606,7 @@ function getGuildLogoById($id) $guild = Guild::where('id', intval($id))->select('logo_name')->first(); if ($guild) { - $guildLogo = $query->logo_name; + $guildLogo = $guild->logo_name; if (!empty($guildLogo) && file_exists(GUILD_IMAGES_DIR . $guildLogo)) { $logo = $guildLogo; From 89c2e84bff7c7ffe83446e4f4ed9bf61be4826ca Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 16 Sep 2023 07:12:04 +0200 Subject: [PATCH 21/41] Fix alert class name --- system/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/functions.php b/system/functions.php index bb8b018d..37f241bc 100644 --- a/system/functions.php +++ b/system/functions.php @@ -1451,7 +1451,7 @@ function echo_success($message) function echo_error($message) { global $error; - echo '
    ' . $message . '
    '; + echo '
    ' . $message . '
    '; $error = true; } From 08339fe8b67e9ac89f26b74df1015eb85133a1ce Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 16 Sep 2023 10:19:22 +0200 Subject: [PATCH 22/41] Fix XSS in tibiacom template - subtopic --- templates/tibiacom/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/tibiacom/index.php b/templates/tibiacom/index.php index 95c73c33..06c58e50 100644 --- a/templates/tibiacom/index.php +++ b/templates/tibiacom/index.php @@ -28,7 +28,7 @@ if(isset($config['boxes'])) Date: Sat, 16 Sep 2023 10:19:54 +0200 Subject: [PATCH 23/41] Fix XSS in accounts editor --- admin/pages/accounts.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index f3022e9c..95490a1b 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -583,7 +583,7 @@ else if (isset($_REQUEST['search'])) {
    - +
    From e9f155fb49aa99838a710a0568923e87bc0718f3 Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 16 Sep 2023 10:20:34 +0200 Subject: [PATCH 24/41] Fix XSS in players editor --- admin/pages/players.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/pages/players.php b/admin/pages/players.php index b409c15e..153601b7 100644 --- a/admin/pages/players.php +++ b/admin/pages/players.php @@ -872,7 +872,7 @@ else if (isset($_REQUEST['search'])) {
    - +
    From 0ac0f4e7a8211937a231fe8f09b3fe07e95ece39 Mon Sep 17 00:00:00 2001 From: slawkens Date: Sat, 16 Sep 2023 10:22:10 +0200 Subject: [PATCH 25/41] Fixes --- admin/pages/accounts.php | 22 +++++++++--------- admin/pages/players.php | 48 ++++++++++++++++++++-------------------- 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/admin/pages/accounts.php b/admin/pages/accounts.php index 95490a1b..214b82f0 100644 --- a/admin/pages/accounts.php +++ b/admin/pages/accounts.php @@ -327,8 +327,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -338,8 +338,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -347,8 +347,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -403,8 +403,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -581,7 +581,7 @@ else if (isset($_REQUEST['search'])) {
    - +
    @@ -590,9 +590,9 @@ else if (isset($_REQUEST['search'])) {
    - +
    - +
    diff --git a/admin/pages/players.php b/admin/pages/players.php index 153601b7..eaa06494 100644 --- a/admin/pages/players.php +++ b/admin/pages/players.php @@ -390,8 +390,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -399,8 +399,8 @@ else if (isset($_REQUEST['search'])) { @@ -410,8 +410,8 @@ else if (isset($_REQUEST['search'])) {
    @@ -424,8 +424,8 @@ else if (isset($_REQUEST['search'])) { $configTowns[$player->getTownId()] = 'Unknown Town'; } - foreach ($configTowns as $id => $town): ?> - + foreach ($configTowns as $_id => $town): ?> +
    @@ -436,8 +436,8 @@ else if (isset($_REQUEST['search'])) { @@ -554,16 +554,16 @@ else if (isset($_REQUEST['search'])) {
    $info) { + foreach ($skills as $_id => $info) { ?>
    - ' . $info[0] . ' - '; ?> + ' . $info[0] . ' + '; ?>
    - ' . $info[0] . ' tries - '; ?> + ' . $info[0] . ' tries + '; ?>
    @@ -622,7 +622,7 @@ else if (isset($_REQUEST['search'])) { if ($outfitlist) { ?> $s_name) { - echo ''; + foreach ($addon_type as $_id => $s_name) { + echo ''; } ?> @@ -704,7 +704,7 @@ else if (isset($_REQUEST['search'])) {
    - + [max. length: 2000 chars, 50 lines (ENTERs)]
    @@ -841,7 +841,7 @@ else if (isset($_REQUEST['search'])) { const $addonvalue = $('#look_addons'); - $('#look_addons').on('change', () => { + $addonvalue.on('change', () => { updateOutfit(); }); @@ -870,7 +870,7 @@ else if (isset($_REQUEST['search'])) {
    - +
    @@ -879,9 +879,9 @@ else if (isset($_REQUEST['search'])) {
    - +
    - +
    @@ -892,7 +892,7 @@ else if (isset($_REQUEST['search'])) {
    -orderBy('group_id', POT::ORDER_DESC); $twig->display('admin.changelog.form.html.twig', array( 'action' => $action, - 'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'), + 'cl_link_form' => constant('ADMIN_URL').'?p=changelog', 'cl_id' => $id ?? null, 'body' => isset($body) ? escapeHtml($body) : '', 'create_date' => $create_date ?? '', @@ -128,15 +129,3 @@ if($action == 'edit' || $action == 'new') { $twig->display('admin.changelog.html.twig', array( 'changelogs' => $changelogs, )); - -?> - diff --git a/admin/pages/dashboard.php b/admin/pages/dashboard.php index e24b98ad..73430456 100644 --- a/admin/pages/dashboard.php +++ b/admin/pages/dashboard.php @@ -10,7 +10,9 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Dashboard'; -if (isset($_GET['clear_cache'])) { +csrfProtect(); + +if (isset($_POST['clear_cache'])) { if (clearCache()) { success('Cache cleared.'); } else { @@ -18,7 +20,7 @@ if (isset($_GET['clear_cache'])) { } } -if (isset($_GET['maintenance'])) { +if (isset($_POST['maintenance'])) { $message = (!empty($_POST['message']) ? $_POST['message'] : null); $_status = (isset($_POST['status']) && $_POST['status'] == 'true'); $_status = ($_status ? '0' : '1'); diff --git a/admin/pages/login.php b/admin/pages/login.php index 8bb25f36..eb6466d3 100644 --- a/admin/pages/login.php +++ b/admin/pages/login.php @@ -10,6 +10,8 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Login'; +csrfProtect(); + require PAGES . 'account/login.php'; if ($logged) { header('Location: ' . (admin() ? ADMIN_URL : BASE_URL)); diff --git a/admin/pages/mailer.php b/admin/pages/mailer.php index 732b7461..d9cf8888 100644 --- a/admin/pages/mailer.php +++ b/admin/pages/mailer.php @@ -10,6 +10,8 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Mailer'; +csrfProtect(); + if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) { echo 'Access denied.'; return; @@ -20,7 +22,7 @@ if (!setting('core.mail_enabled')) { return; } -$mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null; +$mail_to = isset($_POST['mail_to']) ? stripslashes(trim($_POST['mail_to'])) : null; $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null; $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null; diff --git a/admin/pages/mass_account.php b/admin/pages/mass_account.php index 63bec54c..549310a5 100644 --- a/admin/pages/mass_account.php +++ b/admin/pages/mass_account.php @@ -16,6 +16,8 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Mass Account Actions'; +csrfProtect(); + $hasCoinsColumn = $db->hasColumn('accounts', 'coins'); $hasPointsColumn = $db->hasColumn('accounts', 'premium_points'); $freePremium = $config['lua']['freePremium']; diff --git a/admin/pages/mass_teleport.php b/admin/pages/mass_teleport.php index 5027fa1c..f2a7ee27 100644 --- a/admin/pages/mass_teleport.php +++ b/admin/pages/mass_teleport.php @@ -16,6 +16,8 @@ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Mass Teleport Actions'; +csrfProtect(); + function admin_teleport_position($x, $y, $z) { if (!Player::query()->update([ 'posx' => $x, 'posy' => $y, 'posz' => $z diff --git a/admin/pages/menus.php b/admin/pages/menus.php index a0b492df..4a908eb5 100644 --- a/admin/pages/menus.php +++ b/admin/pages/menus.php @@ -13,19 +13,21 @@ use MyAAC\Models\Menu; defined('MYAAC') or die('Direct access not allowed!'); $title = 'Menus'; +csrfProtect(); + if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) { echo 'Access denied.'; return; } -if (isset($_REQUEST['template'])) { - $template = $_REQUEST['template']; +if (isset($_POST['template'])) { + $template = $_POST['template']; - if (isset($_REQUEST['menu'])) { - $post_menu = $_REQUEST['menu']; - $post_menu_link = $_REQUEST['menu_link']; - $post_menu_blank = $_REQUEST['menu_blank']; - $post_menu_color = $_REQUEST['menu_color']; + if (isset($_POST['menu'])) { + $post_menu = $_POST['menu']; + $post_menu_link = $_POST['menu_link']; + $post_menu_blank = $_POST['menu_blank']; + $post_menu_color = $_POST['menu_color']; if (count($post_menu) != count($post_menu_link)) { echo 'Menu count is not equal menu links. Something went wrong when sending form.'; return; @@ -69,9 +71,10 @@ if (isset($_REQUEST['template'])) { return; } - if (isset($_REQUEST['reset_colors'])) { + if (isset($_GET['reset_colors'])) { if (isset($config['menu_default_color'])) { Menu::where('template', $template)->update(['color' => str_replace('#', '', $config['menu_default_color'])]); + success('Colors has been reset.'); } else { warning('There is no default color defined, cannot reset colors.'); @@ -93,6 +96,7 @@ if (isset($_REQUEST['template'])) {

    + @@ -112,6 +116,7 @@ if (isset($_REQUEST['template'])) { $last_id = array(); ?> +

    diff --git a/admin/pages/modules/templates/web_status.twig b/admin/pages/modules/templates/web_status.twig index 2b0ec1e8..5b111a47 100644 --- a/admin/pages/modules/templates/web_status.twig +++ b/admin/pages/modules/templates/web_status.twig @@ -1,28 +1,32 @@
    - -
    - Website Status -
    - - -
    -     +
    + Website Status +
    + + +
    +     +
    +
    +
    + + + (only visible if closed)
    -
    -
    - - - (only visible if closed) -
    -
    -
    +
    +
    + + {{ csrf() }} + - - Clear cache - -
    - + +
    + {{ csrf() }} + + + +
    diff --git a/admin/pages/news.php b/admin/pages/news.php index 81153e4f..a7c739c5 100644 --- a/admin/pages/news.php +++ b/admin/pages/news.php @@ -9,12 +9,15 @@ */ defined('MYAAC') or die('Direct access not allowed!'); +$title = 'News Panel'; + +csrfProtect(); + +$use_datatable = true; + require_once LIBS . 'forum.php'; require_once LIBS . 'news.php'; -$title = 'News Panel'; -$use_datatable = true; - if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) { echo 'Access denied.'; return; @@ -31,17 +34,17 @@ const ARTICLE_IMAGE_LIMIT = 100; $name = $p_title = ''; if(!empty($action)) { - $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null; - $p_title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null; - $body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null; - $comments = isset($_REQUEST['comments']) ? $_REQUEST['comments'] : null; - $type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null; - $category = isset($_REQUEST['category']) ? (int)$_REQUEST['category'] : null; - $player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null; - $article_text = isset($_REQUEST['article_text']) ? $_REQUEST['article_text'] : null; - $article_image = isset($_REQUEST['article_image']) ? $_REQUEST['article_image'] : null; - $forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null; - $errors = array(); + $id = $_POST['id'] ?? null; + $p_title = $_POST['title'] ?? null; + $body = isset($_POST['body']) ? stripslashes($_POST['body']) : null; + $comments = $_POST['comments'] ?? null; + $type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : 1; + $category = isset($_POST['category']) ? (int)$_POST['category'] : null; + $player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : null; + $article_text = $_POST['article_text'] ?? null; + $article_image = $_POST['article_image'] ?? null; + $forum_section = $_POST['forum_section'] ?? null; + $errors = []; if($action == 'new') { if(isset($forum_section) && $forum_section != '-1') { @@ -88,8 +91,9 @@ if(!empty($action)) } } else if($action == 'hide') { - News::toggleHidden($id, $errors, $status); - success(($status == 1 ? 'Show' : 'Hide') . " successful."); + if (News::toggleHidden($id, $errors, $status)) { + success(($status == 1 ? 'Hide' : 'Show') . ' successful.'); + } } if(!empty($errors)) @@ -115,12 +119,10 @@ if($action == 'edit' || $action == 'new') { $account_players->orderBy('group_id', POT::ORDER_DESC); $twig->display('admin.news.form.html.twig', array( 'action' => $action, - 'news_link' => getLink(PAGE), - 'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'), 'news_id' => $id ?? null, 'title' => $p_title ?? '', 'body' => isset($body) ? escapeHtml($body) : '', - 'type' => $type ?? null, + 'type' => $type, 'player' => isset($player) && $player->isLoaded() ? $player : null, 'player_id' => $player_id ?? null, 'account_players' => $account_players, diff --git a/admin/pages/notepad.php b/admin/pages/notepad.php index c18d837e..d6c6358b 100644 --- a/admin/pages/notepad.php +++ b/admin/pages/notepad.php @@ -13,6 +13,8 @@ use MyAAC\Models\Notepad as ModelsNotepad; defined('MYAAC') or die('Direct access not allowed!'); $title = 'Notepad'; +csrfProtect(); + /** * @var $account_logged OTS_Account */ diff --git a/admin/pages/pages.php b/admin/pages/pages.php index 6be569f3..0a4f4ade 100644 --- a/admin/pages/pages.php +++ b/admin/pages/pages.php @@ -9,11 +9,14 @@ */ use MyAAC\Models\Pages as ModelsPages; +use MyAAC\Admin\Pages; defined('MYAAC') or die('Direct access not allowed!'); $title = 'Pages'; $use_datatable = true; +csrfProtect(); + if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) { echo 'Access denied.'; return; @@ -29,31 +32,36 @@ $enable_tinymce = true; $access = 0; // some constants, used mainly by database (cannot by modified without schema changes) -define('PAGE_TITLE_LIMIT', 30); -define('PAGE_NAME_LIMIT', 30); -define('PAGE_BODY_LIMIT', 65535); // maximum page body length +const PAGE_TITLE_LIMIT = 30; +const PAGE_NAME_LIMIT = 30; +const PAGE_BODY_LIMIT = 65535; // maximum page body length if (!empty($action)) { - if ($action == 'delete' || $action == 'edit' || $action == 'hide') - $id = $_REQUEST['id']; - - if (isset($_REQUEST['name'])) - $name = $_REQUEST['name']; - - if (isset($_REQUEST['title'])) - $p_title = $_REQUEST['title']; - - $php = isset($_REQUEST['php']) && $_REQUEST['php'] == 1; - $enable_tinymce = isset($_REQUEST['enable_tinymce']) && $_REQUEST['enable_tinymce'] == 1; - if ($php) - $body = $_REQUEST['body']; - else if (isset($_REQUEST['body'])) { - //$body = $_REQUEST['body']; - $body = html_entity_decode(stripslashes($_REQUEST['body'])); + if ($action == 'delete' || $action == 'edit' || $action == 'hide') { + $id = $_POST['id']; } - if (isset($_REQUEST['access'])) - $access = $_REQUEST['access']; + if (isset($_POST['name'])) { + $name = $_POST['name']; + } + + if (isset($_POST['title'])) { + $p_title = $_POST['title']; + } + + $php = isset($_POST['php']) && $_POST['php'] == 1; + $enable_tinymce = isset($_POST['enable_tinymce']) && $_POST['enable_tinymce'] == 1; + if ($php) { + $body = $_POST['body']; + } + else if (isset($_POST['body'])) { + //$body = $_POST['body']; + $body = html_entity_decode(stripslashes($_POST['body'])); + } + + if (isset($_POST['access'])) { + $access = $_POST['access']; + } $errors = array(); $player_id = 1; @@ -70,7 +78,7 @@ if (!empty($action)) { if (Pages::delete($id, $errors)) success('Page with id ' . $id . ' has been deleted'); } else if ($action == 'edit') { - if (isset($id) && !isset($_REQUEST['name'])) { + if (isset($id) && !isset($_POST['name'])) { $_page = Pages::get($id); $name = $_page['name']; $p_title = $_page['title']; @@ -89,8 +97,9 @@ if (!empty($action)) { } } } else if ($action == 'hide') { - Pages::toggleHidden($id, $errors, $status); - success(($status == 1 ? 'Show' : 'Hide') . ' successful.'); + if (Pages::toggleHidden($id, $errors, $status)) { + success(($status == 0 ? 'Show' : 'Hide') . ' successful.'); + } } if (!empty($errors)) @@ -107,7 +116,7 @@ $pages = ModelsPages::all()->map(function ($e) { ]; })->toArray(); -$twig->display('admin.pages.form.html.twig', array( +$twig->display('admin.pages.form.html.twig', [ 'action' => $action, 'id' => $action == 'edit' ? $id : null, 'name' => $name, @@ -117,136 +126,8 @@ $twig->display('admin.pages.form.html.twig', array( 'body' => isset($body) ? escapeHtml($body) : '', 'groups' => $groups->getGroups(), 'access' => $access -)); +]); -$twig->display('admin.pages.html.twig', array( +$twig->display('admin.pages.html.twig', [ 'pages' => $pages -)); - -class Pages -{ - static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) - { - if(!isset($title[0]) || !isset($body[0])) { - $errors[] = 'Please fill all inputs.'; - return false; - } - if(strlen($name) > PAGE_NAME_LIMIT) { - $errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.'; - return false; - } - if(strlen($title) > PAGE_TITLE_LIMIT) { - $errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.'; - return false; - } - if(strlen($body) > PAGE_BODY_LIMIT) { - $errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.'; - return false; - } - if(!isset($player_id) || $player_id == 0) { - $errors[] = 'Player ID is wrong.'; - return false; - } - if(!isset($php) || ($php != 0 && $php != 1)) { - $errors[] = 'Enable PHP is wrong.'; - return false; - } - if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) { - $errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable Enable PHP Pages.'; - return false; - } - if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) { - $errors[] = 'Enable TinyMCE is wrong.'; - return false; - } - if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) { - $errors[] = 'Access is wrong.'; - return false; - } - - return true; - } - - static public function get($id) - { - $row = ModelsPages::find($id); - if ($row) { - return $row->toArray(); - } - - return false; - } - - static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) - { - if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { - return false; - } - - if (!ModelsPages::where('name', $name)->exists()) - ModelsPages::create([ - 'name' => $name, - 'title' => $title, - 'body' => $body, - 'player_id' => $player_id, - 'php' => $php ? '1' : '0', - 'enable_tinymce' => $enable_tinymce ? '1' : '0', - 'access' => $access - ]); - else - $errors[] = 'Page with this link already exists.'; - - return !count($errors); - } - - static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) - { - if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { - return false; - } - - ModelsPages::where('id', $id)->update([ - 'name' => $name, - 'title' => $title, - 'body' => $body, - 'player_id' => $player_id, - 'php' => $php ? '1' : '0', - 'enable_tinymce' => $enable_tinymce ? '1' : '0', - 'access' => $access - ]); - return true; - } - - static public function delete($id, &$errors) - { - if (isset($id)) { - $row = ModelsPages::find($id); - if ($row) { - $row->delete(); - } - else - $errors[] = 'Page with id ' . $id . ' does not exists.'; - } else - $errors[] = 'id not set'; - - return !count($errors); - } - - static public function toggleHidden($id, &$errors, &$status) - { - if (isset($id)) { - $row = ModelsPages::find($id); - if ($row) { - $row->hidden = $row->hidden == 1 ? 0 : 1; - $row->save(); - $status = $row->hidden; - } - else { - $errors[] = 'Page with id ' . $id . ' does not exists.'; - } - } else - $errors[] = 'id not set'; - - return !count($errors); - } -} +]); diff --git a/admin/pages/players.php b/admin/pages/players.php index eaa06494..ff0e32c8 100644 --- a/admin/pages/players.php +++ b/admin/pages/players.php @@ -13,6 +13,9 @@ use MyAAC\Models\Player; defined('MYAAC') or die('Direct access not allowed!'); $title = 'Player editor'; + +csrfProtect(); + $player_base = ADMIN_URL . '?p=players'; $use_datatable = true; @@ -75,7 +78,7 @@ else if (isset($_REQUEST['search'])) { $player = new OTS_Player(); $player->load($id); - if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save + if ($player->isLoaded() && isset($_POST['save'])) {// we want to save $error = false; if ($player->isOnline()) @@ -373,6 +376,7 @@ else if (isset($_REQUEST['search'])) {
    +
    @@ -870,6 +874,7 @@ else if (isset($_REQUEST['search'])) {
    +
    @@ -879,6 +884,7 @@ else if (isset($_REQUEST['search'])) {
    +
    diff --git a/admin/pages/plugins.php b/admin/pages/plugins.php index be9df2b0..6eb0862e 100644 --- a/admin/pages/plugins.php +++ b/admin/pages/plugins.php @@ -9,6 +9,9 @@ */ defined('MYAAC') or die('Direct access not allowed!'); $title = 'Plugin manager'; + +csrfProtect(); + $use_datatable = true; require_once LIBS . 'plugins.php'; @@ -19,23 +22,23 @@ if (!getBoolean(setting('core.admin_plugins_manage_enable'))) { else { $twig->display('admin.plugins.form.html.twig'); - if (isset($_REQUEST['uninstall'])) { - $uninstall = $_REQUEST['uninstall']; + if (isset($_POST['uninstall'])) { + $uninstall = $_POST['uninstall']; if (Plugins::uninstall($uninstall)) { success('Successfully uninstalled plugin ' . $uninstall); } else { error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError()); } - } else if (isset($_REQUEST['enable'])) { - $enable = $_REQUEST['enable']; + } else if (isset($_POST['enable'])) { + $enable = $_POST['enable']; if (Plugins::enable($enable)) { success('Successfully enabled plugin ' . $enable); } else { error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError()); } - } else if (isset($_REQUEST['disable'])) { - $disable = $_REQUEST['disable']; + } else if (isset($_POST['disable'])) { + $disable = $_POST['disable']; if (Plugins::disable($disable)) { success('Successfully disabled plugin ' . $disable); } else { @@ -116,7 +119,7 @@ foreach (get_plugins(true) as $plugin) { if (!$plugin_info) { warning('Cannot load plugin info ' . $plugin . '.json'); } else { - $disabled = (strpos($plugin, 'disabled.') !== false); + $disabled = (str_contains($plugin, 'disabled.')); $pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin); $plugins[] = array( 'name' => $plugin_info['name'] ?? '', diff --git a/admin/tools/settings_save.php b/admin/tools/settings_save.php index 2fdd5fc4..500c83bb 100644 --- a/admin/tools/settings_save.php +++ b/admin/tools/settings_save.php @@ -16,6 +16,8 @@ if(!admin()) { die('Access denied.'); } +csrfProtect(); + if (!isset($_REQUEST['plugin'])) { http_response_code(500); die('Please enter plugin name.'); diff --git a/common.php b/common.php index 8684cc4b..229a8c08 100644 --- a/common.php +++ b/common.php @@ -108,6 +108,13 @@ const TFS_FIRST = TFS_02; const TFS_LAST = TFS_03; // other definitions +const MAIL_MAIL = 0; +const MAIL_SMTP = 1; + +const SMTP_SECURITY_NONE = 0; +const SMTP_SECURITY_SSL = 1; +const SMTP_SECURITY_TLS = 2; + const ACCOUNT_NUMBER_LENGTH = 8; if (!IS_CLI) { diff --git a/system/functions.php b/system/functions.php index b4e21bb6..13faf3d6 100644 --- a/system/functions.php +++ b/system/functions.php @@ -9,6 +9,7 @@ */ defined('MYAAC') or die('Direct access not allowed!'); +use MyAAC\CsrfToken; use MyAAC\Models\Config; use MyAAC\Models\Guild; use MyAAC\Models\House; @@ -43,7 +44,10 @@ function warning($message, $return = false) { return message($message, 'warning', $return); } function note($message, $return = false) { - return message($message, 'note', $return); + return info($message, $return); +} +function info($message, $return = false) { + return message($message, 'info', $return); } function error($message, $return = false) { return message($message, ((defined('MYAAC_INSTALL') || defined('MYAAC_ADMIN')) ? 'danger' : 'error'), $return); @@ -855,9 +859,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true) else $tmp_body = $body . '

    ' . $signature_html; - define('MAIL_MAIL', 0); - define('MAIL_SMTP', 1); - $mailOption = setting('core.mail_option'); if($mailOption == MAIL_SMTP) { @@ -868,10 +869,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true) $mailer->Username = setting('core.smtp_user'); $mailer->Password = setting('core.smtp_pass'); - define('SMTP_SECURITY_NONE', 0); - define('SMTP_SECURITY_SSL', 1); - define('SMTP_SECURITY_TLS', 2); - $security = setting('core.smtp_security'); $tmp = ''; @@ -1045,6 +1042,28 @@ function unsetSession($key) { unset($_SESSION[setting('core.session_prefix') . $key]); } +function csrf(): void { + CsrfToken::create(); +} + +function csrfToken(): string { + return CsrfToken::get(); +} + +function isValidToken(): bool { + $token = $_POST['csrf_token'] ?? $_SERVER['HTTP_X_CSRF_TOKEN'] ?? null; + return ($_SERVER['REQUEST_METHOD'] !== 'POST' || (isset($token) && CsrfToken::isValid($token))); +} + +function csrfProtect(): void +{ + if (!isValidToken()) { + $lastUri = BASE_URL . str_replace_first('/', '', getSession('last_uri')); + echo 'Request has been cancelled due to security reasons - token is invalid. Go back'; + exit(); + } +} + function getTopPlayers($limit = 5) { global $db; diff --git a/system/init.php b/system/init.php index 3d8ded42..672e583e 100644 --- a/system/init.php +++ b/system/init.php @@ -7,6 +7,9 @@ * @copyright 2019 MyAAC * @link https://my-aac.org */ + +use MyAAC\CsrfToken; + defined('MYAAC') or die('Direct access not allowed!'); if(!isset($config['installed']) || !$config['installed']) { @@ -137,6 +140,12 @@ require_once LIBS . 'Settings.php'; $settings = Settings::getInstance(); $settings->load(); +// csrf protection +$token = getSession('csrf_token'); +if (!isset($token) || !$token) { + CsrfToken::generate(); +} + // deprecated config values require_once SYSTEM . 'compat/config.php'; diff --git a/system/libs/changelog.php b/system/libs/changelog.php index e612aa5b..f6d2011b 100644 --- a/system/libs/changelog.php +++ b/system/libs/changelog.php @@ -95,6 +95,7 @@ class Changelog if (!$row->save()) { $errors[] = 'Fail during toggle hidden Changelog.'; } + $status = $row->hidden; } else { $errors[] = 'Changelog with id ' . $id . ' does not exists.'; } diff --git a/system/logout.php b/system/logout.php index af443aa3..4f653ecb 100644 --- a/system/logout.php +++ b/system/logout.php @@ -7,6 +7,9 @@ * @copyright 2019 MyAAC * @link https://my-aac.org */ + +use MyAAC\CsrfToken; + defined('MYAAC') or die('Direct access not allowed!'); if(isset($account_logged) && $account_logged->isLoaded()) { @@ -15,6 +18,8 @@ if(isset($account_logged) && $account_logged->isLoaded()) { unsetSession('password'); unsetSession('remember_me'); + CsrfToken::generate(); + $logged = false; unset($account_logged); diff --git a/system/pages/account/change_email.php b/system/pages/account/change_email.php index 4168131c..90f5b54d 100644 --- a/system/pages/account/change_email.php +++ b/system/pages/account/change_email.php @@ -92,18 +92,22 @@ else
    @@ -125,6 +129,7 @@ else
      - + + ' . csrf() . ' +
    + ' . csrf() . ' ' . $twig->render('buttons.cancel.html.twig') . '
    + ' . csrf() . ' ' . $twig->render('buttons.back.html.twig') . '
    		+ ' . csrf() . '
    @@ -137,6 +142,7 @@ else + ' . csrf() . '
    ' . $twig->render('buttons.back.html.twig') . ' diff --git a/system/pages/faq.php b/system/pages/faq.php index f99a9fa8..1c7f5a29 100644 --- a/system/pages/faq.php +++ b/system/pages/faq.php @@ -153,7 +153,9 @@ class FAQ $row = ModelsFAQ::find($id); if ($row) { $row->hidden = ($row->hidden == 1 ? 0 : 1); - $row->save(); + if (!$row->save()) { + $errors[] = 'Fail during toggle hidden FAQ.'; + } } else { $errors[] = 'FAQ with id ' . $id . ' does not exists.'; } diff --git a/system/pages/news.php b/system/pages/news.php index 5f30454f..521017c9 100644 --- a/system/pages/news.php +++ b/system/pages/news.php @@ -13,6 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!'); require_once LIBS . 'forum.php'; require_once LIBS . 'news.php'; +$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin(); if(isset($_GET['archive'])) { $title = 'News Archive'; @@ -57,9 +58,14 @@ if(isset($_GET['archive'])) } } + $admin_options = ''; + if($canEdit) { + $admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]); + } + $twig->display('news.html.twig', array( 'title' => stripslashes($news['title']), - 'content' => $content_, + 'content' => $content_ . $admin_options, 'date' => $news['date'], 'icon' => $categories[$news['category']]['icon_id'], 'author' => setting('core.news_author') ? $author : '', @@ -81,7 +87,7 @@ if(isset($_GET['archive'])) foreach($news_DB as $news) { $newses[] = array( - 'link' => getLink('news') . '/archive/' . $news['id'], + 'link' => getLink('news') . '/' . $news['id'], 'icon_id' => $categories[$news['category']]['icon_id'], 'title' => stripslashes($news['title']), 'date' => $news['date'] @@ -99,7 +105,6 @@ header('X-XSS-Protection: 0'); $title = 'Latest News'; $cache = Cache::getInstance(); -$canEdit = hasFlag(FLAG_CONTENT_NEWS) || superAdmin(); $news_cached = false; if($cache->enabled()) @@ -180,18 +185,8 @@ if(!$news_cached) } $admin_options = ''; - if($canEdit) - { - $admin_options = '

    - Edit - - - Delete - - - - ' . ($news['hidden'] != 1 ? 'Hide' : 'Show') . ' - '; + if($canEdit) { + $admin_options = $twig->render('admin.links.html.twig', ['page' => 'news', 'id' => $news['id'], 'hidden' => $news['hidden']]); } $content_ = $news['body']; diff --git a/system/router.php b/system/router.php index d45889f9..ca5454ff 100644 --- a/system/router.php +++ b/system/router.php @@ -220,9 +220,8 @@ else { $content .= $tmp_content; if (hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) { $pageInfo = getCustomPageInfo($pageName); - $content = $twig->render('admin.pages.links.html.twig', array( - 'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0') - )) . $content; + $content = $twig->render('admin.links.html.twig', ['page' => 'pages', 'id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0'] + ) . $content; } $page = $pageName; diff --git a/system/routes.php b/system/routes.php index 53c121a5..3bb2a0df 100644 --- a/system/routes.php +++ b/system/routes.php @@ -12,6 +12,7 @@ defined('MYAAC') or die('Direct access not allowed!'); return [ ['GET', '', 'news.php'], // empty URL = show news ['GET', 'news/archive/{id:int}[/]', 'news/archive.php'], + ['GET', 'news/{id:int}[/]', 'news/archive.php'], // block access to some files ['*', 'account/base[/]', '404.php'], // this is to block account/base.php diff --git a/system/settings.php b/system/settings.php index 29149e1f..d95e16d7 100644 --- a/system/settings.php +++ b/system/settings.php @@ -65,6 +65,12 @@ return [ 'default' => false, 'is_config' => true, ], + 'csrf_protection' => [ + 'name' => 'CSRF protection', + 'type' => 'boolean', + 'desc' => 'Its recommended to keep it enabled. Disable only if you know what you are doing.', + 'default' => true, + ], 'google_analytics_id' => [ 'name' => 'Google Analytics ID', 'type' => 'text', diff --git a/system/src/Admin/Pages.php b/system/src/Admin/Pages.php new file mode 100644 index 00000000..24efec00 --- /dev/null +++ b/system/src/Admin/Pages.php @@ -0,0 +1,134 @@ + PAGE_NAME_LIMIT) { + $errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.'; + return false; + } + if(strlen($title) > PAGE_TITLE_LIMIT) { + $errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.'; + return false; + } + if(strlen($body) > PAGE_BODY_LIMIT) { + $errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.'; + return false; + } + if(!isset($player_id) || $player_id == 0) { + $errors[] = 'Player ID is wrong.'; + return false; + } + if(!isset($php) || ($php != 0 && $php != 1)) { + $errors[] = 'Enable PHP is wrong.'; + return false; + } + if ($php == 1 && !getBoolean(setting('core.admin_pages_php_enable'))) { + $errors[] = 'PHP pages disabled on this server. To enable go to Settings in Admin Panel and enable Enable PHP Pages.'; + return false; + } + if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) { + $errors[] = 'Enable TinyMCE is wrong.'; + return false; + } + if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) { + $errors[] = 'Access is wrong.'; + return false; + } + + return true; + } + + static public function get($id) + { + $row = ModelsPages::find($id); + if ($row) { + return $row->toArray(); + } + + return false; + } + + static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) + { + if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { + return false; + } + + if (!ModelsPages::where('name', $name)->exists()) + ModelsPages::create([ + 'name' => $name, + 'title' => $title, + 'body' => $body, + 'player_id' => $player_id, + 'php' => $php ? '1' : '0', + 'enable_tinymce' => $enable_tinymce ? '1' : '0', + 'access' => $access + ]); + else + $errors[] = 'Page with this link already exists.'; + + return !count($errors); + } + + static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors) + { + if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) { + return false; + } + + ModelsPages::where('id', $id)->update([ + 'name' => $name, + 'title' => $title, + 'body' => $body, + 'player_id' => $player_id, + 'php' => $php ? '1' : '0', + 'enable_tinymce' => $enable_tinymce ? '1' : '0', + 'access' => $access + ]); + return true; + } + + static public function delete($id, &$errors) + { + if (isset($id)) { + $row = ModelsPages::find($id); + if ($row) { + $row->delete(); + } + else + $errors[] = 'Page with id ' . $id . ' does not exists.'; + } else + $errors[] = 'id not set'; + + return !count($errors); + } + + static public function toggleHidden($id, &$errors, &$status) + { + if (isset($id)) { + $row = ModelsPages::find($id); + if ($row) { + $row->hidden = $row->hidden == 1 ? 0 : 1; + if (!$row->save()) { + $errors[] = 'Fail during toggle hidden Page.'; + } + $status = $row->hidden; + } + else { + $errors[] = 'Page with id ' . $id . ' does not exists.'; + } + } else + $errors[] = 'id not set'; + + return !count($errors); + } +} diff --git a/system/src/CsrfToken.php b/system/src/CsrfToken.php new file mode 100644 index 00000000..4a92baf2 --- /dev/null +++ b/system/src/CsrfToken.php @@ -0,0 +1,95 @@ + + * @copyright 2023 MyAAC + * @link https://my-aac.org + */ + +namespace MyAAC; + +class CsrfToken +{ + public static function generate(): void + { + $token = sha1(uniqid(time(), true)); + + setSession('csrf_token', $token); + } + + /** + * Displays a random token to prevent CSRF attacks. + * + * @access public + * @static true + * @return void + **/ + public static function create(): void { + echo ''; + } + + /** + * Returns the active token, if there is one. + * + * @access public + * @static true + * @return mixed + **/ + public static function get(): mixed + { + $token = getSession('csrf_token'); + return $token ?? false; + } + + /** + * Validates whether the active token is valid or not. + * + * @param string $post + * @access public + * @static true + * @return boolean + **/ + public static function isValid($post): bool + { + if (!setting('core.csrf_protection')) { + return true; + } + + // Token doesn't exist yet, return false. + if (!self::get()) { + return false; + } + + return ($post == getSession('csrf_token')); + } + + /** + * Destroys the active token. + * + * @access protected + * @static true + * @return void + **/ + protected static function reset(): void { + unsetSession('csrf_token'); + } + + /** + * Displays information on both the post token and the session token. + * + * @param string $post + * @access public + * @static true + * @return void + **/ + public static function debug($post): void + { + echo '
    ', var_export([
+			'post' => $post,
+			'token' => self::get()
+		], true), '
    '; + } +} diff --git a/system/templates/account.back_button.html.twig b/system/templates/account.back_button.html.twig index e4ed6884..e2d784ca 100644 --- a/system/templates/account.back_button.html.twig +++ b/system/templates/account.back_button.html.twig @@ -2,5 +2,6 @@
    {% endif %} + {{ csrf() }} {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_comment.html.twig b/system/templates/account.change_comment.html.twig index c69e3f6b..6c133d2b 100644 --- a/system/templates/account.change_comment.html.twig +++ b/system/templates/account.change_comment.html.twig @@ -1,6 +1,7 @@ Here you can see and edit the information about your character.
    If you do not want to specify a certain field, just leave it blank.

    + {{ csrf() }}
    @@ -99,6 +100,7 @@ If you do not want to specify a certain field, just leave it blank.

    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_info.html.twig b/system/templates/account.change_info.html.twig index fb503e8e..067eabc5 100644 --- a/system/templates/account.change_info.html.twig +++ b/system/templates/account.change_info.html.twig @@ -1,5 +1,6 @@ Here you can tell other players about yourself. This information will be displayed alongside the data of your characters. If you do not want to fill in a certain field, just leave it blank.

    - + + {{ csrf() }}
    @@ -88,6 +89,7 @@ Here you can tell other players about yourself. This information will be display
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_mail.html.twig b/system/templates/account.change_mail.html.twig index 35d64854..f093fbff 100644 --- a/system/templates/account.change_mail.html.twig +++ b/system/templates/account.change_mail.html.twig @@ -1,5 +1,6 @@ Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to.
    For security reasons, the actual change will be finalised after a waiting period of {{ setting('core.account_mail_change') }} days.

    + {{ csrf() }}
    @@ -58,6 +59,7 @@ Please enter your password and the new email address. Make sure that you enter a
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_name.html.twig b/system/templates/account.change_name.html.twig index 76c038d4..2f38bb60 100644 --- a/system/templates/account.change_name.html.twig +++ b/system/templates/account.change_name.html.twig @@ -1,6 +1,7 @@ To change a name of character select player and choose a new name.
    Change name cost {{ setting('core.account_change_character_name_price') }} premium points. You have {{ points }} premium points.

    + {{ csrf() }}
    @@ -64,6 +65,7 @@ To change a name of character select player and choose a new name.
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_password.html.twig b/system/templates/account.change_password.html.twig index bb0d7823..89ccf592 100644 --- a/system/templates/account.change_password.html.twig +++ b/system/templates/account.change_password.html.twig @@ -1,6 +1,7 @@ Please enter your current password and a new password. For your security, please enter the new password twice.

    + {{ csrf() }}
    @@ -66,6 +67,7 @@ Please enter your current password and a new password. For your security, please
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.change_sex.html.twig b/system/templates/account.change_sex.html.twig index 24141f61..7e7fff32 100644 --- a/system/templates/account.change_sex.html.twig +++ b/system/templates/account.change_sex.html.twig @@ -1,6 +1,7 @@ To change a sex of character select player and choose a new sex.
    Change sex cost {{ setting('core.account_change_character_sex_price') }} premium points. You have {{ points }} premium points.

    + {{ csrf() }}
    @@ -64,6 +65,7 @@ To change a sex of character select player and choose a new sex.
    + {{ csrf() }} @@ -53,3 +67,15 @@
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig index 4563154b..7611a0c2 100644 --- a/system/templates/account.create.html.twig +++ b/system/templates/account.create.html.twig @@ -1,5 +1,6 @@ {{ hook('HOOK_ACCOUNT_CREATE_BEFORE_FORM') }} + {{ csrf() }}
    diff --git a/system/templates/account.create_character.html.twig b/system/templates/account.create_character.html.twig index c116cec2..a860a8b1 100644 --- a/system/templates/account.create_character.html.twig +++ b/system/templates/account.create_character.html.twig @@ -7,6 +7,7 @@ In any case the name must not violate the naming conventions stated in the
    + {{ csrf() }}
    @@ -135,6 +136,7 @@ In any case the name must not violate the naming conventions stated in the
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.delete_character.html.twig b/system/templates/account.delete_character.html.twig index 4a481f3a..c5953cc7 100644 --- a/system/templates/account.delete_character.html.twig +++ b/system/templates/account.delete_character.html.twig @@ -1,5 +1,6 @@ To delete a character enter the name of the character and your password.

    + {{ csrf() }}
    @@ -54,6 +55,7 @@ To delete a character enter the name of the character and your password.

    + {{ csrf() }} -
    {{ include('buttons.back.html.twig') }} @@ -63,4 +65,4 @@ To delete a character enter the name of the character and your password.
    \ No newline at end of file +
    diff --git a/system/templates/account.generate_new_recovery_key.html.twig b/system/templates/account.generate_new_recovery_key.html.twig index 6f3e5c50..9b28cebc 100644 --- a/system/templates/account.generate_new_recovery_key.html.twig +++ b/system/templates/account.generate_new_recovery_key.html.twig @@ -1,6 +1,7 @@ To generate new recovery key for your account please enter your password.
    New recovery key cost {{ setting('core.account_generate_new_reckey_price') }} Premium Points. You have {{ points }} premium points. You will receive e-mail with this recovery key.
    + {{ csrf() }}
    @@ -47,6 +48,7 @@ To generate new recovery key for your account please enter your password.
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} diff --git a/system/templates/account.generate_recovery_key.html.twig b/system/templates/account.generate_recovery_key.html.twig index c1193edd..cb69476c 100644 --- a/system/templates/account.generate_recovery_key.html.twig +++ b/system/templates/account.generate_recovery_key.html.twig @@ -1,5 +1,6 @@ To generate recovery key for your account please enter your password.

    + {{ csrf() }}
    @@ -50,6 +51,7 @@ To generate recovery key for your account please enter your password.

    -
    + {{ csrf() }}
    {{ include('buttons.back.html.twig') }} @@ -59,4 +61,4 @@ To generate recovery key for your account please enter your password.
    \ No newline at end of file +
    diff --git a/system/templates/account.login.html.twig b/system/templates/account.login.html.twig index 2431f1d1..aec1e222 100644 --- a/system/templates/account.login.html.twig +++ b/system/templates/account.login.html.twig @@ -1,6 +1,7 @@ {{ hook('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE') }} Please enter your account {{ account|lower }} and your password.
    Create an account if you do not have one yet.

    - + + {{ csrf() }} {% if redirect is not null %} {% endif %} @@ -66,6 +67,7 @@ Please enter your account {{ account|lower }} and your password.
    + {{ csrf() }}
    {{ include('buttons.account_lost.html.twig') }} diff --git a/system/templates/account.lost.form.html.twig b/system/templates/account.lost.form.html.twig index 33456fd0..9c29ccd8 100644 --- a/system/templates/account.lost.form.html.twig +++ b/system/templates/account.lost.form.html.twig @@ -1,5 +1,6 @@ The Lost Account Interface can help you to get back your account name and password. Please enter your character name and select what you want to do.
    - + + {{ csrf() }} @@ -32,4 +33,4 @@ The Lost Account Interface can help you to get back your account name and passwo
    - \ No newline at end of file + diff --git a/system/templates/account.management.html.twig b/system/templates/account.management.html.twig index 95fc0975..a648f28e 100644 --- a/system/templates/account.management.html.twig +++ b/system/templates/account.management.html.twig @@ -68,6 +68,7 @@
    You can register your account for increased protection. Click on "Register Account" and get your free recovery key today!
    + {{ csrf() }} {% set button_name = 'Register Account' %} {% include('buttons.base.html.twig') %}
    @@ -80,6 +81,7 @@ A request has been submitted to change the email address of this account to {{ email_new }}. After {{ email_new_time|date("j F Y, G:i:s") }} you can accept the new email address and finish the process. Please cancel the request if you do not want your email address to be changed! Also cancel the request if you have no access to the new email address!
    + {{ csrf() }} {% set button_name = 'Edit' %} {% include('buttons.base.html.twig') %}
    @@ -99,6 +101,7 @@
    		Email Address: {{ account_email ~ email_change }}
    + {{ csrf() }} {% set button_name = 'Change Email' %} {% include('buttons.base.html.twig') %}
    @@ -137,6 +140,7 @@
    + {{ csrf() }} {% set button_name = 'Change Info' %} {% include('buttons.base.html.twig') %}
    @@ -188,6 +192,7 @@
    + {{ csrf() }} {% set button_name = 'Create Character' %} {% include('buttons.base.html.twig') %}
    @@ -195,6 +200,7 @@ {% if setting('core.account_change_character_name') %}
    + {{ csrf() }} {% set button_name = 'Change Name' %} {% include('buttons.base.html.twig') %}
    @@ -203,6 +209,7 @@ {% if setting('core.account_change_character_sex') %}
    + {{ csrf() }} {% set button_name = 'Change Sex' %} {% include('buttons.base.html.twig') %}
    @@ -210,6 +217,7 @@ {% endif %}
    + {{ csrf() }} {% set button_name = 'Delete Character' %} {% include('buttons.base.html.twig') %}
    diff --git a/system/templates/admin-bar.html.twig b/system/templates/admin-bar.html.twig index 0825dd27..b14eb84e 100644 --- a/system/templates/admin-bar.html.twig +++ b/system/templates/admin-bar.html.twig @@ -98,6 +98,7 @@ html { margin-top: 32px !important; }
    News Page + Changelog
  • @@ -106,9 +107,11 @@ html { margin-top: 32px !important; }
  • - - Clear Cache - +
    + {{ csrf() }} + + Clear Cache +
      • diff --git a/system/templates/admin.changelog.form.html.twig b/system/templates/admin.changelog.form.html.twig index 99b90f7a..f0505644 100644 --- a/system/templates/admin.changelog.form.html.twig +++ b/system/templates/admin.changelog.form.html.twig @@ -4,6 +4,8 @@
      {{ (action == 'edit') ? 'Edit' : 'Add' }}
      + {{ csrf() }} +
      {% if action == 'edit' %} diff --git a/system/templates/admin.changelog.html.twig b/system/templates/admin.changelog.html.twig index 28ee35e4..7826a0fe 100644 --- a/system/templates/admin.changelog.html.twig +++ b/system/templates/admin.changelog.html.twig @@ -1,8 +1,11 @@
      News: - New + + {{ csrf() }} + + +
      @@ -30,15 +33,26 @@
    		icon {{ log.where|capitalize }}
    - - - - - - - - - +
    + {{ csrf() }} + + + +
    + +
    + {{ csrf() }} + + + +
    + +
    + {{ csrf() }} + + + +
    + + + diff --git a/system/templates/admin.links.html.twig b/system/templates/admin.links.html.twig new file mode 100644 index 00000000..986133c3 --- /dev/null +++ b/system/templates/admin.links.html.twig @@ -0,0 +1,22 @@ +

    + +
    + {{ csrf() }} + + + +
    + +
    + {{ csrf() }} + + + +
    + +
    + {{ csrf() }} + + + +
    diff --git a/system/templates/admin.login.html.twig b/system/templates/admin.login.html.twig index acbcf040..afba47e1 100644 --- a/system/templates/admin.login.html.twig +++ b/system/templates/admin.login.html.twig @@ -19,6 +19,7 @@
    + {{ csrf() }}
    diff --git a/system/templates/admin.mailer.html.twig b/system/templates/admin.mailer.html.twig index eaf32213..0b77ccb3 100644 --- a/system/templates/admin.mailer.html.twig +++ b/system/templates/admin.mailer.html.twig @@ -9,6 +9,7 @@
    Mailer
    + {{ csrf() }}
    diff --git a/system/templates/admin.menus.form.html.twig b/system/templates/admin.menus.form.html.twig index da4c126b..ae5c4dd1 100644 --- a/system/templates/admin.menus.form.html.twig +++ b/system/templates/admin.menus.form.html.twig @@ -4,6 +4,7 @@
    + {{ csrf() }}

    Please choose template in which you want to edit menu items.

    diff --git a/system/templates/admin.news.form.html.twig b/system/templates/admin.news.form.html.twig index ddad9dd9..a0acaf9e 100644 --- a/system/templates/admin.news.form.html.twig +++ b/system/templates/admin.news.form.html.twig @@ -1,9 +1,11 @@ {% if action %}
    -
    {% if action == 'edit' %}Edit{% else %}Add{% endif %} news
    +
    {% if action == 'edit' %}Edit{% else %}Add{% endif %} {% if type == constant('NEWS') %}News{% elseif type == constant('TICKER') %}Ticker{% else %}Article{% endif %}
    - + + {{ csrf() }} +
    {% if action == 'edit' %} @@ -22,9 +24,9 @@
    @@ -85,7 +87,7 @@
    - +
    diff --git a/system/templates/admin.news.html.twig b/system/templates/admin.news.html.twig index 0eb16d3f..c2931398 100644 --- a/system/templates/admin.news.html.twig +++ b/system/templates/admin.news.html.twig @@ -1,136 +1,6 @@ -
    -
    -
    News: - New -
    -
    - -
    - - - - - - - - - - - - {% for news in newses[constant('NEWS')] %} - - - - - - - - {% endfor %} - -
    IDTitleDatePlayerOptions
    {{ news.id|raw }}{{ news.title }}{{ news.date|date(setting('core.news_date_format')) }}{{ news.player_name }} -
    - - - - - - - - - -
    -
    -
    -
    - -
    -
    -
    Tickers: - New -
    -
    - -
    - - - - - - - - - - - - {% for ticker in newses[constant('TICKER')] %} - - - - - - - - {% endfor %} - -
    IDTitleDatePlayerOptions
    {{ ticker.id|raw }}{{ ticker.title }}{{ ticker.date|date(setting('core.news_date_format')) }}{{ ticker.player_name }} -
    - - - - - - - - - -
    -
    -
    -
    - -
    -
    -
    Articles: New -
    -
    - -
    - - - - - - - - - - - - {% for article in newses[constant('ARTICLE')] %} - - - - - - - - {% endfor %} - -
    IDTitleDatePlayerOptions
    {{ article.id|raw }}{{ article.title }}{{ article.date|date(setting('core.news_date_format')) }}{{ article.player_name }} -
    - - - - - - - - - -
    -
    -
    -
    +{{ include('admin.news.table.html.twig', {type: 1, title: 'News'}) }} +{{ include('admin.news.table.html.twig', {type: 2, title: 'Tickers'}) }} +{{ include('admin.news.table.html.twig', {type: 3, title: 'Articles'}) }}