Merge branch 'develop' into feature/2fa

2026-01-20 05:06:23 +01:00 · 2026-01-18 11:13:36 +01:00
parent abee4b3962 e3efbdc5a8
commit fdd0de8602
173 changed files with 3662 additions and 4878 deletions
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -1,9 +1,9 @@
 name: Cypress
 on:
  pull_request:
-    branches: [main]
+    branches: [develop]
  push:
-    branches: [main]
+    branches: [develop]
 jobs:
  cypress:
@@ -22,8 +22,8 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4', '8.5' ]
-        ots: ['tfs-1.4', 'canary-3.1.2'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
+        ots: ['tfs-1.4', 'canary-3.1.2', 'tfs-0.3'] # TODO: add 'tfs-master' (actually doesn't work cause AAC doesn't support reading .env configuration)
    name: Cypress (PHP ${{ matrix.php-versions }}, ${{ matrix.ots }})
    steps:
        - name: 📌 MySQL Start & init & show db
@@ -58,6 +58,14 @@ jobs:
            ref: master
            path: ots
        - name: Checkout TFS 0.3
          uses: actions/checkout@v4
          if: matrix.ots == 'tfs-0.3'
          with:
              repository: otland/tfs-old-svn
              ref: 0.3
              path: ots
        - name: Checkout Canary
          uses: actions/checkout@v4
          if: matrix.ots == 'canary-3.1.2'
@@ -67,9 +75,15 @@ jobs:
            path: ots
        - name: Import OTS Schema
          if: matrix.ots != 'tfs-0.3'
          run: |
              mysql -uroot -proot myaac < ots/schema.sql
        - name: Import OTS Schema (TFS 0.3)
          if: matrix.ots == 'tfs-0.3'
          run: |
              mysql -uroot -proot myaac < ots/schemas/mysql.sql
        - name: Rename config.lua
          run: mv ots/config.lua.dist ots/config.lua
@@ -109,6 +123,33 @@ jobs:
              regex: false
              include: 'ots/config.lua'
        - name: Replace mysqlPass (TFS 0.3.6pl1)
          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-0.3'
          with:
              find: 'sqlType = "sqlite"'
              replace: 'sqlType = "mysql"'
              regex: false
              include: 'ots/config.lua'
        - name: Replace mysqlPass (TFS 0.3.6pl1)
          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-0.3'
          with:
              find: 'sqlPass = ""'
              replace: 'sqlPass = "root"'
              regex: false
              include: 'ots/config.lua'
        - name: Replace mysqlDatabase (Canary)
          uses: jacobtomlinson/gha-find-replace@v3
          if: matrix.ots == 'tfs-0.3'
          with:
              find: 'sqlDatabase = "theforgottenserver"'
              replace: 'sqlDatabase = "myaac"'
              regex: false
              include: 'ots/config.lua'
        - name: Setup PHP
          uses: shivammathur/setup-php@v2
          with:
--- a/.github/workflows/phplint.yml
+++ b/.github/workflows/phplint.yml
@@ -1,9 +1,9 @@
 name: PHP Linting
 on:
  pull_request:
-    branches: [main]
+    branches: [develop]
  push:
-    branches: [main]
+    branches: [develop]
 jobs:
  phplint:
--- a/.github/workflows/phpstan.yml
+++ b/.github/workflows/phpstan.yml
@@ -2,9 +2,9 @@ name: "PHPStan"
 on:
  pull_request:
-    branches: [main]
+    branches: [develop]
  push:
-    branches: [main]
+    branches: [develop]
 jobs:
  tests:
@@ -14,7 +14,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        php-versions: [ '8.1', '8.2', '8.3', '8.4' ]
+        php-versions: [ '8.1', '8.2', '8.3', '8.4', '8.5' ]
    steps:
      - name: "Checkout"
        uses: "actions/checkout@v4"
--- a/.gitignore
+++ b/.gitignore
@@ -4,7 +4,7 @@ Thumbs.db
 #
 /.htaccess
-lua
+/lua
 # composer
 composer.phar
@@ -24,6 +24,7 @@ releases
 tmp
 config.local.php
 config2.local.php
 # all custom templates
 templates/*
--- a/CHANGELOG-1.x.md
+++ b/CHANGELOG-1.x.md
@@ -1,5 +1,97 @@
 # Changelog
 ## [1.8.7 - 04.01.2026]
 ### Fixed
 * Fixed [player/guild/house] bb code in forum (https://github.com/slawkens/myaac/commit/8ec9bf10682c73f1fe40967a106ccda2a5073ed0)
 ### Changed
 * Settings: better responsiveness on mobile (https://github.com/slawkens/myaac/commit/c65d4e4b62ef26fb4e24ecb1d2bcc4556d746adf)
 * Signatures: Return 404 when the signature player is not found (https://github.com/slawkens/myaac/commit/7e6480b380799add7a2b1b7ce1d3c1f2b6819ff1)
 ### Removed
 * Remove setting: outfit_images_wrong_looktypes - is obsolete, the bug doesn't exist in the latest outfit images (https://github.com/slawkens/myaac/commit/cc220bedc1f01535eaac23f6961135e2e7a6e310)
 ## [1.8.6 - 14.12.2025]
 ### Added
 * Added hook for adding custom rules to validate new character name (https://github.com/slawkens/myaac/commit/8e6749c59984631288e8e9803819b2f0ff389761)
 ### Fixed
 * Highscores: Fix ordering by different skills (Adjust order by desc: skill_tries, manaspent, experience) - More exact results (https://github.com/slawkens/myaac/commit/c86257e6dacbad773aa09c0958eeaa106a967f2d)
 * Fix exception shown on first install, when there is no vendor - Before it displayed 500 white page, now it display the exception (https://github.com/slawkens/myaac/commit/18a1178e4b93607a350259679e0366cb83fb4126)
 * Fix typo $up -> $down, in migration nr 7, was failing due that (https://github.com/slawkens/myaac/commit/fd74f01291d0e9cdb92ee1b95021c9d7b591ad7c)
 ### Changed
 * Ini set html_errors = 0, to show html code in exceptions (https://github.com/slawkens/myaac/commit/9ed06782e67772826d927ad847a077b99df5060d)
 ## [1.8.5 - 21.11.2025]
 ### Added
 * New Setting: Account Countries Most Popular (https://github.com/slawkens/myaac/commit/946364f59d7cd01472877108ab27ec78fb28307a)
 ### Changed
 * Status: Write to status-error.log if there is connection error (https://github.com/slawkens/myaac/commit/780d4ccef741c1dd45a00bfc121fba9f1a175313)
 * Settings: escapeHtml in values (support for html code) (https://github.com/slawkens/myaac/commit/5861efdbe900ccd35309913af0c0a5f3d4cdc1a8)
 * News Page: Don't display hidden news for admin - it's confusing (https://github.com/slawkens/myaac/commit/175e97828b9a08ec3080cc8d3fb4eb3f1c08649f)
 * Plugins System: Add plugin:remove + plugin:delete as alias for plugin:uninstall + plugin:activate/deactivate (https://github.com/slawkens/myaac/commit/6367054487368c92741bfd1dc7c70c52aea9ee87, https://github.com/slawkens/myaac/commit/baec6c9ebf5c342b3b2f7123427c6ba21dbb93bc)
 ### Fixed
 * Status: Fix $status['uptimeReadable'], was totally wrong (https://github.com/slawkens/myaac/commit/0a6d44bf21417562491aabc93543a2bc3a44b2df)
 * Guilds: Detect "deletion" column in guilds show/delete (https://github.com/slawkens/myaac/commit/6775a061bebc9ff449522f0173556d4a7a44fa5e, https://github.com/slawkens/myaac/commit/603d860b56bc7418db09e206f40aa06d0682c00e)
 * General: Ensure some cache folders & index.html exists (https://github.com/slawkens/myaac/commit/730a0f29124811f525207c24c06eb0d088fa3434)
 ## [1.8.4 - 27.10.2025]
 ### Changed
 * Reimport myaac_ tables on every install, this fixes errors when one table is missing or is duplicated (https://github.com/slawkens/myaac/commit/2580edadf84779f09fd395c21f92019b2c762f83)
 * Use custom env init on migrate, migrate:run and migrate:to (https://github.com/slawkens/myaac/commit/13ea68cc0c9349380c8e4051d702a6c2c8256f44, https://github.com/slawkens/myaac/commit/07fd034fe4cb0ffdb88667b1e400f414d0c6d06f)
 ### Fixed
 * Show if there is mysql error on import schema (https://github.com/slawkens/myaac/commit/44110a9496b4385e42c31b75de301037e711b6c3)
 * Fix the premium checks, introduced in v1.8.3 (https://github.com/slawkens/myaac/commit/9d92a11fb7cb6d7a1619d79c12faaa0b1c01f980)
 ## [1.8.3 - 21.10.2025]
 ### Added
 * Feature: resend email verify (https://github.com/slawkens/myaac/commit/fe821c58085483e70491dcf76376ad5b96de3fdd)
 * New config: hooks_debug (To view where hooks are located in .twig files) (https://github.com/slawkens/myaac/commit/8c3cb0e06f9709c1de3398b48221241e7cbdd310)
 * Functions: Add db->getColumnInfo(table, column) (https://github.com/slawkens/myaac/commit/c898fe25efff6793a01d11c26fc153cb23fcb858)
 * Plugins: Add option to use ?subtopic=x for plugins pages (https://github.com/slawkens/myaac/commit/97f9d3d6f6c28aef6d824973058d7133f56e09c4)
 * getTopPlayers() Function - Add lookmount & promotion (https://github.com/slawkens/myaac/commit/2da0024c68f1cedc38a16ebbc6f52ffa55e65f7a, https://github.com/slawkens/myaac/commit/901df48d134079d648a18f9d82b60182e818ac02)
 * New hooks for account/change-password (https://github.com/slawkens/myaac/commit/470555f2687809a0c12491bbb27597e64b8929c1)
 ### Changed
 * Feature: show vip days in account management (https://github.com/slawkens/myaac/commit/c88b08eb1ec1f560cbfdaaa16b24e3a0f26da7b3, by @andreoam)
 * Allow links in error_box.html.twig (https://github.com/slawkens/myaac/commit/9acad15451071639acf7a7d4e81619b0a9742b12)
 * Canary - Comment code to update lastday in login.php (https://github.com/slawkens/myaac/commit/38902c30d114fdbce259467f5820f97037b393e9)
 * Cache::remember $ttl = -1 = infinite (https://github.com/slawkens/myaac/commit/64acf70d3854182d88aaf0b67f77cea2a254f179)
 ### Fixed
 * Online - Allow for html code (example - img) in online_datacenter (https://github.com/slawkens/myaac/commit/3bb272ebbbd2eb7769d174b7082061d14a17bd44)
 * Guilds - Fix guild create with freePremium enabled (https://github.com/slawkens/myaac/commit/c91bb5d4097647dca2196d3dea87bc90c89181d2)
 * Canary - Fix premDays count (https://github.com/slawkens/myaac/commit/3e61692780d4add93b7b0e9f12f7a283bd8f4b7a)
 * Template Change: Ignore set last visit for AJAX pages - Fixes template change redirect (https://github.com/slawkens/myaac/commit/89fae38caa7e4f645957fcf1a9330a36358ac04f)
 * Admin Panel - Accounts: Fix lastip v6 (TFS master) (https://github.com/slawkens/myaac/commit/f54b1bdd2af4c16c64ddff0e87a6c96bc4cf9eeb)
 * Functions - Prevent injection in $db->hasColumn (https://github.com/slawkens/myaac/commit/56bd7ec5ed904666074492f2e4f13e4fce226bee)
 * Compat Config: Add missing config: email_lai_sec_interval (https://github.com/slawkens/myaac/commit/2eae44e0755e624a91be68b4d1ec26d01eb4d9a1)
 ## [1.8.2 - 26.09.2025]
 ### Added
 * Routes: Possibility to override routes with plugins pages, like characters.php - No need to define routes in plugin.json anymore (https://github.com/slawkens/myaac/commit/3f24f961b1cdeff5c60387e837ae454448bc5e1b)
 ### Changed
 * Style: Better look for myaac-table (https://github.com/slawkens/myaac/commit/a6032093b21e5bb3f0e75d2704da87d6dea6469d, https://github.com/slawkens/myaac/commit/5aa9bbf1c8e580d973ec82ac012489f8e7bc437e)
 ### Fixed
 * Install: Fix when config.local.php cannot be saved (https://github.com/slawkens/myaac/commit/4eab805d26d8c5562b29ed699769919d77dabced)
 * Create Account: Fix an exception when email cannot be sent (https://github.com/slawkens/myaac/commit/d0112d1a67e8b854b65ad131f0375b79305df8d3)
 * Login Page: Add missing csrf() - fix create account button (https://github.com/slawkens/myaac/commit/3c0cb53e17dd0b85394cfa0fdc9cf9ad8d4551df)
 * tibiacom template: Fix account lost menu (https://github.com/slawkens/myaac/commit/ed9beaf2b6ca069e304e569c52e5b9188b58f05c)
 * tibiacom template: Fix Menu div wrong tag/closing (#329) (https://github.com/slawkens/myaac/commit/85e7005fd3f0be51466151a3c122b96085fdfe68)
 * tibiacom template: Replace firstChild with firstElementChild (Thanks to @un000000) (https://github.com/slawkens/myaac/commit/df7b6e29fb8875da97f431468c81ee99116271d9)
 ## [1.8.1 - 05.09.2025]
 ### Added
--- a/CHANGELOG-2.x.md
+++ b/CHANGELOG-2.x.md
@@ -0,0 +1,19 @@
 ## [2.0-dev - x.x.2025]
 ### Added
 * Add an "access" option to Menus (#340)
 	* Possibility to hide menus for unauthorized users
 * Add the possibility to fetch skills in the getTopPlayers function (#347)
 ### Changed
 * Better handling of vocations: (#345)
  * Load from vocations.xml (No need to manually set)
  * Support for Monk vocation
 * Reworked account action logs to use a single IP column as varchar(45) for both ipv4 and ipv6 (#289)
 * Admin Panel: save menu collapse state (https://github.com/slawkens/myaac/commit/55da00520df7463a1d1ca41931df1598e9f2ffeb)
 ### Internal
 * Refactor OTS_Player to support more distros (#348)
 * Refactor PHP cache to store expiration and improve typing (https://github.com/slawkens/myaac/commit/96b8e00f4999f8b4c4c97b54b97d91c6fd7df298)
 * Move forum show_board code to Twig (https://github.com/slawkens/myaac/commit/e0e0e467012a5fb9979cc4387af6bad1d4540279)
 * Save db cache only if it has changed (https://github.com/slawkens/myaac/commit/11cb1cf97e74f3bccf59360e1efb800a426b3d43)
--- a/4
+++ b/4
@@ -25,7 +25,9 @@ foreach ($commandsGlob as $item) {
 	}
 	$commandPre = '\\MyAAC\Commands\\';
-	$application->add(new ($commandPre . $name));
+	if (!trait_exists($class = $commandPre . $name)) {
 		$application->add(new $class);
 	}
 }
 $pluginCommands = Plugins::getCommands();
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -9,6 +9,7 @@
 */
 use MyAAC\Models\Account as AccountModel;
 use MyAAC\Models\AccountAction;
 use MyAAC\Models\Player;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -481,9 +482,8 @@ else if (isset($_REQUEST['search'])) {
 									</thead>
 									<tbody>
 										<?php
-											$accountActions = \MyAAC\Models\AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
+											$accountActions = AccountAction::where('account_id', $account->getId())->orderByDesc('date')->get();
 											foreach ($accountActions as $i => $log):
 												$log->ip = ($log->ip != 0 ? long2ip($log->ip) : inet_ntop($log->ipv6));
 												?>
 											<tr>
 												<td><?php echo $i + 1; ?></td>
@@ -631,6 +631,7 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 						</form>
 					</div>
 					<?php if (USE_ACCOUNT_NAME): ?>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<?php csrf(); ?>
@@ -641,6 +642,7 @@ else if (isset($_REQUEST['search'])) {
 							</div>
 						</form>
 					</div>
 					<?php endif; ?>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<?php csrf(); ?>
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -6,6 +6,7 @@
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Lee
 * @author    gpedro
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
@@ -19,9 +20,9 @@ $title = 'Mass Account Actions';
 csrfProtect();
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
-$freePremium = $config['lua']['freePremium'];
+$freePremium = getBoolean(configLua('freePremium'));
-function admin_give_points($points)
+function admin_give_points($points): void
 {
 	global $hasPointsColumn;
@@ -37,7 +38,7 @@ function admin_give_points($points)
 	displayMessage($points . ' points added to all accounts.', true);
 }
-function admin_give_coins($coins)
+function admin_give_coins($coins): void
 {
 	if (!HAS_ACCOUNT_COINS) {
 		displayMessage('Coins not supported.');
@@ -52,7 +53,7 @@ function admin_give_coins($coins)
 	displayMessage($coins . ' coins added to all accounts.', true);
 }
-function admin_give_premdays($days)
+function admin_give_premdays($days): void
 {
 	global $db, $freePremium;
@@ -63,6 +64,7 @@ function admin_give_premdays($days)
 	$value = $days * 86400;
 	$now = time();
 	// othire
 	if ($db->hasColumn('accounts', 'premend')) {
 		// append premend
@@ -70,14 +72,11 @@ function admin_give_premdays($days)
 			// set premend
 			if (Account::where('premend', '<=', $now)->update(['premend' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
 				displayMessage('Failed to execute set query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute append query.');
 			return;
 		}
 		return;
@@ -92,20 +91,14 @@ function admin_give_premdays($days)
 				// set lastday
 				if (Account::where('lastday', '<=', $now)->update(['lastday' => $now + $value])) {
 					displayMessage($days . ' premium days added to all accounts.', true);
 					return;
 				} else {
 					displayMessage('Failed to execute set query.');
 					return;
 				}
 				return;
 			} else {
 				displayMessage('Failed to execute append query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute set days query.');
 			return;
 		}
 		return;
@@ -118,14 +111,11 @@ function admin_give_premdays($days)
 			// set premium_ends_at
 			if (Account::where('premium_ends_at', '<=', $now)->update(['premium_ends_at' => $now + $value])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
 				displayMessage('Failed to execute set query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute append query.');
 			return;
 		}
 		return;
@@ -170,7 +160,8 @@ else {
 	));
 }
-function displayMessage($message, $success = false) {
+function displayMessage($message, $success = false): void
 {
 	global $twig, $hasPointsColumn, $freePremium;
 	$success ? success($message): error($message);
--- a/admin/pages/menus.php
+++ b/admin/pages/menus.php
@@ -23,6 +23,7 @@ if (!hasFlag(FLAG_CONTENT_MENUS) && !superAdmin()) {
 }
 $pluginThemes = Plugins::getThemes();
 $groups = new OTS_Groups_List();
 if (isset($_POST['template'])) {
 	$template = $_POST['template'];
@@ -32,6 +33,8 @@ if (isset($_POST['template'])) {
 		$post_menu_link = $_POST['menu_link'] ?? [];
 		$post_menu_blank = $_POST['menu_blank'] ?? [];
 		$post_menu_color = $_POST['menu_color'] ?? [];
 		$post_menu_access = $_POST['menu_access'] ?? [];
 		if (count($post_menu) != count($post_menu_link)) {
 			echo 'Menu count is not equal menu links. Something went wrong when sending form.';
 			return;
@@ -50,6 +53,7 @@ if (isset($_POST['template'])) {
 						'link' => $post_menu_link[$category][$i],
 						'blank' => $post_menu_blank[$category][$i] == 'on' ? 1 : 0,
 						'color' => str_replace('#', '', $post_menu_color[$category][$i]),
 						'access' => $post_menu_access[$category][$i],
 						'category' => $category,
 						'ordering' => $i
 					]);
@@ -122,7 +126,7 @@ if (isset($_POST['template'])) {
 	?>
 	<?php
 	$menus = Menu::query()
-		->select('name', 'link', 'blank', 'color', 'category', 'ordering')
+		->select('name', 'link', 'access', 'blank', 'color', 'category', 'ordering')
 		->where('enabled', 1)
 		->where('template', $template)
 		->orderBy('ordering')
@@ -151,11 +155,34 @@ if (isset($_POST['template'])) {
 									foreach ($menus[$id] as $menu):
 										$color = (empty($menu['color']) ? ($cat['default_links_color'] ?? ($config['menu_default_links_color'] ?? ($config['menu_default_color'] ?? '#ffffff'))) : '#' . $menu['color']);
 										?>
-										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
+										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>">
-											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
+											<label class="label_menu_name">Name: <input type="text" name="menu[<?php echo $id ?>][]" class="form-control menu-name" value="<?php echo escapeHtml($menu['name']); ?>"/>
-											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
+											</label>
-											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
+
-											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="<?php echo $color; ?>"/>
+											<label class="label_menu_link">Link: <input type="text" name="menu_link[<?= $id ?>][]" class="form-control menu-link" value="<?php echo $menu['link'] ?>"/>
 											</label>
 											<br/>
 											<div class="menu-options-row">
 												<label>Access:
 													<select name="menu_access[<?= $id ?>][]" class="form-control menu-access">
 														<option value="0" <?= ($menu['access'] == 0 ? 'selected' : ''); ?>>Guest*</option>
 														<?php foreach ($groups->getGroups() as $group): ?>
 															<option value="<?= $group->getId(); ?>" <?= ($menu['access'] == $group->getId() ? 'selected' : ''); ?>><?= ucfirst($group->getName()); ?></option>
 														<?php endforeach; ?>
 													</select>
 												</label>
 												<label>Color: <input class="menu-color" type="color" name="menu_color[<?php echo $id ?>][]" value="<?php echo $color; ?>"/>
 												</label>
 												<input type="hidden" name="menu_blank[<?php echo $id ?>][]" class="menu-blank" value="0"/>
 												<label><input type="checkbox" class="menu-blank-checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
 											</div>
 											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
 										<?php $i++; $last_id[$id] = $i;
 									endforeach;
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -10,6 +10,7 @@
 use MyAAC\Forum;
 use MyAAC\Models\Player;
 use MyAAC\Server\XML\Vocations;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -34,6 +35,7 @@ $skills = array(
 $hasBlessingsColumn = $db->hasColumn('players', 'blessings');
 $hasBlessingColumn = $db->hasColumn('players', 'blessings1');
 $hasLookAddons = $db->hasColumn('players', 'lookaddons');
 $hasCapColumn = $db->hasColumn('players', 'cap');
 $skull_type = array("None", "Yellow", "Green", "White", "Red", "Black", "Orange");
 ?>
@@ -166,8 +168,11 @@ else if (isset($_REQUEST['search'])) {
 			$town = $_POST['town'];
 			verify_number($town, 'Town', 11);
 			if ($hasCapColumn) {
 				$capacity = $_POST['capacity'];
 				verify_number($capacity, 'Capacity', 11);
 			}
 			$sex = $_POST['sex'];
 			verify_number($sex, 'Sex', 1);
@@ -237,7 +242,30 @@ else if (isset($_REQUEST['search'])) {
 				$player->setGroup($groups->getGroup($group));
 				$player->setLevel($level);
 				$player->setExperience($experience);
 				if ($db->hasColumn('players', 'promotion')) {
 					$promotion = 0;
 					$vocationOriginal = Vocations::getOriginal($vocation);
 					if ($vocation != $vocationOriginal) {
 						$tmpId = $vocationOriginal;
 						while($promoted = Vocations::getPromoted($tmpId)) {
 							$promotion++;
 							$tmpId = $promoted;
 							if ($promoted == $vocation) {
 								break;
 							}
 						}
 						$vocation = $vocationOriginal;
 					}
 					$player->setPromotion($promotion);
 				}
 				$player->setVocation($vocation);
 				$player->setHealth($health);
 				$player->setHealthMax($health_max);
 				$player->setMagLevel($magic_level);
@@ -249,16 +277,20 @@ else if (isset($_REQUEST['search'])) {
 				$player->setLookHead($look_head);
 				$player->setLookLegs($look_legs);
 				$player->setLookType($look_type);
-				if ($hasLookAddons)
+				if ($hasLookAddons) {
 					$player->setLookAddons($look_addons);
-				if ($db->hasColumn('players', 'offlinetraining_time'))
+				}
-					$player->setCustomField('offlinetraining_time', $offlinetraining);
+
 				$player->setPosX($pos_x);
 				$player->setPosY($pos_y);
 				$player->setPosZ($pos_z);
 				$player->setSoul($soul);
 				$player->setTownId($town);
 				if ($hasCapColumn) {
 					$player->setCap($capacity);
 				}
 				$player->setSex($sex);
 				$player->setLastLogin($lastlogin);
 				$player->setLastLogout($lastlogout);
@@ -275,23 +307,11 @@ else if (isset($_REQUEST['search'])) {
 				if ($hasBlessingsColumn)
 					$player->setBlessings($blessings);
 				if ($hasBlessingColumn) {
 					for ($i = 1; $i <= $bless_count; $i++) {
 						$a = 'blessing' . $i;
 						$player->setCustomField('blessings' . $i, ${'blessing' . $i} ? '1' : '0');
 					}
 				}
 				$player->setBalance($balance);
 				if ($db->hasColumn('players', 'stamina'))
 					$player->setStamina($stamina);
-				if ($db->hasColumn('players', 'deletion'))
+
-					$player->setCustomField('deletion', $deleted ? '1' : '0');
+				$player->setDeleted($deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
 				$player->setCustomField('hide', $hide ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
 				foreach ($_POST['skills'] as $skill => $value) {
 					$player->setSkill($skill, $value);
@@ -300,6 +320,24 @@ else if (isset($_REQUEST['search'])) {
 					$player->setSkillTries($skill, $value);
 				}
 				$player->save();
 				if ($db->hasColumn('players', 'offlinetraining_time')) {
 					$player->setCustomField('offlinetraining_time', $offlinetraining);
 				}
 				if ($hasBlessingColumn) {
 					for ($i = 1; $i <= $bless_count; $i++) {
 						$a = 'blessing' . $i;
 						$player->setCustomField('blessings' . $i, ${'blessing' . $i} ? '1' : '0');
 					}
 				}
 				$player->setCustomField('hide', $hide ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment)) {
 					$player->setCustomField('comment', $comment);
 				}
 				echo_success('Player saved at: ' . date('G:i'));
 				$player->load($id);
 			}
@@ -531,10 +569,12 @@ else if (isset($_REQUEST['search'])) {
 									</div>
 								</div>
 								<div class="form-group row">
 									<?php if($hasCapColumn): ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="capacity" class="control-label">Capacity:</label>
 										<input type="text" class="form-control" id="capacity" name="capacity" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getCap(); ?>"/>
 									</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="soul" class="control-label">Soul:</label>
 										<input type="text" class="form-control" id="soul" name="soul" autocomplete="off" size="3" maxlength="10" value="<?php echo $player->getSoul(); ?>"/>
@@ -669,12 +709,18 @@ else if (isset($_REQUEST['search'])) {
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
 										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
-										if (strlen($player->getLastIP()) > 11) {
+										$lastIPColumnInfo = $db->getColumnInfo('players', 'lastip');
 										if ($lastIPColumnInfo && is_array($lastIPColumnInfo)) {
 											if (str_contains($lastIPColumnInfo['type'], 'varbinary')) {
 												echo inet_ntop($player->getLastIP());
 											}
 											else {
 												echo longToIp($player->getLastIP());
 											}
 										}
 										else {
 											echo 'Error';
 										}
 										?>" readonly/>
 									</div>
 								</div>
--- a/admin/template/menus.php
+++ b/admin/template/menus.php
@@ -60,7 +60,7 @@ usort($menus, function ($a, $b) {
 foreach ($menus as $i => $menu) {
 	if (isset($menu['link']) && is_array($menu['link'])) {
-		usort($menus[$i]['link'], function ($a, $b) {
+		usort($menu['link'], function ($a, $b) {
 			return $a['order'] - $b['order'];
 		});
 	}
--- a/admin/template/template.php
+++ b/admin/template/template.php
@@ -19,14 +19,14 @@
 	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
 	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
 </head>
-<body class="sidebar-mini ">
+<body class="sidebar-mini <?= (session('admin.menu-collapse') ? 'sidebar-collapse' : ''); ?>">
 <?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
 <?php if ($logged && admin()) { ?>
 	<div class="wrapper">
 		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
 			<ul class="navbar-nav">
 				<li class="nav-item">
-					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
+					<a class="nav-link sidebar-toggle" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
 				</li>
 				<li class="nav-item d-none d-sm-inline-block">
 					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
@@ -198,6 +198,7 @@ if ($logged && admin()) {
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
 <?php $twig->display('admin.menu-collapse.html.twig'); ?>
 <?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
 </html>
--- a/admin/tools/menu_collapse.php
+++ b/admin/tools/menu_collapse.php
@@ -0,0 +1,23 @@
 <?php
 const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 if(!admin()) {
 	http_response_code(500);
 	die('You are not logged in. Probably session expired. Please login again.');
 }
 if (!isset($_POST['collapse'])) {
 	http_response_code(500);
 	die('Something went wrong.');
 }
 csrfProtect();
 setSession('admin.menu-collapse', $_POST['collapse'] == 'true');
--- a/admin/tools/phpinfo.php
+++ b/admin/tools/phpinfo.php
@@ -1,5 +1,6 @@
 <?php
-define('MYAAC_ADMIN', true);
+const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
--- a/admin/tools/reload_data.php
+++ b/admin/tools/reload_data.php
@@ -26,6 +26,7 @@
 use MyAAC\DataLoader;
 const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
--- a/admin/tools/settings_save.php
+++ b/admin/tools/settings_save.php
@@ -3,6 +3,7 @@
 use MyAAC\Settings;
 const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
@@ -11,7 +12,7 @@ require SYSTEM . 'login.php';
 if(!admin()) {
 	http_response_code(500);
-	die('Access denied.');
+	die('You are not logged in. Probably session expired. Please login again.');
 }
 csrfProtect();
@@ -39,3 +40,6 @@ if (count($errors) > 0) {
 if ($success) {
 	echo 'Saved at ' . date('H:i');
 }
 else {
 	echo 'Something unexpected happened - it was impossible to save the settings, please try again later. If problem persists - contact MyAAC developers.';
 }
--- a/admin/tools/status.php
+++ b/admin/tools/status.php
@@ -1,5 +1,6 @@
 <?php
-define('MYAAC_ADMIN', true);
+const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'init.php';
--- a/admin/tools/upload_image.php
+++ b/admin/tools/upload_image.php
@@ -1,5 +1,6 @@
 <?php
-define('MYAAC_ADMIN', true);
+const MYAAC_ADMIN = true;
 const IGNORE_SET_LAST_VISIT = true;
 require '../../common.php';
 require SYSTEM . 'functions.php';
--- a/common.php
+++ b/common.php
@@ -26,8 +26,8 @@
 if (version_compare(phpversion(), '8.1', '<')) die('PHP version 8.1 or higher is required.');
 const MYAAC = true;
-const MYAAC_VERSION = '1.8.2-dev';
+const MYAAC_VERSION = '2.0-dev';
-const DATABASE_VERSION = 46;
+const DATABASE_VERSION = 50;
 const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
@@ -148,16 +148,17 @@ if(!IS_CLI) {
 /** @var array $config */
 ini_set('log_errors', 1);
-if(@$config['env'] === 'dev' || defined('MYAAC_INSTALL')) {
+if(isset($config['env']) && $config['env'] !== 'dev' && !defined('MYAAC_INSTALL')) {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
 }
 else {
 	ini_set('display_errors', 0);
 	ini_set('display_startup_errors', 0);
 	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
 }
 else {
 	ini_set('html_errors', 0);
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
 }
 $autoloadFile = VENDOR . 'autoload.php';
 if (!is_file($autoloadFile)) {
--- a/images/druid.png
+++ b/images/druid.png
--- a/images/facebook_16x16.png
+++ b/images/facebook_16x16.png
--- a/images/instagram_16x16.png
+++ b/images/instagram_16x16.png
--- a/images/knight.png
+++ b/images/knight.png
--- a/images/monk.png
+++ b/images/monk.png
--- a/images/news/delete.png
+++ b/images/news/delete.png
--- a/images/paladin.png
+++ b/images/paladin.png
--- a/images/sorcerer.png
+++ b/images/sorcerer.png
--- a/images/whatsapp_16x16.png
+++ b/images/whatsapp_16x16.png
--- a/install/includes/import_base_data.php
+++ b/install/includes/import_base_data.php
@@ -0,0 +1,77 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 use MyAAC\Models\Changelog;
 use MyAAC\Models\Config;
 use MyAAC\Models\FAQ;
 use MyAAC\Models\ForumBoard;
 use MyAAC\Models\Gallery;
 use MyAAC\Models\NewsCategory;
 if (Changelog::count() === 0) {
 	Changelog::create([
 		'type' => 3,
 		'where' => 2,
 		'date' => time(),
 		'body' => 'MyAAC installed. (:',
 		'hide' => 0,
 	]);
 }
 if (Config::where('name', 'database_version')->count() === 0) {
 	Config::create([
 		'name' => 'database_version',
 		'value' => DATABASE_VERSION,
 	]);
 }
 if (ForumBoard::count() === 0) {
 	$forumBoards = [
 		['name' => 'News', 'description' => 'News commenting', 'closed' => 1],
 		['name' => 'Trade', 'description' => 'Trade offers.', 'closed' => 0],
 		['name' => 'Quests', 'description' => 'Quest making.', 'closed' => 0],
 		['name' => 'Pictures', 'description' => 'Your pictures.', 'closed' => 0],
 		['name' => 'Bug Report', 'description' => 'Report bugs there.', 'closed' => 0],
 	];
 	$i = 0;
 	foreach ($forumBoards as $forumBoard) {
 		ForumBoard::create([
 			'name' => $forumBoard['name'],
 			'description' => $forumBoard['description'],
 			'ordering' => $i++,
 			'closed' => $forumBoard['closed'],
 		]);
 	}
 }
 if (NewsCategory::count() === 0) {
 	$newsCategoriesIcons = [
 		0, 1, 2, 3, 4
 	];
 	foreach ($newsCategoriesIcons as $iconId) {
 		NewsCategory::create([
 			'icon_id' => $iconId,
 		]);
 	}
 }
 if (Gallery::count() === 0) {
 	Gallery::create([
 		'comment' => 'Demon',
 		'image' => 'images/gallery/demon.jpg',
 		'thumb' => 'images/gallery/demon_thumb.gif',
 		'author' => 'MyAAC',
 		'ordering' => 0,
 	]);
 }
 if(FAQ::count() == 0) {
 	FAQ::create([
 		'question' => 'What is this?',
 		'answer' => 'This is website for OTS powered by MyAAC.',
 	]);
 }
 success($locale['step_database_success_import_data']);
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,16 +1,14 @@
-SET @myaac_database_version = 45;
+CREATE TABLE IF NOT EXISTS `myaac_account_actions`
 CREATE TABLE `myaac_account_actions`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
-	`ip` int unsigned NOT NULL DEFAULT 0,
+	`ip` varchar(45) NOT NULL DEFAULT '',
 	`ipv6` binary(16) NOT NULL DEFAULT 0,
 	`date` int NOT NULL DEFAULT 0,
 	`action` varchar(255) NOT NULL DEFAULT '',
-	KEY (`account_id`)
+	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_account_email_codes`
+CREATE TABLE IF NOT EXISTS `myaac_account_email_codes`
 (
 	`id` int(11) NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
@@ -19,7 +17,16 @@ CREATE TABLE `myaac_account_email_codes`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_admin_menu`
+CREATE TABLE IF NOT EXISTS `myaac_account_emails_verify`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`hash` varchar(32) NOT NULL,
 	`sent_at` int NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 CREATE TABLE IF NOT EXISTS `myaac_admin_menu`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`name` varchar(255) NOT NULL DEFAULT '',
@@ -30,7 +37,7 @@ CREATE TABLE `myaac_admin_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_changelog`
+CREATE TABLE IF NOT EXISTS `myaac_changelog`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`body` varchar(500) NOT NULL DEFAULT '',
@@ -42,9 +49,7 @@ CREATE TABLE `myaac_changelog`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-INSERT INTO `myaac_changelog` (`id`, `type`, `where`, `date`, `body`, `hide`) VALUES (1, 3, 2, UNIX_TIMESTAMP(), 'MyAAC installed. (:', 0);
+CREATE TABLE IF NOT EXISTS `myaac_config`
 CREATE TABLE `myaac_config`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`name` varchar(30) NOT NULL,
@@ -53,9 +58,7 @@ CREATE TABLE `myaac_config`
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
+CREATE TABLE IF NOT EXISTS `myaac_faq`
 CREATE TABLE `myaac_faq`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`question` varchar(255) NOT NULL DEFAULT '',
@@ -65,7 +68,7 @@ CREATE TABLE `myaac_faq`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_forum_boards`
+CREATE TABLE IF NOT EXISTS `myaac_forum_boards`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`name` varchar(32) NOT NULL,
@@ -77,13 +80,8 @@ CREATE TABLE `myaac_forum_boards`
 	`hide` tinyint NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`, `closed`) VALUES (NULL, 'News', 'News commenting', 0, 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Trade', 'Trade offers.', 1);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Quests', 'Quest making.', 2);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Pictures', 'Your pictures.', 3);
 INSERT INTO `myaac_forum_boards` (`id`, `name`, `description`, `ordering`) VALUES (NULL, 'Bug Report', 'Report bugs there.', 4);
-CREATE TABLE `myaac_forum`
+CREATE TABLE IF NOT EXISTS `myaac_forum`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`first_post` int NOT NULL DEFAULT 0,
@@ -107,12 +105,13 @@ CREATE TABLE `myaac_forum`
 	KEY `section` (`section`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_menu`
+CREATE TABLE IF NOT EXISTS `myaac_menu`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`template` varchar(255) NOT NULL,
 	`name` varchar(255) NOT NULL,
 	`link` varchar(255) NOT NULL,
 	`access` tinyint NOT NULL DEFAULT 0,
 	`blank` tinyint NOT NULL DEFAULT 0,
 	`color` varchar(6) NOT NULL DEFAULT '',
 	`category` int NOT NULL DEFAULT 1,
@@ -121,7 +120,7 @@ CREATE TABLE `myaac_menu`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_monsters` (
+CREATE TABLE IF NOT EXISTS `myaac_monsters` (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`hide` tinyint NOT NULL DEFAULT 0,
 	`name` varchar(255) NOT NULL,
@@ -154,7 +153,7 @@ CREATE TABLE `myaac_monsters` (
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_news`
+CREATE TABLE IF NOT EXISTS `myaac_news`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`title` varchar(100) NOT NULL,
@@ -172,7 +171,7 @@ CREATE TABLE `myaac_news`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_news_categories`
+CREATE TABLE IF NOT EXISTS `myaac_news_categories`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`name` varchar(50) NOT NULL DEFAULT "",
@@ -182,13 +181,7 @@ CREATE TABLE `myaac_news_categories`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 0);
+CREATE TABLE IF NOT EXISTS `myaac_notepad`
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 1);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 2);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 3);
 INSERT INTO `myaac_news_categories` (`id`, `icon_id`) VALUES (NULL, 4);
 CREATE TABLE `myaac_notepad`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
@@ -198,7 +191,7 @@ CREATE TABLE `myaac_notepad`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_pages`
+CREATE TABLE IF NOT EXISTS `myaac_pages`
 (
 	`id` INT NOT NULL AUTO_INCREMENT,
 	`name` varchar(30) NOT NULL,
@@ -214,7 +207,7 @@ CREATE TABLE `myaac_pages`
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_gallery`
+CREATE TABLE IF NOT EXISTS `myaac_gallery`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`comment` varchar(255) NOT NULL DEFAULT '',
@@ -226,9 +219,7 @@ CREATE TABLE `myaac_gallery`
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-INSERT INTO `myaac_gallery` (`id`, `ordering`, `comment`, `image`, `thumb`, `author`) VALUES (NULL, 1, 'Demon', 'images/gallery/demon.jpg', 'images/gallery/demon_thumb.gif', 'MyAAC');
+CREATE TABLE IF NOT EXISTS `myaac_settings`
 CREATE TABLE `myaac_settings`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`name` varchar(255) NOT NULL DEFAULT '',
@@ -238,7 +229,7 @@ CREATE TABLE `myaac_settings`
 	KEY `key` (`key`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_spells`
+CREATE TABLE IF NOT EXISTS `myaac_spells`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`spell` varchar(255) NOT NULL DEFAULT '',
@@ -261,7 +252,7 @@ CREATE TABLE `myaac_spells`
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_visitors`
+CREATE TABLE IF NOT EXISTS `myaac_visitors`
 (
 	`ip` varchar(45) NOT NULL,
 	`lastvisit` int NOT NULL DEFAULT 0,
@@ -270,7 +261,7 @@ CREATE TABLE `myaac_visitors`
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
-CREATE TABLE `myaac_weapons`
+CREATE TABLE IF NOT EXISTS `myaac_weapons`
 (
 	`id` int NOT NULL,
 	`level` int NOT NULL DEFAULT 0,
--- a/install/tools/5-database.php
+++ b/install/tools/5-database.php
@@ -30,27 +30,23 @@ if(!$error) {
 	}
 }
-if($db->hasTable(TABLE_PREFIX . 'account_actions')) {
+// import schema
-	$locale['step_database_error_table_exist'] = str_replace('$TABLE$', TABLE_PREFIX . 'account_actions', $locale['step_database_error_table_exist']);
+try {
 	warning($locale['step_database_error_table_exist']);
 }
 else {
 	// import schema
 	try {
 	$locale['step_database_importing'] = str_replace('$DATABASE_NAME$', config('database_name'), $locale['step_database_importing']);
 	success($locale['step_database_importing']);
-		$db->query(file_get_contents(BASE . 'install/includes/schema.sql'));
+	$db->exec(file_get_contents(BASE . 'install/includes/schema.sql'));
 	$locale['step_database_success_schema'] = str_replace('$PREFIX$', TABLE_PREFIX, $locale['step_database_success_schema']);
 	success($locale['step_database_success_schema']);
-	}
+}
-	catch(PDOException $error_) {
+catch(PDOException $error_) {
 	error($locale['step_database_error_schema'] . ' ' . $error_);
 	return;
 	}
 }
 require BASE . 'install/includes/import_base_data.php';
 if(!$db->hasColumn('accounts', 'email')) {
 	if(query("ALTER TABLE `accounts` ADD `email` varchar(255) NOT NULL DEFAULT '';"))
 		success($locale['step_database_adding_field'] . ' accounts.email...');
@@ -102,18 +98,13 @@ if(!$db->hasColumn('accounts', 'web_flags')) {
 		success($locale['step_database_adding_field'] . ' accounts.web_flags...');
 }
 if(!$db->hasColumn('accounts', 'email_hash')) {
 	if(query("ALTER TABLE `accounts` ADD `email_hash` VARCHAR(32) NOT NULL DEFAULT '' AFTER `web_flags`;"))
 		success($locale['step_database_adding_field'] . ' accounts.email_hash...');
 }
 if(!$db->hasColumn('accounts', 'email_verified')) {
-	if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `email_hash`;"))
+	if(query("ALTER TABLE `accounts` ADD `email_verified` TINYINT(1) NOT NULL DEFAULT 0 AFTER `web_flags`;"))
 		success($locale['step_database_adding_field'] . ' accounts.email_verified...');
 }
 if(!$db->hasColumn('accounts', 'email_new')) {
-	if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_hash`;"))
+	if(query("ALTER TABLE `accounts` ADD `email_new` VARCHAR(255) NOT NULL DEFAULT '' AFTER `email_verified`;"))
 		success($locale['step_database_adding_field'] . ' accounts.email_new...');
 }
--- a/install/tools/7-finish.php
+++ b/install/tools/7-finish.php
@@ -2,8 +2,6 @@
 define('MYAAC_INSTALL', true);
 use MyAAC\DataLoader;
 use MyAAC\Models\FAQ as ModelsFAQ;
 use MyAAC\Plugins;
 require_once '../../common.php';
@@ -25,34 +23,9 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 require SYSTEM . 'init.php';
-if ($db->hasTable('players')) {
+// add player samples
-	$deleted = 'deleted';
+require_once SYSTEM . 'migrations/49.php';
-	if ($db->hasColumn('players', 'deletion'))
+$up();
 		$deleted = 'deletion';
 	$time = time();
 	function insert_sample_if_not_exist($p)
 	{
 		global $db, $success, $deleted, $time;
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
 		if ($query->rowCount() == 0) {
 			if (!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
 				$success = false;
 		}
 	}
 	$success = true;
 	insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
 	insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 	insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 	insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 	insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
 	if ($success) {
 		success($locale['step_database_imported_players']);
 	}
 }
 DataLoader::setLocale($locale);
 DataLoader::load();
@@ -61,10 +34,6 @@ DataLoader::load();
 require_once SYSTEM . 'migrations/17.php';
 $up();
 // update config.highscores_ids_hidden
 require_once SYSTEM . 'migrations/20.php';
 $up();
 // add z_polls tables
 require_once SYSTEM . 'migrations/22.php';
 $up();
@@ -83,13 +52,6 @@ $up();
 require_once SYSTEM . 'migrations/45.php';
 $up();
 if(ModelsFAQ::count() == 0) {
 	ModelsFAQ::create([
 		'question' => 'What is this?',
 		'answer' => 'This is website for OTS powered by MyAAC.',
 	]);
 }
 $hooks->trigger(HOOK_INSTALL_FINISH);
 $db->setClearCacheAfter(true);
--- a/login.php
+++ b/login.php
@@ -220,6 +220,8 @@ switch ($action) {
 			}
 		}
 		/*
 		 * not needed anymore?
 		if (fieldExist('premdays', 'accounts') && fieldExist('lastday', 'accounts')) {
 			$save = false;
 			$timeNow = time();
@@ -256,6 +258,7 @@ switch ($action) {
 				$account->save();
 			}
 		}
 		*/
 		$worlds = [$world];
 		$playdata = compact('worlds', 'characters');
--- a/system/compat/config.php
+++ b/system/compat/config.php
@@ -5,8 +5,6 @@ $deprecatedConfig = [
 	'genders',
 	'template',
 	'template_allow_change',
 	'vocations_amount',
 	'vocations',
 	'client',
 	'session_prefix',
 	'friendly_urls',
@@ -21,7 +19,6 @@ $deprecatedConfig = [
 	'visitors_counter_ttl',
 	'views_counter',
 	'outfit_images_url',
 	'outfit_images_wrong_looktypes',
 	'item_images_url',
 	'account_country',
 	'towns',
@@ -52,6 +49,7 @@ $deprecatedConfig = [
 	'online_skulls',
 	'online_outfit',
 	'online_afk',
 	'team_style',
 	'team_display_outfit' => 'team_outfit',
 	'team_display_status' => 'team_status',
 	'team_display_world' => 'team_world',
@@ -81,6 +79,7 @@ $deprecatedConfig = [
 	'account_change_character_name_points' => 'account_change_character_name_price',
 	'account_change_character_sex',
 	'account_change_character_sex_points' => 'account_change_character_name_price',
 	'email_lai_sec_interval' => 'mail_lost_account_interval',
 ];
 foreach ($deprecatedConfig as $key => $value) {
--- a/system/functions.php
+++ b/system/functions.php
@@ -17,6 +17,8 @@ use MyAAC\Models\Guild;
 use MyAAC\Models\House;
 use MyAAC\Models\Pages;
 use MyAAC\Models\Player;
 use MyAAC\Models\PlayerDeath;
 use MyAAC\Models\PlayerKillers;
 use MyAAC\News;
 use MyAAC\Plugins;
 use MyAAC\Settings;
@@ -433,16 +435,22 @@ function delete_guild($id)
 		$rank_list->orderBy('level');
 		global $db;
 		$deletedColumn = 'deleted';
 		if ($db->hasColumn('players', 'deletion')) {
 			$deletedColumn = 'deletion';
 		}
 		/**
 		 * @var OTS_GuildRank $rank_in_guild
 		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
-				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
+				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` AND `' . $deletedColumn . '` = 0 ORDER BY `name`;');
 			else if($db->hasTable('guild_membership'))
-				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_membership`.`rank_id` as `rank_id` FROM `players`, `guild_membership` WHERE `guild_membership`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_membership`.`player_id` ORDER BY `name`;');
+				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_membership`.`rank_id` as `rank_id` FROM `players`, `guild_membership` WHERE `guild_membership`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_membership`.`player_id` AND `' . $deletedColumn . '` = 0 ORDER BY `name`;');
 			else
-				$players_with_rank = $db->query('SELECT `id`, `rank_id` FROM `players` WHERE `rank_id` = ' . $rank_in_guild->getId() . ' AND `deleted` = 0;');
+				$players_with_rank = $db->query('SELECT `id`, `rank_id` FROM `players` WHERE `rank_id` = ' . $rank_in_guild->getId() . ' AND `' . $deletedColumn . '` = 0;');
 			$players_with_rank_number = $players_with_rank->rowCount();
 			if($players_with_rank_number > 0) {
@@ -872,11 +880,12 @@ function getWorldName($id)
 *
 * @param string $to Recipient email address.
 * @param string $subject Subject of the message.
- * @param string $body Message body in html format.
+ * @param string $body Message body in HTML format.
 * @param string $altBody Alternative message body, plain text.
 * @return bool PHPMailer status returned (success/failure).
 * @throws \PHPMailer\PHPMailer\Exception
 */
-function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
+function _mail(string $to, string $subject, string $body, string $altBody = ''): bool
 {
 	global $mailer, $config;
@@ -894,12 +903,6 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->clearAllRecipients();
 	}
 	$signature_html = setting('core.mail_signature_html');
 	if($add_html_tags && isset($body[0]))
 		$tmp_body = '<html><head></head><body>' . $body . '<br/><br/>' . $signature_html . '</body></html>';
 	else
 		$tmp_body = $body . '<br/><br/>' . $signature_html;
 	$mailOption = setting('core.mail_option');
 	if($mailOption == MAIL_SMTP)
 	{
@@ -926,6 +929,9 @@ function _mail($to, $subject, $body, $altBody = '', $add_html_tags = true)
 		$mailer->isMail();
 	}
 	$signature_html = setting('core.mail_signature_html');
 	$tmp_body = $body . '<br/><br/>' . $signature_html;
 	$mailer->isHTML(isset($body[0]) > 0);
 	$mailer->From = setting('core.mail_address');
 	$mailer->Sender = setting('core.mail_address');
@@ -1129,11 +1135,44 @@ function csrfProtect(): void
 	}
 }
-function getTopPlayers($limit = 5, $skill = 'level') {
+function getSkillIdByName(string $name): int|null
 {
 	$skills = [
 		'level' => POT::SKILL_LEVEL,
 		'experience' => POT::SKILL_LEVEL,
 		'magic' => POT::SKILL_MAGIC,
 		'maglevel' => POT::SKILL_MAGIC,
 		'balance' => SKILL_BALANCE,
 		'frags' => SKILL_FRAGS,
 		'club' => POT::SKILL_CLUB,
 		'sword' => POT::SKILL_SWORD,
 		'axe' => POT::SKILL_AXE,
 		'dist' => POT::SKILL_DIST,
 		'distance' => POT::SKILL_DIST,
 		'shield' => POT::SKILL_SHIELD,
 		'shielding' => POT::SKILL_SHIELD,
 		'fish' => POT::SKILL_FISH,
 		'fishing' => POT::SKILL_FISH,
 	];
 	return $skills[$name] ?? null;
 }
 function getTopPlayers($limit = 5, $skill = POT::SKILL_LEVEL)
 {
 	global $db;
-	if ($skill === 'level') {
+	$skillOriginal = $skill;
-		$skill = 'experience';
+
 	if (is_string($skill)) {
 		$skill = getSkillIdByName($skill);
 	}
 	if (!is_numeric($skill)) {
 		throw new RuntimeException("getTopPlayers: Invalid skill: $skillOriginal");
 	}
 	return Cache::remember("top_{$limit}_{$skill}", 2 * 60, function () use ($db, $limit, $skill) {
@@ -1142,19 +1181,76 @@ function getTopPlayers($limit = 5, $skill = 'level') {
 			'looktype', 'lookhead', 'lookbody', 'looklegs', 'lookfeet'
 		];
 		if ($db->hasColumn('players', 'promotion')) {
 			$columns[] = 'promotion';
 		}
 		if ($db->hasColumn('players', 'lookaddons')) {
 			$columns[] = 'lookaddons';
 		}
-		return Player::query()
+		if ($db->hasColumn('players', 'lookmount')) {
 			$columns[] = 'lookmount';
 		}
 		$query = Player::query()
 			->select($columns)
 			->withOnlineStatus()
 			->notDeleted()
 			->where('group_id', '<', setting('core.highscores_groups_hidden'))
 			->whereNotIn('id', setting('core.highscores_ids_hidden'))
 			->where('account_id', '!=', 1)
-			->orderByDesc($skill)
+			->orderByDesc('value');
-			->limit($limit)
+
 		if ($limit > 0) {
 			$query->limit($limit);
 		}
 		if ($skill >= POT::SKILL_FIRST && $skill <= POT::SKILL_LAST) { // skills
 			if ($db->hasColumn('players', 'skill_fist')) {// tfs 1.0
 				$skill_ids = array(
 					POT::SKILL_FIST => 'skill_fist',
 					POT::SKILL_CLUB => 'skill_club',
 					POT::SKILL_SWORD => 'skill_sword',
 					POT::SKILL_AXE => 'skill_axe',
 					POT::SKILL_DIST => 'skill_dist',
 					POT::SKILL_SHIELD => 'skill_shielding',
 					POT::SKILL_FISH => 'skill_fishing',
 				);
 				$query
 					->addSelect($skill_ids[$skill] . ' as value')
 					->orderByDesc($skill_ids[$skill] . '_tries');
 			} else {
 				$query
 					->join('player_skills', 'player_skills.player_id', '=', 'players.id')
 					->where('skillid', $skill)
 					->addSelect('player_skills.value as value');
 			}
 		} else if ($skill == SKILL_FRAGS) // frags
 		{
 			if ($db->hasTable('player_killers')) {
 				$query->addSelect(['value' => PlayerKillers::whereColumn('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
 			} else {
 				$query->addSelect(['value' => PlayerDeath::unjustified()->whereColumn('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
 			}
 		} else if ($skill == SKILL_BALANCE) // balance
 		{
 			$query
 				->addSelect('players.balance as value');
 		} else {
 			if ($skill == POT::SKILL_MAGIC) {
 				$query
 					->addSelect('players.maglevel as value', 'players.maglevel')
 					->orderByDesc('manaspent');
 			} else { // level
 				$query
 					->addSelect('players.level as value', 'players.experience')
 					->orderByDesc('experience');
 			}
 		}
 		return $query
 			->get()
 			->map(function ($e, $i) {
 				$row = $e->toArray();
@@ -1169,7 +1265,8 @@ function getTopPlayers($limit = 5, $skill = 'level') {
 	});
 }
-function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
+function deleteDirectory($dir, $ignore = array(), $contentOnly = false): bool
 {
 	if(!file_exists($dir)) {
 		return true;
 	}
@@ -1195,6 +1292,21 @@ function deleteDirectory($dir, $ignore = array(), $contentOnly = false) {
 	return rmdir($dir);
 }
 function ensureFolderExists($dir): void
 {
 	if (!file_exists($dir)) {
 		mkdir($dir, 0777, true);
 	}
 }
 function ensureIndexExists($dir): void
 {
 	$dir = rtrim($dir, '/');
 	if (!file_exists($file = $dir . '/index.html')) {
 		touch($file);
 	}
 }
 function config($key) {
 	global $config;
 	if (is_array($key)) {
@@ -1632,13 +1744,14 @@ function camelCaseToUnderscore($input)
 	return ltrim(strtolower(preg_replace('/[A-Z]([A-Z](?![a-z]))*/', '_$0', $input)), '_');
 }
-function removeIfFirstSlash(&$text) {
+function removeIfFirstSlash(&$text): void
 {
 	if(strpos($text, '/') === 0) {
 		$text = str_replace_first('/', '', $text);
 	}
 };
-function escapeHtml($html) {
+function escapeHtml($html): string {
 	return htmlspecialchars($html);
 }
@@ -1652,7 +1765,7 @@ function getGuildNameById($id)
 	return false;
 }
-function getGuildLogoById($id)
+function getGuildLogoById($id): string
 {
 	$logo = 'default.gif';
@@ -1668,7 +1781,8 @@ function getGuildLogoById($id)
 	return BASE_URL . GUILD_IMAGES_DIR . $logo;
 }
-function displayErrorBoxWithBackButton($errors, $action = null) {
+function displayErrorBoxWithBackButton($errors, $action = null): void
 {
 	global $twig;
 	$twig->display('error_box.html.twig', ['errors' => $errors]);
 	$twig->display('account.back_button.html.twig', [
@@ -1696,6 +1810,49 @@ function getAccountIdentityColumn(): string
 	return 'id';
 }
 function isCanary(): bool
 {
 	$vipSystemEnabled = configLua('vipSystemEnabled');
 	return isset($vipSystemEnabled);
 }
 function getStatusUptimeReadable(int $uptime): string
 {
 	$fullMinute = 60;
 	$fullHour = (60 * $fullMinute);
 	$fullDay = (24 * $fullHour);
 	$fullMonth = (30 * $fullDay);
 	$fullYear = (365 * $fullDay);
 	// years
 	$years = floor($uptime / $fullYear);
 	$y = ($years > 1 ? "$years years, " : ($years == 1 ? 'year, ' : ''));
 	$uptime -= $years * $fullYear;
 	// months
 	$months = floor($uptime / $fullMonth);
 	$m = ($months > 1 ? "$months months, " : ($months == 1 ? 'month, ' : ''));
 	$uptime -= $months * $fullMonth;
 	// days
 	$days = floor($uptime / $fullDay);
 	$d = ($days > 1 ? "$days days, " : ($days == 1 ? 'day, ' : ''));
 	$uptime -= $days * $fullDay;
 	// hours
 	$hours = floor($uptime / $fullHour);
 	$uptime -= $hours * $fullHour;
 	// minutes
 	$min = floor($uptime / $fullMinute);
 	return "{$y}{$m}{$d}{$hours}h {$min}m";
 }
 // validator functions
 require_once SYSTEM . 'compat/base.php';
--- a/system/init.php
+++ b/system/init.php
@@ -14,10 +14,14 @@ use MyAAC\CsrfToken;
 use MyAAC\Hooks;
 use MyAAC\Plugins;
 use MyAAC\Models\Town;
 use MyAAC\Server\XML\Vocations;
 use MyAAC\Settings;
 defined('MYAAC') or die('Direct access not allowed!');
 ensureIndexExists(CACHE);
 ensureIndexExists(CACHE . 'twig/');
 global $config;
 if(!isset($config['installed']) || !$config['installed']) {
 	throw new RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
@@ -211,3 +215,5 @@ if (count($towns) <= 0) {
 config(['towns', $towns]);
 unset($towns);
 new Vocations();
--- a/system/libs/pot/OTS_Account.php
+++ b/system/libs/pot/OTS_Account.php
@@ -12,6 +12,8 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Models\AccountAction;
 /**
 * OTServ account abstraction.
 *
@@ -443,8 +445,9 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 			throw new E_OTS_NotLoaded();
 		}
-		if(isset($this->data['premium_ends_at']) || isset($this->data['premend'])) {
+		if(isset($this->data['premium_ends_at']) || isset($this->data['premend']) ||
-			$col = isset($this->data['premium_ends_at']) ? 'premium_ends_at' : 'premend';
+			(isCanary() && isset($this->data['lastday']))) {
 				$col = (isset($this->data['premium_ends_at']) ? 'premium_ends_at' : (isset($this->data['lastday']) ? 'lastday' : 'premend'));
 				$ret = ceil(($this->data[$col] - time()) / (24 * 60 * 60));
 				return max($ret, 0);
 		}
@@ -471,14 +474,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 		return $this->data['lastday'];
 	}
-    public function isPremium()
+	public function isPremium(): bool
 	{
-		if(isset($this->data['premium_ends_at'])) {
+		if(isset($this->data['premium_ends_at']) || isset($this->data['premend']) ||
-			return $this->data['premium_ends_at'] > time();
+			(isCanary() && isset($this->data['lastday']))) {
 			$col = (isset($this->data['premium_ends_at']) ? 'premium_ends_at' : (isset($this->data['lastday']) ? 'lastday' : 'premend'));
 			return $this->data[$col] > time();
 		}
-		if(isset($this->data['premend'])) {
+		if($this->data['premdays'] == self::GRATIS_PREMIUM_DAYS){
-			return $this->data['premend'] > time();
+			return true;
 		}
 		return ($this->data['premdays'] - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->data['lastday']))) - date("z", $this->data['lastday'])) > 0);
@@ -1004,26 +1009,16 @@ class OTS_Account extends OTS_Row_DAO implements IteratorAggregate, Countable
 	public function logAction($action)
 	{
-		$ip = get_browser_real_ip();
+		AccountAction::create([
-		if(!str_contains($ip, ":")) {
+			'account_id' => $this->getId(),
-			$ipv6 = '0';
+			'ip' => get_browser_real_ip(),
-		}
+			'date' => time(),
-		else {
+			'action' => $action,
-			$ipv6 = $ip;
+		]);
 			$ip = '';
 	}
-		return $this->db->exec('INSERT INTO `' . TABLE_PREFIX . 'account_actions` (`account_id`, `ip`, `ipv6`, `date`, `action`) VALUES (' . $this->db->quote($this->getId()).', ' . ($ip == '' ? '0' : $this->db->quote(ip2long($ip))) . ', (' . ($ipv6 == '0' ? $this->db->quote('') : $this->db->quote(inet_pton($ipv6))) . '), UNIX_TIMESTAMP(NOW()), ' . $this->db->quote($action).')');
+	public function getActionsLog($limit) {
-	}
+		return AccountAction::where('account_id', $this->data['id'])->orderByDesc('date')->limit($limit)->get()->toArray();
 	public function getActionsLog($limit1, $limit2)
 	{
 		$actions = array();
 		foreach($this->db->query('SELECT `ip`, `ipv6`, `date`, `action` FROM `' . TABLE_PREFIX . 'account_actions` WHERE `account_id` = ' . $this->data['id'] . ' ORDER by `date` DESC LIMIT ' . $limit1 . ', ' . $limit2 . '')->fetchAll() as $a)
 			$actions[] = array('ip' => $a['ip'], 'ipv6' => $a['ipv6'], 'date' => $a['date'], 'action' => $a['action']);
 		return $actions;
 	}
 /**
 * Returns players iterator.
--- a/system/libs/pot/OTS_DB_MySQL.php
+++ b/system/libs/pot/OTS_DB_MySQL.php
@@ -26,10 +26,12 @@ use MyAAC\Cache\Cache;
 */
 class OTS_DB_MySQL extends OTS_Base_DB
 {
-	private $has_table_cache = array();
+	private bool $hasCacheChanged = false;
-	private $has_column_cache = array();
+	private array $has_table_cache = [];
 	private array $has_column_cache = [];
 	private array $get_column_info_cache = [];
-	private $clearCacheAfter = false;
+	private bool $clearCacheAfter = false;
 /**
 * Creates database connection.
 *
@@ -119,6 +121,11 @@ class OTS_DB_MySQL extends OTS_Base_DB
 				if($cache->fetch('database_columns', $tmp) && $tmp) {
 					$this->has_column_cache = unserialize($tmp);
 				}
 				$tmp = null;
 				if($cache->fetch('database_columns_info', $tmp) && $tmp) {
 					$this->get_column_info_cache = unserialize($tmp);
 				}
 			}
 		}
@@ -155,11 +162,13 @@ class OTS_DB_MySQL extends OTS_Base_DB
 			if ($this->clearCacheAfter) {
 				$cache->delete('database_tables');
 				$cache->delete('database_columns');
 				$cache->delete('database_columns_info');
 				$cache->delete('database_checksum');
 			}
-			else {
+			else if ($this->hasCacheChanged) {
 				$cache->set('database_tables', serialize($this->has_table_cache), 3600);
 				$cache->set('database_columns', serialize($this->has_column_cache), 3600);
 				$cache->set('database_columns_info', serialize($this->get_column_info_cache), 3600);
 				$cache->set('database_checksum', serialize(sha1($config['database_host'] . '.' . $config['database_name'])), 3600);
 			}
 		}
@@ -209,7 +218,8 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $sql;
 	}
-	public function hasTable($name) {
+	public function hasTable($name): bool
 	{
 		if(isset($this->has_table_cache[$name])) {
 			return $this->has_table_cache[$name];
 		}
@@ -217,12 +227,15 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasTableInternal($name);
 	}
-	private function hasTableInternal($name) {
+	private function hasTableInternal($name): bool
-		global $config;
+	{
-		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote($config['database_name']) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
+		$this->hasCacheChanged = true;
 		return ($this->has_table_cache[$name] = $this->query('SELECT `TABLE_NAME` FROM `information_schema`.`tables` WHERE `TABLE_SCHEMA` = ' . $this->quote(config('database_name')) . ' AND `TABLE_NAME` = ' . $this->quote($name) . ' LIMIT 1;')->rowCount() > 0);
 	}
-	public function hasColumn($table, $column) {
+	public function hasColumn($table, $column): bool
 	{
 		if(isset($this->has_column_cache[$table . '.' . $column])) {
 			return $this->has_column_cache[$table . '.' . $column];
 		}
@@ -230,8 +243,10 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return $this->hasColumnInternal($table, $column);
 	}
-	private function hasColumnInternal($table, $column) {
+	private function hasColumnInternal($table, $column): bool {
-		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE '" . $column . "'")->fetchAll()) > 0);
+		$this->hasCacheChanged = true;
 		return $this->hasTable($table) && ($this->has_column_cache[$table . '.' . $column] = count($this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column))->fetchAll()) > 0);
 	}
 	public function hasTableAndColumns(string $table, array $columns = []): bool
@@ -247,7 +262,56 @@ class OTS_DB_MySQL extends OTS_Base_DB
 		return true;
 	}
-	public function revalidateCache() {
+	public function getColumnInfo(string $table, string $column): bool|array
 	{
 		if(isset($this->get_column_info_cache[$table . '.' . $column])) {
 			return $this->get_column_info_cache[$table . '.' . $column];
 		}
 		return $this->getColumnInfoInternal($table, $column);
 	}
 	private function getColumnInfoInternal(string $table, string $column): bool|array
 	{
 		if (!$this->hasTable($table) || !$this->hasColumn($table, $column)) {
 			return false;
 		}
 		$this->hasCacheChanged = true;
 		$formatResult = function ($result) {
 			return [
 				'field' => $result['Field'],
 				'type' => $result['Type'],
 				'null' => strtolower($result['Null']),
 				'key' => strtolower($result['Key'] ?? ''),
 				'default' => $result['Default'],
 				'extra' => $result['Extra'],
 			];
 		};
 		$query = $this->query('SHOW COLUMNS FROM `' . $table . "` LIKE " . $this->quote($column));
 		$rowCount = $query->rowCount();
 		if ($rowCount > 1) {
 			$tmp = [];
 			$results = $query->fetchAll(PDO::FETCH_ASSOC);
 			foreach ($results as $result) {
 				$tmp[] = $formatResult($result);
 			}
 			return ($this->get_column_info_cache[$table . '.' . $column] = $tmp);
 		}
 		else if ($rowCount == 1) {
 			$result = $query->fetch(PDO::FETCH_ASSOC);
 			return ($this->get_column_info_cache[$table . '.' . $column] = $formatResult($result));
 		}
 		return [];
 	}
 	public function revalidateCache(): void
 	{
 		foreach($this->has_table_cache as $key => $value) {
 			$this->hasTableInternal($key);
 		}
@@ -262,6 +326,21 @@ class OTS_DB_MySQL extends OTS_Base_DB
 				$this->hasColumnInternal($explode[0], $explode[1]);
 			}
 		}
 		foreach($this->get_column_info_cache as $key => $value) {
 			$explode = explode('.', $key);
 			if(!isset($this->has_table_cache[$explode[0]])) { // first check if table exist
 				$this->hasTableInternal($explode[0]);
 			}
 			if($this->has_table_cache[$explode[0]]) {
 				$this->hasColumnInternal($explode[0], $explode[1]);
 			}
 			if($this->has_table_cache[$explode[0]]) {
 				$this->getColumnInfoInternal($explode[0], $explode[1]);
 			}
 		}
 	}
 	public function setClearCacheAfter($clearCache)
--- a/system/libs/pot/OTS_Player.php
+++ b/system/libs/pot/OTS_Player.php
@@ -1,20 +1,6 @@
 <?php
-$__load = array();
+
-/*
+use MyAAC\Models\Player as PlayerModel;
 	'loss_experience' => NULL,
 	'loss_items' => NULL,
 	'guild_info' => NULL,
 	'skull_type' => NULL,
 	'skull_time' => NULL,
 	'blessings' => NULL,
 	'direction' => NULL,
 	'stamina' => NULL,
 	'world_id' => NULL,
 	'online' => NULL,
 	'deletion' => NULL,
 	'promotion' => NULL,
 	'marriage' => NULL
 );*/
 /**#@+
 * @version 0.0.1
@@ -109,6 +95,10 @@ class OTS_Player extends OTS_Row_DAO
 		POT::SKILL_FISH => array('value' => 0, 'tries' => 0)
 	);
 	private array $columns = ['name', 'account_id', 'group_id', 'sex', 'vocation', 'experience', 'level', 'maglevel', 'health', 'healthmax', 'mana', 'manamax', 'manaspent', 'soul', 'lookbody', 'lookfeet', 'lookhead', 'looklegs', 'looktype', 'posx', 'posy', 'posz', 'lastlogin', 'lastlogout', 'lastip', 'town_id', 'balance', 'created', 'comment', 'hide'];
 	private array $optionalColumns = ['cap', 'skull', 'skull_type', 'skull_time', 'loss_experience', 'loss_mana', 'loss_skills', 'loss_items', 'loss_containers', 'guildnick', 'rank_id', 'promotion', 'direction', 'blessings', 'stamina', 'lookaddons', 'save', 'conditions', 'world_id', 'online', 'deletion', 'deleted', 'marriage'];
 	private static array $playersOnline;
 /**
 * Magic PHP5 method.
@@ -133,90 +123,14 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function load($id, $fields = null, $load_skills = true)
 	{
-		global $__load;
+		$columns = $this->columns;
-
+		foreach ($this->optionalColumns as $column) {
-		if(!isset($__load['loss_experience']))
+			if ($this->db->hasColumn('players', $column)) {
-		{
+				$columns[] = $column;
 			$loss = '';
 			if($this->db->hasColumn('players', 'loss_experience')) {
 				$loss = ', `loss_experience`, `loss_mana`, `loss_skills`';
 			}
 			$__load['loss_experience'] = $loss;
 		}
 		if(!isset($__load['loss_items']))
 		{
 			$loss_items = '';
 			if($this->db->hasColumn('players', 'loss_items')) {
 				$loss_items = ', `loss_items`, `loss_containers`';
 			}
 			$__load['loss_items'] = $loss_items;
 		}
 		if(!isset($__load['guild_info']))
 		{
 			$guild_info = '';
 			if(!$this->db->hasTable('guild_members') && $this->db->hasColumn('players', 'guildnick')) {
 				$guild_info = ', `guildnick`, `rank_id`';
 			}
 			$__load['guild_info'] = $guild_info;
 		}
 		if(!isset($__load['skull_type']))
 		{
 			$skull_type = 'skull';
 			if($this->db->hasColumn('players', 'skull_type')) {
 				$skull_type = 'skull_type';
 			}
 			$__load['skull_type'] = $skull_type;
 		}
 		if(!isset($__load['skull_time']))
 		{
 			$skull_time = 'skulltime';
 			if($this->db->hasColumn('players', 'skull_time')) {
 				$skull_time = 'skull_time';
 			}
 			$__load['skull_time'] = $skull_time;
 		}
 		if(!isset($__load['blessings'])) {
 			$__load['blessings'] = $this->db->hasColumn('players', 'blessings');
 		}
 		if(!isset($__load['direction'])) {
 			$__load['direction'] = $this->db->hasColumn('players', 'direction');
 		}
 		if(!isset($__load['stamina'])) {
 			$__load['stamina'] = $this->db->hasColumn('players', 'stamina');
 		}
 		if(!isset($__load['world_id'])) {
 			$__load['world_id'] = $this->db->hasColumn('players', 'world_id');
 		}
 		if(!isset($__load['online'])) {
 			$__load['online'] = $this->db->hasColumn('players', 'online');
 		}
 		if(!isset($__load['deletion'])) {
 			$__load['deletion'] = $this->db->hasColumn('players', 'deletion');
 		}
 		if(!isset($__load['promotion'])) {
 			$__load['promotion'] = $this->db->hasColumn('players', 'promotion');
 		}
 		if(!isset($__load['marriage'])) {
 			$__load['marriage'] = $this->db->hasColumn('players', 'marriage');
 		}
 		if(isset($fields)) { // load only what we wish
 			if(in_array('promotion', $fields)) {
 				if(!$this->db->hasColumn('players', 'promotion')) {
 					unset($fields[array_search('promotion', $fields)]);
 				}
 			}
 			if(in_array('deleted', $fields)) {
 				if($this->db->hasColumn('players', 'deletion')) {
 					unset($fields[array_search('deleted', $fields)]);
@@ -224,21 +138,21 @@ class OTS_Player extends OTS_Row_DAO
 				}
 			}
-			if(in_array('online', $fields)) {
+			$columns = [];
-				if(!$this->db->hasColumn('players', 'online')) {
+			foreach ($fields as $field) {
-					unset($fields[array_search('online', $fields)]);
+				if ($this->db->hasColumn('players', $field)) {
 					$columns[] = $field;
 				}
 			}
 			$this->data = $this->db->query('SELECT ' . implode(', ', $fields) . ' FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
 		else {
 			// SELECT query on database
 			$this->data = $this->db->query('SELECT `id`, `name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . ($this->db->hasColumn('players', 'lookaddons') ? ', `lookaddons`' : '') . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $__load['skull_time'] . '` as `skulltime`, `' . $__load['skull_type'] . '` as `skull`' . $__load['guild_info'] . ', `town_id`' . $__load['loss_experience'] . $__load['loss_items'] . ', `balance`' . ($__load['blessings'] ? ', `blessings`' : '') . ($__load['direction'] ? ', `direction`' : '') . ($__load['stamina'] ? ', `stamina`' : '') . ($__load['world_id'] ? ', `world_id`' : '') . ($__load['online'] ? ', `online`' : '') . ', `' . ($__load['deletion'] ? 'deletion' : 'deleted') . '`' . ($__load['promotion'] ? ', `promotion`' : '') . ($__load['marriage'] ? ', `marriage`' : '') . ', `comment`, `created`, `hide` FROM `players` WHERE `id` = ' . (int)$id)->fetch();
 		}
 		array_unshift($columns, 'id');
 		$query = PlayerModel::where('id', $id)->first($columns);
 		$this->data = $query ? $query->toArray() : [];
 		// loads skills
-		if( $this->isLoaded() && $load_skills)
+		if( $this->isLoaded() && $load_skills) {
 		{
 			if($this->db->hasColumn('players', 'skill_fist')) {
 				$skill_ids = array(
@@ -318,153 +232,65 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function save()
 	{
-		$skull_type = 'skull';
+		$defaultValues = [
-		if($this->db->hasColumn('players', 'skull_type')) {
+			'cap' => 0,
-			$skull_type = 'skull_type';
+			'skull' => 0,
 			'skull_type' => 0,
 			'skull_time' => 0,
 			'loss_experience' => 100,
 			'loss_mana' => 100,
 			'loss_skills' => 100,
 			'loss_items' => 100,
 			'loss_containers' => 100,
 			'guildnick' => '',
 			'rank_id' => 0,
 			'promotion' => 0,
 			'direction' => 0,
 			'blessings' => 0,
 			'stamina' => 0,
 			'lookaddons' => 0,
 			'save' => 1,
 			'conditions' => '',
 			'town_id' => 1,
 			'world_id' => 1,
 			'online' => 0,
 			'deletion' => 0,
 			'deleted' => 0,
 			'marriage' => 0,
 		];
 		foreach ($defaultValues as $key => $value) {
 			if (!isset($this->data[$key])) {
 				$this->data[$key] = $value;
 			}
 		}
-		$skull_time = 'skulltime';
+		$columns = $this->columns;
-		if($this->db->hasColumn('players', 'skull_time')) {
+		foreach ($this->optionalColumns as $column) {
-			$skull_time = 'skull_time';
+			if ($this->db->hasColumn('players', $column)) {
 				$columns[] = $column;
 			}
 		}
-		if(!isset($this->data['loss_experience']))
+		$values = [];
-			$this->data['loss_experience'] = 100;
+		foreach ($columns as $column) {
 			$value = $this->data[$column];
-		if(!isset($this->data['loss_mana']))
+			$values[$column] = $value;
-			$this->data['loss_mana'] = 100;
+		}
 		if(!isset($this->data['loss_skills']))
 			$this->data['loss_skills'] = 100;
 		if(!isset($this->data['loss_items']))
 			$this->data['loss_items'] = 10;
 		if(!isset($this->data['loss_containers']))
 			$this->data['loss_containers'] = 100;
 		if(!isset($this->data['guildnick']))
 			$this->data['guildnick'] = '';
 		if(!isset($this->data['rank_id']))
 			$this->data['rank_id'] = 0;
 		if(!isset($this->data['promotion']))
 			$this->data['promotion'] = 0;
 		if(!isset($this->data['direction']))
 			$this->data['direction'] = 0;
 		if(!isset($this->data['conditions']))
 			$this->data['conditions'] = '';
 		if(!isset($this->data['town_id']))
 			$this->data['town_id'] = 1;
 		// updates existing player
-		if( isset($this->data['id']) )
+		if( isset($this->data['id']) ) {
-		{
+			PlayerModel::where('id', $this->data['id'])->update($values);
 			$loss = '';
 			if($this->db->hasColumn('players', 'loss_experience')) {
 				$loss = ', `loss_experience` = ' . $this->data['loss_experience'] . ', `loss_mana` = ' . $this->data['loss_mana'] . ', `loss_skills` = ' . $this->data['loss_skills'];
 			}
 			$loss_items = '';
 			if($this->db->hasColumn('players', 'loss_items')) {
 				$loss_items = ', `loss_items` = ' . $this->data['loss_items'] . ', `loss_containers` = ' . $this->data['loss_containers'];
 			}
 			$guild_info = '';
 			if(!$this->db->hasTable('guild_members') && $this->db->hasColumn('players', 'guildnick')) {
 				$guild_info = ', `guildnick` = ' . $this->db->quote($this->data['guildnick']) . ', ' . $this->db->fieldName('rank_id') . ' = ' . $this->data['rank_id'];
 			}
 			$direction = '';
 			if($this->db->hasColumn('players', 'direction')) {
 				$direction = ', `direction` = ' . $this->db->quote($this->data['direction']);
 			}
 			$blessings = '';
 			if($this->db->hasColumn('players', 'blessings')) {
 				$blessings = ', `blessings` = ' . $this->db->quote($this->data['blessings']);
 			}
 			$stamina = '';
 			if($this->db->hasColumn('players', 'stamina')) {
 				$stamina = ', `stamina` = ' . $this->db->quote($this->data['stamina']);
 			}
 			$lookaddons = '';
 			if($this->db->hasColumn('players', 'lookaddons')) {
 				$lookaddons = ', `lookaddons` = ' . $this->db->quote($this->data['lookaddons']);
 			}
 			// UPDATE query on database
 			$this->db->query('UPDATE ' . $this->db->tableName('players') . ' SET ' . $this->db->fieldName('name') . ' = ' . $this->db->quote($this->data['name']) . ', ' . $this->db->fieldName('account_id') . ' = ' . $this->data['account_id'] . ', ' . $this->db->fieldName('group_id') . ' = ' . $this->data['group_id'] . ', ' . $this->db->fieldName('sex') . ' = ' . $this->data['sex'] . ', ' . $this->db->fieldName('vocation') . ' = ' . $this->data['vocation'] . ', ' . $this->db->fieldName('experience') . ' = ' . $this->data['experience'] . ', ' . $this->db->fieldName('level') . ' = ' . $this->data['level'] . ', ' . $this->db->fieldName('maglevel') . ' = ' . $this->data['maglevel'] . ', ' . $this->db->fieldName('health') . ' = ' . $this->data['health'] . ', ' . $this->db->fieldName('healthmax') . ' = ' . $this->data['healthmax'] . ', ' . $this->db->fieldName('mana') . ' = ' . $this->data['mana'] . ', ' . $this->db->fieldName('manamax') . ' = ' . $this->data['manamax'] . ', ' . $this->db->fieldName('manaspent') . ' = ' . $this->data['manaspent'] . ', ' . $this->db->fieldName('soul') . ' = ' . $this->data['soul'] . ', ' . $this->db->fieldName('lookbody') . ' = ' . $this->data['lookbody'] . ', ' . $this->db->fieldName('lookfeet') . ' = ' . $this->data['lookfeet'] . ', ' . $this->db->fieldName('lookhead') . ' = ' . $this->data['lookhead'] . ', ' . $this->db->fieldName('looklegs') . ' = ' . $this->data['looklegs'] . ', ' . $this->db->fieldName('looktype') . ' = ' . $this->data['looktype'] . $lookaddons . ', ' . $this->db->fieldName('posx') . ' = ' . $this->data['posx'] . ', ' . $this->db->fieldName('posy') . ' = ' . $this->data['posy'] . ', ' . $this->db->fieldName('posz') . ' = ' . $this->data['posz'] . ', ' . $this->db->fieldName('cap') . ' = ' . $this->data['cap'] . ', ' . $this->db->fieldName('lastlogin') . ' = ' . $this->data['lastlogin'] . ', ' . $this->db->fieldName('lastlogout') . ' = ' . $this->data['lastlogout'] . ', ' . $this->db->fieldName('lastip') . ' = ' . $this->db->quote($this->data['lastip']) . ', ' . $this->db->fieldName('save') . ' = ' . (int) $this->data['save'] . ', ' . $this->db->fieldName('conditions') . ' = ' . $this->db->quote($this->data['conditions']) . ', `' . $skull_time . '` = ' . $this->data['skulltime'] . ', `' . $skull_type . '` = ' . (int) $this->data['skull'] . $guild_info . ', ' . $this->db->fieldName('town_id') . ' = ' . $this->data['town_id'] . $loss . $loss_items . ', ' . $this->db->fieldName('balance') . ' = ' . $this->data['balance'] . $blessings . $stamina . $direction . ' WHERE ' . $this->db->fieldName('id') . ' = ' . $this->data['id']);
 		}
 		// creates new player
-		else
+		else {
-		{
+			$values['created'] = time();
 			$loss = '';
 			$loss_data = '';
 			if($this->db->hasColumn('players', 'loss_experience')) {
 				$loss = ', `loss_experience`, `loss_mana`, `loss_skills`';
 				$loss_data = ', ' . $this->data['loss_experience'] . ', ' . $this->data['loss_mana'] . ', ' . $this->data['loss_skills'];
 			}
-			$loss_items = '';
+			$player = PlayerModel::create($values);
 			$loss_items_data = '';
 			if($this->db->hasColumn('players', 'loss_items')) {
 				$loss_items = ', `loss_items`, `loss_containers`';
 				$loss_items_data = ', ' . $this->data['loss_items'] . ', ' . $this->data['loss_containers'];
 			}
-			$guild_info = '';
+			// ID of new player
-			$guild_info_data = '';
+			$this->data['id'] = $player->id;
 			if(!$this->db->hasTable('guild_members') && $this->db->hasColumn('players', 'guildnick')) {
 				$guild_info = ', `guildnick`, `rank_id`';
 				$guild_info_data = ', ' . $this->db->quote($this->data['guildnick']) . ', ' . $this->data['rank_id'];
 			}
 			$promotion = '';
 			$promotion_data = '';
 			if($this->db->hasColumn('players', 'promotion')) {
 				$promotion = ', `promotion`';
 				$promotion_data = ', ' . $this->data['promotion'];
 			}
 			$direction = '';
 			$direction_data = '';
 			if($this->db->hasColumn('players', 'direction')) {
 				$direction = ', `direction`';
 				$direction_data = ', ' . $this->data['direction'];
 			}
 			$blessings = '';
 			$blessings_data = '';
 			if($this->db->hasColumn('players', 'blessings')) {
 				$blessings = ', `blessings`';
 				$blessings_data = ', ' . $this->data['blessings'];
 			}
 			$stamina = '';
 			$stamina_data = '';
 			if($this->db->hasColumn('players', 'stamina')) {
 				$stamina = ', `stamina`';
 				$stamina_data = ', ' . $this->data['stamina'];
 			}
 			$lookaddons = '';
 			$lookaddons_data = '';
 			if($this->db->hasColumn('players', 'lookaddons')) {
 				$lookaddons = ', `lookaddons`';
 				$lookaddons_data = ', ' . $this->data['lookaddons'];
 			}
 			// INSERT query on database
 			$this->db->query('INSERT INTO `players` (`name`, `account_id`, `group_id`, `sex`, `vocation`, `experience`, `level`, `maglevel`, `health`, `healthmax`, `mana`, `manamax`, `manaspent`, `soul`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`' . $lookaddons . ', `posx`, `posy`, `posz`, `cap`, `lastlogin`, `lastlogout`, `lastip`, `save`, `conditions`, `' . $skull_time . '`, `' . $skull_type . '`' . $guild_info . ', `town_id`' . $loss . $loss_items . ', `balance`' . $blessings . $stamina . $direction . ', `created`' . $promotion . ', `comment`) VALUES (' . $this->db->quote($this->data['name']) . ', ' . $this->data['account_id'] . ', ' . $this->data['group_id'] . ', ' . $this->data['sex'] . ', ' . $this->data['vocation'] . ', ' . $this->data['experience'] . ', ' . $this->data['level'] . ', ' . $this->data['maglevel'] . ', ' . $this->data['health'] . ', ' . $this->data['healthmax'] . ', ' . $this->data['mana'] . ', ' . $this->data['manamax'] . ', ' . $this->data['manaspent'] . ', ' . $this->data['soul'] . ', ' . $this->data['lookbody'] . ', ' . $this->data['lookfeet'] . ', ' . $this->data['lookhead'] . ', ' . $this->data['looklegs'] . ', ' . $this->data['looktype'] . $lookaddons_data . ', ' . $this->data['posx'] . ', ' . $this->data['posy'] . ', ' . $this->data['posz'] . ', ' . $this->data['cap'] . ', ' . $this->data['lastlogin'] . ', ' . $this->data['lastlogout'] . ', ' . $this->data['lastip'] . ', ' . (int) $this->data['save'] . ', ' . $this->db->quote($this->data['conditions']) . ', ' . $this->data['skulltime'] . ', ' . (int) $this->data['skull'] . $guild_info_data . ', ' . $this->data['town_id'] . $loss_data . $loss_items_data . ', ' . $this->data['balance'] . $blessings_data . $stamina_data . $direction_data . ', ' . time() . $promotion_data . ', "")');
 			// ID of new group
 			$this->data['id'] = $this->db->lastInsertId();
 		}
 		// updates skills - doesn't matter if we have just created character - trigger inserts new skills
@@ -490,7 +316,7 @@ class OTS_Player extends OTS_Row_DAO
 					$set .= ',';
 			}
-			$skills = $this->db->query('UPDATE `players` SET ' . $set . ' WHERE `id` = ' . $this->data['id']);
+			$this->db->query('UPDATE `players` SET ' . $set . ' WHERE `id` = ' . $this->data['id']);
 		}
 		else if($this->db->hasTable('player_skills')) {
 			foreach($this->skills as $id => $skill)
@@ -748,21 +574,25 @@ class OTS_Player extends OTS_Row_DAO
 	public function isDeleted()
 	{
-		$field = 'deleted';
+		$column = 'deleted';
 		if($this->db->hasColumn('players', 'deletion'))
-			$field = 'deletion';
+			$column = 'deletion';
-		if( !isset($this->data[$field]) )
+		if( !isset($this->data[$column]) )
 		{
 			throw new E_OTS_NotLoaded();
 		}
-		return $this->data[$field] > 0;
+		return $this->data[$column] > 0;
 	}
 	public function setDeleted($deleted)
 	{
-		$this->data['deleted'] = (int) $deleted;
+		$column = 'deleted';
 		if($this->db->hasColumn('players', 'deletion'))
 			$column = 'deletion';
 		$this->data[$column] = (int) $deleted;
 	}
 	public function isOnline()
@@ -852,13 +682,7 @@ class OTS_Player extends OTS_Row_DAO
 			throw new E_OTS_NotLoaded();
 		}
-		if(isset($this->data['promotion'])) {
+		return \OTS_Toolbox::getVocationFromPromotion($this->data['vocation'], $this->data['promotion'] ?? 0);
 			global $config;
 			if((int)$this->data['promotion'] > 0)
 				return ($this->data['vocation'] + ($this->data['promotion'] * $config['vocations_amount']));
 		}
 		return $this->data['vocation'];
 	}
@@ -1574,12 +1398,7 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function getCap()
 	{
-		if( !isset($this->data['cap']) )
+		return $this->data['cap'] ?? 0;
 		{
 			throw new E_OTS_NotLoaded();
 		}
 		return $this->data['cap'];
 	}
 /**
@@ -1792,12 +1611,12 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function getSkullTime()
 	{
-		if( !isset($this->data['skulltime']) )
+		$column = 'skulltime';
-		{
+		if($this->db->hasColumn('players', 'skull_time')) {
-			throw new E_OTS_NotLoaded();
+			$column = 'skull_time';
 		}
-		return $this->data['skulltime'];
+		return $this->data[$column] ?? 0;
 	}
 /**
@@ -1811,7 +1630,12 @@ class OTS_Player extends OTS_Row_DAO
 */
 	public function setSkullTime($skulltime)
 	{
-		$this->data['skulltime'] = (int) $skulltime;
+		$column = 'skulltime';
 		if($this->db->hasColumn('players', 'skull_time')) {
 			$column = 'skull_time';
 		}
 		$this->data[$column] = (int) $skulltime;
 	}
 /**
@@ -3250,6 +3074,10 @@ class OTS_Player extends OTS_Row_DAO
 		return 0;
 	}
 	public function setData(array $data): void{
 		$this->data = $data;
 	}
 /**
 * Magic PHP5 method.
 *
--- a/system/libs/pot/OTS_ServerInfo.php
+++ b/system/libs/pot/OTS_ServerInfo.php
@@ -97,6 +97,8 @@ class OTS_ServerInfo
 			return new OTS_Buffer($data);
 		}
 		log_append('status-error.log', "Cannot connect to {$this->server}:{$this->port} - Error code: $error, message: $message");
 		return false;
 	}
--- a/system/libs/pot/OTS_Toolbox.php
+++ b/system/libs/pot/OTS_Toolbox.php
@@ -13,6 +13,8 @@
 * @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
 */
 use MyAAC\Server\XML\Vocations;
 /**
 * Toolbox for common operations.
 *
@@ -110,14 +112,21 @@ class OTS_Toolbox
 		$list->setFilter($filter);
 		return $list;
 	}
-
+	public static function getVocationFromPromotion($id, $promotion = 0): int
 	public static function getVocationName($id, $promotion = 0): string
 	{
 		if($promotion > 0) {
-			$id = ($id + ($promotion * config('vocations_amount')));
+			for ($i = 0; $i < $promotion; $i++) {
 				if ($_id = Vocations::getPromoted($id)) {
 					$id = $_id;
 				}
 			}
 		}
-		return config('vocations')[$id] ?? 'Unknown';
+		return $id;
 	}
 	public static function getVocationName($id, $promotion = 0): string {
 		return config('vocations')[self::getVocationFromPromotion($id, $promotion)] ?? 'Unknown';
 	}
 }
--- a/system/locale/de/install.php
+++ b/system/locale/de/install.php
@@ -78,6 +78,7 @@ $locale['step_database_error_mysql_connect_3'] = 'MySQL ist nicht richtig konfig
 $locale['step_database_error_mysql_connect_4'] = 'MySQL-Server läuft nicht.';
 $locale['step_database_error_schema'] = 'Fehler beim Importieren des Schemas:';
 $locale['step_database_success_schema'] = '$PREFIX$ Tabellen wurden erfolgreich installiert.';
 $locale['step_database_success_import_data'] = 'Import von Daten für Tabellen was erfolgreich.';
 $locale['step_database_error_file'] = '$FILE$ konnte nicht geöffnet werden. Bitte kopieren Sie diesen Inhalt und fügen Sie ihn dort ein:';
 $locale['step_database_adding_field'] = 'Folgendes Feld wurde hinzugefügt: ';
 $locale['step_database_modifying_field'] = 'Folgendes Feld wurde geändert: ';
--- a/system/locale/en/install.php
+++ b/system/locale/en/install.php
@@ -83,6 +83,7 @@ $locale['step_database_error_mysql_connect_3'] = 'MySQL is not configured proper
 $locale['step_database_error_mysql_connect_4'] = 'MySQL server is not running.';
 $locale['step_database_error_schema'] = 'Error while importing schema:';
 $locale['step_database_success_schema'] = 'Successfully installed $PREFIX$ tables.';
 $locale['step_database_success_import_data'] = 'Successfully imported base data for tables.';
 $locale['step_database_error_file'] = '$FILE$ couldn\'t be opened. Please copy this content and paste there:';
 $locale['step_database_adding_field'] = 'Adding field';
 $locale['step_database_modifying_field'] = 'Modifying field';
--- a/system/locale/pl/install.php
+++ b/system/locale/pl/install.php
@@ -81,7 +81,8 @@ $locale['step_database_error_mysql_connect_2'] = 'Możliwe przyczyny:';
 $locale['step_database_error_mysql_connect_3'] = 'MySQL nie jest poprawnie skonfigurowane w <i>config.lua</i>.';
 $locale['step_database_error_mysql_connect_4'] = 'Serwer MySQL nie jest uruchomiony.';
 $locale['step_database_error_schema'] = 'Błąd podczas importowania struktury bazy danych:';
-$locale['step_database_success_schema'] = 'Pomyślnie zainstalowano tabele $PREFIX$.';
+$locale['step_database_success_schema'] = 'Pomyślnie zaimportowano tabele $PREFIX$.';
 $locale['step_database_success_import_data'] = 'Pomyślnie załadowano bazowe dane dla tabel.';
 $locale['step_database_error_file'] = '$FILE$ nie mógł zostać otwarty. Proszę skopiować zawartość pola tekstowego i wkleić do tego pliku:';
 $locale['step_database_adding_field'] = 'Dodawanie pola';
 $locale['step_database_modifying_field'] = 'Modyfikacja pola';
--- a/system/login.php
+++ b/system/login.php
@@ -34,8 +34,10 @@ if($logged) {
 	$twig->addGlobal('account_logged', $account_logged);
 }
-setSession('last_visit', time());
+if (!defined('IGNORE_SET_LAST_VISIT') || !IGNORE_SET_LAST_VISIT) {
-if(defined('PAGE')) {
+	setSession('last_visit', time());
 	if(defined('PAGE')) {
 		setSession('last_page', PAGE);
 	}
 	setSession('last_uri', $_SERVER['REQUEST_URI']);
 }
 setSession('last_uri', $_SERVER['REQUEST_URI']);
--- a/system/migrate.php
+++ b/system/migrate.php
@@ -9,6 +9,8 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 global $db;
 // database migrations
 $tmp = '';
 if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
--- a/system/migrations/20.php
+++ b/system/migrations/20.php
@@ -1,5 +1,6 @@
 <?php
 use MyAAC\Models\Player as PlayerModel;
 use MyAAC\Settings;
 function updateHighscoresIdsHidden(): void
@@ -10,12 +11,22 @@ function updateHighscoresIdsHidden(): void
 		return;
 	}
-	$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
+	$players = PlayerModel::where('name', 'Rook Sample')
 		->orWhere('name', 'Sorcerer Sample')
 		->orWhere('name', 'Druid Sample')
 		->orWhere('name', 'Paladin Sample')
 		->orWhere('name', 'Knight Sample')
 		->orWhere('name', 'Monk Sample')
 		->orWhere('name', 'Account Manager')
 		->orderBy('id')
 		->select('id')
 		->get();
-	$highscores_ignored_ids = array();
+	$highscores_ignored_ids = [];
-	if ($query->rowCount() > 0) {
+	if (count($players) > 0) {
-		foreach ($query->fetchAll() as $result)
+		foreach ($players as $result) {
-			$highscores_ignored_ids[] = $result['id'];
+			$highscores_ignored_ids[] = $result->id;
 		}
 	} else {
 		$highscores_ignored_ids[] = 0;
 	}
--- a/system/migrations/46-account_emails_verify.sql
+++ b/system/migrations/46-account_emails_verify.sql
@@ -0,0 +1,8 @@
 CREATE TABLE `myaac_account_emails_verify`
 (
 	`id` int NOT NULL AUTO_INCREMENT,
 	`account_id` int NOT NULL,
 	`hash` varchar(32) NOT NULL,
 	`sent_at` int NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8mb4;
--- a/system/migrations/46.php
+++ b/system/migrations/46.php
@@ -1,27 +1,24 @@
 <?php
 // add the myaac_account_email_codes
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
-	if (!$db->hasColumn('accounts', '2fa_type')) {
+	if ($db->hasColumn('accounts', 'email_hash')) {
-		$db->addColumn('accounts', '2fa_type', "tinyint NOT NULL DEFAULT 0 AFTER `web_flags`");
+		$db->dropColumn('accounts', 'email_hash');
 	}
-	// add myaac_account_email_codes table
+	if (!$db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
-	if (!$db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
+		$db->query(file_get_contents(__DIR__ . '/46-account_emails_verify.sql'));
 		$db->exec(file_get_contents(__DIR__ . '/46-account_email_codes.sql'));
 	}
 };
 $down = function () use ($db) {
-	if ($db->hasColumn('accounts', '2fa_type')) {
+	if (!$db->hasColumn('accounts', 'email_hash')) {
-		$db->dropColumn('accounts', '2fa_type');
+		$db->addColumn('accounts', 'email_hash', "varchar(32) NOT NULL DEFAULT ''");
 	}
-	//if ($db->hasTable(TABLE_PREFIX . 'account_email_codes')) {
+	if ($db->hasTable(TABLE_PREFIX . 'account_emails_verify')) {
-	//	$db->dropTable(TABLE_PREFIX . 'account_email_codes');
+		$db->dropTable(TABLE_PREFIX . 'account_emails_verify');
-	//}
+	}
 };
--- a/system/migrations/47.php
+++ b/system/migrations/47.php
@@ -0,0 +1,42 @@
 <?php
 /**
 * @var OTS_DB_MySQL $db
 */
 // 2025-02-27
 // remove ipv6, change to ip (for both ipv4 + ipv6) as VARCHAR(45)
 $up = function () use ($db) {
 	$accountActionsInfo = $db->getColumnInfo(TABLE_PREFIX . 'account_actions', 'account_id');
 	if ($accountActionsInfo && is_array($accountActionsInfo) && $accountActionsInfo['key'] == 'pri') {
 		$db->query("ALTER TABLE `myaac_account_actions` DROP KEY `account_id`;");
 	}
 	if (!$db->hasColumn(TABLE_PREFIX . 'account_actions', 'id')) {
 		$db->addColumn(TABLE_PREFIX . 'account_actions', 'id', 'INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`id`)');
 	}
 	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'ip', "VARCHAR(45) NOT NULL DEFAULT ''");
 	$db->query("UPDATE `" . TABLE_PREFIX . "account_actions` SET `ip` = INET_NTOA(`ip`) WHERE `ip` != '0';");
 	$db->query("UPDATE `" . TABLE_PREFIX . "account_actions` SET `ip` = INET6_NTOA(`ipv6`) WHERE `ip` = '0';");
 	if ($db->hasColumn(TABLE_PREFIX . 'account_actions', 'ipv6')) {
 		$db->dropColumn(TABLE_PREFIX . 'account_actions', 'ipv6');
 	}
 };
 $down = function () use ($db) {
 	if ($db->hasColumn(TABLE_PREFIX . 'account_actions', 'id')) {
 		$db->query("ALTER TABLE `" . TABLE_PREFIX . "account_actions` DROP `id`;");
 	}
 	$db->query("ALTER TABLE  `" . TABLE_PREFIX . "account_actions` ADD KEY (`account_id`);");
 	if (!$db->hasColumn(TABLE_PREFIX . 'account_actions', 'ipv6')) {
 		$db->addColumn(TABLE_PREFIX . 'account_actions', 'ipv6', "BINARY(16) NOT NULL DEFAULT 0x00000000000000000000000000000000 AFTER ip");
 	}
 	$db->query("UPDATE `" . TABLE_PREFIX . "account_actions` SET `ipv6` = INET6_ATON(ip) WHERE NOT IS_IPV4(`ip`);");
 	$db->query("UPDATE `" . TABLE_PREFIX . "account_actions` SET `ip` = INET_ATON(`ip`) WHERE IS_IPV4(`ip`);");
 	$db->query("UPDATE `" . TABLE_PREFIX . "account_actions` SET `ip` = 0 WHERE `ipv6` != 0x00000000000000000000000000000000;");
 	$db->modifyColumn(TABLE_PREFIX . 'account_actions', 'ip', "INT(11) UNSIGNED NOT NULL DEFAULT 0;");
 };
--- a/system/migrations/48.php
+++ b/system/migrations/48.php
@@ -0,0 +1,16 @@
 <?php
 /**
 * @var OTS_DB_MySQL $db
 */
 $up = function () use ($db) {
 	if (!$db->hasColumn(TABLE_PREFIX . 'menu', 'access')) {
 		$db->addColumn(TABLE_PREFIX . 'menu', 'access', 'TINYINT NOT NULL DEFAULT 0 AFTER `link`');
 	}
 };
 $down = function () use ($db) {
 	if ($db->hasColumn(TABLE_PREFIX . 'menu', 'access')) {
 		$db->dropColumn(TABLE_PREFIX . 'menu', 'access');
 	}
 };
--- a/system/migrations/49.php
+++ b/system/migrations/49.php
@@ -0,0 +1,81 @@
 <?php
 /**
 * @var OTS_DB_MySQL $db
 */
 $time = time();
 function insert_sample_if_not_exist($p): void
 {
 	global $time;
 	$player = new OTS_Player();
 	$player->find($p['name']);
 	if (!$player->isLoaded()) {
 		$player->setData([
 			'name' => $p['name'],
 			'group_id' => 1,
 			'account_id' => getSession('account'),
 			'level' => $p['level'],
 			'vocation' => $p['vocation_id'],
 			'health' => $p['health'],
 			'healthmax' => $p['healthmax'],
 			'experience' => $p['experience'],
 			'lookbody' => 118,
 			'lookfeet' => 114,
 			'lookhead' => 38,
 			'looklegs' => 57,
 			'looktype' => $p['looktype'],
 			'maglevel' => 0,
 			'mana' => $p['mana'],
 			'manamax' => $p['manamax'],
 			'manaspent' => 0,
 			'soul' => $p['soul'],
 			'town_id' => 1,
 			'posx' => 1000,
 			'posy' => 1000,
 			'posz' => 7,
 			'conditions' => '',
 			'cap' => $p['cap'],
 			'sex' => 1,
 			'lastlogin' => $time,
 			'lastip' => 2130706433,
 			'save' => 1,
 			'lastlogout' => $time,
 			'balance' => 0,
 			'created' => $time,
 			'hide' => 1,
 			'comment' => '',
 		]);
 		$player->save();
 	}
 }
 $up = function () use ($db) {
 	if (!$db->hasTable('players')) {
 		return;
 	}
 	insert_sample_if_not_exist(['name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400]);
 	insert_sample_if_not_exist(['name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470]);
 	insert_sample_if_not_exist(['name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470]);
 	insert_sample_if_not_exist(['name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470]);
 	insert_sample_if_not_exist(['name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470]);
 	insert_sample_if_not_exist(['name' => 'Monk Sample', 'level' => 8, 'vocation_id' => 9, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 128, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470]);
 	if (defined('MYAAC_INSTALL')) {
 		global $locale;
 		success($locale['step_database_imported_players']);
 	}
 	require_once __DIR__ . '/20.php';
 	updateHighscoresIdsHidden();
 };
 $down = function () {
 	// nothing
 };
--- a/system/migrations/7.php
+++ b/system/migrations/7.php
@@ -9,7 +9,7 @@ $up = function () use ($db) {
 	}
 };
-$up = function () use ($db) {
+$down = function () use ($db) {
 	if (!$db->hasColumn(TABLE_PREFIX . 'screenshots', 'name')) {
 		$db->addColumn(TABLE_PREFIX . 'screenshots', 'name', 'VARCHAR(30) NOT NULL');
 	}
--- a/system/pages/#examples/top-5.php
+++ b/system/pages/#examples/top-5.php
@@ -0,0 +1,29 @@
 <?php
 /**
 * Example of using getTopPlayers() function
 * to display the best players for each skill
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $skills = [
 	'magic', 'level',
 	'balance', 'frags',
 	POT::SKILL_FIST, POT::SKILL_CLUB,
 	POT::SKILL_SWORD, POT::SKILL_AXE,
 	POT::SKILL_DISTANCE, POT::SKILL_SHIELD,
 	POT::SKILL_FISH
 ];
 foreach ($skills as $skill) {?>
 <ul>
 <?php
 	echo '<strong>' . ucwords(is_string($skill) ? $skill : getSkillName($skill)) . '</strong>';
 	foreach (getTopPlayers(5, $skill) as $player) {?>
 		<li><?= $player['rank'] . '. ' . $player['name'] . ' - ' . $player['value']; ?></li>
 		<?php
 	}
 	?>
 </ul>
 <?php
 }
--- a/system/pages/account/change-password.php
+++ b/system/pages/account/change-password.php
@@ -19,18 +19,17 @@ if(!$logged) {
 csrfProtect();
-$new_password = $_POST['newpassword'] ?? NULL;
+$new_password = $_POST['new_password'] ?? null;
-$new_password_confirm = $_POST['newpassword_confirm'] ?? NULL;
+$new_password_confirm = $_POST['new_password_confirm'] ?? null;
-$old_password = $_POST['oldpassword'] ?? NULL;
+$old_password = $_POST['old_password'] ?? null;
-if(empty($new_password) && empty($new_password_confirm) && empty($old_password)) {
+if(is_null($new_password) && is_null($new_password_confirm) && is_null($old_password)) {
 	$twig->display('account.change-password.html.twig');
 }
-else
+else {
 {
 	if(empty($new_password) || empty($new_password_confirm) || empty($old_password)){
 		$errors[] = 'Please fill in form.';
 	}
-	$password_strlen = strlen($new_password);
+
 	if($new_password != $new_password_confirm) {
 		$errors[] = 'The new passwords do not match!';
 	}
@@ -41,10 +40,13 @@ else
 		}
 		/** @var OTS_Account $account_logged */
-		$old_password = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
+		$old_password_hashed = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $old_password);
-		if($old_password != $account_logged->getPassword()) {
+		if($old_password_hashed != $account_logged->getPassword()) {
 			$errors[] = 'Current password is incorrect!';
 		}
 		else if ($old_password == $new_password) {
 			$errors[] = 'The old password is same as the new password!';
 		}
 		$hooks->trigger(HOOK_ACCOUNT_CHANGE_PASSWORD_POST);
 	}
--- a/system/pages/account/characters/change-comment.php
+++ b/system/pages/account/characters/change-comment.php
@@ -51,6 +51,8 @@ if($player_name != null) {
 						'description' => 'The character information has been changed.'
 					));
 					$show_form = false;
 					$hooks->trigger(HOOK_ACCOUNT_CHARACTERS_CHANGE_COMMENT_AFTER_SUCCESS, ['player' => $player]);
 				}
 			}
 		} else {
@@ -70,9 +72,11 @@ if($show_form) {
 	}
 	if(isset($player) && $player) {
-		$twig->display('account.characters.change-comment.html.twig', array(
+		$_player = $player->toArray();
-			'player' => $player->toArray()
+		$_player['id'] = $player->id; // Hack, as it's somehow missing in the toArray() function
-		));
+
 		$twig->display('account.characters.change-comment.html.twig', [
 			'player' => $_player,
 		]);
 	}
 }
 ?>
--- a/system/pages/account/confirm-email.php
+++ b/system/pages/account/confirm-email.php
@@ -9,6 +9,7 @@
 */
 use MyAAC\Models\Account;
 use MyAAC\Models\AccountEmailVerify;
 defined('MYAAC') or die('Direct access not allowed!');
@@ -20,16 +21,20 @@ if(empty($hash)) {
 	return;
 }
-if(!Account::where('email_hash', $hash)->exists()) {
+// by default link is valid for 30 days
-	note("Your email couldn't be verified. Please contact staff to do it manually.");
+$accountEmailVerify = AccountEmailVerify::where('hash', $hash)->where('sent_at', '>', time() - 30 * 24 * 60 * 60)->first();
 if(!$accountEmailVerify) {
 	note("Wrong link or link has expired.");
 }
 else
 {
-	$accountModel = Account::where('email_hash', $hash)->where('email_verified', 0)->first();
+	$accountModel = Account::where('id', $accountEmailVerify->account_id)->where('email_verified', 0)->first();
 	if ($accountModel) {
 		$accountModel->email_verified = 1;
 		$accountModel->save();
 		AccountEmailVerify::where('account_id', $accountModel->id)->delete();
 		success('You have now verified your e-mail, this will increase the security of your account. Thank you for doing this. You can now <a href=' . getLink('account/manage') . '>log in</a>.');
 		$account = new OTS_Account();
@@ -39,6 +44,6 @@ else
 		}
 	}
 	else {
-		error('Link has expired.');
+		error('Your account is already verified.');
 	}
 }
--- a/system/pages/account/create.php
+++ b/system/pages/account/create.php
@@ -10,6 +10,7 @@
 */
 use MyAAC\CreateCharacter;
 use MyAAC\Models\AccountEmailVerify;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Create Account';
@@ -244,7 +245,12 @@ if($save)
 		if(setting('core.mail_enabled') && setting('core.account_mail_verify'))
 		{
 			$hash = md5(generateRandomString(16, true, true) . $email);
-			$new_account->setCustomField('email_hash', $hash);
+
 			AccountEmailVerify::create([
 				'account_id' => $new_account->getId(),
 				'hash' => $hash,
 				'sent_at' => time(),
 			]);
 			$verify_url = getLink('account/confirm-email/' . $hash);
 			$body_html = $twig->render('mail.account.verify.html.twig', array(
@@ -268,8 +274,10 @@ if($save)
 			}
 			else
 			{
-				error('An error occorred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
+				error('An error occurred while sending email! Account not created. Try again. For Admin: More info can be found in system/logs/mailer-error.log');
 				$new_account->delete();
 				return;
 			}
 		}
 		else
@@ -359,7 +367,7 @@ if(!empty($errors))
 if (setting('core.account_country')) {
 	$countries = array();
-	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
+	foreach (setting('core.account_countries_most_popular') ?? [] as $c)
 		$countries[$c] = $config['countries'][$c];
 	$countries['--'] = '----------';
--- a/system/pages/account/login.php
+++ b/system/pages/account/login.php
@@ -49,7 +49,9 @@ if(!empty($login_account) && !empty($login_password))
 	)
 	{
 		if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
-			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
+			$link = getLink('account/resend-email-verify');
 			$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.<br/>' .
 				'You can resend the Email here: <a href="' . $link . '">' . $link . '</a>';
 		} else {
 			setSession('account', $account_logged->getId());
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@@ -9,540 +9,11 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
-$title = 'Lost Account Interface';
+$title = 'Lost Account';
-if(!setting('core.mail_enabled'))
+if(!setting('core.mail_enabled')) {
-{
+	echo "<b>Account maker is not configured to send e-mails, you can't use Lost Account Interface. Contact with admin to get help.</b>";
 	echo '<b>Account maker is not configured to send e-mails, you can\'t use Lost Account Interface. Contact with admin to get help.</b>';
 	return;
 }
-$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
+$twig->display('account/lost/form.html.twig');
 if($action == '')
 {
 	$twig->display('account.lost.form.html.twig');
 }
 else if($action == 'step1' && $action_type == '') {
 	$twig->display('account.lost.noaction.html.twig');
 }
 elseif($action == 'step1' && $action_type == 'email')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 				echo 'Please enter e-mail to account with this character.<BR>
 				<form action="' . getLink('account/lost') . '?action=sendcode" method=post>
 				<input type=hidden name="character">
 				<table cellspacing=1 cellpadding=4 border=0 width=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter e-mail to account</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR>
 				E-mail to account:<INPUT TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>' . $nick . '</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'sendcode')
 {
 	$email = $_REQUEST['email'];
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_next') < time())
 			{
 				if($account->getEMail() == $email)
 				{
 					$newcode = generateRandomString(30, true, false, true);
 					$mailBody = '
 					You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
 					<p>Account name: '.$account->getName().'</p>
 					<br />
 					To do so, please click this link:
 					<p><a href="' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
 					<p>or open page: <i>' . getLink('account/lost') . '?action=checkcode</i> and in field "code" write <b>'.$newcode.'</b></p>
 					<br/>
 						<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.';
 					$account_mail = $account->getCustomField('email');
 					if(_mail($account_mail, $config['lua']['serverName'].' - Recover your account', $mailBody))
 					{
 						$account->setCustomField('email_code', $newcode);
 						$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 						echo '<br />Details about steps required to recover your account has been sent to <b>' . $account_mail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
 					}
 					else
 					{
 						$account->setCustomField('email_next', (time() + 60));
 						echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 					}
 				}
 				else
 					echo 'Invalid e-mail to account of character <b>'.$nick.'</b>. Try again.';
 			}
 			else
 			{
 				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
 				echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
 			}
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=email&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step1' && $action_type == 'reckey')
 {
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 						echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
 						<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
 						<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 						<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
 						<TR><TD BGCOLOR="'.$config['darkborder'].'">
 						Character name:&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 						Recovery key:&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
 						</TD></TR>
 						</TABLE>
 						<BR>
 						<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 						' . $twig->render('buttons.submit.html.twig') . '</div>
 						</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step2')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					echo '<script type="text/javascript">
 					function validate_required(field,alerttxt)
 					{
 					with (field)
 					{
 					if (value==null||value==""||value==" ")
 					  {alert(alerttxt);return false;}
 					else {return true}
 					}
 					}
 					function validate_email(field,alerttxt)
 					{
 					with (field)
 					{
 					apos=value.indexOf("@");
 					dotpos=value.lastIndexOf(".");
 					if (apos<1||dotpos-apos<2)
 					  {alert(alerttxt);return false;}
 					else {return true;}
 					}
 					}
 					function validate_form(thisform)
 					{
 					with (thisform)
 					{
 					if (validate_required(email,"Please enter your e-mail!")==false)
 					  {email.focus();return false;}
 					if (validate_email(email,"Invalid e-mail format!")==false)
 					  {email.focus();return false;}
 					if (validate_required(passor,"Please enter password!")==false)
 					  {passor.focus();return false;}
 					if (validate_required(passor2,"Please repeat password!")==false)
 					  {passor2.focus();return false;}
 					if (passor2.value!=passor.value)
 					  {alert(\'Repeated password is not equal to password!\');return false;}
 					}
 					}
 					</script>';
 					echo 'Set new password and e-mail to your account.<BR>
 					<FORM ACTION="' . getLink('account/lost') . '?action=step3" onsubmit="return validate_form(this)" METHOD=post>
 					<INPUT TYPE=hidden NAME="character" VALUE="">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter new password and e-mail</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					Account of character:&nbsp;&nbsp;<INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
 					New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="passor" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					Repeat new password:&nbsp;&nbsp;<INPUT id="passor2" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
 					New e-mail address:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT id="email" TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
 					<INPUT TYPE=hidden NAME="key" VALUE="'.$rec_key.'">
 					</TD></TR>
 					</TABLE>
 					<BR>
 					<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 					' . $twig->render('buttons.submit.html.twig') . '</div>
 					</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'step3')
 {
 	$rec_key = trim($_REQUEST['key']);
 	$nick = stripslashes($_REQUEST['nick']);
 	$new_pass = trim($_REQUEST['passor']);
 	$new_email = trim($_REQUEST['email']);
 	if(Validator::characterName($nick))
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($nick);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			$account_key = $account->getCustomField('key');
 			if(!empty($account_key))
 			{
 				if($account_key == $rec_key)
 				{
 					if(Validator::password($new_pass))
 					{
 						if(Validator::email($new_email))
 						{
 							$account->setEMail($new_email);
 							$tmp_new_pass = $new_pass;
 							if(USE_ACCOUNT_SALT)
 							{
 								$salt = generateRandomString(10, false, true, true);
 								$tmp_new_pass = $salt . $new_pass;
 							}
 							$account->setPassword(encrypt($tmp_new_pass));
 							$account->save();
 							if(USE_ACCOUNT_SALT)
 								$account->setCustomField('salt', $salt);
 							echo 'Your account name, new password and new e-mail.<BR>
 							<FORM ACTION="' . getLink('account/manage') . '" onsubmit="return validate_form(this)" METHOD=post>
 							<INPUT TYPE=hidden NAME="character" VALUE="">
 							<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 							<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
 							<TR><TD BGCOLOR="'.$config['darkborder'].'">
 							Account name:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$account->getName().'</b><BR>
 							New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>'.$new_pass.'</b><BR>
 							New e-mail address:&nbsp;<b>'.$new_email.'</b><BR>';
 							if($account->getCustomField('email_next') < time())
 							{
 								$mailBody = '
 								<h3>Your account name and new password!</h3>
 								<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 								<p>Account name: <b>'.$account->getName().'</b></p>
 								<p>New password: <b>'.$new_pass.'</b></p>
 								<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
 								<br />
 								<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 								if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
 								{
 									echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 								}
 								else
 								{
 									echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 								}
 							}
 							else
 							{
 								echo '<br /><small>You will not receive e-mail with this informations.</small>';
 							}
 							echo '<INPUT TYPE=hidden NAME="account_login" VALUE="'.$account->getId().'">
 							<INPUT TYPE=hidden NAME="password_login" VALUE="'.$new_pass.'">
 							</TD></TR></TABLE><BR>
 							<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 							<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 							</TD></TR></FORM></TABLE></TABLE>';
 						}
 						else
 							echo Validator::getLastError();
 					}
 					else
 						echo Validator::getLastError();
 				}
 				else
 					echo 'Wrong recovery key!';
 			}
 			else
 				echo 'Account of this character has no recovery key!';
 		}
 		else
 			echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
 	}
 	else
 		echo 'Invalid player name format. If you have other characters on account try with other name.';
 	echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'checkcode')
 {
 	$code = trim($_REQUEST['code']);
 	$character = stripslashes(trim($_REQUEST['character']));
 	if(empty($code) || empty($character))
 		echo 'Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				echo '<script type="text/javascript">
 				function validate_required(field,alerttxt)
 				{
 				with (field)
 				{
 				if (value==null||value==""||value==" ")
 				  {alert(alerttxt);return false;}
 				else {return true}
 				}
 				}
 				function validate_form(thisform)
 				{
 				with (thisform)
 				{
 				if (validate_required(passor,"Please enter password!")==false)
 				  {passor.focus();return false;}
 				if (validate_required(passor2,"Please repeat password!")==false)
 				  {passor2.focus();return false;}
 				if (passor2.value!=passor.value)
 				  {alert(\'Repeated password is not equal to password!\');return false;}
 				}
 				}
 				</script>
 				Please enter new password to your account and repeat to make sure you remember password.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" onsubmit="return validate_form(this)" METHOD=post>
 				<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 				<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				New password:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
 				Repeat new password:&nbsp;<INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
 elseif($action == 'setnewpassword')
 {
 	$newpassword = $_REQUEST['passor'];
 	$code = $_REQUEST['code'];
 	$character = stripslashes($_REQUEST['character']);
 	echo '';
 	if(empty($code) || empty($character) || empty($newpassword))
 		echo '<span style="color: red"><b>Error. Try again.</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<BR><FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<INPUT TYPE=image NAME="Back" ALT="Back" SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 	else
 	{
 		$player = new OTS_Player();
 		$account = new OTS_Account();
 		$player->find($character);
 		if($player->isLoaded())
 			$account = $player->getAccount();
 		if($account->isLoaded())
 		{
 			if($account->getCustomField('email_code') == $code)
 			{
 				if(Validator::password($newpassword))
 				{
 					$tmp_new_pass = $newpassword;
 					if(USE_ACCOUNT_SALT)
 					{
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass  = $salt . $newpassword;
 						$account->setCustomField('salt', $salt);
 					}
 					$account->setPassword(encrypt($tmp_new_pass ));
 					$account->save();
 					$account->setCustomField('email_code', '');
 					echo 'New password to your account is below. Now you can login.<BR>
 					<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
 					<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 					<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
 					<TR><TD BGCOLOR="'.$config['darkborder'].'">
 					New password:&nbsp;<b>'.$newpassword.'</b><BR />
 					Account name:&nbsp;&nbsp;&nbsp;<i>(Already on your e-mail)</i><BR />';
 					$mailBody = '
 					<h3>Your account name and password!</h3>
 					<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
 					<p>Account name: <b>'.$account->getName().'</b></p>
 					<p>New password: <b>'.$newpassword.'</b></p>
 					<br />
 					<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
 					if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
 					{
 						echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 					}
 					else
 					{
 						echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 					}
 				echo '</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				<FORM ACTION="' . getLink('account/manage') . '" METHOD=post>
 				<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
 				</TD></TR></FORM></TABLE></TABLE>';
 				}
 				else
 					$error= Validator::getLastError();
 			}
 			else
 				$error= 'Wrong code to change password.';
 		}
 		else
 			$error = 'Account of this character or this character doesn\'t exist.';
 	}
 	if(!empty($error))
 				echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
 				<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
 				<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
 				<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
 				<TR><TD BGCOLOR="'.$config['darkborder'].'">
 				Your code:&nbsp;<INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
 				Character:&nbsp;<INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
 				</TD></TR>
 				</TABLE>
 				<BR>
 				<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
 				' . $twig->render('buttons.submit.html.twig') . '</div>
 				</TD></TR></FORM></TABLE></TABLE>';
 }
--- a/system/pages/account/lost/base.php
+++ b/system/pages/account/lost/base.php
@@ -0,0 +1,18 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 function lostAccountWriteCooldown(string $nick, int $time): void
 {
 	global $twig;
 	$inSec = $time - time();
 	$minutesLeft = floor($inSec / 60);
 	$secondsLeft = $inSec - ($minutesLeft * 60);
 	$timeLeft = "$minutesLeft minutes $secondsLeft seconds";
 	$timeRounded = ceil(setting('core.mail_lost_account_interval') / 60);
 	$twig->display('error_box.html.twig', [
 		'errors' => ["Account of selected character (<b>" . escapeHtml($nick) . "</b>) received e-mail in last $timeRounded minutes. You must wait $timeLeft before you can use Lost Account Interface again."]
 	]);
 }
--- a/system/pages/account/lost/check-code.php
+++ b/system/pages/account/lost/check-code.php
@@ -0,0 +1,51 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $code = $_REQUEST['code'] ?? '';
 $character = $_REQUEST['character'] ?? '';
 if(empty($code) || empty($character)) {
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'characters' => $character,
 	]);
 }
 else {
 	$player = new OTS_Player();
 	$account = new OTS_Account();
 	$player->find($character);
 	if($player->isLoaded()) {
 		$account = $player->getAccount();
 	}
 	if($account->isLoaded()) {
 		if($account->getCustomField('email_code') == $code) {
 			$twig->display('account/lost/check-code.finish.html.twig', [
 				'character' => $character,
 				'code' => $code,
 			]);
 		}
 		else {
 			$error = 'Wrong code to change password.';
 		}
 	}
 	else {
 		$error = "Account of this character or this character doesn't exist.";
 	}
 }
 if(!empty($error)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => [$error],
 	]);
 	echo '<br/>';
 	$twig->display('account/lost/check-code.html.twig', [
 	]);
 }
--- a/system/pages/account/lost/email/send-code.php
+++ b/system/pages/account/lost/email/send-code.php
@@ -0,0 +1,75 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 require __DIR__ . '/../base.php';
 $title = 'Lost Account';
 $email = $_POST['email'] ?? '';
 $nick = $_POST['nick'] ?? '';
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		if($account->getEMail() == $email) {
 			$newCode = generateRandomString(30, true, false, true);
 			$mailBody = $twig->render('mail.account.lost.code.html.twig', [
 				'newCode' => $newCode,
 				'account' => $account,
 				'nick' => $nick,
 			]);
 			$accountEMail = $account->getCustomField('email');
 			if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
 				$account->setCustomField('email_code', $newCode);
 				$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
 				$twig->display('success.html.twig', [
 					'title' => 'Email has been sent',
 					'description' => 'Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.',
 					'custom_buttons' => '',
 				]);
 				$twig->display('account.back_button.html.twig', [
 					'new_line' => true,
 					'center' => true,
 					'action' => getLink('news'),
 				]);
 				return;
 			}
 			$account->setCustomField('email_next', (time() + 60));
 			error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
 		}
 		else {
 			$errors[] = 'Invalid e-mail to account of character <b>' . escapeHtml($nick) . '</b>. Try again.';
 		}
 	}
 	else {
 		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
 	}
 }
 else {
 	$errors[] =  "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/step-1') . '?action=email&nick=' . urlencode($nick),
 ]);
--- a/system/pages/account/lost/email/set-new-password.php
+++ b/system/pages/account/lost/email/set-new-password.php
@@ -0,0 +1,128 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $newPassword = $_POST['password'] ?? '';
 $passwordRepeat = $_POST['password_repeat'] ?? '';
 $code = $_POST['code'] ?? '';
 $character = $_POST['character'] ?? '';
 if(empty($code) || empty($character)) {
 	$errors[] = 'Please enter code from e-mail and name of one character from account.';
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 	$twig->display('account/lost/check-code.html.twig', [
 		'code' => $code,
 		'character' => $character,
 	]);
 	$twig->display('account.back_button.html.twig', [
 		'new_line' => true,
 		'center' => true,
 		'action' => getLink('account/lost/check-code')
 	]);
 	return;
 }
 if (empty($newPassword) || empty($passwordRepeat)) {
 	$errors[] = 'Please enter both passwords.';
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 	$twig->display('account/lost/check-code.finish.html.twig', [
 		'character' => $character,
 		'code' => $code,
 	]);
 	return;
 }
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($character);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 $passwordFailed = false;
 if($account->isLoaded()) {
 	if($account->getCustomField('email_code') == $code) {
 		if ($newPassword == $passwordRepeat) {
 			if (Validator::password($newPassword)) {
 				$hooks->trigger(HOOK_ACCOUNT_LOST_EMAIL_SET_NEW_PASSWORD_POST);
 				if (empty($errors)) {
 					$tmp_new_pass = $newPassword;
 					if (USE_ACCOUNT_SALT) {
 						$salt = generateRandomString(10, false, true, true);
 						$tmp_new_pass = $salt . $newPassword;
 						$account->setCustomField('salt', $salt);
 					}
 					$account->setPassword(encrypt($tmp_new_pass));
 					$account->save();
 					$account->setCustomField('email_code', '');
 					$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
 						'account' => $account,
 						'newPassword' => $newPassword,
 					]);
 					$statusMsg = '';
 					if (_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
 						$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
 					} else {
 						$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
 					}
 					$twig->display('account/lost/finish.new-password.html.twig', [
 						'statusMsg' => $statusMsg,
 						'newPassword' => $newPassword,
 					]);
 				}
 			} else {
 				$passwordFailed = true;
 				$errors[] = Validator::getLastError();
 			}
 		}
 		else {
 			$passwordFailed = true;
 			$errors[] = 'Passwords are not the same!';
 		}
 	}
 	else {
 		$errors[] = 'Wrong code to change password.';
 	}
 }
 else {
 	$errors[] = "Account of this character or this character doesn't exist.";
 }
 if(!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 	echo '<br/>';
 	$template = 'account/lost/check-code.html.twig';
 	if($passwordFailed) {
 		$template = 'account/lost/check-code.finish.html.twig';
 	}
 	$twig->display($template, [
 		'code' => $code,
 		'character' => $character,
 	]);
 }
--- a/system/pages/account/lost/email/step-1.php
+++ b/system/pages/account/lost/email/step-1.php
@@ -0,0 +1,36 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 require __DIR__ . '/../base.php';
 csrfProtect();
 $title = 'Lost Account';
 $nick = $_REQUEST['nick'] ?? '';
 if($account->isLoaded()) {
 	if($account->getCustomField('email_next') < time()) {
 		$twig->display('account/lost/email.html.twig', [
 			'nick' => $nick,
 		]);
 	}
 	else {
 		lostAccountWriteCooldown($nick, (int)$account->getCustomField('email_next'));
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-1.php
+++ b/system/pages/account/lost/recovery-key/step-1.php
@@ -0,0 +1,38 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $nick = $_REQUEST['nick'] ?? '';
 $key = $_REQUEST['key'] ?? '';
 if($account->isLoaded()) {
 	$account_key = $account->getCustomField('key');
 	if(!empty($account_key)) {
 		$twig->display('account/lost/recovery-key.step-1.html.twig', [
 			'nick' => $nick,
 			'key' => $key,
 		]);
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost'),
 ]);
--- a/system/pages/account/lost/recovery-key/step-2.php
+++ b/system/pages/account/lost/recovery-key/step-2.php
@@ -0,0 +1,49 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $key = $_REQUEST['key'] ?? '';
 $nick = $_REQUEST['nick'] ?? '';
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			$twig->display('account/lost/recovery-key.step-2.html.twig', [
 				'nick' => $nick,
 				'key' => $key,
 			]);
 		}
 		else {
 			$errors[] = 'Wrong recovery key!';
 		}
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/step-1') . '?action=recovery-key&nick=' . urlencode($nick) . '&key=' . urlencode($key),
 ]);
--- a/system/pages/account/lost/recovery-key/step-3.php
+++ b/system/pages/account/lost/recovery-key/step-3.php
@@ -0,0 +1,117 @@
 <?php
 use MyAAC\Models\Account as AccountModel;
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $key = $_POST['key'];
 $nick = $_POST['nick'] ?? '';
 $newPassword = $_POST['password'] ?? '';
 $passwordRepeat = $_POST['password_repeat'] ?? '';
 $newEmail = $_POST['email'] ?? '';
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if($account->isLoaded()) {
 	$accountKey = $account->getCustomField('key');
 	if(!empty($accountKey)) {
 		if($accountKey == $key) {
 			if(Validator::password($newPassword)) {
 				if ($newPassword == $passwordRepeat) {
 					if (Validator::email($newEmail)) {
 						$emailExists = AccountModel::where('email', $newEmail)->count() > 0;
 						if (!$emailExists) {
 							$hooks->trigger(HOOK_ACCOUNT_LOST_RECOVERY_KEY_STEP_3_POST);
 							if (empty($errors)) {
 								$account->setEMail($newEmail);
 								$tmp_new_pass = $newPassword;
 								if (USE_ACCOUNT_SALT) {
 									$salt = generateRandomString(10, false, true, true);
 									$tmp_new_pass = $salt . $newPassword;
 								}
 								$account->setPassword(encrypt($tmp_new_pass));
 								$account->save();
 								if (USE_ACCOUNT_SALT) {
 									$account->setCustomField('salt', $salt);
 								}
 								$statusMsg = '';
 								if ($account->getCustomField('email_next') < time()) {
 									$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
 										'account' => $account,
 										'newPassword' => $newPassword,
 										'newEmail' => $newEmail,
 									]);
 									if (_mail($account->getCustomField('email'), configLua('serverName') . ' - New password to your account', $mailBody)) {
 										$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
 									} else {
 										$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
 									}
 								} else {
 									$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
 								}
 								$twig->display('account/lost/finish.new-email.html.twig', [
 									'statusMsg' => $statusMsg,
 									'account' => $account,
 									'newPassword' => $newPassword,
 									'newEmail' => $newEmail,
 								]);
 								return;
 							}
 						}
 						else {
 							$errors[] = 'This email is already registered!';
 						}
 					} else {
 						$errors[] = Validator::getLastError();
 					}
 				}
 				else {
 					$errors[] = 'Passwords are not the same!';
 				}
 			}
 			else {
 				$errors[] = Validator::getLastError();
 			}
 		}
 		else {
 			$errors[] = 'Wrong recovery key!';
 		}
 	}
 	else {
 		$errors[] = 'Account of this character has no recovery key!';
 	}
 }
 else {
 	$errors[] = "Player or account of player <b>" . escapeHtml($nick) . "</b> doesn't exist.";
 }
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', [
 		'errors' => $errors,
 	]);
 }
 $twig->display('account.back_button.html.twig', [
 	'new_line' => true,
 	'center' => true,
 	'action' => getLink('account/lost/recovery-key/step-2') . '?nick=' . urlencode($nick) . '&key=' . urlencode($key),
 ]);
--- a/system/pages/account/lost/step-1.php
+++ b/system/pages/account/lost/step-1.php
@@ -0,0 +1,26 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 csrfProtect();
 $title = 'Lost Account';
 $nick = $_REQUEST['nick'] ?? '';
 $player = new OTS_Player();
 $account = new OTS_Account();
 $player->find($nick);
 if($player->isLoaded()) {
 	$account = $player->getAccount();
 }
 if (ACTION == 'email') {
 	require __DIR__ . '/email/step-1.php';
 }
 else if (ACTION == 'recovery-key') {
 	require __DIR__ . '/recovery-key/step-1.php';
 }
 else {
 	$twig->display('account/lost/no-action.html.twig');
 }
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -41,15 +41,24 @@ csrfProtect();
 $groups = new OTS_Groups_List();
 $freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $account_logged->getPremDays() == OTS_Account::GRATIS_PREMIUM_DAYS;
 $dayOrDays = $account_logged->getPremDays() == 1 ? 'day' : 'days';
 /**
 * @var OTS_Account $account_logged
 */
-if(!$account_logged->isPremium())
+$premDays = $account_logged->getPremDays();
 $freePremium = isset($config['lua']['freePremium']) && getBoolean($config['lua']['freePremium']) || $premDays == OTS_Account::GRATIS_PREMIUM_DAYS;
 $dayOrDays = ($premDays == 1 ? 'day' : 'days');
 $vipSystemEnabled = isset($config['lua']['vipSystemEnabled']) && getBoolean($config['lua']['vipSystemEnabled']);
 $premiumLabel = $vipSystemEnabled ? 'VIP' : 'Premium Account';
 if ($freePremium && !$vipSystemEnabled) {
 	$account_status = '<b><span style="color: green">Gratis Premium Account</span></b>';
 } else if(!$account_logged->isPremium()) {
 	$account_status = '<b><span style="color: red">Free Account</span></b>';
-else
+} else {
-	$account_status = '<b><span style="color: green">' . ($freePremium ? 'Gratis Premium Account' : 'Premium Account, ' . $account_logged->getPremDays() . ' '.$dayOrDays.' left') . '</span></b>';
+	$account_status = '<b><span style="color: green">' . $premiumLabel . ', ' . $premDays . ' '.$dayOrDays.' left</span></b>';
 }
 $recovery_key = $account_logged->getCustomField('key');
 if(empty($recovery_key))
@@ -90,12 +99,8 @@ if($email_new_time > 1)
 	}
 }
-$actions = array();
+$actions = $account_logged->getActionsLog(1000);
 foreach($account_logged->getActionsLog(0, 1000) as $action) {
 	$actions[] = array('action' => $action['action'], 'date' => $action['date'], 'ip' => $action['ip'] != 0 ? long2ip($action['ip']) : inet_ntop($action['ipv6']));
 }
 $players = array();
 /** @var OTS_Players_List $account_players */
 $account_players = $account_logged->getPlayersList();
 $account_players->orderBy('id');
--- a/system/pages/account/register-new.php
+++ b/system/pages/account/register-new.php
@@ -48,7 +48,7 @@ else
 					$account_logged->setCustomField('key', $new_rec_key);
 					$account_logged->setCustomField(setting('core.donate_column'), $account_logged->getCustomField(setting('core.donate_column')) - setting('core.account_generate_new_reckey_price'));
 					$account_logged->logAction('Generated new recovery key for ' . setting('core.account_generate_new_reckey_price') . ' premium points.');
-					$message = '<br />Your recovery key were send on email address <b>'.$account_logged->getEMail().'</b> for '.setting('core.account_generate_new_reckey_price').' premium points.';
+					$message = '<br />Your recovery key was sent on email address <b>'.$account_logged->getEMail().'</b> for '.setting('core.account_generate_new_reckey_price').' premium points.';
 				}
 				else
 					$message = '<br /><p class="error">An error occurred while sending email ( <b>'.$account_logged->getEMail().'</b> ) with recovery key! Recovery key not changed. Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>';
--- a/system/pages/account/resend-email-verify.php
+++ b/system/pages/account/resend-email-verify.php
@@ -0,0 +1,94 @@
 <?php
 use MyAAC\Models\AccountEmailVerify;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Resend Email';
 $errorWithBackButton = function ($msg) use ($twig) {
 	$errors = [$msg];
 	$twig->display('error_box.html.twig', ['errors' => $errors]);
 	$twig->display('account.back_button.html.twig', [
 		'action' => getLink('account/resend-email-verify'),
 	]);
 };
 if (!setting('core.mail_enabled') || !setting('core.account_mail_verify')) {
 	$errorWithBackButton('Resending email is not possible on this server.');
 	return;
 }
 $showForm = true;
 if (isset($_POST['submit']) && $_POST['submit'] == '1') {
 	$email = $_REQUEST['email'];
 	if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
 		$errorWithBackButton('Please enter valid Email.');
 		return;
 	}
 	$account = new OTS_Account();
 	$account->findByEMail($email);
 	if ($account->isLoaded()) {
 		if ($account->getCustomField('email_verified') == '1') {
 			$errorWithBackButton('This account is already verified! You can <a href=' . getLink('account/manage') . '>log in</a> on the website.');
 			return;
 		}
 		$accountEmailVerify = AccountEmailVerify::where('account_id', $account->getId())->orderBy('sent_at', 'DESC')->first();
 		if ($accountEmailVerify && time() - $accountEmailVerify->sent_at < 60) {
 			$errorWithBackButton('Only one Email per minute is allowed. Please try again later.');
 			return;
 		}
 		$tmp_account = $email;
 		if (!config('account_login_by_email')) {
 			$tmp_account = (USE_ACCOUNT_NAME ? $account->getName() : $account->getId());
 		}
 		$hash = md5(generateRandomString(16, true, true) . $email);
 		AccountEmailVerify::create([
 			'account_id' => $account->getId(),
 			'hash' => $hash,
 			'sent_at' => time(),
 		]);
 		$verify_url = getLink('account/confirm-email/' . $hash);
 		$body_html = $twig->render('mail.account.resend-email-verify.html.twig', array(
 			'account' => $tmp_account,
 			'verify_url' => generateLink($verify_url, $verify_url, true)
 		));
 		if (_mail($account->getEMail(), configLua('serverName') . ' - Verify Account', $body_html)) {
 			$message = "If account with this email exists - you will become an email with verification link.";
 			$showForm = false;
 		} else {
 			$message = "<p class='error'>An error occurred while sending email (<b>{$email}</b> )! Try again later. For Admin: More info can be found in system/logs/mailer-error.log</p>";
 		}
 	}
 	else {
 		$message = "<br />If account with this email exists - you will become an email with verification link.";
 		$showForm = false;
 	}
 	$twig->display('success.html.twig', array(
 		'title' => 'Verify Email Sent',
 		'description' => $message,
 	));
 }
 //show errors if not empty
 if (!empty($errors)) {
 	$twig->display('error_box.html.twig', ['errors' => $errors]);
 	$twig->display('account.back_button.html.twig', [
 		'action' => getLink('account/resend-email-verify'),
 	]);
 }
 if ($showForm) {
 	$twig->display('account.resend-email-verify.html.twig');
 }
--- a/system/pages/characters.php
+++ b/system/pages/characters.php
@@ -202,35 +202,37 @@ if($player->isLoaded() && !$player->isDeleted())
 		unset($storage);
 	}
-	if($db->hasTable('player_items') && $db->hasColumn('player_items', 'pid') && $db->hasColumn('player_items', 'sid') && $db->hasColumn('player_items', 'itemtype')) {
+	if ($db->hasTableAndColumns('player_items', ['pid', 'sid', 'itemtype'])) {
 		$eq_sql = $db->query('SELECT `pid`, `itemtype` FROM player_items WHERE player_id = '.$player->getId().' AND (`pid` >= 1 and `pid` <= 10)');
-		$equipment = array();
+		$equipment = [];
-		foreach($eq_sql as $eq)
+		foreach($eq_sql as $eq) {
 			$equipment[$eq['pid']] = $eq['itemtype'];
 		}
-		$empty_slots = array("", "no_helmet", "no_necklace", "no_backpack", "no_armor", "no_handleft", "no_handright", "no_legs", "no_boots", "no_ring", "no_ammo");
+		$empty_slots = ["", "no_helmet", "no_necklace", "no_backpack", "no_armor", "no_handleft", "no_handright", "no_legs", "no_boots", "no_ring", "no_ammo"];
-		for($i = 0; $i <= 10; $i++)
+
-		{
+		for($i = 0; $i <= 10; $i++) {
 			if(!isset($equipment[$i]) || $equipment[$i] == 0)
 				$equipment[$i] = $empty_slots[$i];
 		}
-		for($i = 1; $i < 11; $i++)
+		for($i = 1; $i < 11; $i++) {
-		{
+			if(Validator::number($equipment[$i])) {
 			if(Validator::number($equipment[$i]))
 				$equipment[$i] = getItemImage($equipment[$i]);
-			else
+			}
 			else {
 				$equipment[$i] = '<img src="images/items/' . $equipment[$i] . '.gif" width="32" height="32" border="0" alt=" ' . $equipment[$i] . '" />';
 			}
 		}
 	}
-		$skulls = array(
+	$skulls = [
 		1 => 'yellow_skull',
 		2 => 'green_skull',
 		3 => 'white_skull',
 		4 => 'red_skull',
-			5 => 'black_skull'
+		5 => 'black_skull',
-		);
+	];
 	}
 	$dead_add_content = '';
 	$deaths = array();
@@ -450,10 +452,8 @@ WHERE killers.death_id = '".$death['id']."' ORDER BY killers.final_hit DESC, kil
 	if($query->rowCount() > 0) {
 		echo 'Did you mean:<ul>';
 		foreach($query as $player) {
-			if(isset($player['promotion'])) {
+			$player['vocation'] = OTS_Toolbox::getVocationFromPromotion($player['vocation'], $player['promotion'] ?? 0);
-				if((int)$player['promotion'] > 0)
+
 					$player['vocation'] += ($player['promotion'] * $config['vocations_amount']);
 			}
 			echo '<li>' . getPlayerLink($player['name']) . ' (<small><strong>level ' . $player['level'] . ', ' . $config['vocations'][$player['vocation']] . '</strong></small>)</li>';
 		}
 		echo '</ul>';
--- a/system/pages/forum/show_board.php
+++ b/system/pages/forum/show_board.php
@@ -42,35 +42,12 @@ for($i = 0; $i < $threads_count['threads_count'] / setting('core.forum_threads_p
 		$links_to_pages .= '<b>'.($i + 1).' </b>';
 }
 echo '<a href="' . getLink('forum') . '">Boards</a> >> <b>'.$sections[$section_id]['name'].'</b>';
 if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 	echo '<br /><br />
 		<a href="' . getLink('forum') . '?action=new_thread&section_id='.$section_id.'"><img src="images/forum/topic.gif" border="0" /></a>';
 }
 echo '<br /><br />Page: '.$links_to_pages.'<br />';
 $last_threads = $db->query("SELECT `players`.`id` as `player_id`, `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`first_post`, `" . FORUM_TABLE_PREFIX . "forum`.`post_text`, `" . FORUM_TABLE_PREFIX . "forum`.`post_topic`, `" . FORUM_TABLE_PREFIX . "forum`.`id`, `" . FORUM_TABLE_PREFIX . "forum`.`last_post`, `" . FORUM_TABLE_PREFIX . "forum`.`replies`, `" . FORUM_TABLE_PREFIX . "forum`.`views`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` AND `" . FORUM_TABLE_PREFIX . "forum`.`section` = ".$section_id." AND `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = `" . FORUM_TABLE_PREFIX . "forum`.`id` ORDER BY `" . FORUM_TABLE_PREFIX . "forum`.`last_post` DESC LIMIT ".setting('core.forum_threads_per_page')." OFFSET ".($_page * setting('core.forum_threads_per_page')))->fetchAll(PDO::FETCH_ASSOC);
-if(isset($last_threads[0])) {
+$threads = [];
-	echo '<table width="100%">
+if(count($last_threads) > 0) {
 <tr bgcolor="'.$config['vdarkborder'].'" align="center">
 <td class="white">
 <span style="font-size: 10px"><b>Thread</b></span></td>
 <td><span style="font-size: 10px"><b>Thread Starter</b></span></td>
 <td><span style="font-size: 10px"><b>Replies</b></span></td>
 <td><span style="font-size: 10px"><b>Views</b></span></td>
 <td><span style="font-size: 10px"><b>Last Post</b></span></td>
 </tr>';
 	$player = new OTS_Player();
 	foreach($last_threads as $thread) {
 		echo '<tr bgcolor="' . getStyle($number_of_rows++) . '"><td>';
 		if(Forum::isModerator()) {
 			echo '<a href="' . getLink('forum') . '?action=move_thread&id=' . $thread['id'] . '" title="Move Thread"><img src="images/icons/arrow_right.gif"/></a>';
 			$twig->display('forum.remove_post.html.twig', ['post' => $thread]);
 		}
 		$player->load($thread['player_id']);
 		if(!$player->isLoaded()) {
 			throw new RuntimeException('Forum error: Player not loaded.');
@@ -79,28 +56,29 @@ if(isset($last_threads[0])) {
 		$player_account = $player->getAccount();
 		$canEditForum = $player_account->hasFlag(FLAG_CONTENT_FORUM) || $player_account->isAdmin();
-		echo '<a href="' . getForumThreadLink($thread['id']) . '">'.htmlspecialchars($thread['post_topic']). '</a><br /><small>'.($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50))).'...</small></td><td>' . getPlayerLink($thread['name']) . '</td><td>'.(int) $thread['replies'].'</td><td>'.(int) $thread['views'].'</td><td>';
+		$thread['link'] = getForumThreadLink($thread['id']);
 		$thread['post_shortened'] = ($canEditForum ? substr(strip_tags($thread['post_text']), 0, 50) : htmlspecialchars(substr($thread['post_text'], 0, 50)));
 		$thread['player'] = $player;
 		$thread['player_link'] = getPlayerLink($thread['name']);
 		if($thread['last_post'] > 0) {
 			$last_post = $db->query("SELECT `players`.`name`, `" . FORUM_TABLE_PREFIX . "forum`.`post_date` FROM `players`, `" . FORUM_TABLE_PREFIX . "forum` WHERE `" . FORUM_TABLE_PREFIX . "forum`.`first_post` = ".(int) $thread['id']." AND `players`.`id` = `" . FORUM_TABLE_PREFIX . "forum`.`author_guid` ORDER BY `post_date` DESC LIMIT 1")->fetch();
-			if(isset($last_post['name'])) {
+			$last_post['player_link'] = getPlayerLink($last_post['name']);
-				echo date('d.m.y H:i:s', $last_post['post_date']) . '<br />by ' . getPlayerLink($last_post['name']);
+			$thread['latest_post'] = $last_post;
 			}
 			else {
 				echo 'No posts.';
 			}
 		}
 		else {
 			echo date('d.m.y H:i:s', $thread['post_date']) . '<br />by ' . getPlayerLink($thread['name']);
 		}
 		echo '</td></tr>';
 		}
-	echo '</table>';
+		$threads[] = $thread;
 	if($logged && (!$sections[$section_id]['closed'] || Forum::isModerator())) {
 		echo '<br /><a href="' . getLink('forum') . '?action=new_thread&section_id=' . $section_id . '"><img src="images/forum/topic.gif" border="0" /></a>';
 	}
 }
-else {
+
-	echo '<h3>No threads in this board.</h3>';
+$twig->display('forum.show_board.html.twig', [
-}
+	'threads' => $threads,
 	'section_id' => $section_id,
 	'section_name' => $sections[$section_id]['name'],
 	'links_to_pages' => $links_to_pages,
 	'is_moderator' => Forum::isModerator(),
 	'closed' => $sections[$section_id]['closed'],
 ]);
--- a/system/pages/forum/show_thread.php
+++ b/system/pages/forum/show_thread.php
@@ -70,7 +70,7 @@ foreach($posts as &$post) {
 	}
 	$post['group'] = $groupName;
-	$post['player_link'] = getPlayerLink($player->getName());
+	$post['player_link'] = '<a href="' . getPlayerLink($player, false) . '" style="position: relative;">' . $player->getName() . '</a>';
 	$post['vocation'] = $player->getVocationName();
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@@ -21,6 +21,9 @@ if(!$logged) {
 	$errors[] = 'You are not logged in. You can\'t create guild.';
 }
 $configLuaFreePremium = configLua('freePremium');
 $freePremium = (isset($configLuaFreePremium) && getBoolean($configLuaFreePremium));
 $array_of_player_nig = array();
 if(empty($errors))
 {
@@ -31,7 +34,7 @@ if(empty($errors))
 		if(!$player_rank->isLoaded())
 		{
 			if($player->getLevel() >= setting('core.guild_need_level')) {
-				if(!setting('core.guild_need_premium') || $account_logged->isPremium()) {
+				if(!setting('core.guild_need_premium') || $account_logged->isPremium() || $freePremium) {
 					$array_of_player_nig[] = $player->getName();
 				}
 			}
@@ -95,7 +98,7 @@ if($todo == 'save')
 		if($player->getLevel() < setting('core.guild_need_level')) {
 			$errors[] = 'Character <b>'.$name.'</b> has too low level. To create guild you need character with level <b>' . setting('core.guild_need_level') . '</b>.';
 		}
-		if(setting('core.guild_need_premium') && !$account_logged->isPremium()) {
+		if(setting('core.guild_need_premium') && !$account_logged->isPremium() && !$freePremium) {
 			$errors[] = 'Character <b>'.$name.'</b> is on FREE account. To create guild you need PREMIUM account.';
 		}
 	}
--- a/system/pages/guilds/show.php
+++ b/system/pages/guilds/show.php
@@ -91,13 +91,18 @@ $guild_owner = $guild->getOwner();
 if($guild_owner->isLoaded())
 	$guild_owner_name = $guild_owner->getName();
 $deletedColumn = 'deleted';
 if ($db->hasColumn('players', 'deletion')) {
 	$deletedColumn = 'deletion';
 }
 $guild_members = array();
 foreach($rank_list as $rank)
 {
 	if($db->hasTable(GUILD_MEMBERS_TABLE))
-		$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `' . GUILD_MEMBERS_TABLE . '`.`rank_id` as `rank_id` FROM `players`, `' . GUILD_MEMBERS_TABLE . '` WHERE `' . GUILD_MEMBERS_TABLE . '`.`rank_id` = ' . $rank->getId() . ' AND `players`.`id` = `' . GUILD_MEMBERS_TABLE . '`.`player_id` ORDER BY `name`;');
+		$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `' . GUILD_MEMBERS_TABLE . '`.`rank_id` as `rank_id` FROM `players`, `' . GUILD_MEMBERS_TABLE . '` WHERE `' . GUILD_MEMBERS_TABLE . '`.`rank_id` = ' . $rank->getId() . ' AND `players`.`id` = `' . GUILD_MEMBERS_TABLE . '`.`player_id` AND `' . $deletedColumn . '` = 0 ORDER BY `name`;');
 	else if($db->hasColumn('players', 'rank_id'))
-		$players_with_rank = $db->query('SELECT `id`, `rank_id` FROM `players` WHERE `rank_id` = ' . $rank->getId() . ' AND `deleted` = 0;');
+		$players_with_rank = $db->query('SELECT `id`, `rank_id` FROM `players` WHERE `rank_id` = ' . $rank->getId() . ' AND `' . $deletedColumn . '` = 0;');
 	$players_with_rank_number = $players_with_rank->rowCount();
 	if($players_with_rank_number > 0)
--- a/system/pages/highscores.php
+++ b/system/pages/highscores.php
@@ -13,6 +13,7 @@ use MyAAC\Cache\Cache;
 use MyAAC\Models\Player;
 use MyAAC\Models\PlayerDeath;
 use MyAAC\Models\PlayerKillers;
 use MyAAC\Server\XML\Vocations;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Highscores';
@@ -35,24 +36,20 @@ if(!is_numeric($page) || $page < 1 || $page > PHP_INT_MAX) {
 $query = Player::query();
 $configVocations = config('vocations');
 $configVocationsAmount = config('vocations_amount');
 $vocationId = null;
 if($vocation !== 'all') {
 	foreach($configVocations as $id => $name) {
 		if(strtolower($name) == $vocation) {
 			$vocationId = $id;
-			$add_vocs = [$id];
+			$filterVocations = [$id];
-			if ($id !== 0) {
+			while($tmpVoc = Vocations::getPromoted($id)) {
-				$i = $id + $configVocationsAmount;
+				$id = $tmpVoc;
-				while (isset($configVocations[$i])) {
+				$filterVocations[] = $tmpVoc;
 					$add_vocs[] = $i;
 					$i += $configVocationsAmount;
 				}
 			}
-			$query->whereIn('players.vocation', $add_vocs);
+			$query->whereIn('players.vocation', $filterVocations);
 			break;
 		}
 	}
@@ -176,7 +173,9 @@ if (empty($highscores)) {
 				POT::SKILL_FISH => 'skill_fishing',
 			);
-			$query->addSelect($skill_ids[$skill] . ' as value');
+			$query
 				->addSelect($skill_ids[$skill] . ' as value')
 				->orderByDesc($skill_ids[$skill] . '_tries');
 		} else {
 			$query
 				->join('player_skills', 'player_skills.player_id', '=', 'players.id')
@@ -198,11 +197,11 @@ if (empty($highscores)) {
 		if ($skill == POT::SKILL__MAGLEVEL) {
 			$query
 				->addSelect('players.maglevel as value', 'players.maglevel')
-				->orderBy('manaspent');
+				->orderByDesc('manaspent');
 		} else { // level
 			$query
 				->addSelect('players.level as value', 'players.experience')
-				->orderBy('experience');
+				->orderByDesc('experience');
 			$list = 'experience';
 		}
 	}
@@ -247,7 +246,7 @@ foreach($highscores as $id => &$player)
 		$player['link'] = getPlayerLink($player['name'], false);
 		$player['flag'] = getFlagImage($player['country']);
-		$player['outfit'] = '<img style="position:absolute;margin-top:' . (in_array($player['looktype'], setting('core.outfit_images_wrong_looktypes')) ? '-15px;margin-left:5px' : '-45px;margin-left:-25px') . ';" src="' . $player['outfit_url'] . '" alt="" />';
+		$player['outfit'] = '<img style="position:absolute;margin-top:-50px;margin-left:-30px" src="' . $player['outfit_url'] . '" alt="" />';
 		if ($skill != POT::SKILL__LEVEL) {
 			if (isset($lastValue) && $lastValue == $player['value']) {
@@ -323,4 +322,5 @@ $twig->display('highscores.html.twig', [
 	'page' => $page,
 	'baseLink' => $baseLink,
 	'updatedAt' => $updatedAt,
 	'baseVocations' => Vocations::getBase(true),
 ]);
--- a/system/pages/news.php
+++ b/system/pages/news.php
@@ -122,7 +122,7 @@ if(!$news_cached)
 		);
 	}
-	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER .($canEdit ? '' : ' AND `hide` != 1') .' ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit'));
+	$tickers_db = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . TICKER . ' AND `hide` != 1 ORDER BY `date` DESC LIMIT ' . setting('core.news_ticker_limit'));
 	$tickers_content = '';
 	if($tickers_db->rowCount() > 0)
 	{
@@ -142,7 +142,8 @@ if(!$news_cached)
 	if($cache->enabled() && !$canEdit)
 		$cache->set('news_' . $template_name . '_' . TICKER, $tickers_content, 60 * 60);
-	$featured_article_db =$db->query('SELECT `id`, `title`, `article_text`, `article_image`, `hide` FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . ARTICLE . ($canEdit ? '' : ' AND `hide` != 1') .' ORDER BY `date` DESC LIMIT 1');
+	$featured_article_db =$db->query('SELECT `id`, `title`, `article_text`, `article_image`, `hide` FROM `' . TABLE_PREFIX . 'news` WHERE `type` = ' . ARTICLE . ' AND `hide` != 1 ORDER BY `date` DESC LIMIT 1');
 	$article = '';
 	if($featured_article_db->rowCount() > 0) {
 		$article = $featured_article_db->fetch();
@@ -175,7 +176,7 @@ else {
 if(!$news_cached)
 {
 	ob_start();
-	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ($canEdit ? '' : ' AND hide != 1') . ' ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit'));
+	$newses = $db->query('SELECT * FROM ' . $db->tableName(TABLE_PREFIX . 'news') . ' WHERE type = ' . NEWS . ' AND hide != 1 ORDER BY date' . ' DESC LIMIT ' . setting('core.news_limit'));
 	if($newses->rowCount() > 0)
 	{
 		foreach($newses as $news)
--- a/system/pages/online.php
+++ b/system/pages/online.php
@@ -12,6 +12,7 @@
 use MyAAC\Cache\Cache;
 use MyAAC\Models\ServerConfig;
 use MyAAC\Models\ServerRecord;
 use MyAAC\Server\XML\Vocations;
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Who is online?';
@@ -56,15 +57,14 @@ $cached = Cache::remember("online_$order", setting('core.online_cache_ttl') * 60
 	$vocations = array_map(function ($name) {
 		return 0;
-	}, setting('core.vocations'));
+	}, config('vocations'));
 	if($db->hasTable('players_online')) // tfs 1.0
 		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players`, `players_online` WHERE `players`.`id` = `players_online`.`player_id` AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
 	else
 		$playersOnline = $db->query('SELECT `accounts`.`country`, `players`.`name`, `players`.`level`, `players`.`vocation`' . $outfit . ', ' . $promotion . ' `' . $skull_time . '` as `skulltime`, `' . $skull_type . '` as `skull` FROM `accounts`, `players` WHERE `players`.`online` > 0 AND `accounts`.`id` = `players`.`account_id`  ORDER BY ' . $orderSql);
-	$settingVocations = setting('core.vocations');
+	$configVocations = config('vocations');
 	$settingVocationsAmount = setting('core.vocations_amount');
 	$players = [];
 	foreach($playersOnline as $player) {
@@ -81,22 +81,19 @@ $cached = Cache::remember("online_$order", setting('core.online_cache_ttl') * 60
 			}
 		}
-		if(isset($player['promotion'])) {
+		$player['vocation'] = OTS_Toolbox::getVocationFromPromotion($player['vocation'], $player['promotion'] ?? 0);
 			if((int)$player['promotion'] > 0)
 				$player['vocation'] += ($player['promotion'] * $settingVocationsAmount);
 		}
 		$players[] = array(
 			'name' => getPlayerLink($player['name']),
 			'player' => $player,
 			'level' => $player['level'],
-			'vocation' => $settingVocations[$player['vocation']],
+			'vocation' => $configVocations[$player['vocation']],
 			'skull' => $skull,
 			'country_image' => getFlagImage($player['country']),
 			'outfit' => setting('core.outfit_images_url') . '?id=' . $player['looktype'] . ($outfit_addons ? '&addons=' . $player['lookaddons'] : '') . '&head=' . $player['lookhead'] . '&body=' . $player['lookbody'] . '&legs=' . $player['looklegs'] . '&feet=' . $player['lookfeet'],
 		);
-		$vocations[($player['vocation'] > $settingVocationsAmount ? $player['vocation'] - $settingVocationsAmount : $player['vocation'])]++;
+		$vocations[Vocations::getOriginal($player['vocation'])]++;
 	}
 	$record = '';
@@ -142,6 +139,7 @@ $twig->display('online.html.twig', array(
 	'vocations' => $cached['vocations'],
 	'vocs' => $cached['vocations'], // deprecated, to be removed
 	'order' => $order,
 	'baseVocations' => Vocations::getBase(false),
 ));
 // search bar
--- a/system/router.php
+++ b/system/router.php
@@ -8,6 +8,7 @@
 * @link      https://my-aac.org
 */
 use MyAAC\Models\Menu;
 use MyAAC\Models\Pages;
 use MyAAC\Plugins;
@@ -88,8 +89,10 @@ if($logged && $account_logged && $account_logged->isLoaded()) {
 /**
 * Routes loading
 */
 $routesFinal = [];
 $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r) {
-	$routesFinal = [];
+	global $cache, $routesFinal;
 	foreach(getDatabasePages() as $page) {
 		$routesFinal[] = ['*', $page, '__database__/' . $page, 100];
 	}
@@ -165,7 +168,7 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 	echo '</pre>';
 	die;
 */
-	foreach ($routesFinal as $route) {
+	foreach ($routesFinal as &$route) {
 		if ($route[0] === '*') {
 			$route[0] = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD'];
 		}
@@ -198,6 +201,10 @@ $dispatcher = FastRoute\cachedDispatcher(function (FastRoute\RouteCollector $r)
 			log_append('router.log', $warning);
 		}
 	}
 	if ($cache->enabled()) {
 		$cache->set('routes_final', serialize($routesFinal), 10 * 365 * 24 * 60 * 60); // 10 years / infinite
 	}
 },
 	[
 		'cacheFile' => CACHE . 'route.cache',
@@ -212,7 +219,7 @@ $found = true;
 // old support for pages like /?subtopic=accountmanagement
 $page = $_REQUEST['p'] ?? ($_REQUEST['subtopic'] ?? '');
-if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
+if(!empty($page) && preg_match('/^[A-z0-9\/\-]+$/', $page)) {
 	if (isset($_REQUEST['p'])) { // some plugins may require this
 		$_REQUEST['subtopic'] = $_REQUEST['p'];
 	}
@@ -221,10 +228,27 @@ if(!empty($page) && preg_match('/^[A-z0-9\-]+$/', $page)) {
 		require SYSTEM . 'compat/pages.php';
 	}
 	$foundRoute = false;
 	$tmp = null;
 	if ($cache->enabled() && $cache->fetch('routes_final', $tmp)) {
 		$routesFinal = unserialize($tmp);
 	}
 	foreach ($routesFinal as $route) {
 		if ($page === $route[1]) {
 			$file = $route[2];
 			$foundRoute = true;
 			break;
 		}
 	}
 	if (!$foundRoute) {
 		$file = loadPageFromFileSystem($page, $found);
 		if(!$found) {
 			$file = false;
 		}
 	}
 }
 else {
 	$routeInfo = $dispatcher->dispatch($httpMethod, $uri);
@@ -308,7 +332,20 @@ else {
 	}
 }
-if (!$found) {
+$tmpPageOriginal = $page;
 $pagesWithDynamicPart = ['characters', 'forum', 'highscores', 'monsters'];
 foreach ($pagesWithDynamicPart as $_page) {
 	if (str_contains($page, $_page)) {
 		$tmpPageOriginal = $_page;
 	}
 }
 $themeMenu = Menu::select(['name'])
 	->where('template', $template_name)
 	->where('link', $tmpPageOriginal)
 	->where('access', '>', $logged_access);
 if (!$found || $themeMenu->count() >= 1) {
 	$page = '404';
 	$file = SYSTEM . 'pages/404.php';
 }
--- a/system/settings.php
+++ b/system/settings.php
@@ -219,7 +219,14 @@ return [
 		'cache_engine' => [
 			'name' => 'Cache Engine',
 			'type' => 'options',
-			'options' => ['auto' => 'Auto', 'file' => 'Files', 'apc' => 'APC', 'apcu' => 'APCu', 'disable' => 'Disable'],
+			'options' => [
 				'auto' => 'Auto',
 				'file' => 'Files',
 				'apc' => 'APC',
 				'apcu' => 'APCu',
 				'php' => 'PHP',
 				'disable' => 'Disable',
 			],
 			'desc' => 'Auto is most reasonable. It will detect the best cache engine',
 			'default' => 'auto',
 			'is_config' => true,
@@ -312,20 +319,31 @@ return [
 				},
 			],
 		],
 		/**
 		 * @deprecated
 		 * To be removed in v3.0
 		 */
 		'vocations_amount' => [
-			'name' => 'Vocations Amount',
+			'hidden' => true,
 			'type' => 'number',
-			'desc' => 'How much basic vocations your server got (without promotion)',
+			//'name' => 'Vocations Amount',
 			//'desc' => 'How many basic vocations your server got (without promotion)',
 			'default' => 4,
 			'callbacks' => [
 				'get' => function () {
 					return config('vocations_amount');
 				},
 			],
 		],
 		'vocations' => [
-			'name' => 'Vocation Names',
+			'hidden' => true,
 			'type' => 'textarea',
-			'desc' => 'Separated by comma. Must be in the same order as in vocations.xml, starting with id: 0.',
+			//'name' => 'Vocation Names',
 			//'desc' => 'Separated by comma. Must be in the same order as in vocations.xml, starting with id: 0.',
 			'default' => 'None, Sorcerer, Druid, Paladin, Knight, Master Sorcerer, Elder Druid,Royal Paladin, Elite Knight',
 			'callbacks' => [
-				'get' => function ($value) {
+				'get' => function () {
-					return array_map('trim', explode(',', $value));
+					return config('vocations');
 				},
 			],
 		],
@@ -737,6 +755,18 @@ Sent by MyAAC,<br/>
 			'desc' => 'should country of user be automatically recognized by his IP? This makes an external API call to http://ipinfo.io',
 			'default' => true,
 		],
 		'account_countries_most_popular' => [
 			'name' => 'Account Countries Most Popular',
 			'type' => 'text',
 			'desc' => 'Those countries will be display at the top of the list on the create account page. The short codes of countries can be found in file <i>system/countries.conf.php</i>',
 			'default' => 'pl,se,br,us,gb',
 			'callbacks' => [
 				'get' => function ($value) {
 					$tmp = array_map('trim', explode(',', $value));
 					return array_filter($tmp, function ($v) {return !empty($v); });
 				},
 			],
 		],
 		'characters_per_account' => [
 			'name' => 'Characters per Account',
 			'type' => 'number',
@@ -1470,17 +1500,6 @@ Sent by MyAAC,<br/>
 			'desc' => 'Set to animoutfit.php for animated outfit',
 			'default' => 'https://outfit-images.ots.me/latest/outfit.php',
 		],
 		'outfit_images_wrong_looktypes' => [
 			'name' => 'Outfit Images Wrong Looktypes',
 			'type' => 'text',
 			'desc' => 'This looktypes needs to have different margin-top and margin-left because they are wrong positioned',
 			'default' => '75, 126, 127, 266, 302',
 			'callbacks' => [
 				'get' => function ($value) {
 					return array_map('trim', explode(',', $value));
 				},
 			],
 		],
 		[
 			'type' => 'section',
 			'title' => 'Monster Images'
--- a/system/src/Cache/APC.php
+++ b/system/src/Cache/APC.php
@@ -13,8 +13,8 @@ namespace MyAAC\Cache;
 class APC
 {
-	private $prefix;
+	private string $prefix;
-	private $enabled;
+	private bool $enabled;
 	public function __construct($prefix = '')
 	{
@@ -22,14 +22,14 @@ class APC
 		$this->enabled = function_exists('apc_fetch');
 	}
-	public function set($key, $var, $ttl = 0)
+	public function set($key, $var, $ttl = 0): void
 	{
 		$key = $this->prefix . $key;
 		apc_delete($key);
 		apc_store($key, $var, $ttl);
 	}
-	public function get($key)
+	public function get($key): string
 	{
 		$tmp = '';
 		if ($this->fetch($this->prefix . $key, $tmp)) {
@@ -39,18 +39,15 @@ class APC
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var): bool {
 	{
 		return ($var = apc_fetch($this->prefix . $key)) !== false;
 	}
-	public function delete($key)
+	public function delete($key): void {
 	{
 		apc_delete($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/src/Cache/APCu.php
+++ b/system/src/Cache/APCu.php
@@ -13,8 +13,8 @@ namespace MyAAC\Cache;
 class APCu
 {
-	private $prefix;
+	private string $prefix;
-	private $enabled;
+	private bool $enabled;
 	public function __construct($prefix = '')
 	{
@@ -22,14 +22,14 @@ class APCu
 		$this->enabled = function_exists('apcu_fetch');
 	}
-	public function set($key, $var, $ttl = 0)
+	public function set($key, $var, $ttl = 0): void
 	{
 		$key = $this->prefix . $key;
 		apcu_delete($key);
 		apcu_store($key, $var, $ttl);
 	}
-	public function get($key)
+	public function get($key): string
 	{
 		$tmp = '';
 		if ($this->fetch($this->prefix . $key, $tmp)) {
@@ -39,18 +39,15 @@ class APCu
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var): bool {
 	{
 		return ($var = apcu_fetch($this->prefix . $key)) !== false;
 	}
-	public function delete($key)
+	public function delete($key): void {
 	{
 		apcu_delete($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/src/Cache/Cache.php
+++ b/system/src/Cache/Cache.php
@@ -47,35 +47,15 @@ class Cache
 			return self::$instance;
 		}
-		switch (strtolower($engine)) {
+		self::$instance = match (strtolower($engine)) {
-			case 'apc':
+			'apc' => new APC($prefix),
-				self::$instance = new APC($prefix);
+			'apcu' => new APCu($prefix),
-				break;
+			'xcache' => new XCache($prefix),
-
+			'file' => new File($prefix, CACHE),
-			case 'apcu':
+			'php' => new PHP($prefix, CACHE),
-				self::$instance = new APCu($prefix);
+			'auto' => self::generateInstance(self::detect(), $prefix),
-				break;
+			default => new self(),
-
+		};
 			case 'xcache':
 				self::$instance = new XCache($prefix);
 				break;
 			case 'file':
 				self::$instance = new File($prefix, CACHE);
 				break;
 			case 'php':
 				self::$instance = new PHP($prefix, CACHE);
 				break;
 			case 'auto':
 				self::$instance = self::generateInstance(self::detect(), $prefix);
 				break;
 			default:
 				self::$instance = new self();
 				break;
 		}
 		return self::$instance;
 	}
@@ -83,7 +63,7 @@ class Cache
 	/**
 	 * @return string
 	 */
-	public static function detect()
+	public static function detect(): string
 	{
 		if (function_exists('apc_fetch'))
 			return 'apc';
@@ -98,8 +78,7 @@ class Cache
 	/**
 	 * @return bool
 	 */
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return false;
 	}
@@ -115,6 +94,11 @@ class Cache
 			return unserialize($value);
 		}
 		// -1 for infinite cache
 		if ($ttl == -1) {
 			$ttl = 10 * 365 * 24 * 60 * 60; // 10 years should be enough
 		}
 		$value = $callback();
 		$cache->set($key, serialize($value), $ttl);
 		return $value;
--- a/system/src/Cache/File.php
+++ b/system/src/Cache/File.php
@@ -12,18 +12,22 @@ namespace MyAAC\Cache;
 class File
 {
-	private $prefix;
+	private string $prefix;
-	private $dir;
+	private string $dir;
-	private $enabled;
+	private bool $enabled;
 	public function __construct($prefix = '', $dir = '')
 	{
 		$this->prefix = $prefix;
 		$this->dir = $dir;
 		ensureFolderExists($this->dir);
 		ensureIndexExists($this->dir);
 		$this->enabled = (file_exists($this->dir) && is_dir($this->dir) && is_writable($this->dir));
 	}
-	public function set($key, $var, $ttl = 0)
+	public function set($key, $var, $ttl = 0): void
 	{
 		$file = $this->_name($key);
 		file_put_contents($file, $var);
@@ -35,7 +39,7 @@ class File
 		touch($file, time() + $ttl);
 	}
-	public function get($key)
+	public function get($key): string
 	{
 		$tmp = '';
 		if ($this->fetch($key, $tmp)) {
@@ -45,7 +49,7 @@ class File
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var): bool
 	{
 		$file = $this->_name($key);
 		if (!file_exists($file) || filemtime($file) < time()) {
@@ -56,7 +60,7 @@ class File
 		return true;
 	}
-	public function delete($key)
+	public function delete($key): void
 	{
 		$file = $this->_name($key);
 		if (file_exists($file)) {
@@ -64,13 +68,11 @@ class File
 		}
 	}
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return $this->enabled;
 	}
-	private function _name($key)
+	private function _name($key): string {
 	{
 		return sprintf('%s%s%s', $this->dir, $this->prefix, sha1($key));
 	}
 }
--- a/system/src/Cache/PHP.php
+++ b/system/src/Cache/PHP.php
@@ -12,33 +12,37 @@ namespace MyAAC\Cache;
 class PHP
 {
-	private $prefix;
+	private string $prefix;
-	private $dir;
+	private string $dir;
-	private $enabled;
+	private bool $enabled;
 	public function __construct($prefix = '', $dir = '')
 	{
 		$this->prefix = $prefix;
 		$this->dir = $dir;
 		ensureFolderExists($this->dir);
 		ensureIndexExists($this->dir);
 		$this->enabled = (file_exists($this->dir) && is_dir($this->dir) && is_writable($this->dir));
 	}
-	public function set($key, $var, $ttl = 0)
+	public function set($key, $var, $ttl = 0): void
 	{
 		$var = var_export($var, true);
 		// Write to temp file first to ensure atomicity
 		$tmp = $this->dir . "tmp_$key." . uniqid('', true) . '.tmp';
 		file_put_contents($tmp, '<?php $var = ' . $var . ';', LOCK_EX);
 		$file = $this->_name($key);
 		rename($tmp, $file);
 		if ($ttl === 0) {
 			$ttl = 365 * 24 * 60 * 60; // 365 days
 		}
-		touch($file, time() + $ttl);
+		$expires = time() + $ttl;
 		// Write to temp file first to ensure atomicity
 		$tmp = $this->dir . "tmp_$key." . uniqid('', true) . '.tmp';
 		file_put_contents($tmp, "<?php return ['expires' => $expires, 'var' => $var];", LOCK_EX);
 		$file = $this->_name($key);
 		rename($tmp, $file);
 	}
 	public function get($key)
@@ -51,19 +55,23 @@ class PHP
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var): bool
 	{
 		$file = $this->_name($key);
-		if (!file_exists($file) || filemtime($file) < time()) {
+		if (!file_exists($file)) {
 			return false;
 		}
-		@include $file;
+		$content = include $file;
-		$var = isset($var) ? $var : null;
+		if (!isset($content) || $content['expires'] < time()) {
 			return false;
 		}
 		$var = $content['var'];
 		return true;
 	}
-	public function delete($key)
+	public function delete($key): void
 	{
 		$file = $this->_name($key);
 		if (file_exists($file)) {
@@ -71,13 +79,11 @@ class PHP
 		}
 	}
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return $this->enabled;
 	}
-	private function _name($key)
+	private function _name($key): string {
 	{
 		return sprintf('%s%s%s', $this->dir, $this->prefix, sha1($key) . '.php');
 	}
 }
--- a/system/src/Cache/XCache.php
+++ b/system/src/Cache/XCache.php
@@ -13,8 +13,8 @@ namespace MyAAC\Cache;
 class XCache
 {
-	private $prefix;
+	private string $prefix;
-	private $enabled;
+	private bool $enabled;
 	public function __construct($prefix = '')
 	{
@@ -22,14 +22,14 @@ class XCache
 		$this->enabled = function_exists('xcache_get') && ini_get('xcache.var_size');
 	}
-	public function set($key, $var, $ttl = 0)
+	public function set($key, $var, $ttl = 0): void
 	{
 		$key = $this->prefix . $key;
 		xcache_unset($key);
 		xcache_set($key, $var, $ttl);
 	}
-	public function get($key)
+	public function get($key): string
 	{
 		$tmp = '';
 		if ($this->fetch($this->prefix . $key, $tmp)) {
@@ -39,7 +39,7 @@ class XCache
 		return '';
 	}
-	public function fetch($key, &$var)
+	public function fetch($key, &$var): bool
 	{
 		$key = $this->prefix . $key;
 		if (!xcache_isset($key)) {
@@ -50,13 +50,11 @@ class XCache
 		return true;
 	}
-	public function delete($key)
+	public function delete($key): void {
 	{
 		xcache_unset($this->prefix . $key);
 	}
-	public function enabled()
+	public function enabled(): bool {
 	{
 		return $this->enabled;
 	}
 }
--- a/system/src/Commands/Env.php
+++ b/system/src/Commands/Env.php
@@ -0,0 +1,33 @@
 <?php
 namespace MyAAC\Commands;
 use POT;
 trait Env
 {
 	protected function init(): void
 	{
 		global $config;
 		if (!isset($config['installed']) || !$config['installed']) {
 			throw new \RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 		}
 		if(empty($config['server_path'])) {
 			throw new \RuntimeException('Server Path has been not set. Go to config.php and set it.');
 		}
 		// take care of trailing slash at the end
 		if($config['server_path'][strlen($config['server_path']) - 1] !== '/')
 			$config['server_path'] .= '/';
 		$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 		// POT
 		require_once SYSTEM . 'libs/pot/OTS.php';
 		$ots = POT::getInstance();
 		$eloquentConnection = null;
 		require_once SYSTEM . 'database.php';
 	}
 }
--- a/system/src/Commands/MigrateCommand.php
+++ b/system/src/Commands/MigrateCommand.php
@@ -9,6 +9,8 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 class MigrateCommand extends Command
 {
 	use Env;
 	protected function configure(): void
 	{
 		$this->setName('migrate')
@@ -17,9 +19,19 @@ class MigrateCommand extends Command
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
-		require SYSTEM . 'init.php';
+		$this->init();
 		$io = new SymfonyStyle($input, $output);
 		$tmp = '';
 		if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 			$tmp = (int)$tmp;
 			if ($tmp >= DATABASE_VERSION) {
 				$io->success('Already on latest version.');
 				return Command::SUCCESS;
 			}
 		}
 		require SYSTEM . 'migrate.php';
 		$io->success('Migrated to latest version (' . DATABASE_VERSION . ')');
--- a/system/src/Commands/MigrateRunCommand.php
+++ b/system/src/Commands/MigrateRunCommand.php
@@ -10,6 +10,8 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 class MigrateRunCommand extends Command
 {
 	use Env;
 	protected function configure(): void
 	{
 		$this->setName('migrate:run')
@@ -23,12 +25,12 @@ class MigrateRunCommand extends Command
 	protected function execute(InputInterface $input, OutputInterface $output): int
 	{
 		require SYSTEM . 'init.php';
 		$io = new SymfonyStyle($input, $output);
 		$ids = $input->getArgument('id');
 		$this->init();
 		// pre-check
 		// in case one of the migrations doesn't exist - we won't execute any of them
 		foreach ($ids as $id) {
--- a/system/src/Commands/MigrateToCommand.php
+++ b/system/src/Commands/MigrateToCommand.php
@@ -11,6 +11,8 @@ use Symfony\Component\Console\Style\SymfonyStyle;
 class MigrateToCommand extends Command
 {
 	use Env;
 	protected function configure(): void
 	{
 		$this->setName('migrate:to')
@@ -32,7 +34,7 @@ class MigrateToCommand extends Command
 			return Command::FAILURE;
 		}
-		$this->initEnv();
+		$this->init();
 		$currentVersion = Config::where('name', 'database_version')->first()->value;
 		if ($currentVersion > $versionDest) {
@@ -80,29 +82,4 @@ class MigrateToCommand extends Command
 		updateDatabaseConfig('database_version', ($_up ? $id : $id - 1));
 	}
 	private function initEnv()
 	{
 		global $config;
 		if (!isset($config['installed']) || !$config['installed']) {
 			throw new \RuntimeException('MyAAC has not been installed yet or there was error during installation. Please install again.');
 		}
 		if(empty($config['server_path'])) {
 			throw new \RuntimeException('Server Path has been not set. Go to config.php and set it.');
 		}
 		// take care of trailing slash at the end
 		if($config['server_path'][strlen($config['server_path']) - 1] !== '/')
 			$config['server_path'] .= '/';
 		$config['lua'] = load_config_lua($config['server_path'] . 'config.lua');
 		// POT
 		require_once SYSTEM . 'libs/pot/OTS.php';
 		$ots = POT::getInstance();
 		$eloquentConnection = null;
 		require_once SYSTEM . 'database.php';
 	}
 }
--- a/system/src/Commands/PluginDisableCommand.php
+++ b/system/src/Commands/PluginDisableCommand.php
@@ -13,6 +13,7 @@ class PluginDisableCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:disable')
 			->setAliases(['plugin:deactivate'])
 			->setDescription('This command disables plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to disable');
 	}
--- a/system/src/Commands/PluginEnableCommand.php
+++ b/system/src/Commands/PluginEnableCommand.php
@@ -13,6 +13,7 @@ class PluginEnableCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:enable')
 			->setAliases(['plugin:activate'])
 			->setDescription('This command enables plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to enable');
 	}
--- a/system/src/Commands/PluginUninstallCommand.php
+++ b/system/src/Commands/PluginUninstallCommand.php
@@ -13,6 +13,7 @@ class PluginUninstallCommand extends Command
 	protected function configure(): void
 	{
 		$this->setName('plugin:uninstall')
 			->setAliases(['plugin:remove', 'plugin:delete'])
 			->setDescription('This command uninstalls plugin')
 			->addArgument('plugin-name', InputArgument::REQUIRED, 'Plugin that you want to uninstall');
 	}
--- a/system/src/CreateCharacter.php
+++ b/system/src/CreateCharacter.php
@@ -149,7 +149,10 @@ class CreateCharacter
 		if($db->hasColumn('players', 'direction'))
 			$player->setDirection($playerSample->getDirection());
 		if($db->hasColumn('players', 'conditions')) {
 			$player->setConditions($playerSample->getConditions());
 		}
 		$rank = $playerSample->getRank();
 		if($rank->isLoaded()) {
 			$player->setRank($playerSample->getRank());
@@ -183,7 +186,11 @@ class CreateCharacter
 		$player->setLookHead($playerSample->getLookHead());
 		$player->setLookLegs($playerSample->getLookLegs());
 		$player->setLookType($playerSample->getLookType());
 		if($db->hasColumn('players', 'cap')) {
 			$player->setCap($playerSample->getCap());
 		}
 		$player->setBalance(0);
 		$player->setPosX(0);
 		$player->setPosY(0);
--- a/system/src/Forum.php
+++ b/system/src/Forum.php
@@ -231,6 +231,7 @@ class Forum
 			if(!is_int($rows / 2)) { $bgcolor = 'ABED25'; } else { $bgcolor = '23ED25'; } $rows++;
 			$text = str_ireplace('[code]'.$code.'[/code]', '<i>Code:</i><br /><table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #CCCCCC; border-width: 2px"><tr><td>'.$code.'</td></tr></table>', $text);
 		}
 		$rows = 0;
 		while(stripos($text, '[quote]') !== false && stripos($text, '[/quote]') !== false )
 		{
@@ -238,11 +239,31 @@ class Forum
 			if(!is_int($rows / 2)) { $bgcolor = 'AAAAAA'; } else { $bgcolor = 'CCCCCC'; } $rows++;
 			$text = str_ireplace('[quote]'.$quote.'[/quote]', '<table cellpadding="0" style="background-color: #'.$bgcolor.'; width: 480px; border-style: dotted; border-color: #007900; border-width: 2px"><tr><td>'.$quote.'</td></tr></table>', $text);
 		}
-		$rows = 0;
+
-		while(stripos($text, '[url]') !== false && stripos($text, '[/url]') !== false )
+		$tagsToParse = [
 			'url' => function ($str) {
 				return '<a href="'.$str.'" target="_blank">'.$str.'</a>';
 			},
 			'player' => function ($str) {
 				return generateLink(getPlayerLink($str, false), $str, true);
 			},
 			'guild' => function ($str) {
 				return generateLink(getGuildLink($str, false), $str, true);
 			},
 			'house' => function ($str) {
 				return generateLink(getHouseLink($str, false), $str, true);
 			}
 		];
 		foreach ($tagsToParse as $tag => $callback) {
 			while(stripos($text, "[$tag]") !== false && stripos($text, "[/$tag]") !== false
 				&& stripos($text, "[$tag]") < stripos($text, "[/$tag]"))
 			{
-			$url = substr($text, stripos($text, '[url]')+5, stripos($text, '[/url]') - stripos($text, '[url]') - 5);
+				$length = strlen("[$tag]");
-			$text = str_ireplace('[url]'.$url.'[/url]', '<a href="'.$url.'" target="_blank">'.$url.'</a>', $text);
+				$substr = substr($text, stripos($text, "[$tag]") + $length, stripos($text, "[/$tag]") - stripos($text, "[$tag]") - $length);
 				$text = str_ireplace('[' . $tag . ']' . $substr . '[/' . $tag . ']', $callback($substr), $text);
 			}
 		}
 		$xhtml = false;
@@ -252,9 +273,6 @@ class Forum
 			'#\[u\](.*?)\[/u\]#si' => ($xhtml ? '<span style="text-decoration: underline;">\\1</span>' : '<u>\\1</u>'),
 			'#\[s\](.*?)\[/s\]#si' => ($xhtml ? '<strike>\\1</strike>' : '<s>\\1</s>'),
 			'#\[guild\](.*?)\[/guild\]#si' => urldecode(generateLink(getGuildLink('$1', false), '$1', true)),
 			'#\[house\](.*?)\[/house\]#si' => urldecode(generateLink(getHouseLink('$1', false), '$1', true)),
 			'#\[player\](.*?)\[/player\]#si' => urldecode(generateLink(getPlayerLink('$1', false), '$1', true)),
 			// TODO: [poll] tag
 			'#\[color=(.*?)\](.*?)\[/color\]#si' => ($xhtml ? '<span style="color: \\1;">\\2</span>' : '<span style="color: \\1">\\2</span>'),
--- a/system/src/Items.php
+++ b/system/src/Items.php
@@ -76,10 +76,11 @@ class Items
 	public static function get($id) {
 		self::load();
-		return isset(self::$items[$id]) ? self::$items[$id] : [];
+		return self::$items[$id] ?? [];
 	}
-	public static function getDescription($id, $count = 1) {
+	public static function getDescription($id, $count = 1): string
 	{
 		$item = self::get($id);
 		$attr = $item['attributes'];
@@ -112,15 +113,15 @@ class Items
 			$s .= 'an item of type ' . $item['id'];
 		if(isset($attr['type']) && strtolower($attr['type']) == 'rune') {
-			$item = Spell::where('item_id', $id)->first();
+			$spell = Spell::where('item_id', $id)->first();
-			if($item) {
+			if($spell) {
-				if($item->level > 0 && $item->maglevel > 0) {
+				if($spell->level > 0 && $spell->maglevel > 0) {
-					$s .= '. ' . ($count > 1 ? "They" : "It") . ' can only be used by ';
+					$s .= '. ' . ($count > 1 ? 'They' : 'It') . ' can only be used by ';
 				}
 				$configVocations = config('vocations');
-				if(!empty(trim($item->vocations))) {
+				if(!empty(trim($spell->vocations))) {
-					$vocations = json_decode($item->vocations);
+					$vocations = json_decode($spell->vocations);
 					if(count($vocations) > 0) {
 						foreach($vocations as $voc => $show) {
 							$vocations[$configVocations[$voc]] = $show;
@@ -133,8 +134,39 @@ class Items
 				$s .= ' with';
 				if ($spell->level > 0) {
 					$s .= ' level ' . $spell->level;
 				}
 				if ($spell->maglevel > 0) {
 					if ($spell->level > 0) {
 						$s .= ' and';
 					}
 					$s .= ' magic level ' . $spell->maglevel;
 				}
 				$s .= ' or higher';
 			}
 		}
 		if (!empty($item['weaponType'])) {
 			if ($item['weaponType'] == 'distance' && isset($item['ammoType'])) {
 				$s .= ' (Range:' . $item['range'];
 			}
 			if (isset($item['attack']) && $item['attack'] != 0) {
 				$s .= ', Atk ' . ($item['attack'] > 0 ? '+' . $item['attack'] : '-' . $item['attack']);
 			}
 			if (isset($item['hitChance']) && $item['hitChance'] != -1) {
 				$s .= ', Hit% ' . ($item['hitChance'] > 0 ? '+' . $item['hitChance'] : '-' . $item['hitChance']);
 			}
 			elseif ($item['weaponType'] != 'ammo') {
 			}
 		}
 		return $s;
 	}
 }
--- a/system/src/Models/Account.php
+++ b/system/src/Models/Account.php
@@ -5,11 +5,15 @@ namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 /**
 * @property integer $premium_ends_at
 * @property integer $premend
 * @property integer $lastday
 * @property integer $premdays
 */
 class Account extends Model {
 	const GRATIS_PREMIUM_DAYS = 65535;
 	protected $table = 'accounts';
 	public $timestamps = false;
@@ -33,32 +37,35 @@ class Account extends Model {
 	public function getPremiumDaysAttribute()
 	{
-		if(isset($this->premium_ends_at) || isset($this->premend)) {
+		if(isset($this->premium_ends_at) || isset($this->premend) ||
-			$col = isset($this->premium_ends_at) ? 'premium_ends_at' : 'premend';
+			(isCanary() && isset($this->lastday))) {
-			$ret = ceil(($this->{$col}- time()) / (24 * 60 * 60));
+				$col = (isset($this->premium_ends_at) ? 'premium_ends_at' : (isset($this->lastday) ? 'lastday' : 'premend'));
-			return $ret > 0 ? $ret : 0;
+				$ret = ceil(($this->{$col} - time()) / (24 * 60 * 60));
 				return max($ret, 0);
 		}
 		if($this->premdays == 0) {
 			return 0;
 		}
-		if($this->premdays == 65535){
+		if($this->premdays == self::GRATIS_PREMIUM_DAYS){
-			return 65535;
+			return self::GRATIS_PREMIUM_DAYS;
 		}
 		$ret = ceil($this->premdays - ((int)date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->lastday))) - date("z", $this->lastday)));
 		return max($ret, 0);
 	}
-	public function getIsPremiumAttribute()
+	public function getIsPremiumAttribute(): bool
 	{
-		if(isset($this->premium_ends_at)) {
+		if(isset($this->premium_ends_at) || isset($this->premend) ||
-			return $this->premium_ends_at > time();
+			(isCanary() && isset($this->lastday))) {
 			$col = (isset($this->premium_ends_at) ? 'premium_ends_at' : (isset($this->lastday) ? 'lastday' : 'premend'));
 			return $this->{$col} > time();
 		}
-		if(isset($this->premend)) {
+		if($this->premdays == self::GRATIS_PREMIUM_DAYS){
-			return $this->premend > time();
+			return true;
 		}
 		return ($this->premdays - (date("z", time()) + (365 * (date("Y", time()) - date("Y", $this->lastday))) - date("z", $this->lastday)) > 0);
--- a/Show More
+++ b/Show More