From 32cf4871287aa316c4f3f15e24c7a8945e0e8fc1 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Wed, 31 Aug 2022 11:16:48 +0200
Subject: [PATCH 01/11] Feature/recaptcha v3 plus login (#202)

* [WIP] New GoogleReCAPTCHA code
Support for v3
v2-invisible doesn't work yet

* Add some notice about recaptchas versions

* Lets support only ReCaptcha v3

Too much mess ;)

* Fixes
---
 config.php                                  |  6 +-
 system/libs/GoogleReCAPTCHA.php             | 79 +++++++++++++++++++++
 system/login.php                            |  8 +++
 system/pages/createaccount.php              | 13 ++--
 system/templates/account.create.html.twig   | 20 ++----
 system/templates/account.login.html.twig    |  7 ++
 system/templates/google_recaptcha.html.twig | 11 +++
 system/templates/templates.header.html.twig |  4 +-
 templates/tibiacom/account.login.html.twig  |  7 ++
 9 files changed, 129 insertions(+), 26 deletions(-)
 create mode 100644 system/libs/GoogleReCAPTCHA.php
 create mode 100644 system/templates/google_recaptcha.html.twig

diff --git a/config.php b/config.php
index a4fa1ac3..36eda984 100644
--- a/config.php
+++ b/config.php
@@ -135,11 +135,13 @@ $config = array(
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
 	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 
-	// reCAPTCHA (prevent spam bots)
+	// Google reCAPTCHA v3 (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
 	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
-	'recaptcha_theme' => 'light', // light, dark
+	// min score for validation, between 0 - 1.0
+	// https://developers.google.com/recaptcha/docs/v3#interpreting_the_score
+	'recaptcha_min_score' => 0.5,
 
 	//
 	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
diff --git a/system/libs/GoogleReCAPTCHA.php b/system/libs/GoogleReCAPTCHA.php
new file mode 100644
index 00000000..fe4bda0a
--- /dev/null
+++ b/system/libs/GoogleReCAPTCHA.php
@@ -0,0 +1,79 @@
+<?php
+
+class GoogleReCAPTCHA
+{
+	private static $errorMessage = '';
+	private static $errorType;
+
+	const ERROR_MISSING_RESPONSE = 1;
+	const ERROR_INVALID_ACTION = 2;
+	const ERROR_LOW_SCORE = 3;
+	const ERROR_NO_SUCCESS = 4;
+
+	public static function verify($action = '')
+	{
+		if (!isset($_POST['g-recaptcha-response']) || empty($_POST['g-recaptcha-response'])) {
+			self::$errorType = self::ERROR_MISSING_RESPONSE;
+			self::$errorMessage = "Please confirm that you're not a robot.";
+			return false;
+		}
+
+		$recaptchaApiUrl = 'https://www.google.com/recaptcha/api/siteverify';
+		$secretKey = config('recaptcha_secret_key');
+
+		$recaptchaResponse = $_POST['g-recaptcha-response'];
+		$ip = $_SERVER['REMOTE_ADDR'];
+		$params = 'secret='.$secretKey.'&response='.$recaptchaResponse.'&remoteip='.$ip;
+
+		if (function_exists('curl_version')) {
+			$curl_connection = curl_init($recaptchaApiUrl);
+
+			curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 5);
+			curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
+			curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
+			curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 0);
+			curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $params);
+
+			$response = curl_exec($curl_connection);
+			curl_close($curl_connection);
+		} else {
+			$response = file_get_contents($recaptchaApiUrl . '?' . $params);
+		}
+
+		$json = json_decode($response);
+		//log_append('recaptcha.log', 'recaptcha_score: ' . $json->score . ', action:' . $json->action);
+		if (!isset($json->action) || $json->action !== $action) {
+			self::$errorType = self::ERROR_INVALID_ACTION;
+			self::$errorMessage = 'Google ReCaptcha returned invalid action.';
+			return false;
+		}
+
+		if (!isset($json->score) || $json->score < config('recaptcha_min_score')) {
+			self::$errorType = self::ERROR_LOW_SCORE;
+			self::$errorMessage = 'Your Google ReCaptcha score was too low.';
+			return false;
+		}
+
+		if (!isset($json->success) || !$json->success) {
+			self::$errorType = self::ERROR_NO_SUCCESS;
+			self::$errorMessage = "Please confirm that you're not a robot.";
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * @return string
+	 */
+	public static function getErrorMessage() {
+		return self::$errorMessage;
+	}
+
+	/**
+	 * @return int
+	 */
+	public static function getErrorType() {
+		return self::$errorType;
+	}
+}
diff --git a/system/login.php b/system/login.php
index cf33d04b..e820f4c8 100644
--- a/system/login.php
+++ b/system/login.php
@@ -84,6 +84,14 @@ else
 				$t = isset($tmp[$ip]) ? $tmp[$ip] : NULL;
 			}
 
+			if(config('recaptcha_enabled'))
+			{
+				require LIBS . 'GoogleReCAPTCHA.php';
+				if (!GoogleReCAPTCHA::verify('login')) {
+					$errors[] = GoogleReCAPTCHA::getErrorMessage();
+				}
+			}
+
 			$account_logged = new OTS_Account();
 			if (config('account_login_by_email')) {
 				$account_logged->findByEMail($login_account);
diff --git a/system/pages/createaccount.php b/system/pages/createaccount.php
index 06f5f414..6a7a218d 100644
--- a/system/pages/createaccount.php
+++ b/system/pages/createaccount.php
@@ -72,17 +72,12 @@ if($save)
 			$errors['country'] = 'Country is invalid.';
 	}
 
-	if($config['recaptcha_enabled'])
+	if(config('recaptcha_enabled'))
 	{
-		if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']))
-		{
-			$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$config['recaptcha_secret_key'].'&response='.$_POST['g-recaptcha-response']);
-			$responseData = json_decode($verifyResponse);
-			if(!$responseData->success)
-				$errors['verification'] = "Please confirm that you're not a robot.";
+		require LIBS . 'GoogleReCAPTCHA.php';
+		if (!GoogleReCAPTCHA::verify('register')) {
+			$errors['verification'] = GoogleReCAPTCHA::getErrorMessage();
 		}
-		else
-			$errors['verification'] = "Please confirm that you're not a robot.";
 	}
 
 	// password
diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig
index cb89d4b3..84be3ac6 100644
--- a/system/templates/account.create.html.twig
+++ b/system/templates/account.create.html.twig
@@ -109,19 +109,9 @@
 
 												{{ hook('HOOK_ACCOUNT_CREATE_AFTER_PASSWORDS') }}
 
-                                                {% if config.recaptcha_enabled %}
-													<tr>
-														<td class="LabelV" style="width: 150px">
-															<span{% if errors.verification[0] is defined %} class="red"{% endif %}>Verification:</span>
-														</td>
-														<td>
-															<div class="g-recaptcha" data-sitekey="{{ config.recaptcha_site_key }}" data-theme="{{ config.recaptcha_theme }}"></div>
-														</td>
-													</tr>
-                                                    {% if errors.verification is defined %}
-														<tr><td></td><td><span class="FormFieldError">{{ errors.verification }}</span></td></tr>
-                                                    {% endif %}
-                                                {% endif %}
+												{% if config.recaptcha_enabled %}
+													<input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response" />
+												{% endif %}
 
 												{{ hook('HOOK_ACCOUNT_CREATE_AFTER_RECAPTCHA') }}
 												</tbody>
@@ -339,6 +329,10 @@
 </form>
 {{ hook('HOOK_ACCOUNT_CREATE_AFTER_FORM') }}
 <script type="text/javascript" src="tools/check_name.js"></script>
+{% if config.recaptcha_enabled %}
+	{% set action = 'register' %}
+	{{ include('google_recaptcha.html.twig') }}
+{% endif %}
 <style>
 	#SuggestAccountNumber {
 		font-size: 7pt;
diff --git a/system/templates/account.login.html.twig b/system/templates/account.login.html.twig
index eb566b22..2277ef16 100644
--- a/system/templates/account.login.html.twig
+++ b/system/templates/account.login.html.twig
@@ -39,6 +39,9 @@ Please enter your account {{ account|lower }} and your password.<br/><a href="?s
 								<td><input type="checkbox" id="remember_me" name="remember_me" value="true" />
 									<label for="remember_me"> Remember me</label></td>
 							</tr>
+							{% if config.recaptcha_enabled %}
+								<input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response" />
+							{% endif %}
 							{% if error is not null %}
 								<tr><td></td><td><span class="FormFieldError">{{ error }}</span></td></tr>
 							{% endif %}
@@ -74,3 +77,7 @@ Please enter your account {{ account|lower }} and your password.<br/><a href="?s
 			</td>
 		</tr>
 	</table>
+{% if config.recaptcha_enabled %}
+	{% set action = 'login' %}
+	{{ include('google_recaptcha.html.twig') }}
+{% endif %}
diff --git a/system/templates/google_recaptcha.html.twig b/system/templates/google_recaptcha.html.twig
new file mode 100644
index 00000000..a090aec5
--- /dev/null
+++ b/system/templates/google_recaptcha.html.twig
@@ -0,0 +1,11 @@
+<script>
+	$(document).ready(function() {
+		grecaptcha.ready(function() {
+			grecaptcha.execute('{{ config.recaptcha_site_key }}', {action: '{{ action }}'}).then(function(token) {
+				if (token) {
+					document.getElementById('g-recaptcha-response').value = token;
+				}
+			});
+		});
+	});
+</script>
\ No newline at end of file
diff --git a/system/templates/templates.header.html.twig b/system/templates/templates.header.html.twig
index 6438076a..d6ae1fbb 100644
--- a/system/templates/templates.header.html.twig
+++ b/system/templates/templates.header.html.twig
@@ -17,5 +17,5 @@
 	</div>
 </noscript>
 {% if config.recaptcha_enabled %}
-<script src="https://www.google.com/recaptcha/api.js"></script>
-{% endif %}
\ No newline at end of file
+<script src="https://www.google.com/recaptcha/api.js?render={{ config.recaptcha_site_key }}"></script>
+{% endif %}
diff --git a/templates/tibiacom/account.login.html.twig b/templates/tibiacom/account.login.html.twig
index fd701ad1..b834df9c 100644
--- a/templates/tibiacom/account.login.html.twig
+++ b/templates/tibiacom/account.login.html.twig
@@ -47,6 +47,9 @@
 																<td><input type="checkbox" id="remember_me" name="remember_me" value="true" />
 																	<label for="remember_me"> Remember me</label></td>
 															</tr>
+															{% if config.recaptcha_enabled %}
+																<input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response" />
+															{% endif %}
 														</table>
 														<div style="float: right; font-size: 1px;" >
 															<input type="hidden" name="page" value="overview" >
@@ -144,3 +147,7 @@
 		</tr>
 	</table>
 </div>
+{% if config.recaptcha_enabled %}
+	{% set action = 'login' %}
+	{{ include('google_recaptcha.html.twig') }}
+{% endif %}

From 717b5fdd155715c4e4ec98c021137a9a552189f3 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 12 Sep 2022 14:16:36 +0200
Subject: [PATCH 02/11] Add compat Gesior classes

To allow more custom pages be used with myaac
---
 index.php                                     |  6 ++++--
 system/{compat.php => compat/base.php}        |  0
 system/compat/classes.php                     | 15 +++++++++++++++
 system/{compat_pages.php => compat/pages.php} |  0
 system/functions.php                          |  2 +-
 5 files changed, 20 insertions(+), 3 deletions(-)
 rename system/{compat.php => compat/base.php} (100%)
 create mode 100644 system/compat/classes.php
 rename system/{compat_pages.php => compat/pages.php} (100%)

diff --git a/index.php b/index.php
index 3ce40bb5..cb273f17 100644
--- a/index.php
+++ b/index.php
@@ -314,8 +314,10 @@ if($load_it)
 	if(SITE_CLOSED && admin())
 		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
 
-	if($config['backward_support'])
-		require SYSTEM . 'compat_pages.php';
+	if($config['backward_support']) {
+		require SYSTEM . 'compat/pages.php';
+		require SYSTEM . 'compat/classes.php';
+	}
 
 	$ignore = false;
 
diff --git a/system/compat.php b/system/compat/base.php
similarity index 100%
rename from system/compat.php
rename to system/compat/base.php
diff --git a/system/compat/classes.php b/system/compat/classes.php
new file mode 100644
index 00000000..051fbdf2
--- /dev/null
+++ b/system/compat/classes.php
@@ -0,0 +1,15 @@
+<?php
+/**
+ * Compat classes (backward support for Gesior AAC)
+ *
+ * @package   MyAAC
+ * @author    Slawkens <slawkens@gmail.com>
+ * @copyright 2022 MyAAC
+ * @link      https://my-aac.org
+ */
+defined('MYAAC') or die('Direct access not allowed!');
+
+class Player extends OTS_Player {}
+class Guild extends OTS_Guild {}
+class GuildRank extends OTS_GuildRank {}
+class House extends OTS_House {}
diff --git a/system/compat_pages.php b/system/compat/pages.php
similarity index 100%
rename from system/compat_pages.php
rename to system/compat/pages.php
diff --git a/system/functions.php b/system/functions.php
index fbed8384..363d7795 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -1486,7 +1486,7 @@ function getAccountLoginByLabel()
 
 // validator functions
 require_once LIBS . 'validator.php';
-require_once SYSTEM . 'compat.php';
+require_once SYSTEM . 'compat/base.php';
 
 // custom functions
 require SYSTEM . 'functions_custom.php';

From 9693fd260c812437bae6752379bcbe3466c931bc Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 28 Oct 2022 13:41:39 +0200
Subject: [PATCH 03/11] Update account.change_mail.html.twig

---
 system/templates/account.change_mail.html.twig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/templates/account.change_mail.html.twig b/system/templates/account.change_mail.html.twig
index 1965f7a0..1c0d1c12 100644
--- a/system/templates/account.change_mail.html.twig
+++ b/system/templates/account.change_mail.html.twig
@@ -1,4 +1,4 @@
-Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to. <b>For security reasons, the actual change will be finalised after a waiting period of {{ config.account_mail_change }} days.</b><br/><br/>
+Please enter your password and the new email address. Make sure that you enter a valid email address which you have access to. <br/><b>For security reasons, the actual change will be finalised after a waiting period of {{ config.account_mail_change }} days.</b><br/><br/>
 <form action="{{ getLink('account/email') }}" method="post">
 <div class="TableContainer">
 	<table class="Table1" cellpadding="0" cellspacing="0">

From e6c72efd184ae0732072e514188d1749304ef7e8 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 28 Oct 2022 13:41:35 +0200
Subject: [PATCH 04/11] Add more client versions

---
 system/clients.conf.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/system/clients.conf.php b/system/clients.conf.php
index 4daaec15..b3ec18d5 100644
--- a/system/clients.conf.php
+++ b/system/clients.conf.php
@@ -76,11 +76,13 @@ $config['clients'] = [
 	1096,
 	1097,
 	1098,
+
 	1100,
 	1102,
 	1140,
 	1150,
 	1180,
+
 	1200,
 	1202,
 	1215,
@@ -89,4 +91,12 @@ $config['clients'] = [
 	1240,
 	1251,
 	1260,
+	1270,
+	1280,
+	1285,
+	1286,
+	1290,
+	1291,
+
+	1300,
 ];

From b841c9f6314d8b15e186ecabdd64d3e6a25a7c4f Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 28 Oct 2022 13:41:10 +0200
Subject: [PATCH 05/11] Fix typo in br locale

---
 system/locale/pt_br/install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/locale/pt_br/install.php b/system/locale/pt_br/install.php
index 029fd322..e47faede 100644
--- a/system/locale/pt_br/install.php
+++ b/system/locale/pt_br/install.php
@@ -19,7 +19,7 @@ $locale['not_loaded'] = 'Não carregado';
 
 $locale['loading_spinner'] = 'Por favor aguarde, instalando...';
 $locale['importing_spinner'] = 'Por favor, aguarde, importando dados...';
-$locale['please_fill_all'] = 'or favor, preencha todas as entradas!';
+$locale['please_fill_all'] = 'Por favor, preencha todas as entradas!';
 $locale['already_installed'] = 'MyAAC já foi instalado. Por favor, apague o diretório <b> install/ <b/>. Se você quiser reinstalar o MyAAC - exclua o arquivo <strong> config.local.php </strong> do diretório principal e atualize a página.';
 
 // welcome

From e1d486c8c8cbec0813db255838e8cd1a220e3695 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 28 Oct 2022 13:41:23 +0200
Subject: [PATCH 06/11] Add vocation into getTopPlayers

---
 system/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/functions.php b/system/functions.php
index 363d7795..644a716a 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -1037,7 +1037,7 @@ function getTopPlayers($limit = 5) {
 			$deleted = 'deletion';
 
 		$is_tfs10 = $db->hasTable('players_online');
-		$players = $db->query('SELECT `id`, `name`, `level`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . config('highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', config('highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
+		$players = $db->query('SELECT `id`, `name`, `level`, `vocation`, `experience`, `looktype`' . ($db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `lookhead`, `lookbody`, `looklegs`, `lookfeet`' . ($is_tfs10 ? '' : ', `online`') . ' FROM `players` WHERE `group_id` < ' . config('highscores_groups_hidden') . ' AND `id` NOT IN (' . implode(', ', config('highscores_ids_hidden')) . ') AND `' . $deleted . '` = 0 AND `account_id` != 1 ORDER BY `experience` DESC LIMIT ' . (int)$limit)->fetchAll();
 
 		if($is_tfs10) {
 			foreach($players as &$player) {

From 616b8eb61a4a875f6f63b0973aecd973b8402b72 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Fri, 28 Oct 2022 17:16:17 +0200
Subject: [PATCH 07/11] some not-important changes

---
 system/pages/account/register.php         |  3 +-
 system/pages/account/register_new.php     |  2 +-
 system/pages/accountmanagement.php        |  8 ++----
 system/pages/characters.php               | 34 ++++++++++-------------
 system/pages/createaccount.php            | 16 +++++------
 system/pages/forum/show_board.php         |  3 +-
 system/pages/guilds/accept_invite.php     |  3 +-
 system/pages/lostaccount.php              |  6 ++--
 system/pages/online.php                   | 25 ++++++++---------
 system/templates/account.create.html.twig |  2 +-
 10 files changed, 44 insertions(+), 58 deletions(-)

diff --git a/system/pages/account/register.php b/system/pages/account/register.php
index bfb69ee1..a10eb76f 100644
--- a/system/pages/account/register.php
+++ b/system/pages/account/register.php
@@ -22,6 +22,7 @@ if(isset($_POST['registeraccountsave']) && $_POST['registeraccountsave'] == "1")
 
 			$account_logged->setCustomField("key", $new_rec_key);
 			$account_logged->logAction('Generated recovery key.');
+			$message = '';
 
 			if($config['mail_enabled'] && $config['send_mail_when_generate_reckey'])
 			{
@@ -54,5 +55,3 @@ if($show_form) {
 	//show form
 	$twig->display('account.generate_recovery_key.html.twig');
 }
-
-?>
\ No newline at end of file
diff --git a/system/pages/account/register_new.php b/system/pages/account/register_new.php
index dfe9749f..93a14745 100644
--- a/system/pages/account/register_new.php
+++ b/system/pages/account/register_new.php
@@ -40,7 +40,7 @@ else
 					$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.$config['generate_new_reckey_price'].' premium points.';
 				}
 				else
-					$message = '<br /><p class="error">An error occorred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+					$message = '<br /><p class="error">An error occurred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 
 				$twig->display('success.html.twig', array(
 					'title' => 'Account Registered',
diff --git a/system/pages/accountmanagement.php b/system/pages/accountmanagement.php
index 53c65c0c..6364d1ff 100644
--- a/system/pages/accountmanagement.php
+++ b/system/pages/accountmanagement.php
@@ -59,8 +59,7 @@ $errors = array();
 		return;
 	}
 
-	if($action == '')
-	{
+	if($action == '') {
 		$freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
 		$dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
 		/**
@@ -72,10 +71,9 @@ $errors = array();
 			$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
 
 		$recovery_key = $account_logged->getCustomField('key');
-		if(empty($recovery_key))
+		if(empty($recovery_key)) {
 			$account_registered = '<b><span style="color: red">No</span></b>';
-		else
-		{
+		} else {
 			if($config['generate_new_reckey'] && $config['mail_enabled'])
 				$account_registered = '<b><span style="color: green">Yes ( <a href="' . getLink('account/register/new') . '"> Buy new Recovery Key </a> )</span></b>';
 			else
diff --git a/system/pages/characters.php b/system/pages/characters.php
index 5fa44c7f..84c5fd63 100644
--- a/system/pages/characters.php
+++ b/system/pages/characters.php
@@ -47,7 +47,7 @@ if(isset($_REQUEST['name']))
 if(empty($name))
 {
 	$tmp_link = getPlayerLink($name);
-	echo 'Here you can get detailed information about a certain player on ' . $config['lua']['serverName'] . '.<BR>';
+	echo 'Here you can get detailed information about a certain player on ' . $config['lua']['serverName'] . '.<br/>';
 	echo generate_search_form(true);
 	return;
 }
@@ -82,8 +82,9 @@ if($player->isLoaded() && !$player->isDeleted())
 		$outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($db->hasColumn('players', 'lookaddons') ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet();
 
 	$flag = '';
-	if($config['account_country'])
+	if($config['account_country']) {
 		$flag = getFlagImage($account->getCountry());
+	}
 
 	$player_sex = 'Unknown';
 	if(isset($config['genders'][$player->getSex()]))
@@ -147,9 +148,10 @@ if($player->isLoaded() && !$player->isDeleted())
 	if($config['characters']['skills'])
 	{
 		if($db->hasColumn('players', 'skill_fist')) {// tfs 1.0+
-			$skills_db = $db->query('SELECT `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing` FROM `players` WHERE `id` = ' . $player->getId())->fetch();
+			$skills_db = $db->query('SELECT `maglevel`, `skill_fist`, `skill_club`, `skill_sword`, `skill_axe`, `skill_dist`, `skill_shielding`, `skill_fishing` FROM `players` WHERE `id` = ' . $player->getId())->fetch();
 
 			$skill_ids = array(
+				POT::SKILL_MAGIC => 'maglevel',
 				POT::SKILL_FIST => 'skill_fist',
 				POT::SKILL_CLUB => 'skill_club',
 				POT::SKILL_SWORD => 'skill_sword',
@@ -175,8 +177,7 @@ if($player->isLoaded() && !$player->isDeleted())
 	}
 
 	$quests_enabled = $config['characters']['quests'] && !empty($config['quests']);
-	if($quests_enabled)
-	{
+	if($quests_enabled) {
 		$quests = $config['quests'];
 		$sql_query_in = '';
 		$i = 0;
@@ -197,10 +198,10 @@ if($player->isLoaded() && !$player->isDeleted())
 		foreach($quests as &$storage) {
 			$storage = isset($player_storage[$storage]) && $player_storage[$storage] > 0;
 		}
+		unset($storage);
 	}
 
-	if($config['characters']['equipment'])
-	{
+	if($config['characters']['equipment']) {
 		global $db;
 		$eq_sql = $db->query('SELECT `pid`, `itemtype` FROM player_items WHERE player_id = '.$player->getId().' AND (`pid` >= 1 and `pid` <= 10)');
 		$equipment = array();
@@ -284,8 +285,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 				$deaths[] = array('time' => $death['date'], 'description' => $description . '.');
 			}
 		}
-	}
-	else {
+	} else {
 		$mostdamage = '';
 		if($db->hasColumn('player_deaths', 'mostdamage_by'))
 			$mostdamage = ', `mostdamage_by`, `mostdamage_is_player`, `unjustified`, `mostdamage_unjustified`';
@@ -294,8 +294,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 				FROM `player_deaths`
 				WHERE `player_id` = ' . $player->getId() . ' ORDER BY `time` DESC LIMIT 10;')->fetchAll();
 
-		if(count($deaths_db))
-		{
+		if(count($deaths_db)) {
 			$number_of_rows = 0;
 			foreach($deaths_db as $death)
 			{
@@ -326,14 +325,12 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 
 	$frags = array();
 	$frag_add_content = '';
-	if($config['characters']['frags'] && $db->hasTable('killers'))
-	{
+	if($config['characters']['frags'] && $db->hasTable('killers')) {
 		//frags list by Xampy
 		$i = 0;
 		$frags_limit = 10; // frags limit to show? // default: 10
 		$player_frags = $db->query('SELECT `player_deaths`.*, `players`.`name`, `killers`.`unjustified` FROM `player_deaths` LEFT JOIN `killers` ON `killers`.`death_id` = `player_deaths`.`id` LEFT JOIN `player_killers` ON `player_killers`.`kill_id` = `killers`.`id` LEFT JOIN `players` ON `players`.`id` = `player_deaths`.`player_id` WHERE `player_killers`.`player_id` = '.$player->getId().' ORDER BY `date` DESC LIMIT 0,'.$frags_limit.';')->fetchAll();
-		if(count($player_frags))
-		{
+		if(count($player_frags)) {
 			$row_count = 0;
 			foreach($player_frags as $frag)
 			{
@@ -416,9 +413,7 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 		'search_form' => generate_search_form(),
 		'canEdit' => hasFlag(FLAG_CONTENT_PLAYERS) || superAdmin()
 	));
-}
-else
-{
+} else {
 	$search_errors[] = 'Character <b>' . $name . '</b> does not exist or has been deleted.';
 	$twig->display('error_box.html.twig', array('errors' => $search_errors));
 	$search_errors = array();
@@ -432,8 +427,7 @@ else
 		$deleted = 'deletion';
 
 	$query = $db->query('SELECT `name`, `level`, `vocation`' . $promotion . ' FROM `players` WHERE `name` LIKE  ' . $db->quote('%' . $name . '%') . ' AND ' . $deleted . ' != 1 LIMIT ' . (int)config('characters_search_limit') . ';');
-	if($query->rowCount() > 0)
-	{
+	if($query->rowCount() > 0) {
 		echo 'Did you mean:<ul>';
 		foreach($query as $player) {
 			if(isset($player['promotion'])) {
diff --git a/system/pages/createaccount.php b/system/pages/createaccount.php
index 6a7a218d..20cd0170 100644
--- a/system/pages/createaccount.php
+++ b/system/pages/createaccount.php
@@ -244,6 +244,14 @@ if($save)
 		}
 		else
 		{
+			if(config('account_create_character_create')) {
+				// character creation
+				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
+				if (!$character_created) {
+					error('There was an error creating your character. Please create your character later in account management page.');
+				}
+			}
+
 			if($config['account_create_auto_login']) {
 				$_POST['account_login'] = USE_ACCOUNT_NAME ? $account_name : $account_id;
 				$_POST['password_login'] = $password2;
@@ -286,14 +294,6 @@ if($save)
 					error('An error occurred while sending email. For Admin: More info can be found in system/logs/mailer-error.log');
 				}
 			}
-
-			if(config('account_create_character_create')) {
-				// character creation
-				$character_created = $createCharacter->doCreate($character_name, $character_sex, $character_vocation, $character_town, $new_account, $errors);
-				if (!$character_created) {
-					error('There was an error creating your character. Please create your character later in account management page.');
-				}
-			}
 		}
 
 		return;
diff --git a/system/pages/forum/show_board.php b/system/pages/forum/show_board.php
index 2828f8f0..79b0d9b7 100644
--- a/system/pages/forum/show_board.php
+++ b/system/pages/forum/show_board.php
@@ -57,8 +57,7 @@ if(isset($last_threads[0]))
 	foreach($last_threads as $thread)
 	{
 		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
-		if(Forum::isModerator())
-		{
+		if(Forum::isModerator()) {
 			echo '<a href="?subtopic=forum&action=move_thread&id='.$thread['id'].'"\')"><span style="color:darkgreen">[MOVE]</span></a>';
 			echo '<a href="?subtopic=forum&action=remove_post&id='.$thread['id'].'" onclick="return confirm(\'Are you sure you want remove thread > '.$thread['post_topic'].' <?\')"><span style="color: red">[REMOVE]</span></a>  ';
 		}
diff --git a/system/pages/guilds/accept_invite.php b/system/pages/guilds/accept_invite.php
index 6e06196f..59431fb6 100644
--- a/system/pages/guilds/accept_invite.php
+++ b/system/pages/guilds/accept_invite.php
@@ -60,6 +60,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 				}
 			}
 		}
+
 		if(!$is_invited) {
 			$errors[] = 'Character '.$player->getName() .' isn\'t invited to guild <b>'.$guild->getName().'</b>.';
 		}
@@ -119,5 +120,3 @@ else {
 		));
 	}
 }
-
-?>
diff --git a/system/pages/lostaccount.php b/system/pages/lostaccount.php
index 57d2355b..e27b7b5d 100644
--- a/system/pages/lostaccount.php
+++ b/system/pages/lostaccount.php
@@ -111,7 +111,7 @@ elseif($action == 'sendcode')
 					else
 					{
 						$account->setCustomField('email_next', (time() + 60));
-						echo '<br /><p class="error">An error occorred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+						echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 					}
 				}
 				else
@@ -330,7 +330,7 @@ elseif($action == 'step3')
 								}
 								else
 								{
-									echo '<br /><p class="error">An error occorred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
+									echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 								}
 							}
 							else
@@ -513,7 +513,7 @@ elseif($action == 'setnewpassword')
 					}
 					else
 					{
-						echo '<br /><p class="error">New password work! An error occorred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
+						echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 					}
 				echo '</TD></TR>
 				</TABLE>
diff --git a/system/pages/online.php b/system/pages/online.php
index a7d505f5..02863858 100644
--- a/system/pages/online.php
+++ b/system/pages/online.php
@@ -47,8 +47,9 @@ if($config['online_outfit']) {
 
 if($config['online_vocations']) {
 	$vocs = array();
-	foreach($config['vocations'] as $id => $name)
+	foreach($config['vocations'] as $id => $name) {
 		$vocs[$id] = 0;
+	}
 }
 
 if($db->hasTable('players_online')) // tfs 1.0
@@ -59,8 +60,7 @@ else
 $players_data = array();
 $players = 0;
 $data = '';
-foreach($playersOnline as $player)
-{
+foreach($playersOnline as $player) {
 	$skull = '';
 	if($config['online_skulls'])
 	{
@@ -89,15 +89,14 @@ foreach($playersOnline as $player)
 		'outfit' => $config['online_outfit'] ? $config['outfit_images_url'] . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'] : null
 	);
 
-	if($config['online_vocations'])
+	if($config['online_vocations']) {
 		$vocs[($player['vocation'] > $config['vocations_amount'] ? $player['vocation'] - $config['vocations_amount'] : $player['vocation'])]++;
+	}
 }
 
 $record = '';
-if($players > 0)
-{
-	if($config['online_record'])
-	{
+if($players > 0) {
+	if($config['online_record']) {
 		$timestamp = false;
 		if($db->hasTable('server_record')) {
 			$query =
@@ -105,15 +104,13 @@ if($players > 0)
 					'SELECT `record`, `timestamp` FROM `server_record` WHERE `world_id` = ' . (int)$config['lua']['worldId'] .
 					' ORDER BY `record` DESC LIMIT 1');
 			$timestamp = true;
-		}
-		else if($db->hasTable('server_config')) { // tfs 1.0
+		} else if($db->hasTable('server_config')) { // tfs 1.0
 			$query = $db->query('SELECT `value` as `record` FROM `server_config` WHERE `config` = ' . $db->quote('players_record'));
-		}
-		else
+		} else {
 			$query = NULL;
+		}
 
-		if(isset($query) && $query->rowCount() > 0)
-		{
+		if(isset($query) && $query->rowCount() > 0) {
 			$result = $query->fetch();
 			$record = 'The maximum on this game world was ' . $result['record'] . ' players' . ($timestamp ? ' on ' . date("M d Y, H:i:s", $result['timestamp']) . '.' : '.');
 		}
diff --git a/system/templates/account.create.html.twig b/system/templates/account.create.html.twig
index 84be3ac6..6b60207f 100644
--- a/system/templates/account.create.html.twig
+++ b/system/templates/account.create.html.twig
@@ -227,7 +227,7 @@
                                                 {% if config.character_towns|length > 1 %}
 												<tr>
 													<td class="LabelV" style="width: 150px">
-														<span{% if errors.town is defined %} class="red"{% endif %}>Select your city:</span>
+														<span{% if errors.town is defined %} class="red"{% endif %}>Select your town:</span>
 													</td>
 													<td>
 														<table width="100%" >

From a570363fe0341b25e1f59cd45bb1245eff37dc9c Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 7 Nov 2022 09:07:32 +0100
Subject: [PATCH 08/11] Update README.md

---
 README.md | 43 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 34 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 4cfe40ce..6fabc570 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# MyAAC
+# [MyAAC](https://my-aac.org)
 
 [![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
 [![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
@@ -11,7 +11,7 @@ MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP.
 
 Official website: https://my-aac.org
 
-### REQUIREMENTS
+### Requirements
 
 	- PHP 5.6 or later
 	- MySQL database
@@ -20,7 +20,7 @@ Official website: https://my-aac.org
 	- ZIP PHP Extension
 	- (optional) mod_rewrite to use friendly_urls
 
-### INSTALLATION AND CONFIGURATION
+### Installation
 
 	Just decompress and untar the source (which you should have done by now,
 	if you're reading this), into your webserver's document root.
@@ -40,15 +40,40 @@ Official website: https://my-aac.org
 
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
 
-### KNOWN PROBLEMS
+### Configuration
 
-	- none -
+Check *config.php* to get more informations.
+Use *config.local.php* for your local configuration changes.
 
-### OTHER NOTES
+### Branches
+
+This repository follows the Git Flow Workflow.
+Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
+
+That means, we use:
+* master branch, for current stable release
+* develop branch, for development version (next release)
+* feature branches, for features etc.
+
+### Known Problems
+
+- Some compatibility issues with some exotical distibutions.
+
+### Contributing
+
+Contributions are more than welcome. 
+
+Pull requests should be made to the *develop* branch as that is the working branch, master is for release code.  
+
+Bug fixes to current release should be done to master branch.
+
+Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
+
+### Other Notes
 
 	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
 
-### LICENSING
+### License
 
-	This program and all associated files are released under the GNU Public
-	License, see LICENSE for details.
+This program and all associated files are released under the GNU Public License.  
+See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.

From 2321cf84b0120ed1bf3ca38439ee44e7bd8c8dd4 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 7 Nov 2022 09:10:19 +0100
Subject: [PATCH 09/11] patch changes & fixes from master branch

remove VERSION file
update rules
add 33 migration
add get_version_for_release.sh script
update schema
add use_character_sample_skills
---
 CREDITS                            |  2 +-
 VERSION                            |  1 -
 common.php                         |  2 +-
 config.php                         |  2 ++
 install/includes/schema.sql        |  4 ++--
 nginx-sample.conf                  |  4 ++--
 release.sh                         |  8 ++++----
 system/get_version_for_release.php |  4 ++++
 system/libs/CreateCharacter.php    | 22 +++++++++++++++++-----
 system/libs/pot/OTS_Player.php     |  2 +-
 system/migrations/33.php           |  6 ++++++
 system/templates/rules.html.twig   |  8 +-------
 12 files changed, 41 insertions(+), 24 deletions(-)
 delete mode 100644 VERSION
 create mode 100644 system/get_version_for_release.php
 create mode 100644 system/migrations/33.php

diff --git a/CREDITS b/CREDITS
index f727b661..404de30c 100644
--- a/CREDITS
+++ b/CREDITS
@@ -1,3 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2021)
+* Slawkens (2009 - 2022)
 * Contributors listed in CONTRIBUTORS.txt
diff --git a/VERSION b/VERSION
deleted file mode 100644
index 16d5c109..00000000
--- a/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-0.9.0-dev
\ No newline at end of file
diff --git a/common.php b/common.php
index f0927d6b..df529a4a 100644
--- a/common.php
+++ b/common.php
@@ -27,7 +27,7 @@ if (version_compare(phpversion(), '7.1', '<')) die('PHP version 7.1 or higher is
 
 const MYAAC = true;
 const MYAAC_VERSION = '0.9.0-dev';
-const DATABASE_VERSION = 32;
+const DATABASE_VERSION = 33;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
diff --git a/config.php b/config.php
index 36eda984..4f4d4c5a 100644
--- a/config.php
+++ b/config.php
@@ -164,6 +164,8 @@ $config = array(
 		4 => 'Knight Sample'
 	),
 
+	'use_character_sample_skills' => false,
+
 	// it must show limited number of players after using search in character page
 	'characters_search_limit' => 15,
 
diff --git a/install/includes/schema.sql b/install/includes/schema.sql
index fb097bb0..8a12dd40 100644
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,4 +1,4 @@
-SET @myaac_database_version = 32;
+SET @myaac_database_version = 33;
 
 CREATE TABLE `myaac_account_actions`
 (
@@ -327,7 +327,7 @@ CREATE TABLE `myaac_spells`
 
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(16) NOT NULL,
+	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
 	`page` VARCHAR(2048) NOT NULL,
 	UNIQUE (`ip`)
diff --git a/nginx-sample.conf b/nginx-sample.conf
index f826d21d..f659c531 100644
--- a/nginx-sample.conf
+++ b/nginx-sample.conf
@@ -11,7 +11,7 @@ server {
         location ~ \.php$ {
                 include snippets/fastcgi-php.conf;
                 fastcgi_read_timeout 240;
-                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
+                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
         }
 
         location ~ /\.ht {
@@ -22,4 +22,4 @@ server {
            deny all;
            return 404;
         }
-}
+}
\ No newline at end of file
diff --git a/release.sh b/release.sh
index 6bf99385..e720a3a9 100644
--- a/release.sh
+++ b/release.sh
@@ -13,7 +13,7 @@ fi
 
 if [ $1 = "prepare" ]; then
 	# define release version
-	version=`cat VERSION`
+	version=`php system/get_version_for_release.php`
 
 	echo "Preparing to release version $version of the MyAAC Project!"
 
@@ -24,7 +24,7 @@ if [ $1 = "prepare" ]; then
 	# get myaac from git archive
 	git archive --format zip --output tmp/myaac.zip master
 
-	cd tmp/
+	cd tmp/ || exit
 
 	dir="myaac-$version"
 	if [ -d "$dir" ] ; then
@@ -41,9 +41,9 @@ fi
 
 if [ $1 = "pack" ]; then
 	# define release version
-	version=`cat VERSION`
+	version=`php system/get_version_for_release.php`
 
-	cd tmp
+	cd tmp || exit
 
 	# tar.gz
 	echo "Creating .tar.gz package.."
diff --git a/system/get_version_for_release.php b/system/get_version_for_release.php
new file mode 100644
index 00000000..fa378dbb
--- /dev/null
+++ b/system/get_version_for_release.php
@@ -0,0 +1,4 @@
+<?php
+
+require __DIR__ . '/../common.php';
+echo MYAAC_VERSION;
diff --git a/system/libs/CreateCharacter.php b/system/libs/CreateCharacter.php
index 6eb4771b..09ee5d89 100644
--- a/system/libs/CreateCharacter.php
+++ b/system/libs/CreateCharacter.php
@@ -193,8 +193,14 @@ class CreateCharacter
 		$player->setManaSpent($char_to_copy->getManaSpent());
 		$player->setSoul($char_to_copy->getSoul());
 
-		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
-			$player->setSkill($skill, 10);
+		for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++) {
+			$value = 10;
+			if (config('use_character_sample_skills')) {
+				$value = $char_to_copy->getSkill($skill);
+			}
+
+			$player->setSkill($skill, $value);
+		}
 
 		$player->setLookBody($char_to_copy->getLookBody());
 		$player->setLookFeet($char_to_copy->getLookFeet());
@@ -234,16 +240,22 @@ class CreateCharacter
 
 		if($db->hasTable('player_skills')) {
 			for($i=0; $i<7; $i++) {
+				$value = 10;
+				if (config('use_character_sample_skills')) {
+					$value = $char_to_copy->getSkill($i);
+				}
 				$skillExists = $db->query('SELECT `skillid` FROM `player_skills` WHERE `player_id` = ' . $player->getId() . ' AND `skillid` = ' . $i);
 				if($skillExists->rowCount() <= 0) {
-					$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', 10, 0)');
+					$db->query('INSERT INTO `player_skills` (`player_id`, `skillid`, `value`, `count`) VALUES ('.$player->getId().', '.$i.', ' . $value . ', 0)');
 				}
 			}
 		}
 
 		$loaded_items_to_copy = $db->query("SELECT * FROM player_items WHERE player_id = ".$char_to_copy->getId()."");
-		foreach($loaded_items_to_copy as $save_item)
-			$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', '".$save_item['attributes']."');");
+		foreach($loaded_items_to_copy as $save_item) {
+			$blob = $db->quote($save_item['attributes']);
+			$db->query("INSERT INTO `player_items` (`player_id` ,`pid` ,`sid` ,`itemtype`, `count`, `attributes`) VALUES ('".$player->getId()."', '".$save_item['pid']."', '".$save_item['sid']."', '".$save_item['itemtype']."', '".$save_item['count']."', $blob);");
+		}
 
 		global $twig;
 		$twig->display('success.html.twig', array(
diff --git a/system/libs/pot/OTS_Player.php b/system/libs/pot/OTS_Player.php
index a32bed8a..b5f48dc6 100644
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -2489,7 +2489,7 @@ class OTS_Player extends OTS_Row_DAO
 
         $value = $this->db->query('SELECT ' . $this->db->fieldName('value') . ' FROM ' . $this->db->tableName('player_storage') . ' WHERE ' . $this->db->fieldName('key') . ' = ' . (int) $key . ' AND ' . $this->db->fieldName('player_id') . ' = ' . $this->data['id'])->fetch();
 
-        if($value !== false)
+        if($value === false)
         {
             return null;
         }
diff --git a/system/migrations/33.php b/system/migrations/33.php
new file mode 100644
index 00000000..12fe4c2c
--- /dev/null
+++ b/system/migrations/33.php
@@ -0,0 +1,6 @@
+<?php
+// Increase size of ip in myaac_visitors table
+// according to this answer: https://stackoverflow.com/questions/166132/maximum-length-of-the-textual-representation-of-an-ipv6-address
+// the size of ipv6 can be maximal 45 chars
+
+$db->exec('ALTER TABLE `' . TABLE_PREFIX . "visitors` MODIFY `ip` VARCHAR(45) NOT NULL;");
diff --git a/system/templates/rules.html.twig b/system/templates/rules.html.twig
index 83e0103f..55490047 100644
--- a/system/templates/rules.html.twig
+++ b/system/templates/rules.html.twig
@@ -1,8 +1,2 @@
-{% if constant('PAGE') == 'rules' %}
 <b>{{ config.lua.serverName }} Rules</b><br/>
-<textarea rows="25" wrap="physical" cols="70" readonly="true">
-{% endif %}
-{{ getCustomPage('rules_on_the_page') }}
-{% if constant('PAGE') == 'rules' %}
-	</textarea>
-{% endif %}
+{{ getCustomPage('rules_on_the_page') | nl2br }}

From 42d531838ca10dc1c799346b53978fb1cabc2d39 Mon Sep 17 00:00:00 2001
From: Gabriel Pedro <gpedro@users.noreply.github.com>
Date: Thu, 24 Nov 2022 03:19:09 -0400
Subject: [PATCH 10/11] feat: github actions phplint (#206)

* feat: php linter on pull requests

* test: breaking code

* Revert "test: breaking code"

This reverts commit 9d385a3421b3e2c72a5c7341bcd387663595c699.
---
 .github/workflows/phplint.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/workflows/phplint.yml

diff --git a/.github/workflows/phplint.yml b/.github/workflows/phplint.yml
new file mode 100644
index 00000000..a9c0d700
--- /dev/null
+++ b/.github/workflows/phplint.yml
@@ -0,0 +1,13 @@
+name: PHP Linting
+on:
+  pull_request:
+    branches: [master, develop]
+  push:
+    branches: [master]
+
+jobs:
+  phplint:
+    runs-on: ubuntu-latest
+    steps:
+        - uses: actions/checkout@v1
+        - uses: michaelw90/PHP-Lint@master

From ac5b864ea92c5a506f6670ba2502a2e3a4473077 Mon Sep 17 00:00:00 2001
From: slawkens <slawkens@gmail.com>
Date: Mon, 28 Nov 2022 12:26:34 +0100
Subject: [PATCH 11/11] Small fixes

---
 system/templates/admin.news.form.html.twig | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/system/templates/admin.news.form.html.twig b/system/templates/admin.news.form.html.twig
index 2427429f..1c134c6e 100644
--- a/system/templates/admin.news.form.html.twig
+++ b/system/templates/admin.news.form.html.twig
@@ -22,9 +22,9 @@
 				<div class="form-group row">
 					<label for="select-type">Type</label>
 					<select class="form-control" name="type" id="select-type">
-						<option value="{{ constant('NEWS') }}" {% if type is defined and type == constant('NEWS') %}selected="yes"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
-						<option value="{{ constant('TICKER') }}" {% if type is defined and type == constant('TICKER') %}selected="yes"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticket</option>
-						<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="yes"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
+						<option value="{{ constant('NEWS') }}" {% if type is defined and type == constant('NEWS') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('NEWS') %} disabled{% endif %}>News</option>
+						<option value="{{ constant('TICKER') }}" {% if type is defined and type == constant('TICKER') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('TICKER') %} disabled{% endif %}>Ticker</option>
+						<option value="{{ constant('ARTICLE') }}" {% if type is defined and type == constant('ARTICLE') %}selected="selected"{% endif %}{% if action == 'edit' and type != constant('ARTICLE') %} disabled{% endif %}>Article</option>
 					</select>
 				</div>