Merge branch 'main' into develop

.gitignore

@@ -24,6 +24,7 @@ releases
 tmp
 
 config.local.php
+config2.local.php
 
 # all custom templates
 templates/*

admin/template/menus.php

@@ -60,7 +60,7 @@ usort($menus, function ($a, $b) {
 
 foreach ($menus as $i => $menu) {
 	if (isset($menu['link']) && is_array($menu['link'])) {
-		usort($menus[$i]['link'], function ($a, $b) {
+		usort($menu['link'], function ($a, $b) {
 			return $a['order'] - $b['order'];
 		});
 	}

admin/tools/settings_save.php

@@ -12,7 +12,7 @@ require SYSTEM . 'login.php';
 
 if(!admin()) {
 	http_response_code(500);
-	die('Access denied.');
+	die('You are not logged in. Probably session expired. Please login again.');
 }
 
 csrfProtect();
@@ -40,3 +40,6 @@ if (count($errors) > 0) {
 if ($success) {
 	echo 'Saved at ' . date('H:i');
 }
+else {
+	echo 'Something unexpected happened - it was impossible to save the settings, please try again later. If problem persists - contact MyAAC developers.';
+}

system/functions.php

@@ -1177,7 +1177,8 @@ function getTopPlayers($limit = 5, $skill = 'level') {
 	});
 }
 
-function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
+function deleteDirectory($dir, $ignore = array(), $contentOnly = false): bool
+{
 	if(!file_exists($dir)) {
 		return true;
 	}
@@ -1203,6 +1204,21 @@ function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
 	return rmdir($dir);
 }
 
+function ensureFolderExists($dir): void
+{
+	if (!file_exists($dir)) {
+		mkdir($dir, 0777, true);
+	}
+}
+
+function ensureIndexExists($dir): void
+{
+	$dir = rtrim($dir, '/');
+	if (!file_exists($file = $dir . '/index.html')) {
+		touch($file);
+	}
+}
+
 function config($key) {
 	global $config;
 	if (is_array($key)) {
@@ -1712,6 +1728,43 @@ function isCanary(): bool
 	return isset($vipSystemEnabled);
 }
 
+function getStatusUptimeReadable(int $uptime): string
+{
+	$fullMinute = 60;
+	$fullHour = (60 * $fullMinute);
+	$fullDay = (24 * $fullHour);
+	$fullMonth = (30 * $fullDay);
+	$fullYear = (365 * $fullDay);
+
+	// years
+	$years = floor($uptime / $fullYear);
+	$y = ($years > 1 ? "$years years, " : ($years == 1 ? 'year, ' : ''));
+
+	$uptime -= $years * $fullYear;
+
+	// months
+	$months = floor($uptime / $fullMonth);
+	$m = ($months > 1 ? "$months months, " : ($months == 1 ? 'month, ' : ''));
+
+	$uptime -= $months * $fullMonth;
+
+	// days
+	$days = floor($uptime / $fullDay);
+	$d = ($days > 1 ? "$days days, " : ($days == 1 ? 'day, ' : ''));
+
+	$uptime -= $days * $fullDay;
+
+	// hours
+	$hours = floor($uptime / $fullHour);
+
+	$uptime -= $hours * $fullHour;
+
+	// minutes
+	$min = floor($uptime / $fullMinute);
+
+	return "{$y}{$m}{$d}{$hours}h {$min}m";
+}
+
 // validator functions
 require_once SYSTEM . 'compat/base.php';
 

system/init.php

@@ -18,6 +18,9 @@ use MyAAC\Settings;
 
 defined('MYAAC') or die('Direct access not allowed!');
 
+ensureIndexExists(CACHE);
+ensureIndexExists(CACHE . 'twig/');
+
 global $config;
 if(!isset($config['installed']) || !$config['installed']) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');

system/libs/pot/OTS_ServerInfo.php

@@ -97,6 +97,8 @@ class OTS_ServerInfo
 			return new OTS_Buffer($data);
 		}
 
+		log_append('status-error.log', "Cannot connect to {$this->server}:{$this->port} - Error code: $error, message: $message");
+
 		return false;
 	}
 

system/pages/account/create.php

@@ -367,7 +367,7 @@ if(!empty($errors))
 
 if (setting('core.account_country')) {
 	$countries = array();
-	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
+	foreach (setting('core.account_countries_most_popular') ?? [] as $c)
 		$countries[$c] = $config['countries'][$c];
 
 	$countries['--'] = '----------';

system/pages/characters.php

@@ -202,36 +202,38 @@ if($player->isLoaded() && !$player->isDeleted())
 		unset($storage);
 	}
 
-	if($db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
+	if ($db->hasTableAndColumns('player_items', ['pid', 'sid', 'itemtype'])) {
 		$eq_sql = $db->query('SELECT `pid`, `itemtype` FROM player_items WHERE player_id = '.$player->getId().' AND (`pid` >= 1 and `pid` <= 10)');
-		$equipment = array();
-		foreach($eq_sql as $eq)
+		$equipment = [];
+		foreach($eq_sql as $eq) {
 			$equipment[$eq['pid']] = $eq['itemtype'];
+		}
 
-		$empty_slots = array("", "no_helmet", "no_necklace", "no_backpack", "no_armor", "no_handleft", "no_handright", "no_legs", "no_boots", "no_ring", "no_ammo");
-		for($i = 0; $i <= 10; $i++)
-		{
+		$empty_slots = ["", "no_helmet", "no_necklace", "no_backpack", "no_armor", "no_handleft", "no_handright", "no_legs", "no_boots", "no_ring", "no_ammo"];
+
+		for($i = 0; $i <= 10; $i++) {
 			if(!isset($equipment[$i]) || $equipment[$i] == 0)
 				$equipment[$i] = $empty_slots[$i];
 		}
 
-		for($i = 1; $i < 11; $i++)
-		{
-			if(Validator::number($equipment[$i]))
+		for($i = 1; $i < 11; $i++) {
+			if(Validator::number($equipment[$i])) {
 				$equipment[$i] = getItemImage($equipment[$i]);
-			else
+			}
+			else {
 				$equipment[$i] = '<img src="images/items/' . $equipment[$i] . '.gif" width="32" height="32" border="0" alt=" ' . $equipment[$i] . '" />';
+			}
 		}
-
-		$skulls = array(
-			1 => 'yellow_skull',
-			2 => 'green_skull',
-			3 => 'white_skull',
-			4 => 'red_skull',
-			5 => 'black_skull'
-		);
 	}
 
+	$skulls = [
+		1 => 'yellow_skull',
+		2 => 'green_skull',
+		3 => 'white_skull',
+		4 => 'red_skull',
+		5 => 'black_skull',
+	];
+
 	$dead_add_content = '';
 	$deaths = array();
 	if($db->hasTable('killers')) {

system/pages/news.php

@@ -122,7 +122,7 @@ if(!$news_cached)
 		);
 	}
 
-	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hide` != 1') .' ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit'));
+	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER . ' AND `hide` != 1 ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit'));
 	$tickers_content = '';
 	if($tickers_db->rowCount() > 0)
 	{
@@ -142,7 +142,8 @@ if(!$news_cached)
 	if($cache->enabled() && !$canEdit)
 		$cache->set('news_' . $template_name . '_' . TICKER, $tickers_content, 60 * 60);
 
-	$featured_article_db =$db->query('SELECT `id`, `title`, `article_text`, `article_image`, `hide` FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . ARTICLE . ($canEdit ? '' : ' AND `hide` != 1') .' ORDER BY `date` DESC LIMIT 1');
+	$featured_article_db =$db->query('SELECT `id`, `title`, `article_text`, `article_image`, `hide` FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . ARTICLE . ' AND `hide` != 1 ORDER BY `date` DESC LIMIT 1');
+
 	$article = '';
 	if($featured_article_db->rowCount() > 0) {
 		$article = $featured_article_db->fetch();
@@ -175,7 +176,7 @@ else {
 if(!$news_cached)
 {
 	ob_start();
-	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hide != 1') . ' ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit'));
+	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ' AND hide != 1 ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit'));
 	if($newses->rowCount() > 0)
 	{
 		foreach($newses as $news)

system/settings.php

@@ -737,6 +737,18 @@ Sent by MyAAC,<br/>
 			'desc' => 'should country of user be automatically recognized by his IP? This makes an external API call to http://ipinfo.io',
 			'default' => true,
 		],
+		'account_countries_most_popular' => [
+			'name' => 'Account Countries Most Popular',
+			'type' => 'text',
+			'desc' => 'Those countries will be display at the top of the list on the create account page. The short codes of countries can be found in file <i>system/countries.conf.php</i>',
+			'default' => 'pl,se,br,us,gb',
+			'callbacks' => [
+				'get' => function ($value) {
+					$tmp = array_map('trim', explode(',', $value));
+					return array_filter($tmp, function ($v) {return !empty($v); });
+				},
+			],
+		],
 		'characters_per_account' => [
 			'name' => 'Characters per Account',
 			'type' => 'number',

system/src/Cache/PHP.php

@@ -27,6 +27,9 @@ class PHP
 	{
 		$var = var_export($var, true);
 
+		ensureFolderExists($this->dir);
+		ensureIndexExists($this->dir);
+
 		// Write to temp file first to ensure atomicity
 		$tmp = $this->dir . "tmp_$key." . uniqid('', true) . '.tmp';
 		file_put_contents($tmp, '<?php $var = ' . $var . ';', LOCK_EX);

system/src/Commands/PluginDisableCommand.php

@@ -13,6 +13,7 @@ class PluginDisableCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:disable')
+			->setAliases(['plugin:deactivate'])
 			->setDescription('This command disables plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to disable');
 	}

system/src/Commands/PluginEnableCommand.php

@@ -13,6 +13,7 @@ class PluginEnableCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:enable')
+			->setAliases(['plugin:activate'])
 			->setDescription('This command enables plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to enable');
 	}

system/src/Commands/PluginUninstallCommand.php

@@ -13,6 +13,7 @@ class PluginUninstallCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:uninstall')
+			->setAliases(['plugin:remove', 'plugin:delete'])
 			->setDescription('This command uninstalls plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to uninstall');
 	}

system/src/Plugins.php

@@ -513,6 +513,9 @@ class Plugins {
 			return false;
 		}
 
+		ensureFolderExists($cachePlugins = CACHE . 'plugins');
+		ensureIndexExists($cachePlugins);
+
 		self::$error = 'There was a problem with extracting zip archive.';
 		$file_name = $plugin_temp_dir . $json_file;
 		if(!file_exists($file_name)) {
@@ -549,21 +552,21 @@ class Plugins {
 		if(isset($plugin_json['require'])) {
 			$require = $plugin_json['require'];
 
-			$myaac_satified = true;
+			$myaac_satisfied = true;
 			if(isset($require['myaac_'])) {
 				$require_myaac = $require['myaac_'];
 				if(!Semver::satisfies(MYAAC_VERSION, $require_myaac)) {
-					$myaac_satified = false;
+					$myaac_satisfied = false;
 				}
 			}
 			else if(isset($require['myaac'])) {
 				$require_myaac = $require['myaac'];
 				if(version_compare(MYAAC_VERSION, $require_myaac, '<')) {
-					$myaac_satified = false;
+					$myaac_satisfied = false;
 				}
 			}
 
-			if(!$myaac_satified) {
+			if(!$myaac_satisfied) {
 				self::$error = "Your AAC version doesn't meet the requirement of this plugin. Required version is: " . $require_myaac . ", and you're using version " . MYAAC_VERSION . ".";
 				return false;
 			}

system/src/Settings.php

@@ -248,7 +248,7 @@ class Settings implements \ArrayAccess
 						echo '<div class="input-group" id="show-hide-' . $key . '">';
 					}
 
-					echo '<input class="form-control" type="' . $setting['type'] . '" name="settings[' . $key . ']" value="' . ($settingsDb[$key] ?? ($setting['default'] ?? '')) . '" id="' . $key . '"' . $min . $max . $step . '/>';
+					echo '<input class="form-control" type="' . $setting['type'] . '" name="settings[' . $key . ']" value="' . escapeHtml($settingsDb[$key] ?? ($setting['default'] ?? '')) . '" id="' . $key . '"' . $min . $max . $step . '/>';
 
 					if ($setting['type'] === 'password') {
 						echo '<div class="input-group-append input-group-text"><a href=""><i class="fas fa-eye-slash" ></i></a></div></div>';
@@ -266,7 +266,7 @@ class Settings implements \ArrayAccess
 					if ($rows < 2) {
 						$rows = 2; // always min 2 rows for textarea
 					}
-					echo '<textarea class="form-control" rows="' . $rows . '" name="settings[' . $key . ']" id="' . $key . '">' . $value . '</textarea>';
+					echo '<textarea class="form-control" rows="' . $rows . '" name="settings[' . $key . ']" id="' . $key . '">' . escapeHtml($value) . '</textarea>';
 				}
 
 				else if ($setting['type'] === 'options') {

system/status.php

@@ -145,13 +145,7 @@ function updateStatus() {
 		}
 
 		$uptime = $status['uptime'] = $serverStatus->getUptime();
-		$m = date('m', $uptime);
-		$m = $m > 1 ? "$m months, " : ($m == 1 ? 'month, ' : '');
-		$d = date('d', $uptime);
-		$d = $d > 1 ? "$d days, " : ($d == 1 ? 'day, ' : '');
-		$h = date('H', $uptime);
-		$min = date('i', $uptime);
-		$status['uptimeReadable'] = "{$m}{$d}{$h}h {$min}m";
+		$status['uptimeReadable'] = getStatusUptimeReadable($uptime);
 
 		$status['monsters'] = $serverStatus->getMonstersCount();
 		$status['motd'] = $serverStatus->getMOTD();

tools/signature/index.php

@@ -53,6 +53,9 @@
 		exit;
 	}
 
+	ensureFolderExists(SIGNATURES_CACHE);
+	ensureIndexExists(SIGNATURES_CACHE);
+
 	$cached = SIGNATURES_CACHE.$player->getId() . '.png';
 	if(file_exists($cached) && (time() < (filemtime($cached) + (60 * setting('core.signature_cache_time')))))
 	{