diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml
new file mode 100644
index 00000000..610cafed
--- /dev/null
+++ b/.github/workflows/phpstan.yml
@@ -0,0 +1,47 @@
+name: "PHPStan"
+
+on:
+  pull_request:
+    branches: [develop]
+  push:
+    branches: [develop]
+
+jobs:
+  tests:
+    name: PhpStan on PHP ${{ matrix.php-versions }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        php-versions: [ '8.1', '8.2', '8.3' ]
+    steps:
+      - name: "Checkout"
+        uses: "actions/checkout@v4"
+
+      - name: "Install PHP"
+        uses: "shivammathur/setup-php@v2"
+        with:
+          coverage: "none"
+          extensions: "intl, zip"
+          ini-values: "memory_limit=-1"
+          php-version: "${{ matrix.php-version }}"
+
+      - name: Get composer cache directory
+        id: composer-cache
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
+
+      - name: Cache composer dependencies
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          # Use composer.json for key, if composer.lock is not committed.
+          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+          #key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          restore-keys: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
+
+      - name: "Install composer dependencies"
+        run: "composer install"
+
+      - name: "Run PHPStan"
+        run: "/usr/bin/php vendor/bin/phpstan analyse"
diff --git a/admin/pages/notepad.php b/admin/pages/notepad.php
index d6c6358b..9587c7f1 100644
--- a/admin/pages/notepad.php
+++ b/admin/pages/notepad.php
@@ -16,7 +16,7 @@ $title = 'Notepad';
 csrfProtect();
 
 /**
- * @var $account_logged OTS_Account
+ * @var OTS_Account $account_logged
  */
 $_content = '';
 $notepad = ModelsNotepad::where('account_id', $account_logged->getId())->first();
diff --git a/composer.json b/composer.json
index ee65ddbe..384add29 100644
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,8 @@
     },
     "require-dev": {
         "filp/whoops": "^2.15",
-        "maximebf/debugbar": "dev-master"
+        "maximebf/debugbar": "dev-master",
+        "phpstan/phpstan": "^1.10"
     },
     "autoload": {
         "psr-4": {
diff --git a/install/includes/functions.php b/install/includes/functions.php
index b9934928..d8dd2cb9 100644
--- a/install/includes/functions.php
+++ b/install/includes/functions.php
@@ -11,13 +11,13 @@ function query($query)
 		error($error_);
 		$error = true;
 	}
-	
+
 	return !$error;
 }
 
 // define php version id if its not already
 if(!defined('PHP_VERSION_ID')) {
-	$version = explode('.', PHP_VERSION);
+	$version = array_map('intval', explode('.', PHP_VERSION));
 
 	define('PHP_VERSION_ID', ($version[0] * 10000 + $version[1] * 100 + $version[2]));
 }
@@ -97,4 +97,4 @@ function win_is_writable($path) {
 		unlink($path);
 
 	return true;
-}
\ No newline at end of file
+}
diff --git a/phpstan-bootstrap.php b/phpstan-bootstrap.php
new file mode 100644
index 00000000..6de2ac2b
--- /dev/null
+++ b/phpstan-bootstrap.php
@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__ . '/system/libs/pot/OTS.php';
+$ots = POT::getInstance();
+
+require __DIR__ . '/system/libs/pot/InvitesDriver.php';
+require __DIR__ . '/system/libs/rfc6238.php';
+require __DIR__ . '/common.php';
+
+const ACTION = '';
+const PAGE = '';
+const URI = '';
+define('SELF_NAME', basename(__FILE__));
diff --git a/phpstan.neon b/phpstan.neon
new file mode 100644
index 00000000..b77bc1d2
--- /dev/null
+++ b/phpstan.neon
@@ -0,0 +1,38 @@
+parameters:
+	level: 3
+	paths:
+		- .
+		- templates/tibiacom
+		- templates/kathrine
+	excludePaths:
+		- system/cache/*
+		- vendor/*
+		- plugins/*
+		- system/libs
+		- tools/signature/mango.php
+		- tools/signature/gd.class.php
+	bootstrapFiles:
+		- phpstan-bootstrap.php
+	ignoreErrors:
+		- '#Variable \$db might not be defined#'
+		- '#Variable \$twig might not be defined#'
+		- '#Variable \$hooks might not be defined#'
+		- '#Variable \$account_logged might not be defined#'
+		- '#Variable \$logged might not be defined#'
+		- '#Variable \$config might not be defined#'
+		- '#Variable \$action might not be defined#'
+		- '#Variable \$errors might not be defined#'
+		- '#Variable \$cache might not be defined#'
+		- '#Variable \$status might not be defined#'
+		- '#Variable \$player might not be defined#'
+		- '#Variable \$guild might not be defined#'
+		- '#Variable \$[a-zA-Z0-9\\_]+ might not be defined#'
+		# Eloquent models
+		- '#Call to an undefined static method [a-zA-Z0-9\\_]+::[a-zA-Z0-9\\_]+()#'
+		# system/pages/highscores.php
+		- '#Call to an undefined method Illuminate\\Database\\Query\\Builder::withOnlineStatus\(\)#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$online_status#'
+		- '#Access to an undefined property Illuminate\\Database\\Eloquent\\Model::\$vocation_name#'
+		-
+			message: '#Variable \$tmp in empty\(\) always exists and is always falsy#'
+			path: templates\kathrine\javascript.php
diff --git a/system/functions.php b/system/functions.php
index bf8c8710..c0fb7f2a 100644
--- a/system/functions.php
+++ b/system/functions.php
@@ -418,7 +418,10 @@ function delete_guild($id)
 	if(count($rank_list) > 0) {
 		$rank_list->orderBy('level');
 
-		global $db, $ots;
+		global $db;
+		/**
+		 * @var OTS_GuildRank $rank_in_guild
+		 */
 		foreach($rank_list as $rank_in_guild) {
 			if($db->hasTable('guild_members'))
 				$players_with_rank = $db->query('SELECT `players`.`id` as `id`, `guild_members`.`rank_id` as `rank_id` FROM `players`, `guild_members` WHERE `guild_members`.`rank_id` = ' . $rank_in_guild->getId() . ' AND `players`.`id` = `guild_members`.`player_id` ORDER BY `name`;');
@@ -710,11 +713,8 @@ function getSkillName($skillId, $suffix = true)
 /**
  * Performs flag check on the current logged in user.
  * Table in database: accounts, field: website_flags
- *
- * @param int @flag Flag to be verified.
- * @return bool If user got flag.
  */
-function hasFlag($flag) {
+function hasFlag(int $flag): bool {
 	global $logged, $logged_flags;
 	return ($logged && ($logged_flags & $flag) == $flag);
 }
diff --git a/system/pages/account/lost.php b/system/pages/account/lost.php
index 5cd17325..79c739cb 100644
--- a/system/pages/account/lost.php
+++ b/system/pages/account/lost.php
@@ -55,7 +55,7 @@ elseif($action == 'step1' && $action_type == 'email')
 				</TD></TR></FORM></TABLE></TABLE>';
 			else
 			{
-				$insec = $account->getCustomField('email_next') - time();
+				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
@@ -118,7 +118,7 @@ elseif($action == 'sendcode')
 			}
 			else
 			{
-				$insec = $account->getCustomField('email_next') - time();
+				$insec = (int)$account->getCustomField('email_next') - time();
 				$minutesleft = floor($insec / 60);
 				$secondsleft = $insec - ($minutesleft * 60);
 				$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
diff --git a/system/pages/guilds/cleanup_guilds.php b/system/pages/guilds/cleanup_guilds.php
index ebc41ee3..302d81f9 100644
--- a/system/pages/guilds/cleanup_guilds.php
+++ b/system/pages/guilds/cleanup_guilds.php
@@ -23,9 +23,15 @@ $guilds_list = new OTS_Guilds_List();
 $guilds_list->init();
 if(count($guilds_list) > 0)
 {
+	/**
+	 * @var OTS_Guild $guild
+	 */
 	foreach($guilds_list as $guild)
 	{
 		$error = 0;
+		/**
+		 * @var OTS_Player $leader
+		 */
 		$leader = $guild->getOwner();
 		if($leader->isLoaded())
 		{
diff --git a/system/pages/guilds/create.php b/system/pages/guilds/create.php
index dcecf988..97de0699 100644
--- a/system/pages/guilds/create.php
+++ b/system/pages/guilds/create.php
@@ -117,6 +117,9 @@ if(isset($todo) && $todo == 'save')
 	$ranks = $new_guild->getGuildRanksList();
 	$ranks->orderBy('level', POT::ORDER_DESC);
 	foreach($ranks as $rank) {
+		/**
+		 * @var OTS_GuildRank $rank
+		 */
 		if($rank->getLevel() == 3) {
 			$player->setRank($rank);
 		}
diff --git a/system/pages/guilds/list.php b/system/pages/guilds/list.php
index e8425dc4..96d7bf08 100644
--- a/system/pages/guilds/list.php
+++ b/system/pages/guilds/list.php
@@ -19,6 +19,9 @@ $guilds_list->orderBy("name");
 $guilds = array();
 if(count($guilds_list) > 0)
 {
+	/**
+	 * @var OTS_Guild $guild
+	 */
 	foreach ($guilds_list as $guild) {
 		$guild_logo = $guild->getCustomField('logo_name');
 		if (empty($guild_logo) || !file_exists(GUILD_IMAGES_DIR . $guild_logo))
diff --git a/system/pages/last-kills.php b/system/pages/last-kills.php
index 798d91c3..1c02764d 100644
--- a/system/pages/last-kills.php
+++ b/system/pages/last-kills.php
@@ -39,13 +39,13 @@ else {
 						if($i == 1) {
 							if($count <= 4)
 								$killers_string .= 'killed';
-							else if($count > 4 and $count < 10)
+							else if($count < 10)
 								$killers_string .= 'slain';
-							else if($count > 9 and $count < 15)
+							else if($count < 15)
 								$killers_string .= 'crushed';
-							else if($count > 14 and $count < 20)
+							else if($count < 20)
 								$killers_string .= 'eliminated';
-							else if($count > 19)
+							else
 								$killers_string .= 'annihilated';
 							$killers_string .= ' at level <b>' . $death['level'] . '</b> ';
 						} else if($i == $count)
diff --git a/system/router.php b/system/router.php
index 53b3d9e4..bbdb7aa2 100644
--- a/system/router.php
+++ b/system/router.php
@@ -236,7 +236,7 @@ else {
 				// parse for define PAGE
 				$tmp = BASE_DIR;
 				$uri = $_SERVER['REQUEST_URI'];
-				if (!empty($tmp)) {
+				if (strlen($tmp) > 0) {
 					$uri = str_replace(BASE_DIR . '/', '', $uri);
 				}
 
diff --git a/system/src/CsrfToken.php b/system/src/CsrfToken.php
index 641a47e1..7e002928 100644
--- a/system/src/CsrfToken.php
+++ b/system/src/CsrfToken.php
@@ -25,7 +25,7 @@ class CsrfToken
 	 *
 	 * @access public
 	 * @static true
-	 * @return void
+	 * @return string
 	 **/
 	public static function create(bool $return = false): string {
 		$input = '<input type="hidden" name="csrf_token" value="' . self::get() . '" />';
diff --git a/system/src/Models/Changelog.php b/system/src/Models/Changelog.php
index 2fd03200..b7356166 100644
--- a/system/src/Models/Changelog.php
+++ b/system/src/Models/Changelog.php
@@ -4,6 +4,14 @@ namespace MyAAC\Models;
 
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property int $id
+ * @property int $type
+ * @property int $where
+ * @property string $body
+ * @property int $player_id
+ * @property int $date
+ */
 class Changelog extends Model {
 
 	protected $table = TABLE_PREFIX . 'changelog';
diff --git a/system/src/Models/Pages.php b/system/src/Models/Pages.php
index cadf9276..30b23ae6 100644
--- a/system/src/Models/Pages.php
+++ b/system/src/Models/Pages.php
@@ -3,6 +3,13 @@
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property int $id
+ * @property string $name
+ * @property string $title
+ * @property int $php
+ * @property int $hide
+ */
 class Pages extends Model {
 
 	protected $table = TABLE_PREFIX . 'pages';
diff --git a/system/src/Models/Settings.php b/system/src/Models/Settings.php
index 1d8c36cc..aa38c76c 100644
--- a/system/src/Models/Settings.php
+++ b/system/src/Models/Settings.php
@@ -3,6 +3,11 @@
 namespace MyAAC\Models;
 use Illuminate\Database\Eloquent\Model;
 
+/**
+ * @property string $name
+ * @property string $key
+ * @property string $value
+ */
 class Settings extends Model {
 
 	protected $table = TABLE_PREFIX . 'settings';
diff --git a/system/src/Validator.php b/system/src/Validator.php
index 2466a370..04c9b340 100644
--- a/system/src/Validator.php
+++ b/system/src/Validator.php
@@ -141,8 +141,8 @@ class Validator
 	 * Validate account password
 	 * Name lenght must be 3-32 chars
 	 *
-	 * @param string $name Account name to check
-	 * @return bool Is account name valid?
+	 * @param string $password Password to check
+	 * @return bool Is password valid?
 	 */
 	public static function password($password)
 	{
diff --git a/system/status.php b/system/status.php
index a1ce86dd..ee8b4317 100644
--- a/system/status.php
+++ b/system/status.php
@@ -102,6 +102,9 @@ if($status_interval && $status_timeout < $status_interval) {
 	$status_timeout = $status_interval;
 }
 
+/**
+ * @var int $status_timeout
+ */
 if($status['lastCheck'] + $status_timeout < time()) {
 	updateStatus();
 }
diff --git a/system/template.php b/system/template.php
index 8ecb045b..09fea29e 100644
--- a/system/template.php
+++ b/system/template.php
@@ -171,8 +171,6 @@ function get_template_menus() {
 	$new_menus = array();
 	/**
 	 * @var array $configMenuCategories
-	 * @var int $id
-	 * @var array $options
 	 */
 	$configMenuCategories = config('menu_categories');
 	if($configMenuCategories === null) {
diff --git a/tools/news_preview.php b/tools/news_preview.php
index 7193b94d..dd53987c 100644
--- a/tools/news_preview.php
+++ b/tools/news_preview.php
@@ -67,6 +67,9 @@ if(isset($_GET['title'], $_GET['body'], $_GET['player_id'], $_GET['category'], $
 		);
 
 		foreach($tickers as &$ticker) {
+			/**
+			 * @var array $ticker
+			 */
 			$ticker['icon'] = $categories[$ticker['category']]['icon_id'];
 			$ticker['body_short'] = short_text(strip_tags($ticker['body']), 100);
 			$ticker['hidden'] = $ticker['hide'];