<base> is not working properly, use full URL instead

Use Whoops only if installed, otherwise use myaac exception handler
Ignore cypress in git-export + install composer deps on release
2025-11-04 01:36:23 +01:00 · 2023-06-02 15:24:10 +02:00 · 2023-06-02 15:20:07 +02:00 · 2023-06-02 08:04:13 +02:00 · 2023-06-02 06:37:25 +02:00 · 2023-06-01 11:23:36 +02:00
1110 changed files with 26503 additions and 53222 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -11,4 +11,9 @@ insert_final_newline = true
 [*.md]
 trim_trailing_whitespace = false
-indent_style = tab
+
 [{composer.json,package.json}]
 indent_style = space
 [package.json]
 indent_size = 2
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,8 +3,12 @@
 .gitignore export-ignore
 .github export-ignore
 .editorconfig export-ignore
 .travis.yml export-ignore
 _config.yml export-ignore
 release.sh export-ignore
 # cypress
 cypress export-ignore
 cypress.config.js export-ignore
 cypress.env.json
 *.sh text eol=lf
--- a/.github/workflows/cypress.yml
+++ b/.github/workflows/cypress.yml
@@ -0,0 +1,120 @@
 name: Cypress
 on:
  pull_request:
    branches: [develop]
  push:
    branches: [develop]
 jobs:
  cypress:
    runs-on: ubuntu-latest
    services:
      mysql:
        image: mysql:8.0
        env:
          MYSQL_ROOT_PASSWORD: root
          MYSQL_DATABASE: myaac
          MYSQL_USER: myaac
          MYSQL_PASSWORD: myaac
        ports:
          - 3306/tcp
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    strategy:
      fail-fast: false
      matrix:
        php-versions: [ '7.4', '8.0', '8.1' ]
    name: MyAAC on PHP ${{ matrix.php-versions }}
    steps:
        - name: 📌 MySQL Start & init & show db
          run: |
            sudo /etc/init.d/mysql start
            mysql -e 'CREATE DATABASE myaac;' -uroot -proot
            mysql -e "SHOW DATABASES" -uroot -proot
        - name: Checkout MyAAC
          uses: actions/checkout@v3
          with:
            ref: develop
        - name: Checkout TFS
          uses: actions/checkout@v3
          with:
            repository: otland/forgottenserver
            ref: 1.4
            path: tfs
        - name: Import TFS Schema
          run: |
              mysql -uroot -proot myaac < tfs/schema.sql
        - name: Rename config.lua
          run: mv tfs/config.lua.dist tfs/config.lua
        - name: Replace mysqlUser
          uses: jacobtomlinson/gha-find-replace@v2
          with:
            find: 'mysqlUser = "forgottenserver"'
            replace: 'mysqlUser = "root"'
            regex: false
            include: 'tfs/config.lua'
        - name: Replace mysqlPass
          uses: jacobtomlinson/gha-find-replace@v2
          with:
              find: 'mysqlPass = ""'
              replace: 'mysqlPass = "root"'
              regex: false
              include: 'tfs/config.lua'
        - name: Replace mysqlDatabase
          uses: jacobtomlinson/gha-find-replace@v2
          with:
              find: 'mysqlDatabase = "forgottenserver"'
              replace: 'mysqlDatabase = "myaac"'
              regex: false
              include: 'tfs/config.lua'
        - name: Setup PHP
          uses: shivammathur/setup-php@v2
          with:
            php-version: ${{ matrix.php-versions }}
            extensions: mbstring, dom, fileinfo, mysql, json, xml, pdo, pdo_mysql
        - name: Get composer cache directory
          id: composer-cache
          run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
        - name: Cache composer dependencies
          uses: actions/cache@v3
          with:
            path: ${{ steps.composer-cache.outputs.dir }}
            # Use composer.json for key, if composer.lock is not committed.
            # key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.json') }}
            key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
            restore-keys: ${{ runner.os }}-composer-
        - name: Install Composer dependencies
          run: composer install --no-progress --prefer-dist --optimize-autoloader
        - name: Run PHP server
          run: nohup php -S localhost:8080 > php.log 2>&1 &
        - name: Cypress Run
          uses: cypress-io/github-action@v5
          env:
            CYPRESS_URL: http://localhost:8080
            CYPRESS_SERVER_PATH: /home/runner/work/myaac/myaac/tfs
        - name: Save screenshots
          uses: actions/upload-artifact@v3
          if: always()
          with:
            name: cypress-screenshots
            path: cypress/screenshots
        - name: Upload Cypress Videos
          uses: actions/upload-artifact@v3
          if: always()
          with:
            name: cypress-videos
            path: cypress/videos
--- a/.github/workflows/phplint.yml
+++ b/.github/workflows/phplint.yml
@@ -0,0 +1,16 @@
 name: PHP Linting
 on:
  pull_request:
    branches: [develop]
  push:
    branches: [develop]
 jobs:
  phplint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: overtrue/phplint@8.2
        with:
          path: .
          options: --exclude=*.log
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,23 @@
 Thumbs.db
 .DS_Store
 .idea
 # composer
 composer.lock
 vendor
 # npm
 node_modules
 # cypress
 cypress.env.json
 cypress/e2e/2-advanced-examples
 # created by release.sh
 releases
 tmp
 releases
 config.local.php
 PERSONAL_NOTES
 # all custom templates
 templates/*
@@ -16,6 +28,10 @@ templates/*
 images/guilds/*
 !images/guilds/default.gif
 # editor images
 images/editor/*
 !images/editor/index.html
 # cache
 system/cache/*
 !system/cache/index.html
@@ -27,13 +43,26 @@ system/cache/*
 system/logs/*
 !system/logs/index.html
 # data
 system/data/*
 !system/data/index.html
 # php sessions
 system/php_sessions/*
 !system/php_sessions/index.html
 # plugins
 plugins/*
 !plugins/.htaccess
 !plugins/example.json
 !plugins/account-create-hint.json
 !plugins/account-create-hint
 !plugins/email-confirmed-reward.json
 !plugins/email-confirmed-reward
 landing
 # system
 system/functions_custom.php
 # others/rest
 system/pages/downloads.php
--- a/.htaccess
+++ b/.htaccess
@@ -6,12 +6,14 @@
 	Options -MultiViews
 </IfModule>
 <FilesMatch "^(CHANGELOG\.md|README\.md|composer\.json|composer\.lock|package\.json|package-lock\.json|cypress\.env\.json)$">
 	Require all denied
 </FilesMatch>
 <IfModule mod_rewrite.c>
 	RewriteEngine On
-	# you can put here your myaac root folder
+	#RewriteBase /myaac/
 	# path relative to web root
    #RewriteBase /myaac/
 	RewriteCond %{REQUEST_FILENAME} !-f
 	RewriteCond %{REQUEST_FILENAME} !-d
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,19 +0,0 @@
 language: php
 php:
  - 5.6
  - 7.0
  - 7.1
  - 7.2
  - 7.3
  - 7.4
 cache:
  directories:
    - $HOME/.composer/cache
 before_script:
  - composer require jakub-onderka/php-parallel-lint --no-suggest --no-progress --no-interaction --no-ansi --quiet --optimize-autoloader
 script:
  - php vendor/bin/parallel-lint --no-progress --no-colors --exclude vendor . 
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,652 +1,55 @@
 # Changelog
-## [0.8.2 - x.x.2020]
+## [0.9.0-alpha - 02.06.2023]
 Minimum PHP version for this release is 7.2.5.
 ### Added
-* $_SERVER['REQUEST_URI'] to database.log
+* reworked Admin Panel (@Leesneaks, @gpedro, @slawkens)
  * updated to Bootstrap v4
  * new Menu
  * new Dashboard: statistics, server status
  * new Admin Bar showed on top when admin logged in
  * new page: Server Data, to reload server data
  * new pages: mass account & teleport tools
  * changelogs editor
  * revised Accounts & Players editors
  * option to add/modify menus with plugins
  * option to enable/disable plugins
  * better, updated TinyMCE editor (v6.x)
    * with option to upload images
  * list of open source libraries used in project
 * brand new charming installation page (by @fernandomatos)
  * using Bootstrap
 * new pages router: nikic/fast-route, allowing for better customisation
 * Guild Wars support (available as plugin)
 * support for login and create account only by email (configurable)
  * with no need for account name
 * Google ReCAPTCHA v3 support (available as plugin)
 * automatically load towns names from .OTBM file
 * support for Account Number
  * suggest account number option
 * many new functions, hooks and configurables
 * better Exception Handler (Whoops - https://github.com/filp/whoops)
 * add Cypress testing
 ### Changed
-* account_login input type from password to text
+* Composer is now used for external libraries like: Twig, PHPMailer, fast-route etc.
 * mail support is disabled on fresh install, can be manually enabled by user
 * disable add php pages in admin panel for security. Option to disable plugins upload
 * visitors counter shows now user browser, and also if its bot
 * changes in required and optional PHP extensions
 * reworked Pages:
 	* Bans
 		* works now for TFS 1.x
 	* Highscores
 		* frags works for TFS 1.x
 		* cached
 	* creatures
 * moved pages to Twig:
  * experience stages
 * update player_deaths entries on name change
 * change_password email to be more informal
 ### Fixed
-* Updating template menus on template change
+* hundrets of bug fixes, mostly patched from 0.8, so it makes no sense writing them again here
 * Account change info when config.account_country is disabled
 * Show character indicator in check_name.js
 * Houses list View button
 * Fix OTS_House houseid parameter
 ## [0.8.1 - 10.03.2020]
 ### Added
 * Support for Nostalrius OTS
 ### Changed
 * Move TODO to wiki
 * .tooltip css class to .item_image (bootstrap conflict)
 ### Fixed
 * Reloading of creatures/monsters throwing an exception
 * Loading custom pages with old Gesior variables [#108](https://github.com/slawkens/myaac/issues/107)
 * Some weird behaviour with installation of plugins
 * CHANGELOG.md loading in Admin Panel
 * spells displaying when level = 0
 * Some PHP warnings and notices
 ## [0.8.0 - 19.02.2020]
 ### Added:
 * new Awesome Bootstrap Admin Panel by Lee (@Leesneaks)
 	* using Bootstrap 3
 	* all existing pages were adjusted 
 	* new editor: Accounts
 	* improved editor: Players
 	* new Reports View page
 	* Modules directory, which can be added using Plugins (@Leesneaks, @whiteblXK)
 	* move News Management here (@whiteblXK)
 	* interactive player outfit chooser (@tobi132)
 * added Highscores by balance
 * possibility to define colors and "Open in New Tab" on Template Menus (needs to be supported by Template)
 * support for database persistent and socket connections (performance boost)
 * Team page - display outfits of the players (configurable)
 * added clear_cache.php, send_email.php bin commands (@slawkens, @tobi132)
 * added locale pt_br (@ivenspontes)
 * added load time into items & weapons loading admin page
 * new, beautiful exception handler
 * added travisci to prevent mistype (@gpedro, #89)
 * added showing database name into installation script (@tobi132)
 * compatibility with old z_ gesior table (@tobi132, #46)
 * added nginx-sample.conf, .editorconfig, VERSION
 * database towns table support for TFS 1.3 (@tobi132)
 * added enable_tinymce option to Pages editor
 ### Fixed:
 * account login redirect with special chars (like '&' and '?')
 * black skull info at serverInfo (@tornadia)
 * set correct limit at lastkills page from config (anyeor from OtLand)
 * myaac_monsters table column loot problem (#79)
 * players column deleted install description (@gpedro, #91)
 * experience table being to wide and buggy on some templates (@tobi132, #90)
 * fix errors with .htaccess files
 * added index.html to prevent indexing the folder by mod_index
 ### Changed:
 * Environment is now configurable by env setting (Significantly better load times with 'prod')
 * replace spells, monsters tables with JavaScript Sortable Tables - DataTables (@Leesneaks)
 * change default MySQL Storage Engine to InnoDB and Default Character Set to utf8
 * updated OTS_House class to support latest TFS 1.x (new columns)
 * updated monster images to the original ones from tibia.com
 * increased the minimum length (3 -> 4) and decreased the maximum length (25 -> 21) of the New Character Name (by @vankk)
 * use $db->exec instead of $db->query optimisation
 * move items from database to Cache_PHP (Much more faster load time)
 * allow simultaneous loading of config.ini and config.php in templates
 * updated copyright year and SSL link (@EPuncker, #88)
 * move commands, rules and downloads pages into database (@tobi132)
 * better view of guilds (new buttons, table look and feel) (@tobi132)
 * remove stupid alerts on account create
 * remove .dist extension from .htaccess
 ### New Configurables (config.php)
 * env (Environment)
 * account_create_auto_login (Auto Login after Create Account - Registration)
 * account_create_character_create (Create Character directly on Create Account page) (@tobi132)
 * footer_show_load_time (display load time of the page in the footer)
 * database_socket (Connection via Unix Socket)
 * database_persistent (Database Persistent Connection)
 * database_log (Logging of Database Queries)
 * admin_panel_modules (Modules displayed in Admin Panel Dashboard)
 * status_timeout, status_interval
 * smtp_debug (More info about SMTP errors in error.log)
 * team_display_outfit (Display outfit of the team members on teams page)
 * highscores_balance (Display highscores by balance)
 * character_name_min/max_length (Minimum and maximum length of character name)
 * characters.deleted (display deleted characters on characters page)
 ### Forum:
 * show image in full screen on click
 * show user avatar (outfit) in posts
 * replaced forum actions links (move, remove, edit, quote) with images
 * redirect directly to the thread on user login (on new reply)
 ### Installer:
 * AJAX loader for the important stuff
 * create admin account: ask for e-mail + character name
 * load items & weapons
 * check user IP on install to prevent install by random user
 * remember status of the installation
 * remember language on first step (welcome)
 * ask user for timezone
 * auto detected browser language in select language
 ### Plugins
 * sandbox for plugins, don't install when requirements are not satisfied
 * allow comments inside plugin json file (php style)
 * new require options for plugins: (look into example.json)
 	* require database version, table or column of the MyAAC schema
 	* require php-extension
 	* require semantic-version (like in composer.json)
 * new hooks: LOGIN, LOGIN_ATTEMPT, LOGOUT, HOOK_ACCOUNT_CREATE_*
 ### Cache
 * php 7.x APCu cache support (faster cache engine)
 * new cache engine: plain PHP (is good with pure php 7.0+ and opcache)
 * cache lastkills.php, $db->hasTable, $db->hasColumn, hooks and template menus
 * stop using global $cache variable, use Singleton pattern instead
 ### Twig
 * move pages to Twig templates: team, lastkills, serverinfo, houses, guilds.list, guild.view, admin.logs, admin.reports (@whiteblXK, @tobi132)
 * replace "$twig->render()" with "$this->display"
 * move Twig functions to separate file
 * move tibiacom boxes to Twig templates
 * allow Pages to be loaded as Twig template (this allows using Twig variables in Pages) (@tobi132)
 * allow string to be passed to hook twig function
 ### Functions
 * config($key), configLua($key)
 * clearCache()
 * OTS_Account:
 	* getCountry()
 	* setLastLogin($lastlogin) (@Leesneaks)
 	* setWebFlags(webflags) (@Leesneaks)
 * OTS_Player:
 	* getAccountId()
 	* countBlessings() (@Leesneaks)
 	* checkBlessings($count) (@Leesneaks)
 * is_sub_dir (in system/libs/plugins.php)
 * Twig:
 	* getPlayerLink($name, $generate = true)
 * removed SQLquote and SQLquery from OTS_Base_DB
 * Add optional $params param into log_append (will log arrays) (@tobi132)
 ### Internal
 * moved clients list to the new file (clients.conf.php)
 * changed tableExist and fieldExist to $db->hasTable(table) + $db->hasColumn(table, column)
 * changed deprecated $ots->createObject() functions with their OTS_ equivalents
 * add global helper config($key) function + twig binding
 	* use config() instead of global $config
 * remove unnecessary parentheses in include/require PHP functions
 * use __DIR__ instead of dirname(__FILE__) - since PHP 5.3.0
 * change intval() function to (int) casting (up to 6x faster)
 * add release.sh script (for GitHub releases)
 * use curl as alternative option for reporting install
 ### Libraries
 * updated Twig to version v1.35.0
 * updated TinyMCE to version v4.7.4
 ### Deprecations
 * change deprecated HTML <center> tag to <div style="text-align:center">
 * replace deprecated HTML <font> tag with <span>
 ## [0.7.11 - 04.05.2019]
 ### Added:
 * support for some old servers, where arrays are used in config.lua
 * an additional text to the install page informing that user can reinstall MyAAC by deleting config.local.php
 ### Fixed:
 * XSS in forum show_thread
 * guilds - "Add new rank" function
 * multiple mail recipients when using admin mailer function
 * Admin Panel - MyAAC logs not shown if servers logs directory doesn't exist (#47)
 * missing prefix for cache get() and delete() functions
 * add fatal error message when myaac tables in database do not exist
 * the mystical defect where "Create Account" button was not highlighted (on the account/manage page)
 * bug where server_config table does not exist (OTHire as an example)
 * database_name in Usage_Statistics
 * forgot to open <head> in install template
 ### Changed:
 * do not display software version
 ## [0.7.10 - 03.03.2018]
 ### Added:
 * new configurable: smtp_secure
 * robots.txt
 ### Fixed:
 * editing an existing page that had php enabled
 * chrome bug on save (when editing page) ERR_BLOCKED_BY_XSS_AUDITOR
 * showing IP and Port in admin panel (#44, by miqueiaspenha)
 * deleting plugin showing "You don't have rights to delete"
 * some bug with PHPMailer not finding its language file
 * default accounts.vote value
 * saving some really high long ip addresses
 ### Changed:
 * update config.highscores_ids_hidden on install when there are samples already in database
 * auto add z_polls table on install
 ### Internal:
 * changed mb_strtolower functions to strtolower()
 * added new function: $hooks->exist($type)
 ## [0.7.9 - 13.01.2018]
 	* removed 6mb of trash (some useless things)
 	* (fix) TFS 1.x not showing promoted vocations in highscores
 	* otserv 0.6.x: fixed some warning (on the characters page) and fatal mysql error (on the mango signature)
 	* fixed default stamina on otserv 0.6.x engine (and some others perhaps)
 	* install: change permission check to is_writable
 	* changed highscores_groups_hidden to 3 (for TFS 1.x)
 	* updated background-artwork (tibiacom template) to the latest version, removed other ones
 ## [0.7.8 - 12.01.2018]
 	* fixed installation error " call to undefined method OTS_DB_MySQL::hasColumn()"
 	* updated tinymce to the latest (4.7.4) version
 	* enabled emoticons plugin in tinymce :)
 	* some security fixes
 ## [0.7.7 - 08.01.2018]
 	* important fix for servers with promotion column (caused player.vocation to be resetted when saving player, for example: on change name, accept invite to guild, leave guild)
 	* immediately reload config.lua when there's change in config.server_path detected
 	* added new forum option: "Enable HTML" (only for moderators)
 	* fixed othire default column value (#26)
 	* fixed saving custom vocations in admin panel (#36)
 	* fixed warning in highscores when vocation doesn't exist
 	* fixed characters page - config.characters.frags "Notice: Use of undefined constant"
 	* fixed getBoolean function when boolean is passed
 	* fixed empty success message on leave guild
 	* fixed displaying premium account days
 	* function OTS_Account:getPremDays will now return -1 if there's freePremium configurable enabled on the server
 	* fixed tr bgcolor in characters view (Frags) (#38)
 	* fixed some warning in guild show
 	* fixed PHP warning about country not existing on online and characters pages
 	* fixed forum bbcode parsing
 	* don't add extra <br/> to the TinyMCE news forum posts
 	* (internal) using $player->getVocationName() where possible instead of older method
 ## [0.7.6 - 05.01.2017]
 	* fixed othire account creating/installation
 	* fixed table name players -> players_online
 	* fixed unexpected error logging about email fail
 	* added max_execution_time to the install finish step
 	* some small fix regarding highscores vocation box
 ## [0.7.5 - 04.01.2017]
 	* fixed bug on othire with config.account_premium_days
 	* fixed bug on TFS 1.x when online_afk is enabled
 	* warning about leaving news page with changes
 	* added player status to tibiacom top 5 highscores box
 	* save detected country on create account in session
 	* fixed getPremDays and isPremium functions (newest 11.x engines are bugged when it comes to PACC, its not fault of MyAAC)
 	* fix when there are no changelogs or highscores yet
 	* small fix regarding getTopPlayers function which was ignoring $limit variable
 	* fixed news adding when type != ARTICLE
 	* fixed template path finding
 	* fixed displaying article_text when it was empty saved
 ## [0.7.4 - 24.12.2017]
 	* fixed mysql fatal error on tibiacom template - top 5 box
 	* fixed displaying of level percent bar on tibian signature
 	* inform user about Twig cache failure on installation, instead of http 500 error
 	* when dir system/cache is not writable by the webserver, then show some nice notice to the user about it instead of http 500 error
 	* remember client version select and usage stats checkbox in session on install
 	* automatically update highscores_ids_hidden for users who installed myaac before (migration)
 ## [0.7.3 - 18.12.2017]
 	* auto generate myaac cache & session prefix on install to be unique across installations
 	* fixed hiding shop system menu on tibiacom template when disabled in config
 	* prevent adding duplicated newses with installation
 	* some changes to sample characters: chanced town_id to 1, posx: 1000, posy: 1000, posz: 1000 and default group_id to 1 so you can change in-game outfits and they will be used
 	* added version 772 constant to install client choose (OTHire)
 	* better solution for hidding samples (configurable) - highscores_ids_hidden
 	* fixed account.login redirect not working on tibiacom template
 	* installation: warn about wrong admin account name/id and password
 	* fixed last menu closing in tibiacom template
 	* updated polish locale (translation) on install
 	* (internal) removed some duplicated code on install finish
 	* (internal) renamed installation step files to be in correct order
 	* added TODO file
 ## [0.7.1 - 13.12.2017]
 	* added changelog menu item to kathrine template
 	* fixed some php short tag in changelogs page
 	* fixed guild change description back button
 	* removed duplicated "Support List" menu item from tibiacom template
 	* changed some notice when version check is failed
 	* (internal) moved changelog to twig
 ## [0.7.0 - 20.11.2017]
 	* moved template menus to database, they're now dynamically loaded
 	* added anonymous usage statistics reporting (only if user agrees, first usage report will be send after 7 days)
 	* you can edit them in Admin Panel under 'Menus' option
 	* you can also add custom links, like http://google.pl
 	* added networks (facebook and twitter) and highscores (top 5) boxes to tibiacom template, configurable in templates/tibiacom/config.php
 	* added news ticker for kathrine template
 	* added featured article to tibiacom template (you can add them with add news button)
 	* added tinymce editor to 'Pages' in admin panel
 	* added links to edit/delete/hide custom page directly from page
 	* update forum post after editing news (when forum post has been created)
 	* enabled code plugin for tinymce which enabled raw html code editing
 	* removed videos pages, as it can be easily added using custom Menus and Pages with insert Media
 	* removed bug_report configurable, its now enabled by default
 	* log some error info when mail cannot be send on account create
 	* twig getLink function will now return with full url (BASE_URL included)
 	* verify install post values directly on config page and display error
 	* updated tinymce to version 4.7.2 (from 4.7.0)
 	* updated phpmailer to version 5.2.26 (from 5.2.23)
 	* (#30) (fix) recovering account on servers that doesn't support salts
 	* (fix) account email confirm function
 	* (fix) showing changelog with urls in Admin Panel
 	* (fix) uninstalling plugin
 	* (fix) polls box in tibiacom template
 	* (fix) remove hooks from db on plugin deinstall
 	* (fix) some weird include possibilities with forum and account actions (verify action name)
 	* (fix) loading hooks from plugin installed from command line
 	* (fix) some changelog PHP Notice warning
 	* (internal) moved uninstall logic to Plugins class
 	* (internal) moved tibiacom boxes to separate directory
 	* (internal) moved news tickers to twig template
 	* (internal) moved Forum class to separate file
 	* (internal) moved deprecated functions to compat.php
 	* (internal) added some compat functions that are used by shop system
 	* (internal) renamed constant TICKET -> TICKER
 	* (internal) shortened message functions
 ## [0.6.6 - 22.10.2017]
 	* fixed some php fatal error on spells page
 	* changed spells.vocations field in db size to 300
 	* please reload your spells after this update!
 ## [0.6.5 - 21.10.2017]
 	* fixed displaying custom pages
 	* fixed adding new group forum board
 ## [0.6.4 - 20.10.2017]
 	* reverted OTS_Account::getLastLogin() cause its used by tibia11-login plugin
 ## [0.6.3 - 20.10.2017]
 	* fixed creating account
 	* fixed viewing thread without being logged
 	* fixed showing premium account status
 ## [0.6.2 - 20.10.2017]
 	* added forums for guilds and groups
 	* added nice looking menu for my account page in default template
 	* new command line tool: install_plugin.php - can be used to install plugins from command line. Usage: "php install_plugin.php path_to_file"
 	* added new tooltip to view characters equipment item name and monster loot
 	* added items.xml loader class and weapons.xml loader class
 	* minimum PHP version to install AAC is now 5.3.0 cause of Anonymous functions used by Twig
 	* Added 'Are you sure?' popup when uninstalling plugin
 	* added some warnings when plugin json file is incomplete
 	* fixed showing in characters ban expires when is unlimited
 	* fixed displaying monster loot when item.name in loot is used instead of item.id
 	* load also runes into spells table
 	* display plugin uninstall option only if its possible
 	* after changing template you will be redirected to latest viewed page
 	* display gallery add image form only on main gallery page
 	* (internal) moved most of guilds html-in-php code to twig
 	* (internal) moved spells page to twig template
 	* (internal) removed useless spells.spell column that was duplicate of spells.words
 	* (internal) save monster loot in database in json format instead loading it every time from xml file
 	* (internal) store monster voices and immunities in json format
 	* (internal) moved buttons to separate template
 	* (internal) moved online search form to twig
 	* (internal) added new function getItemNameById($id)
 	* (internal) Moved plugin install logic to a new class: Plugins
 	* (internal) changed spells.vocations database field to store json data instead of comma separated
 	* (internal) removed $hook_types array, using defined() and constant() functions now
 	* (internal) removed useless monsters.gfx_name field from database
 	* (internal) renamed database field monsters.hide_creature to hidden
 	* (internal) renamed existing Items class to Items_Images
 	* (internal) optimized Spells class
 	* (internal) new function: OTS_Guild::hasMember(OTS_Player $player)
 	* (internal) new function: Forum::hasAccess($board_id)
 ## [0.6.1 - 17.10.2017]
 	* fixed signatures loading
 	* new configurable: session_prefix, to allow more websites on one machine (must be unique for every website on your dedicated server!)
 	* better error handling for monsters and spells loader (save errors to system/logs/error.log)
 	* check if file exist before loading (monsters and spells)
 	* (internal) Account::getAccess() = Account::getGroupId()
 	* (internal) moved account actions (pages) to account/ directory
 	* (internal) moved forum actions (pages) to forum/ directory
 	* (internal) moved forum.edit_post to twig templates
 ## [0.6.0 - 16.10.2017]
 	* added faq management - add/edit/move/hide/delete from website
 	* new account.login view for tibiacom template
 	* monsters and spells are now being loaded at the installation of the AAC
 	* fix for php versions under 5.5 where empty() function supported only variables
 	* added missing change email and change info buttons to account.management default template
 	* added new indicator icons for create account, create character and change character name
 	* fixed config loader when some inline comments are present
 	* fixed editing page in admin panel that contains some html code
 	* fixed forum new post on mac os and some specific mysql versions
 	* attempt to fix incorrect views counter behavior (its resetting to 0 in some cases)
 	* enabled cache http headers for signatures
 	* check if monster file exist before loading it
 	* fixed if plugin zip file name contains dot (.)
 	* renamed screenshots to gallery and movies to videos
 	* moved install pages to twig
 	* fixed Account::getGuildAccess function
 	* removed never used library from sources - dwoo
 	* moved check_* functions to class Validator
 	* from now all validators ajax requests will fire onblur instead of onkeyup
 	* ajax requests returns now json instead of xml
 	* added 404 response when file is not found
 ## [0.5.1 - 11.10.2017]
 	* fixed forum add/edit board
 	* new configurable: highscores_length, how much highscores to display
 	* fixed highscores links (ALL, previous and next page)
 	* update templates cache when installing/uninstalling plugin
 	* moved character deaths and frags table generation to twig
 	* fixed some bug when you uninstall plugin and then try to install again on the same page
 	* check if plugin exist before uninstalling
 	* fixed some warning in OTS_Base_DB
 ## [0.5.0 - 10.10.2017]
 	* moved .htaccess rules to plain php (index.php)
 	* updated tinymce to the latest (4.7.0) version, you can now embed code, for example youtube videos
 	* added option to uninstall plugin
 	* added option to require specified myaac, php or database version for plugins, without that plugin won't be installed
 	* change accountmanagement links to use friendly_urls
 	* fixed creating new forum thread
 	* sample characters are now assigned to admin account and have group_id 4 to not be shown on highscores
 	* added links loaded from database to admin panel - for future plugins
 	* print some info to error.log when can't find config.lua
 	* some fixes in account changecomment action
 	* show info when account name/number or password is empty on login
 	* fixed showing account login errors
 	* added few characters hooks
 	* fixed some kathrine template js bug when shop is disabled
 	* you can now use slash '/' in custom pages loaded from database
 	* added new twig function getLink that convert link taking into account config.friendly_urls
 	* internalLayoutLink -> getLink
 ## [0.4.3 - 05.10.2017]
 	* better config loader taken from latest gesior, you can now include files in your config by doing dofile('config.local.lua')
 	* fixed country detection in create account
 	* fixed showing of character deaths and frags
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466303
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-13#post-2466313
 	* fixed rook sample, which will now have level 1, 150 health, 0 mana, and 400 cap.
 	* fixed samples being deleted by tfs 1.0+ cause of 'deletion' field set to 1
 	* pages loaded from database have higher priority than normal .php pages, so they will be loaded first if they exist
 	* moved many pages to twig templates
 	* change download client links from clients.halfaway.net to tibia-clients.com
 	* added bugtracker to kathrine template
 	* added CREDITS file
 ## [0.4.2 - 14.09.2017]
 	* updated version number
 ## [0.4.1 - 13.09.2017]
 	* fixed log in to admin panel
 	* fixed File is not .zip plugin upload error
 ## [0.4.0 - 13.09.2017
 	* added option to add/edit/delete/hide/move forum boards
 	* moved some of HTML-in-PHP code to Twig templates
 	* added bug_report configurable which can enable/disable bug tracker
 	* log errors instead of showing them to users with system directories
 	* fix when $_SERVER['HTTP_ACCEPT_ENCODING'] is not set
 	* when it fails to load config.lua it will output error also to error.log
 	* automatically detect json file in .zip instead of basing on filename (admin panel - plugins)
 	* hopefully fixed the error with "The file you are trying to upload is not a .zip file. Please try again."
 	* fixed wrong name of table in bugtracker
 	* fixed some bugs in bugtracker
 	* added report bug link in templates
 	* fixed some rare error when user is logged in for longer than 15 minutes and tries to login again
 	* fixed some grammar errors
 	* some small improvements
 	* fixed some separators in kathrine template
 ## [0.3.0 - 28.08.2017]
 	* added administration panel for screenshots management with auto thumbnail generator and image auto-resizing
 	* added Twig template engine and moved some html-in-php code to it
 	* automatically detect player country based on user location (IP) on create account
 	* player sex (gender) is now configurable at $config['genders']
 	* fixed recovering account and changing password when salt is enabled
 	* fixed installing samples when for example Rook Sample already exist and other samples not
 	* fixed some mysql error when character you trying to create already exist
 	* fixed some warning when you select nonexistent country
 	* password change minimal/maximal length notice is now more precise
 	* added 'enabled' field in myaac_hooks table, which can enable or disable specified hook
 	* removed DEFAULT '' for TEXT field. It didn't worked under some systems like MAC OS X.
 	* minimum PHP version to install the MyAAC is now 5.2.0 cause of pathinfo (extension) function
 	* removed unused admin stylish template
 	* removed some unused cities field from myaac_spells table
 	* moved news adding at installation from schema.sql to finish.php
 	* some optimizations
 ## [0.2.4 - 09.06.2017]
 	* fixed invite to guild
 	* added id field on monsters, so you can delete them in phpmyadmin
 	* fixed adding some creatures with ' and "
 	* fixed when there are spaces at beginning of the file (creatures)
 	* fixed when file is unable to parse (creatures)
 	* fixed typo loss_items => loss_containers
 	* more elegant way of showing message on reload creatures and spells
 ## [0.2.3 - 31.05.2017]
 	* fixed guild management on OTHire 0.0.3
 	* set default skills to 10 when creating new character
 	* fixed displaying of "Create forum thread" in newses
 	* fixed deleting guild on servers that use players.rank_id field
 	* fixed phpmailer class loading (https://otland.net/threads/myaac-v0-0-1.251454/page-8#post-2445222)
 	* fixed displaying vocation amount on online page
 	* better support for custom vocations, you just need to set in config vocations_amount to yours.
 	* fixed huge space in player name (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444328)
 	* fixed Undefined variable (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444034)
 	* fixed Undefined offset (https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2444035)
 ## [0.2.2 - 22.05.2017]
 	* added missing cache/signature directory
 	* fixed https://otland.net/threads/myaac-v0-0-1.251454/page-7#post-2443868
 ## [0.2.1 - 21.05.2017]
 	* added Swedish translation by Sizaro
 	* fixed some bugs with installlation & characters & houses
 ## [0.2.0 - 21.05.2017]
 	* added option to change character sex for premium points
 	* moved site_closed to database, now you can close your site through admin panel
 	* added option to admin panel: clear cache
 	* added experiencetable_rows configurable
 	* optimized OTS_Account->getGroupId(), now its using like 20 queries less
 	* optimized OTS_Player->load($id) function, should be much faster now
 	* fixed displaying on highscores special outfits
 	* fixed skull images displaying
 	* fixed displaying unlimited premium account
 	* fixed bug where players.lookaddons doesn't exist (OTHire etc.) (https://otland.net/threads/myaac-v0-0-1.251454/page-6#post-2442407)
 	* fixed signature tibian for OTHire and other servers that doesnt use accounts.premdays field
 	* fixed when player name in signature containst space
 	* don't show "Create forum thread" when editing
 	* fixed red color table after create account
 	* updated download links, as clients.halfaway.net isn't working anymore
 	* fixed some bugs while installing when field `email_next` or `hidden` already exist
 	* fixed movies unexpected comment
 	* added template_place_holder('center_top') to kathrine template
 ## [0.1.5 - 13.05.2017]
 	* fixed bug with "Integrity constraint violation: 1048 Column 'ip' cannot be null"
 ## [0.1.4 - 13.05.2017]
 	* added outfit shower, in characters, online, and highscores
 	* updated database to version 2
 	* fixed item images (now using item-images.ots.me host by default)
 	* fixed news ticket and posting long newses (https://otland.net/threads/myaac-v0-0-1.251454/page-5#post-2442026)
 	* news body limit increased to 65535 (mysql text field)
 	* removed some unused code from my old server
 	* added spells & monsters to kathrine template
 ## [0.1.3 - 11.05.2017]
 	* this is just release to update version number
 ## [0.1.2 - 11.05.2017]
 	* forgot to update CHANGELOG and MYAAC_VERSION
 ## [0.1.1 - 11.05.2017]
 	* fixed updating myaac_config with database_version to 1
 	* fixed database updater
 ## [0.1.0 - 11.05.2017]
 	* added new feature: change character name for premium points (disabled by default, you can enable it in config under account_change_character_name in config.php)
 	* added automatic database updater (data migrations)
 	* renamed events to hooks
 	* moved hooks to database
 	* now you can use hooks in plugins
 	* set account.type field to 5 on install, if TFS 1.0+
 	* added example plugin
 	* new, latest google analytics code
 	* fixed bug with loading account.name that has numbers in it
 	* fixed many bugs in player editor in admin panel
 	* added error handling to plugin manager and some more verification in
 	* file has been correctly unpacked/uploaded
 	* fixed Statistics page in admin panel when using account.number
 	* fixed bug when creating/recovering account on servers with
 	* account.salt field (TFS 0.3 for example)
 	* fixed forum showing thread with html tags (added from news manager)
 	* new, latest code for youtube videos in movies page
 	* fixed showing vocation images when using $config['online_vocations_images']
 	* many fixes in polls (also importing proper schema)
 	* fixed hovering on buttons in kathrine template (on accountmanagement page)
 	* fixed signatures (many fixes)
 	* added missing gesior signature system
 ## [0.0.6 - 06.05.2017]
 	* fixed bug while installing (https://otland.net/threads/myaac-v0-0-1.251454/page-3#post-2440543)
 	* fixed bug when creating character (not showing errors) (one more time)
 	* fixed support for TFS 0.2 series
 	* added FAQ link
 ## [0.0.5 - 05.05.2017]
 	* fixed bug when creating character (not showing errors)
 	* Fixed characters loading with names that has been created with other AAC
 	* fixed links to shop in default template
 	* fixed some weird PHP 7.1 warnings/notices
 	* Fixed config loading with some weird comments
 	* fixed bug with status info utf8 encoding (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440259)
 	* fixed when ip in log_action is NULL (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440357)
 	* fixed bug when guild doesn't exist on characters page (https://otland.net/threads/myaac-v0-0-1.251454/page-2#post-2440320)
 	* disabled friendly_urls by default
 	* fixes when $config['database_*'] is set
 	* added CHANGELOG
 ## [0.0.3 - 03.05.2017]
 	* Full support for OTHire 0.0.3
 	* added support for otservers that doesn't use account.name field, instead just account number will be used
 	* fixed encryption detection on TFS 0.3
 	* fixed bug when server_config table doesn't exist
 	* (install) moved admin account creation to new step
 	* fixed news comment link
 	* by default, the installer creates now the Admin player, for admin account
 	* fixed installation errors
 	* fixed config.lua loading with some weird comments
 ## [0.0.2 - 02.05.2017]
 	* updated forum links to use friendly_urls
 	* some more info will be shown when cannot connect to database
 	* show more error infos when creating character
 	* fixed forum link on newses
 	* fixed spells loading when there's vocation name instead of id
 	* fixed bug when you have changed template but it doesn't exist anymore
 	* fixed vocations with promotion loading
 	* fixed support for gesior pages and templates
 	* added function OTS_Acount:getGroupId()
 ## [0.0.1 - 01.05.2017]
 	This is first official release of MyAAC.
 	Features are listed here
 	For more information, see the release announcement on OTLand: https://otland.net/threads/myaac-v0-0-1.251454/
--- a/CONTRIBUTORS.txt
+++ b/CONTRIBUTORS.txt
@@ -0,0 +1,14 @@
 # automatically exported using this script:
 # git log --all --format='%cN <%cE>' | sort -u > contributors
 # in no particular order
 # cleaned for readability
 Evil Puncker <EPuncker@users.noreply.github.com>
 Fernando Matos <fernando@pixele.com.br>
 Lee <42119604+Leesneaks@users.noreply.github.com>
 caio <caio.zucoli@gmail.com>
 slawkens <slawkens@gmail.com>
 tobi132 <52947952+tobi132@users.noreply.github.com>
 vankk <nwtr.otland@hotmail.com>
 whiteblXK <krzys16001@gmail.com>
 xitobuh <jonas.hockert92@gmail.com>
--- a/3
+++ b/3
@@ -1,2 +1,3 @@
 * Gesior.pl (2007 - 2008)
-* Slawkens (2009 - 2020)
+* Slawkens (2009 - 2023)
 * Contributors listed in CONTRIBUTORS.txt
--- a/README.md
+++ b/README.md
@@ -1,18 +1,26 @@
-# myaac
+# [MyAAC](https://my-aac.org)
 [![Build Status Master](https://img.shields.io/travis/slawkens/myaac/master)](https://travis-ci.org/github/slawkens/myaac)
 [![License: GPL-3.0](https://img.shields.io/github/license/slawkens/myaac)](https://opensource.org/licenses/gpl-license)
 [![Downloads Count](https://img.shields.io/github/downloads/slawkens/myaac/total)](https://github.com/slawkens/myaac/releases)
 [![PHP Versions](https://img.shields.io/travis/php-v/slawkens/myaac/master)](https://github.com/slawkens/myaac/blob/d8b3b4135827ee17e3c6d41f08a925e718c587ed/.travis.yml#L3)
 [![OpenTibia Discord](https://img.shields.io/discord/288399552581468162)](https://discord.gg/2J39Wus)
 [![Closed Issues](https://img.shields.io/github/issues-closed-raw/slawkens/myaac)](https://github.com/slawkens/myaac/issues?q=is%3Aissue+is%3Aclosed)
 MyAAC is a free and open-source Automatic Account Creator (AAC) written in PHP. It is a fork of the [Gesior](https://github.com/gesior/Gesior2012) project. It supports only MySQL databases.
 Official website: https://my-aac.org
-### REQUIREMENTS
+### Requirements
-	- PHP 5.5 or later
+	- PHP 5.6 or later
 	- MySQL database
 	- PDO PHP Extension
 	- XML PHP Extension
 	- ZIP PHP Extension
 	- (optional) mod_rewrite to use friendly_urls
-### INSTALLATION AND CONFIGURATION
+### Installation
 	Just decompress and untar the source (which you should have done by now,
 	if you're reading this), into your webserver's document root.
@@ -28,19 +36,44 @@ Official website: https://my-aac.org
 			chmod 660 images/guilds
 			chmod 660 images/houses
 			chmod 660 images/gallery
-			chmod -R 770 system/cache
+			chmod -R 760 system/cache
 	Visit http://your_domain/install (http://localhost/install) and follow instructions in the browser.
-### KNOWN PROBLEMS
+### Configuration
-	- none -
+Check *config.php* to get more informations.
 Use *config.local.php* for your local configuration changes.
-### OTHER NOTES
+### Branches
 This repository follows the Git Flow Workflow.
 Cheatsheet: [Git-Flow-Cheetsheet](https://danielkummer.github.io/git-flow-cheatsheet)
 That means, we use:
 * master branch, for current stable release
 * develop branch, for development version (next release)
 * feature branches, for features etc.
 ### Known Problems
 - Some compatibility issues with some exotical distibutions.
 ### Contributing
 Contributions are more than welcome. 
 Pull requests should be made to the *develop* branch as that is the working branch, master is for release code.  
 Bug fixes to current release should be done to master branch.
 Look: [Contributing](https://github.com/otsoft/myaac/wiki/Contributing) in our wiki.
 ### Other Notes
 	If you have a great idea or want contribute to the project - visit our website at https://www.my-aac.org
-### LICENSING
+### License
-	This program and all associated files are released under the GNU Public
+This program and all associated files are released under the GNU Public License.  
-	License, see LICENSE for details.
+See [LICENSE](https://github.com/slawkens/myaac/blob/master/LICENSE) for details.
--- a/1
+++ b/1
@@ -1 +0,0 @@
 0.8.2-dev
--- a/admin/images/logo.png
+++ b/admin/images/logo.png
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,7 +1,11 @@
 <?php
 // few things we'll need
 require '../common.php';
 const ADMIN_PANEL = true;
 const MYAAC_ADMIN = true;
 if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
 }
@@ -12,13 +16,11 @@ if(file_exists(BASE . 'install') && (!isset($config['installed']) || !$config['i
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 define('ADMIN_PANEL', true);
 $content = '';
 // validate page
-$page = isset($_GET['p']) ? $_GET['p'] : '';
+$page = $_GET['p'] ?? '';
-if(empty($page) || preg_match("/[^a-zA-Z0-9_\-]/", $page))
+if(empty($page) || preg_match("/[^a-zA-Z0-9_\-\/.]/", $page))
 	$page = 'dashboard';
 $page = strtolower($page);
@@ -27,6 +29,17 @@ define('PAGE', $page);
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
 }
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
@@ -34,30 +47,41 @@ $hooks->load();
 require SYSTEM . 'status.php';
 require SYSTEM . 'login.php';
-require ADMIN . 'includes/functions.php';
+require SYSTEM . 'migrate.php';
 require __DIR__ . '/includes/functions.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
 if (ACTION == 'logout') {
 	require SYSTEM . 'logout.php';
 }
 // if we're not logged in - show login box
 if(!$logged || !admin()) {
 	$page = 'login';
 }
 // include our page
-$file = SYSTEM . 'pages/admin/' . $page . '.php';
+$file = __DIR__ . '/pages/' . $page . '.php';
 if(!@file_exists($file)) {
-	$page = '404';
+	if (strpos($page, 'plugins/') !== false) {
-	$file = SYSTEM . 'pages/404.php';
+		$file = BASE . $page;
 	}
 	else {
 		$page = '404';
 		$file = SYSTEM . 'pages/404.php';
 	}
 }
 ob_start();
-include($file);
+if($hooks->trigger(HOOK_ADMIN_BEFORE_PAGE)) {
 	require $file;
 }
 $content .= ob_get_contents();
 ob_end_clean();
 // template
 $template_path = 'template/';
-require ADMIN . $template_path . 'template.php';
+require __DIR__ . '/' . $template_path . 'template.php';
 ?>
--- a/admin/pages/accounts.php
+++ b/admin/pages/accounts.php
@@ -0,0 +1,599 @@
 <?php
 /**
 * Account editor
 *
 * @package   MyAAC
 * @author    Lee
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Account editor';
 $admin_base = ADMIN_URL . '?p=accounts';
 $use_datatable = true;
 if ($config['account_country'])
 	require SYSTEM . 'countries.conf.php';
 $nameOrNumberColumn = 'name';
 if (USE_ACCOUNT_NUMBER) {
 	$nameOrNumberColumn = 'number';
 }
 $hasSecretColumn = $db->hasColumn('accounts', 'secret');
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $hasTypeColumn = $db->hasColumn('accounts', 'type');
 $hasGroupColumn = $db->hasColumn('accounts', 'group_id');
 if ($config['account_country']) {
 	$countries = array();
 	foreach (array('pl', 'se', 'br', 'us', 'gb') as $c)
 		$countries[$c] = $config['countries'][$c];
 	$countries['--'] = '----------';
 	foreach ($config['countries'] as $code => $c)
 		$countries[$code] = $c;
 }
 $web_acc = ACCOUNT_WEB_FLAGS;
 $acc_type = config('account_types');
 ?>
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
 <script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
 <?php
 $id = 0;
 $search_account = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
 else if (isset($_REQUEST['search'])) {
 	$search_account = $_REQUEST['search'];
 	if (strlen($search_account) < 3 && !Validator::number($search_account)) {
 		echo_error('Player name is too short.');
 	} else {
 		$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
 		if ($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$id = (int)$query['id'];
 		} else {
 			$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
 			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 				$str_construct = 'Do you mean?<ul class="mb-0">';
 				foreach ($query as $row)
 					$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
 				$str_construct .= '</ul>';
 				echo_error($str_construct);
 			} else if ($query->rowCount() > 10)
 				echo_error('Specified name resulted with too many accounts.');
 			else
 				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
 	if ($id > 0) {
 		$account = new OTS_Account();
 		$account->load($id);
 		if (isset($account, $_POST['save']) && $account->isLoaded()) {
 			$error = false;
 			$_error = '';
 			$account_db = new OTS_Account();
 			if (USE_ACCOUNT_NAME) {
 				$name = $_POST['name'];
 				$account_db->find($name);
 				if ($account_db->isLoaded() && $account->getName() != $name)
 					echo_error('This name is already used. Please choose another name!');
 			}
 			$account_db->load($id);
 			if (!$account_db->isLoaded())
 				echo_error('Account with this id doesn\'t exist.');
 			//type/group
 			if ($hasTypeColumn || $hasGroupColumn) {
 				$group = $_POST['group'];
 			}
 			$password = ((!empty($_POST["pass"]) ? $_POST['pass'] : null));
 			if (!Validator::password($password)) {
 				$errors['password'] = Validator::getLastError();
 			}
 			//secret
 			if ($hasSecretColumn) {
 				$secret = $_POST['secret'];
 			}
 			//key
 			$key = $_POST['key'];
 			$email = $_POST['email'];
 			if (!Validator::email($email))
 				$errors['email'] = Validator::getLastError();
 			//tibia coins
 			if ($hasCoinsColumn) {
 				$t_coins = $_POST['t_coins'];
 				verify_number($t_coins, 'Tibia coins', 12);
 			}
 			// prem days
 			$p_days = (int)$_POST['p_days'];
 			verify_number($p_days, 'Prem days', 11);
 			//prem points
 			$p_points = $_POST['p_points'];
 			verify_number($p_points, 'Prem Points', 11);
 			//rl name
 			$rl_name = $_POST['rl_name'];
 			//location
 			$rl_loca = $_POST['rl_loca'];
 			//country
 			$rl_country = $_POST['rl_country'];
 			$web_flags = $_POST['web_flags'];
 			verify_number($web_flags, 'Web Flags', 1);
 			//created
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
 			//web last login
 			$web_lastlogin = strtotime($_POST['web_lastlogin']);
 			verify_number($web_lastlogin, 'Web Last login', 11);
 			if (!$error && $hooks->trigger(HOOK_ADMIN_ACCOUNTS_SAVE_POST, ['account_id' => $account->getId(), 'account_email' =>  $account->getEMail()])) {
 				if (USE_ACCOUNT_NAME) {
 					$account->setName($name);
 				}
 				if ($hasTypeColumn) {
 					$account->setCustomField('type', $group);
 				} elseif ($hasGroupColumn) {
 					$account->setCustomField('group_id', $group);
 				}
 				if ($hasSecretColumn) {
 					$account->setCustomField('secret', $secret);
 				}
 				$account->setCustomField('key', $key);
 				$account->setEMail($email);
 				if ($hasCoinsColumn) {
 					$account->setCustomField('coins', $t_coins);
 				}
 				$lastDay = 0;
 				if($p_days != 0 && $p_days != OTS_Account::GRATIS_PREMIUM_DAYS) {
 					$lastDay = time();
 				} else if ($lastDay != 0) {
 					$lastDay = 0;
 				}
 				$account->setPremDays($p_days);
 				$account->setLastLogin($lastDay);
 				if ($hasPointsColumn) {
 					$account->setCustomField('premium_points', $p_points);
 				}
 				$account->setRLName($rl_name);
 				$account->setLocation($rl_loca);
 				$account->setCountry($rl_country);
 				$account->setCustomField('created', $created);
 				$account->setWebFlags($web_flags);
 				$account->setCustomField('web_lastlogin', $web_lastlogin);
 				if (isset($password)) {
 					if (USE_ACCOUNT_SALT) {
 						$salt = generateRandomString(10, false, true, true);
 						$password = $salt . $password;
 						$account->setCustomField('salt', $salt);
 					}
 					$password = encrypt($password);
 					$account->setPassword($password);
 					if (USE_ACCOUNT_SALT)
 						$account->setCustomField('salt', $salt);
 				}
 				$account->save();
 				echo_success('Account saved at: ' . date('G:i'));
 			}
 		}
 	} else if ($id == 0) {
 		$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
 				<div class="card-header">
 					<h5 class="m-0">Accounts</h5>
 				</div>
 				<div class="card-body">
 					<table class="acc_datatable table table-striped table-bordered table-responsive d-md-table">
 						<thead>
 						<tr>
 							<th>ID</th>
 							<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
 							<?php if($hasTypeColumn || $hasGroupColumn): ?>
 							<th>Position</th>
 							<?php endif; ?>
 							<th style="width: 40px">Edit</th>
 						</tr>
 						</thead>
 						<tbody>
 						<?php foreach ($accounts_db as $account_lst): ?>
 							<tr>
 								<th><?php echo $account_lst['id']; ?></th>
 								<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
 								<?php if($hasTypeColumn || $hasGroupColumn): ?>
 								<td>
 									<?php if ($hasTypeColumn) {
 										echo $acc_type[$account_lst['type']];
 									} elseif ($hasGroupColumn) {
 										$group = $groups->getGroups();
 										echo $group[$account_lst['group_id']];
 									} ?>
 								</td>
 								<?php endif; ?>
 								<td><a href="?p=accounts&id=<?php echo $account_lst['id']; ?>" class="btn btn-success btn-sm" title="Edit">
 										<i class="fas fa-pencil-alt"></i>
 									</a>
 								</td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 			</div>
 		</div>
 	<?php } ?>
 	<?php if (isset($account) && $account->isLoaded()) { ?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-primary card-outline card-outline-tabs">
 				<div class="card-header p-0 border-bottom-0">
 					<ul class="nav nav-tabs" id="accounts-tab" role="tablist">
 						<li class="nav-item">
 							<a class="nav-link active" id="accounts-acc-tab" data-toggle="pill" href="#accounts-acc">Account</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="accounts-chars-tab" data-toggle="pill" href="#accounts-chars">Characters</a>
 						</li>
 						<?php if ($db->hasTable('bans')) : ?>
 							<li class="nav-item">
 								<a class="nav-link" id="accounts-bans-tab" data-toggle="pill" href="#accounts-bans">Bans</a>
 							</li>
 						<?php endif;
 						if ($db->hasTable('store_history')) : ?>
 							<li class="nav-item">
 								<a class="nav-link" id="accounts-store-tab" data-toggle="pill" href="#accounts-store">Store History</a>
 							</li>
 						<?php endif; ?>
 					</ul>
 				</div>
 				<div class="card-body">
 					<div class="tab-content" id="accounts-tabContent">
 						<div class="tab-pane fade active show" id="accounts-acc">
 							<form action="<?php echo $admin_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 								<div class="form-group row">
 									<?php if (USE_ACCOUNT_NAME): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
 											<label for="name">Account Name:</label>
 											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getName(); ?>"/>
 										</div>
 									<?php elseif (USE_ACCOUNT_NUMBER): ?>
 										<div class="col-12 col-sm-12 col-lg-4">
 											<label for="name">Account Number:</label>
 											<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $account->getNumber(); ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-5">
 										<div class="form-check">
 											<input type="checkbox"
 												   name="c_pass"
 												   id="c_pass"
 												   value="false"
 												   class="form-check-input"/>
 											<label for="c_pass">Password: (check to change)</label>
 										</div>
 										<div class="input-group">
 											<input type="text" class="form-control" id="pass" name="pass" autocomplete="off" maxlength="20" value=""/>
 										</div>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-3">
 										<label for="account_id" class="control-label">Account ID:</label>
 										<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" disabled value="<?php echo $account->getId(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<?php
 									$acc_group = $account->getAccGroupId();
 									if ($hasTypeColumn) {
 										?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
 												<?php foreach ($acc_type as $id => $a_type): ?>
 													<option value="<?php echo($id); ?>" <?php echo($acc_group == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
 										<?php
 									} elseif ($hasGroupColumn) {
 										?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="group">Account Type:</label>
 											<select name="group" id="group" class="form-control">
 												<?php foreach ($groups->getGroups() as $id => $group): ?>
 													<option value="<?php echo $id; ?>" <?php echo($acc_group == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 												<?php endforeach; ?>
 											</select>
 										</div>
 									<?php } ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_flags">Website Access:</label>
 										<select name="web_flags" id="web_flags" class="form-control">
 											<?php foreach ($web_acc as $id => $a_type): ?>
 												<option value="<?php echo($id); ?>" <?php echo($account->getWebFlags() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 								</div>
 								<div class="form-group row">
 									<?php if ($hasSecretColumn): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="secret">Secret:</label>
 											<input type="text" class="form-control" id="secret" name="secret" autocomplete="off" value="<?php echo $account->getCustomField('secret'); ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="key">Recovery Key:</label>
 										<input type="text" class="form-control" id="key" name="key" autocomplete="off" value="<?php echo $account->getCustomField('key'); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="email">Email:</label><?php echo (config('mail_enabled') ? ' (<a href="' . ADMIN_URL . '?p=mailer&mail_to=' . $account->getEMail() . '">Send Mail</a>)' : ''); ?>
 										<input type="text" class="form-control" id="email" name="email" autocomplete="off" value="<?php echo $account->getEMail(); ?>"/>
 									</div>
 									<?php if ($hasCoinsColumn): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="t_coins">Tibia Coins:</label>
 											<input type="text" class="form-control" id="t_coins" name="t_coins" autocomplete="off" maxlength="11" value="<?php echo $account->getCustomField('coins') ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="p_days">Premium Days:</label>
 										<input type="text" class="form-control" id="p_days" name="p_days" autocomplete="off" maxlength="11" value="<?php echo $account->getPremDays(); ?>"/>
 									</div>
 									<?php if ($hasPointsColumn): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="p_points" class="control-label">Premium Points:</label>
 											<input type="text" class="form-control" id="p_points" name="p_points" autocomplete="off" maxlength="8" value="<?php echo $account->getCustomField('premium_points') ?>"/>
 										</div>
 									<?php endif; ?>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_name">RL Name:</label>
 										<input type="text" class="form-control" id="rl_name" name="rl_name"
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getRLName(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_loca">Location:</label>
 										<input type="text" class="form-control" id="rl_loca" name="rl_loca"
 											   autocomplete="off" maxlength="20"
 											   value="<?php echo $account->getLocation(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="rl_country">Country:</label>
 										<select name="rl_country" id="rl_country" class="form-control">
 											<?php foreach ($countries as $id => $a_type): ?>
 												<option value="<?php echo($id); ?>" <?php echo($account->getCountry() == ($id) ? 'selected' : ''); ?>><?php echo $a_type; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="created" class="control-label">Created:</label>
 										<input type="text" class="form-control" id="created" name="created" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('created')); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="web_lastlogin" class="control-label">Web Last Login:</label>
 										<input type="text" class="form-control" id="web_lastlogin" name="web_lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $account->getCustomField('web_lastlogin')); ?>"/>
 									</div>
 								</div>
 								<input type="hidden" name="save" value="yes"/>
 								<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Update</button>
 								<a href="<?php echo ADMIN_URL; ?>?p=accounts" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 							</form>
 						</div>
 						<div class="tab-pane fade" id="accounts-chars">
 							<div class="row">
 								<?php
 								if (isset($account) && $account->isLoaded()) {
 									$account_players = $account->getPlayersList();
 									$account_players->orderBy('id');
 									if (isset($account_players)) { ?>
 										<table class="table table-striped table-condensed table-responsive d-md-table">
 											<thead>
 											<tr>
 												<th>#</th>
 												<th>Name</th>
 												<th>Level</th>
 												<th>Vocation</th>
 												<th style="width: 40px">Edit</th>
 											</tr>
 											</thead>
 											<tbody>
 											<?php $i= 0;
 											foreach ($account_players as $i => $player):
 												$i++;
 												$player_vocation = $player->getVocation();
 												$player_promotion = $player->getPromotion();
 												if (isset($player_promotion)) {
 													if ((int)$player_promotion > 0)
 														$player_vocation += ($player_promotion * $config['vocations_amount']);
 												}
 												if (isset($config['vocations'][$player_vocation])) {
 													$vocation_name = $config['vocations'][$player_vocation];
 												} ?>
 												<tr>
 													<th><?php echo $i; ?></th>
 													<td><?php echo $player->getName(); ?></td>
 													<td><?php echo $player->getLevel(); ?></td>
 													<td><?php echo $vocation_name; ?></td>
 													<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 												</tr>
 											<?php endforeach ?>
 											</tbody>
 										</table>
 										<?php
 									}
 								} ?>
 							</div>
 						</div>
 						<?php if ($db->hasTable('bans')) : ?>
 							<div class="tab-pane fade" id="accounts-bans">
 								<?php
 								$bans = $db->query('SELECT * FROM ' . $db->tableName('bans') . ' WHERE ' . $db->fieldName('active') . ' = 1 AND ' . $db->fieldName('id') . ' = ' . $account->getId() . ' ORDER BY ' . $db->fieldName('added') . ' DESC LIMIT 10');
 								if ($bans->rowCount()) {
 									?>
 									<table class="table table-striped table-condensed table-responsive d-md-table">
 										<thead>
 										<tr>
 											<th>Nick</th>
 											<th>Type</th>
 											<th>Expires</th>
 											<th>Reason</th>
 											<th>Comment</th>
 											<th>Added by:</th>
 										</tr>
 										</thead>
 										<tbody>
 										<?php
 										foreach ($bans as $ban) {
 											?>
 											<tr>
 												<td><?php
 													$pName = getPlayerNameByAccount($ban['value']);
 													echo '<a href="?p=players&search=' . $pName . '">' . $pName . '</a>'; ?>
 												</td>
 												<td><?php echo getBanType($ban['type']); ?></td>
 												<td>
 													<?php
 													if ($ban['expires'] == "-1")
 														echo 'Never';
 													else
 														echo date("H:i:s", $ban['expires']) . '<br/>' . date("d M Y", $ban['expires']);
 													?>
 												</td>
 												<td><?php echo getBanReason($ban['reason']); ?></td>
 												<td><?php echo $ban['comment']; ?></td>
 												<td>
 													<?php
 													if ($ban['admin_id'] == "0")
 														echo 'Autoban';
 													else
 														$aName = getPlayerNameByAccount($ban['admin_id']);
 													echo '<a href="?p=players&search=' . $aName . '">' . $aName . '</a>';
 													echo '<br/>' . date("d.m.Y", $ban['added']);
 													?>
 												</td>
 											</tr>
 										<?php } ?>
 										</tbody>
 									</table>
 									<?php
 								} else {
 									echo 'No Account bans.';
 								} ?>
 							</div>
 						<?php endif;
 						if ($db->hasTable('store_history')) { ?>
 							<div class="tab-pane fade" id="accounts-store">
 								<?php $store_history = $db->query('SELECT * FROM `store_history` WHERE `account_id` = "' . $account->getId() . '" ORDER BY `time` DESC')->fetchAll(); ?>
 								<table class="table table-striped table-condensed table-responsive d-md-table">
 									<thead>
 									<tr>
 										<th>Description</th>
 										<th>Coins</th>
 										<th>Date</th>
 									</tr>
 									</thead>
 									<tbody>
 									<?php foreach ($store_history as $p): ?>
 										<tr>
 											<td><?php echo $p['description']; ?></td>
 											<td><?php echo $p['coin_amount']; ?></td>
 											<td><?php echo date('d M y H:i:s', $p['time']); ?></td>
 										</tr>
 									<?php endforeach; ?>
 									</tbody>
 								</table>
 							</div>
 						<?php } ?>
 					</div>
 				</div>
 			</div>
 		</div>
 	<?php } ?>
 	<div class="col-12 col-sm-12 col-lg-2">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Search Accounts</h5>
 			</div>
 			<div class="card-body">
 				<div class="row">
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<label for="name">Account Name:</label>
 							<div class="input-group input-group-sm">
 								<input type="text" class="form-control" name="search" value="<?php echo $search_account; ?>" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 					<div class="col-6 col-lg-12">
 						<form action="<?php echo $admin_base; ?>" method="post">
 							<label for="name">Account ID:</label>
 							<div class="input-group input-group-sm">
 								<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
 								<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 							</div>
 						</form>
 					</div>
 				</div>
 			</div>
 		</div>
 	</div>
 </div>
 <script>
 	$(document).ready(function () {
 		$('#created').datetimepicker({format: "M d Y, H:i:s",});
 		$('#web_lastlogin').datetimepicker({format: 'M d Y, H:i:s'});
 		$('#c_pass').change(function () {
 			const ipass = $('input[name=pass]');
 			ipass[0].disabled = !this.checked;
 			ipass[0].value = '';
 		}).change();
 		$('.acc_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});
 	});
 </script>
--- a/admin/pages/changelog.php
+++ b/admin/pages/changelog.php
@@ -0,0 +1,139 @@
 <?php
 /**
 * CHANGELOG modifier
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Lee
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 $title = 'Changelog';
 $use_datatable = true;
 const CL_LIMIT = 600; // maximum changelog body length
 ?>
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
 <script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
 <?php
 $id = $_GET['id'] ?? 0;
 require_once LIBS . 'changelog.php';
 if(!empty($action))
 {
 	$id = $_REQUEST['id'] ?? null;
 	$body = isset($_REQUEST['body']) ? stripslashes($_REQUEST['body']) : null;
 	$create_date = isset($_REQUEST['createdate']) ? (int)strtotime($_REQUEST['createdate'] ): null;
 	$player_id = isset($_REQUEST['player_id']) ? (int)$_REQUEST['player_id'] : null;
 	$type = isset($_REQUEST['type']) ? (int)$_REQUEST['type'] : null;
 	$where = isset($_REQUEST['where']) ? (int)$_REQUEST['where'] : null;
 	$errors = array();
 	if($action == 'new') {
 		if(isset($body) && Changelog::add($body, $type, $where, $player_id, $create_date, $errors)) {
 			$body = '';
 			$type = $where = $player_id = $create_date = 0;
 			success("Added successful.");
 		}
 	}
 	else if($action == 'delete') {
 		Changelog::delete($id, $errors);
 		success("Deleted successful.");
 	}
 	else if($action == 'edit')
 	{
 		if(isset($id) && !isset($body)) {
 			$cl = Changelog::get($id);
 			$body = $cl['body'];
 			$type = $cl['type'];
 			$where = $cl['where'];
 			$create_date = $cl['date'];
 			$player_id = $cl['player_id'];
 		}
 		else {
 			if(Changelog::update($id, $body, $type, $where, $player_id, $create_date,$errors)) {
 				$action = $body = '';
 				$type = $where = $player_id = $create_date = 0;
 				success("Updated successful.");
 			}
 		}
 	}
 	else if($action == 'hide') {
 		Changelog::toggleHidden($id, $errors, $status);
 		success(($status == 1 ? 'Show' : 'Hide') . " successful.");
 	}
 	if(!empty($errors))
 		error(implode(", ", $errors));
 }
 $changelogs = $db->query('SELECT * FROM `' . TABLE_PREFIX . 'changelog' . '` ORDER BY `id` DESC')->fetchAll();
 $i = 0;
 $log_type = [
 	['id' => 1, 'icon' => 'added'],
 	['id' => 2, 'icon' => 'removed'],
 	['id' => 3, 'icon' => 'changed'],
 	['id' => 4, 'icon' => 'fixed'],
 ];
 $log_where = [
 	['id' => 1, 'icon' => 'server'],
 	['id' => 2, 'icon' => 'website'],
 ];
 foreach($changelogs as $key => &$log)
 {
 	$log['type'] = getChangelogType($log['type']);
 	$log['where'] = getChangelogWhere($log['where']);
 }
 if($action == 'edit' || $action == 'new') {
 	if($action == 'edit') {
 		$player = new OTS_Player();
 		$player->load($player_id);
 	}
 	$account_players = $account_logged->getPlayersList();
 	$account_players->orderBy('group_id', POT::ORDER_DESC);
 	$twig->display('admin.changelog.form.html.twig', array(
 		'action' => $action,
 		'cl_link_form' => constant('ADMIN_URL').'?p=changelog&action=' . ($action == 'edit' ? 'edit' : 'new'),
 		'cl_id' => $id ?? null,
 		'body' => isset($body) ? escapeHtml($body) : '',
 		'create_date' => $create_date ?? '',
 		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
 		'type' => $type ?? 0,
 		'where' => $where ?? 0,
 		'log_type' => $log_type,
 		'log_where' => $log_where,
 	));
 }
 $twig->display('admin.changelog.html.twig', array(
 	'changelogs' => $changelogs,
 ));
 ?>
 <script>
 	$(document).ready(function () {
 		$('#createdate').datetimepicker({format: "M d Y, H:i:s",});
 		$('.tb_datatable').DataTable({
 			"order": [[0, "desc"]],
 			"columnDefs": [{targets: [1, 2,4,5],orderable: false}]
 		});
 	});
 </script>
--- a/system/pages/admin/changelog.php
+++ b/system/pages/admin/changelog.php
@@ -4,7 +4,8 @@
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @author    Lee
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
@@ -15,8 +16,6 @@ if (!file_exists(BASE . 'CHANGELOG.md')) {
 	return;
 }
 require LIBS . 'Parsedown.php';
 $changelog = file_get_contents(BASE . 'CHANGELOG.md');
 $Parsedown = new Parsedown();
--- a/system/pages/admin/dashboard.php
+++ b/system/pages/admin/dashboard.php
@@ -19,8 +19,10 @@ if (isset($_GET['clear_cache'])) {
 }
 if (isset($_GET['maintenance'])) {
-	$_status = (int)$_POST['status'];
+	$message = (!empty($_POST['message']) ? $_POST['message'] : null);
-	$message = $_POST['message'];
+	$_status = (isset($_POST['status']) && $_POST['status'] == 'true');
 	$_status = ($_status ? '0' : '1');
 	if (empty($message)) {
 		error('Message cannot be empty.');
 	} else if (strlen($message) > 255) {
@@ -45,47 +47,16 @@ $tmp = '';
 if (fetchDatabaseConfig('site_closed_message', $tmp))
 	$closed_message = $tmp;
 $query = $db->query('SELECT count(*) as `how_much` FROM `accounts`;');
 $query = $query->fetch();
 $total_accounts = $query['how_much'];
 $query = $db->query('SELECT count(*) as `how_much` FROM `players`;');
 $query = $query->fetch();
 $total_players = $query['how_much'];
 $query = $db->query('SELECT count(*) as `how_much` FROM `guilds`;');
 $query = $query->fetch();
 $total_guilds = $query['how_much'];
 $query = $db->query('SELECT count(*) as `how_much` FROM `houses`;');
 $query = $query->fetch();
 $total_houses = $query['how_much'];
 $twig->display('admin.statistics.html.twig', array(
 	'total_accounts' => $total_accounts,
 	'total_players' => $total_players,
 	'total_guilds' => $total_guilds,
 	'total_houses' => $total_houses
 ));
 $twig->display('admin.dashboard.html.twig', array(
 	'is_closed' => $is_closed,
 	'closed_message' => $closed_message,
 	'status' => $status,
 	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
 ));
 echo '<div class="row">';
 $configAdminPanelModules = config('admin_panel_modules');
-if(isset($configAdminPanelModules))
+if (isset($configAdminPanelModules)) {
 	echo '<div class="row">';
 	$configAdminPanelModules = explode(',', $configAdminPanelModules);
-
+	$twig_loader->prependPath(__DIR__ . '/modules/templates');
-$twig_loader->prependPath(__DIR__ . '/modules/templates');
+	foreach ($configAdminPanelModules as $box) {
-foreach($configAdminPanelModules as $box) {
+		$file = __DIR__ . '/modules/' . $box . '.php';
-	$file = __DIR__ . '/modules/' . $box . '.php';
+		if (file_exists($file)) {
-	if(file_exists($file)) {
+			include($file);
-		include($file);
+		}
 	}
 }
 echo '</div>';
 }
--- a/system/pages/account.php
+++ b/system/pages/account.php
@@ -1,7 +1,6 @@
 <?php
 /**
- * Account confirm mail
+ * Load items.xml
 * Keept for compability
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
@@ -9,8 +8,6 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Server Data';
-if($action == 'confirm_email') {
+$twig->display('admin.data.html.twig');
 	require_once PAGES . 'account/confirm_email.php';
 }
 ?>
--- a/system/pages/admin/index.html
+++ b/system/pages/admin/index.html
--- a/admin/pages/login.php
+++ b/admin/pages/login.php
@@ -0,0 +1,24 @@
 <?php
 /**
 * Login
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Login';
 require PAGES . 'account/login.php';
 if ($logged) {
 	header('Location: ' . ADMIN_URL);
 	return;
 }
 $twig->display('admin.login.html.twig', [
 	'logout' => (ACTION == 'logout' ? 'You have  been logged out!'  : ''),
 	'account' => USE_ACCOUNT_NAME ? 'Name' : 'Number',
 	'account_login_by' => getAccountLoginByLabel(),
 	'errors' => $errors ?? ''
 ]);
--- a/system/pages/admin/logs.php
+++ b/system/pages/admin/logs.php
@@ -4,56 +4,56 @@
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
- * @copyright 2019 MyAAC
+ * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Logs Viewer';
 $use_datatable = true;
 $files = array();
 $aac_path_logs = BASE . 'system/logs/';
 foreach (scandir($aac_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-    if ($f[0] === '.' || is_dir($aac_path_logs . $f)) {
+	if ($f[0] === '.' || is_dir($aac_path_logs . $f) || $f === 'index.html') {
-	    continue;
+		continue;
-    }
+	}
-    $files[] = array($f, $aac_path_logs);
+	$files[] = array($f, $aac_path_logs);
 }
 $server_path_logs = $config['server_path'] . 'logs/';
 if (!file_exists($server_path_logs)) {
-    $server_path_logs = $config['data_path'] . 'logs/';
+	$server_path_logs = $config['data_path'] . 'logs/';
 }
 if (file_exists($server_path_logs)) {
-    foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
+	foreach (scandir($server_path_logs, SCANDIR_SORT_ASCENDING) as $f) {
-        if ($f[0] === '.') {
+		if ($f[0] === '.') {
-	        continue;
+			continue;
-        }
+		}
-        if (is_dir($server_path_logs . $f)) {
+		if (is_dir($server_path_logs . $f)) {
-            foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+			foreach (scandir($server_path_logs . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-                if ($f2[0] === '.') {
+				if ($f2[0] === '.') {
-	                continue;
+					continue;
-                }
+				}
-                $files[] = array($f . '/' . $f2, $server_path_logs);
+				$files[] = array($f . '/' . $f2, $server_path_logs);
-            }
+			}
-            continue;
+			continue;
-        }
+		}
-        $files[] = array($f, $server_path_logs);
+		$files[] = array($f, $server_path_logs);
-    }
+	}
 }
 foreach ($files as &$f) {
-    $f['mtime'] = filemtime($f[1] . $f[0]);
+	$f['mtime'] = filemtime($f[1] . $f[0]);
-    $f['name'] = $f[0];
+	$f['name'] = $f[0];
 }
 unset($f);
 $twig->display('admin.logs.html.twig', array('files' => $files));
 define('EXIST_NONE', 0);
 define('EXIST_SERVER_LOG', 1);
@@ -72,10 +72,12 @@ if (!empty($file)) {
 		}
 		if ($exist !== EXIST_NONE) {
-			$content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
+			$file_content = nl2br(file_get_contents(($exist === EXIST_SERVER_LOG ? $server_path_logs : $aac_path_logs) . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
+}
 $twig->display('admin.logs.html.twig', array('files' => $files));
--- a/admin/pages/mailer.php
+++ b/admin/pages/mailer.php
@@ -0,0 +1,83 @@
 <?php
 /**
 * Mailer
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mailer';
 if (!hasFlag(FLAG_CONTENT_MAILER) && !superAdmin()) {
 	echo 'Access denied.';
 	return;
 }
 if (!config('mail_enabled')) {
 	echo 'Mail support disabled in config.';
 	return;
 }
 $mail_to = isset($_REQUEST['mail_to']) ? stripslashes(trim($_REQUEST['mail_to'])) : null;
 $mail_subject = isset($_POST['mail_subject']) ? stripslashes($_POST['mail_subject']) : null;
 $mail_content = isset($_POST['mail_content']) ? stripslashes($_POST['mail_content']) : null;
 if (isset($_POST['submit'])) {
 	if (empty($mail_subject)) {
 		warning('Please enter subject of the message.');
 	}
 	if (empty($mail_content)) {
 		warning('Please enter content of the message.');
 	}
 }
 if (!empty($mail_to)) {
 	if(!Validator::email($mail_to)) {
 		warning('E-Mail is invalid.');
 	}
 	else {
 		if (!empty($mail_content) && !empty($mail_subject)) {
 			if (_mail($mail_to, $mail_subject, $mail_content)) {
 				success("Successfully mailed <strong>$mail_to</strong>");
 			}
 			else {
 				error("Error while sending mail to <strong>$mail_to</strong>. More info can be found in system/logs/mailer-error.log");
 			}
 		}
 	}
 }
 if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
 	$success = 0;
 	$failed = 0;
 	$add = '';
 	if (config('account_mail_verify')) {
 		note('Note: Sending only to users with verified E-Mail.');
 		$add = ' AND `email_verified` = 1';
 	}
 	$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
 	foreach ($query as $email) {
 		if (_mail($email['email'], $mail_subject, $mail_content)) {
 			$success++;
 		}
 		else {
 			$failed++;
 			echo '<br />';
 			error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
 		}
 	}
 	success('Mailing finished.');
 	success("$success emails delivered.");
 	warning("$failed emails failed.");
 }
 $twig->display('admin.mailer.html.twig', [
 	'mail_to' => $mail_to,
 	'mail_subject' => $mail_subject,
 	'mail_content' => $mail_content
 ]);
--- a/admin/pages/mass_account.php
+++ b/admin/pages/mass_account.php
@@ -0,0 +1,215 @@
 <?php
 /**
 * Account Admin Tool
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Lee
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Account Actions';
 $hasCoinsColumn = $db->hasColumn('accounts', 'coins');
 $hasPointsColumn = $db->hasColumn('accounts', 'premium_points');
 $freePremium = $config['lua']['freePremium'];
 function admin_give_points($points)
 {
 	global $db, $hasPointsColumn;
 	if (!$hasPointsColumn) {
 		displayMessage('Points not supported.');
 		return;
 	}
 	$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'points' => $points
 	])) {
 		displayMessage('Failed to add points.');
 		return;
 	}
 	displayMessage($points . ' points added to all accounts.', true);
 }
 function admin_give_coins($coins)
 {
 	global $db, $hasCoinsColumn;
 	if (!$hasCoinsColumn) {
 		displayMessage('Coins not supported.');
 		return;
 	}
 	$statement = $db->prepare('UPDATE `accounts` SET `coins` = `coins` + :coins');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'coins' => $coins
 	])) {
 		displayMessage('Failed to add coins.');
 		return;
 	}
 	displayMessage($coins . ' coins added to all accounts.', true);
 }
 function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
 {
 	global $db;
 	$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return false;
 	}
 	if (!$statement->execute($params)) {
 		displayMessage('Failed to add premium days.');
 		return false;
 	}
 	return true;
 }
 function admin_give_premdays($days)
 {
 	global $db, $freePremium;
 	if ($freePremium) {
 		displayMessage('Premium days not supported. Free Premium enabled.');
 		return;
 	}
 	$value = $days * 86400;
 	$now = time();
 	// othire
 	if ($db->hasColumn('accounts', 'premend')) {
 		// append premend
 		if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
 			// set premend
 			if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
 				displayMessage('Failed to execute set query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute append query.');
 			return;
 		}
 		return;
 	}
 	// tfs 0.x
 	if ($db->hasColumn('accounts', 'premdays')) {
 		// append premdays
 		if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
 			// append lastday
 			if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
 				// set lastday
 				if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
 					displayMessage($days . ' premium days added to all accounts.', true);
 					return;
 				} else {
 					displayMessage('Failed to execute set query.');
 					return;
 				}
 				return;
 			} else {
 				displayMessage('Failed to execute append query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute set days query.');
 			return;
 		}
 		return;
 	}
 	// tfs 1.x
 	if ($db->hasColumn('accounts', 'premium_ends_at')) {
 		// append premium_ends_at
 		if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
 			// set premium_ends_at
 			if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
 				displayMessage($days . ' premium days added to all accounts.', true);
 				return;
 			} else {
 				displayMessage('Failed to execute set query.');
 				return;
 			}
 		} else {
 			displayMessage('Failed to execute append query.');
 			return;
 		}
 		return;
 	}
 	displayMessage('Premium Days not supported.');
 }
 if (isset($_POST['action']) && $_POST['action']) {
 	$action = $_POST['action'];
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
 	} else {
 		$value = isset($_POST['value']) ? intval($_POST['value']) : 0;
 		if (!$value) {
 			displayMessage('Please fill all inputs');
 		} else {
 			switch ($action) {
 				case 'give-points':
 					admin_give_points($value);
 					break;
 				case 'give-coins':
 					admin_give_coins($value);
 					break;
 				case 'give-premdays':
 					admin_give_premdays($value);
 					break;
 				default:
 					displayMessage('Action ' . $action . 'not found.');
 			}
 		}
 	}
 }
 else {
 	$twig->display('admin.tools.account.html.twig', array(
 		'hasCoinsColumn' => $hasCoinsColumn,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
 function displayMessage($message, $success = false) {
 	global $twig, $hasCoinsColumn, $hasPointsColumn, $freePremium;
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.account.html.twig', array(
 		'hasCoinsColumn' => $hasCoinsColumn,
 		'hasPointsColumn' => $hasPointsColumn,
 		'freePremium' => $freePremium,
 	));
 }
--- a/admin/pages/mass_teleport.php
+++ b/admin/pages/mass_teleport.php
@@ -0,0 +1,116 @@
 <?php
 /**
 * Teleport Admin Tool
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @author    Lee
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Mass Teleport Actions';
 function admin_teleport_position($x, $y, $z) {
 	global $db;
 	$statement = $db->prepare('UPDATE `players` SET `posx` = :x, `posy` = :y, `posz` = :z');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'x' => $x, 'y' => $y, 'z' => $z
 	])) {
 		displayMessage('Failed to execute query.');
 		return;
 	}
 	displayMessage('Player\'s position updated.', true);
 }
 function admin_teleport_town($town_id) {
 	global $db;
 	$statement = $db->prepare('UPDATE `players` SET `town_id` = :town_id');
 	if (!$statement) {
 		displayMessage('Failed to prepare query statement.');
 		return;
 	}
 	if (!$statement->execute([
 		'town_id' => $town_id
 	])) {
 		displayMessage('Failed to execute query.');
 		return;
 	}
 	displayMessage('Player\'s town updated.', true);
 }
 if (isset($_POST['action']) && $_POST['action'])    {
 	$action = $_POST['action'];
 	if (preg_match("/[^A-z0-9_\-]/", $action)) {
 		displayMessage('Invalid action.');
 	} else {
 		$playersOnline = 0;
 		if($db->hasTable('players_online')) {// tfs 1.0
 			$query = $db->query('SELECT count(*) AS `count` FROM `players_online`');
 		} else {
 			$query = $db->query('SELECT count(*) AS `count` FROM `players` WHERE `players`.`online` > 0');
 		}
 		$playersOnline = $query->fetch(PDO::FETCH_ASSOC);
 		if ($playersOnline['count'] > 0) {
 			displayMessage('Please, close the server before execute this action otherwise players will not be affected.');
 			return;
 		}
 		$town_id = isset($_POST['town_id']) ? intval($_POST['town_id']) : null;
 		$posx = isset($_POST['posx']) ? intval($_POST['posx']) : null;
 		$posy = isset($_POST['posy']) ? intval($_POST['posy']) : null;
 		$posz = isset($_POST['posz']) ? intval($_POST['posz']) : null;
 		$to_temple = $_POST['to_temple'] ?? null;
 		switch ($action) {
 			case 'set-town':
 				if (!$town_id) {
 					displayMessage('Please fill all inputs');
 					return;
 				}
 				if (!isset($config['towns'][$town_id])) {
 					displayMessage('Specified town does not exist');
 					return;
 				}
 				admin_teleport_town($town_id);
 				break;
 			case 'set-position':
 				if (!$to_temple &&  ($posx < 0 || $posx > 65535 || $posy < 0 || $posy > 65535|| $posz < 0 || $posz > 16)) {
 					displayMessage('Invalid Position');
 					return;
 				}
 				admin_teleport_position($posx, $posy, $posz);
 				break;
 			default:
 				displayMessage('Action ' . $action . 'not found.');
 		}
 	}
 }
 else {
 	$twig->display('admin.tools.teleport.html.twig', array());
 }
 function displayMessage($message, $success = false) {
 	global $twig;
 	$success ? success($message): error($message);
 	$twig->display('admin.tools.teleport.html.twig', array());
 }
--- a/system/pages/admin/menus.php
+++ b/system/pages/admin/menus.php
@@ -46,7 +46,6 @@ if (isset($_REQUEST['template'])) {
 		if ($cache->enabled()) {
 			$cache->delete('template_menus');
 		}
 		success('Saved at ' . date('H:i'));
 	}
@@ -57,70 +56,73 @@ if (isset($_REQUEST['template'])) {
 		echo 'Cannot find template config.php file.';
 		return;
 	}
 	if (!isset($config['menu_categories'])) {
 		echo "No menu categories set in template config.php.<br/>This template doesn't support dynamic menus.";
 		return;
 	}
-	echo 'Hint: You can drag menu items.<br/>
+	$title = 'Menus - ' . $template;
-	Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
+	?>
-	Not all templates support blank and colorful links.<br/><br/>
+	<div align="center" class="text-center">
-    <div class="row">';
+		<p class="note">You are editing: <?= $template ?><br/><br/>
 			Hint: You can drag menu items.<br/>
 			Hint: Add links to external sites using: <b>http://</b> or <b>https://</b> prefix.<br/>
 			Not all templates support blank and colorful links.
 		</p>
 	</div>
 	<?php
 	$menus = array();
 	$menus_db = $db->query('SELECT `name`, `link`, `blank`, `color`, `category`, `ordering` FROM `' . TABLE_PREFIX . 'menu` WHERE `enabled` = 1 AND `template` = ' . $db->quote($template) . ' ORDER BY `ordering` ASC;')->fetchAll();
 	foreach ($menus_db as $menu) {
 		$menus[$menu['category']][] = array('name' => $menu['name'], 'link' => $menu['link'], 'blank' => $menu['blank'], 'color' => $menu['color'], 'ordering' => $menu['ordering']);
 	}
 	$last_id = array();
-	echo '<form method="post" id="menus-form" action="?p=menus">';
+	?>
-	echo '<input type="hidden" name="template" value="' . $template . '"/>';
+	<form method="post" id="menus-form" action="?p=menus">
-	foreach ($config['menu_categories'] as $id => $cat) {
+		<input type="hidden" name="template" value="<?php echo $template ?>"/>
-		echo '        <div class="col-md-12 col-lg-6">
+		<div class="row">
-            <div class="box box-danger">
+			<?php foreach ($config['menu_categories'] as $id => $cat): ?>
-                <div class="box-header with-border">
+				<div class="col-md-12 col-lg-6">
-                    <h3 class="box-title">' . $cat['name'] . ' <img class="add-button" id="add-button-' . $id . '" src="' . BASE_URL . 'images/plus.png" width="16" height="16"/></h3>
+					<div class="card card-info card-outline">
-                </div>
+						<div class="card-header">
-                <div class="box-body">';
+							<h5 class="m-0"><?php echo $cat['name'] ?> <i class="far fa-plus-square add-button" id="add-button-<?php echo $id ?>"></i></h5>
-
+						</div>
-
+						<div class="card-body">
-		echo '<ul class="sortable" id="sortable-' . $id . '">';
+							<ul class="sortable" id="sortable-<?php echo $id ?>">
-		if (isset($menus[$id])) {
+								<?php
-			$i = 0;
+								if (isset($menus[$id])) {
-			foreach ($menus[$id] as $menu) {
+									foreach ($menus[$id] as $i => $menu):
-				echo '<li class="ui-state-default" id="list-' . $id . '-' . $i . '"><label>Name:</label><input type="text" name="menu[' . $id . '][]" value="' . $menu['name'] . '"/>
+										?>
-				<label>Link:</label><input type="text" name="menu_link[' . $id . '][]" value="' . $menu['link'] . '"/>
+										<li class="ui-state-default" id="list-<?php echo $id ?>-<?php echo $i ?>"><label>Name:</label> <input type="text" name="menu[<?php echo $id ?>][]" value="<?php echo escapeHtml($menu['name']); ?>"/>
-				<input type="hidden" name="menu_blank[' . $id . '][]" value="0" />
+											<label>Link:</label> <input type="text" name="menu_link[<?php echo $id ?>][]" value="<?php echo $menu['link'] ?>"/>
-				<label><input class="blank-checkbox" type="checkbox" ' . ($menu['blank'] == 1 ? 'checked' : '') . '/><span title="Open in New Window">Open in New Window</span></label>
+											<input type="hidden" name="menu_blank[<?php echo $id ?>][]" value="0"/>
-				
+											<label><input class="blank-checkbox" type="checkbox" <?php echo($menu['blank'] == 1 ? 'checked' : '') ?>/><span title="Open in New Window">New Window</span></label>
-				<input class="color-picker" type="text" name="menu_color[' . $id . '][]" value="#' . $menu['color'] . '" />
+											<input class="color-picker" type="text" name="menu_color[<?php echo $id ?>][]" value="#<?php echo $menu['color'] ?>"/>
-				
+											<a class="remove-button" id="remove-button-<?php echo $id ?>-<?php echo $i ?>"><i class="fas fa-trash"></a></i></li>
-				<a class="remove-button" id="remove-button-' . $id . '-' . $i . '"><img src="' . BASE_URL . 'images/del.png"/></a></li>';
+										<?php $last_id[$id] = $i;
-
+									endforeach;
-				$i++;
+								} ?>
-				$last_id[$id] = $i;
+							</ul>
-			}
+						</div>
-		}
+					</div>
-
+				</div>
-		echo '</ul>';
+			<?php endforeach ?>
-		echo '                </div>
+		</div>
-            </div>
+		<div class="row pb-2">
-        </div>
+			<div class="col-md-12">
-';
+				<button type="submit" class="btn btn-info"><i class="fas fa-update"></i> Save</button>
-	}
+				<?php
-	echo ' </div><div class="row"><div class="col-md-6">';
+				echo '<button type="button" class="btn btn-danger float-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus\';"><i class="fas fa-cancel"></i> Cancel</button>';
-	echo '<input type="submit" class="btn btn-info" value="Save">';
+				?>
-	echo '<input type="button" class="btn btn-default pull-right" value="Cancel" onclick="window.location = \'' . ADMIN_URL . '?p=menus&template=' . $template . '\';">';
+			</div>
-	echo '</div></div>';
+		</div>
-	echo '</form>';
+	</form>
-
+	<?php
 	$twig->display('admin.menus.js.html.twig', array(
 		'menus' => $menus,
 		'last_id' => $last_id
 	));
 	?>
 	<?php
 } else {
 	$templates = $db->query('SELECT `template` FROM `' . TABLE_PREFIX . 'menu` GROUP BY `template`;')->fetchAll();
@@ -134,4 +136,4 @@ if (isset($_REQUEST['template'])) {
 	$twig->display('admin.menus.form.html.twig', array(
 		'templates' => $templates
 	));
-}
+}
--- a/admin/pages/modules/balance.php
+++ b/admin/pages/modules/balance.php
@@ -0,0 +1,6 @@
 <?php
 $balance = ($db->hasColumn('players', 'balance') ? $db->query('SELECT `balance`, `id`, `name`,`level` FROM `players` ORDER BY `balance` DESC LIMIT 10;') : 0);
 $twig->display('balance.html.twig', array(
 	'balance' => $balance
 ));
--- a/admin/pages/modules/coins.php
+++ b/admin/pages/modules/coins.php
@@ -0,0 +1,6 @@
 <?php
 $coins = ($db->hasColumn('accounts', 'coins') ?  $db->query('SELECT `coins`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `coins` DESC LIMIT 10;') : 0);
 $twig->display('coins.html.twig', array(
 	'coins' => $coins
 ));
--- a/admin/pages/modules/created.php
+++ b/admin/pages/modules/created.php
@@ -0,0 +1,6 @@
 <?php
 $players = ($db->hasColumn('accounts', 'created') ? $db->query('SELECT `created`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `created` DESC LIMIT 10;') : 0);
 $twig->display('created.html.twig', array(
 	'players' => $players,
 ));
--- a/system/pages/admin/modules/index.html
+++ b/system/pages/admin/modules/index.html
--- a/admin/pages/modules/lastlogin.php
+++ b/admin/pages/modules/lastlogin.php
@@ -0,0 +1,5 @@
 <?php
 $players = ($db->hasColumn('players', 'lastlogin') ? $db->query('SELECT name, level, lastlogin FROM players ORDER BY lastlogin DESC LIMIT 10;') : 0);
 $twig->display('lastlogin.html.twig', array(
 	'players' => $players,
 ));
--- a/admin/pages/modules/points.php
+++ b/admin/pages/modules/points.php
@@ -0,0 +1,6 @@
 <?php
 $points = ($db->hasColumn('accounts', 'premium_points') ? $db->query('SELECT `premium_points`, `' . (USE_ACCOUNT_NAME ? 'name' : 'id') . '` as `name` FROM `accounts` ORDER BY `premium_points` DESC LIMIT 10;') : 0);
 $twig->display('points.html.twig', array(
 	'points' => $points,
 ));
--- a/admin/pages/modules/server_status.php
+++ b/admin/pages/modules/server_status.php
@@ -0,0 +1,46 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if (isset($status)) {
 	$error_icon = '<i class="fas fa-exclamation-circle text-danger"></i>'; ?>
 	<div class=" col-md-6 col-lg-6">
 		<div class="card card-info card-outline">
 			<div class="card-header border-bottom-0">
 				<span class="font-weight-bold m-0">Server Status</span> <span class="float-right small"><b>Last checked</b>: <?php echo(isset($status['lastCheck']) ? date("l, d.m.Y H:i:s", $status['lastCheck']) : $error_icon); ?></span>
 			</div>
 			<div class="card-body p-0 ">
 				<table class="table">
 					<tbody>
 					<tr>
 						<th width="30%">Server</th>
 						<td><?php echo(isset($status['server']) & isset($status['serverVersion']) ? $status['server'] . ' x ' . $status['serverVersion'] : $error_icon) ?></td>
 					</tr>
 					<tr>
 						<th>Client</th>
 						<td><?php echo(isset($status['clientVersion']) ? $status['clientVersion'] : $error_icon) ?></td>
 					</tr>
 					<tr>
 						<th>Map</th>
 						<td>
 							<?php if (isset($status['mapName']) & isset($status['mapAuthor']) & isset($status['mapWidth']) & isset($status['mapHeight'])) {
 								echo $status['mapName'] . ' by <b>' . $status['mapAuthor'] . '</b><br/>' . $status['mapWidth'] . ' x ' . $status['mapHeight'];
 							} else {
 								echo $error_icon;
 							} ?>
 						</td>
 					</tr>
 					<tr>
 						<th>Monsters</th>
 						<td><?php echo (isset($status['monsters']) ? $status['monsters'] : $error_icon); ?></td>
 					</tr>
 					<tr>
 						<th>MOTD:</th>
 						<td><?php echo(isset($status['motd']) ? $status['motd'] : $error_icon); ?></td>
 					</tr>
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 <?php } ?>
--- a/admin/pages/modules/statistics.php
+++ b/admin/pages/modules/statistics.php
@@ -0,0 +1,12 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $count = $db->query('SELECT
  (SELECT COUNT(*) FROM `accounts`) as total_accounts, 
  (SELECT COUNT(*) FROM `players`) as total_players,
  (SELECT COUNT(*) FROM `guilds`) as total_guilds,
  (SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'monsters`) as total_monsters,
  (SELECT COUNT(*) FROM `houses`) as total_houses;')->fetch();
 $twig->display('statistics.html.twig', array(
 	'count' => $count,
 ));
--- a/admin/pages/modules/templates/balance.html.twig
+++ b/admin/pages/modules/templates/balance.html.twig
@@ -0,0 +1,31 @@
 {% if balance is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Top 10 - Balance</h5>
 			</div>
 			<div class="card-body p-0">
 				<table class="table table-striped table-condensed">
 					<thead>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Balance</th>
 					</tr>
 					</thead>
 					<tbody>
 					{% set i = 0 %}
 					{% for result in balance %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
 							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.balance }}</td>
 						</tr>
 					{% endfor %}
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 {% endif %}
--- a/admin/pages/modules/templates/coins.html.twig
+++ b/admin/pages/modules/templates/coins.html.twig
@@ -0,0 +1,31 @@
 {% if coins is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Top 10 - Most coins</h5>
 			</div>
 			<div class="card-body p-0">
 				<table class="table table-striped table-condensed">
 					<thead>
 					<tr>
 						<th>#</th>
 						<th>Account</th>
 						<th>Tibia coins</th>
 					</tr>
 					</thead>
 					<tbody>
 					{% set i = 0 %}
 					{% for result in coins %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
 							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.coins }}</td>
 						</tr>
 					{% endfor %}
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 {% endif %}
--- a/admin/pages/modules/templates/created.html.twig
+++ b/admin/pages/modules/templates/created.html.twig
@@ -0,0 +1,31 @@
 {% if players is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Last 10 created</h5>
 			</div>
 			<div class="card-body p-0">
 				<table class="table table-striped table-condensed">
 					<thead>
 					<tr>
 						<th>#</th>
 						<th>Account</th>
 						<th>Creation Date</th>
 					</tr>
 					</thead>
 					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
 							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.created|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 {% endif %}
--- a/system/pages/admin/modules/templates/index.html
+++ b/system/pages/admin/modules/templates/index.html
--- a/admin/pages/modules/templates/lastlogin.html.twig
+++ b/admin/pages/modules/templates/lastlogin.html.twig
@@ -0,0 +1,31 @@
 {% if players is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Last 10 logins</h5>
 			</div>
 			<div class="card-body p-0">
 				<table class="table table-striped table-condensed">
 					<thead>
 					<tr>
 						<th>#</th>
 						<th>Player</th>
 						<th>Login Date</th>
 					</tr>
 					</thead>
 					<tbody>
 					{% set i = 0 %}
 					{% for result in players %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
 							<td><a href="?p=players&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.lastlogin|date("M d Y, H:i:s") }}</td>
 						</tr>
 					{% endfor %}
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 {% endif %}
--- a/admin/pages/modules/templates/points.html.twig
+++ b/admin/pages/modules/templates/points.html.twig
@@ -0,0 +1,31 @@
 {% if points is iterable %}
 	<div class=" col-md-6 col-lg-3">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Top 10 - Most premium points</h5>
 			</div>
 			<div class="card-body p-0">
 				<table class="table table-striped table-condensed">
 					<thead>
 					<tr>
 						<th>#</th>
 						<th>Account</th>
 						<th>Premium points</th>
 					</tr>
 					</thead>
 					<tbody>
 					{% set i = 0 %}
 					{% for result in points %}
 						{% set i = i + 1 %}
 						<tr>
 							<th>{{ i }}</th>
 							<td><a href="?p=accounts&search_name={{ result.name }}">{{ result.name }}</a></td>
 							<td>{{ result.premium_points }}</td>
 						</tr>
 					{% endfor %}
 					</tbody>
 				</table>
 			</div>
 		</div>
 	</div>
 {% endif %}
--- a/admin/pages/modules/templates/statistics.html.twig
+++ b/admin/pages/modules/templates/statistics.html.twig
@@ -0,0 +1,45 @@
 <div class="col">
 	<div class="info-box">
 		<span class="info-box-icon bg-info elevation-1"><i class="fas fa-user-plus"></i></span>
 		<div class="info-box-content">
 			<span class="info-box-text">Accounts:</span>
 			<span class="info-box-number">{{ count.total_accounts }}</span>
 		</div>
 	</div>
 </div>
 <div class="col">
 	<div class="info-box">
 		<span class="info-box-icon bg-red elevation-1"><i class="fas fa-user-plus"></i></span>
 		<div class="info-box-content">
 			<span class="info-box-text">Players:</span>
 			<span class="info-box-number">{{ count.total_players }}</span>
 		</div>
 	</div>
 </div>
 <div class="col">
 	<div class="info-box">
 		<span class="info-box-icon bg-teal elevation-1"><i class="fas fa-pastafarianism"></i></span>
 		<div class="info-box-content">
 			<span class="info-box-text">Monsters:</span>
 			<span class="info-box-number">{{ count.total_monsters }}</span>
 		</div>
 	</div>
 </div>
 <div class="col">
 	<div class="info-box">
 		<span class="info-box-icon bg-green elevation-1"><i class="fas fa-chart-pie"></i></span>
 		<div class="info-box-content">
 			<span class="info-box-text">Guilds:</span>
 			<span class="info-box-number">{{ count.total_guilds }}</span>
 		</div>
 	</div>
 </div>
 <div class="col">
 	<div class="info-box">
 		<span class="info-box-icon bg-yellow elevation-1"><i class="fas fa-home"></i></span>
 		<div class="info-box-content">
 			<span class="info-box-text">Houses:</span>
 			<span class="info-box-number">{{ count.total_houses }}</span>
 		</div>
 	</div>
 </div>
--- a/admin/pages/modules/templates/web_status.twig
+++ b/admin/pages/modules/templates/web_status.twig
@@ -0,0 +1,39 @@
 <div class="col-12 col-md-6">
 	<div class="card card-warning card-outline">
 		<form action="?p=dashboard&maintenance" method="post" class="form-horizontal">
 			<div class="card-header">
 				<span class="m-0">Website Status<span class="float-right">
 				<div class="custom-control custom-switch custom-switch-off-danger custom-switch-on-success">
 					<input type="checkbox" class="custom-control-input" name="status" id="status" value="true" {% if not is_closed %} checked{% endif %}>
 					<label id="status-label" class="custom-control-label" for="status"> {% if is_closed %}Closed{% else %}Open{% endif %}</label>
 				</div></span>
 				</span>
 			</div>
 			<div class="card-body p-2">
 				<div class="col-sm-12">
 					<label for="message" class="col-form-label">Maintenance Message</label>
 					<textarea name="message" class="form-control" cols="40" rows="3" maxlength="255" placeholder="Enter ...">{{ closed_message }}</textarea>
 					<small>(only visible if closed)</small>
 				</div>
 			</div>
 			<div class="card-footer">
 				<button type="submit" class="btn btn-info"><i class="far fa-update"></i> Update</button>
 				<a href="?p=dashboard&clear_cache" onclick="return confirm('Are you sure?');" class="float-right">
 					<span class="btn btn-danger"><i class="fas fa-clear"></i>Clear cache</span>
 				</a>
 			</div>
 		</form>
 	</div>
 </div>
 <script>
 	$(function() {
 		$("#status").change(function() {
 			$statusLabel = $("#status-label");
 			$statusLabel.html("Closed");
 			if ($(this).is(':checked')) {
 				$statusLabel.html("Open");
 			}
 		});
 	});
 </script>
--- a/admin/pages/modules/web_status.php
+++ b/admin/pages/modules/web_status.php
@@ -0,0 +1,10 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 $twig->display('web_status.twig', array(
 	'is_closed' => $is_closed,
 	'closed_message' => $closed_message,
 	'status' => $status,
 	'account_type' => USE_ACCOUNT_NAME ? 'name' : 'number'
 ));
 ?>
--- a/system/pages/admin/news.php
+++ b/system/pages/admin/news.php
@@ -13,6 +13,7 @@ require_once LIBS . 'forum.php';
 require_once LIBS . 'news.php';
 $title = 'News Panel';
 $use_datatable = true;
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -22,8 +23,8 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
 // some constants, used mainly by database (cannot by modified without schema changes)
-define('TITLE_LIMIT', 100);
+define('NEWS_TITLE_LIMIT', 100);
-define('BODY_LIMIT', 65535); // maximum news body length
+define('NEWS_BODY_LIMIT', 65535); // maximum news body length
 define('ARTICLE_TEXT_LIMIT', 300);
 define('ARTICLE_IMAGE_LIMIT', 100);
@@ -42,12 +43,12 @@ if(!empty($action))
 	$forum_section = isset($_REQUEST['forum_section']) ? $_REQUEST['forum_section'] : null;
 	$errors = array();
-	if($action == 'add') {
+	if($action == 'new') {
 		if(isset($forum_section) && $forum_section != '-1') {
 			$forum_add = Forum::add_thread($p_title, $body, $forum_section, $player_id, $account_logged->getId(), $errors);
 		}
-		if(News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
+		if(isset($p_title) && News::add($p_title, $body, $type, $category, $player_id, isset($forum_add) && $forum_add != 0 ? $forum_add : 0, $article_text, $article_image, $errors)) {
 			$p_title = $body = $comments = $article_text = $article_image = '';
 			$type = $category = $player_id = 0;
@@ -114,21 +115,21 @@ if($action == 'edit' || $action == 'new') {
 	$twig->display('admin.news.form.html.twig', array(
 		'action' => $action,
 		'news_link' => getLink(PAGE),
-		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'add'),
+		'news_link_form' => '?p=news&action=' . ($action == 'edit' ? 'edit' : 'new'),
-		'news_id' => isset($id) ? $id : null,
+		'news_id' => $id ?? null,
-		'title' => isset($p_title) ? $p_title : '',
+		'title' => $p_title ?? '',
-		'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+		'body' => isset($body) ? escapeHtml($body) : '',
-		'type' => isset($type) ? $type : null,
+		'type' => $type ?? null,
 		'player' => isset($player) && $player->isLoaded() ? $player : null,
-		'player_id' => isset($player_id) ? $player_id : null,
+		'player_id' => $player_id ?? null,
 		'account_players' => $account_players,
-		'category' => isset($category) ? $category : 0,
+		'category' => $category ?? 0,
 		'categories' => $categories,
 		'forum_boards' => getForumBoards(),
-		'forum_section' => isset($forum_section) ? $forum_section : null,
+		'forum_section' => $forum_section ?? null,
-		'comments' => isset($comments) ? $comments : null,
+		'comments' => $comments ?? null,
-		'article_text' => isset($article_text) ? $article_text : null,
+		'article_text' => $article_text ?? null,
-		'article_image' => isset($article_image) ? $article_image : null
+		'article_image' => $article_image ?? null
 	));
 }
--- a/system/pages/admin/notepad.php
+++ b/system/pages/admin/notepad.php
--- a/admin/pages/open_source.php
+++ b/admin/pages/open_source.php
@@ -0,0 +1,14 @@
 <?php
 /**
 * Open Source libraries
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2023 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Open Source';
 $twig->display('admin.open_source.html.twig');
--- a/system/pages/admin/pages.php
+++ b/system/pages/admin/pages.php
@@ -9,6 +9,7 @@
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Pages';
 $use_datatable = true;
 if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 	echo 'Access denied.';
@@ -17,13 +18,18 @@ if (!hasFlag(FLAG_CONTENT_PAGES) && !superAdmin()) {
 header('X-XSS-Protection:0');
-$name = $p_title = '';
+$name = $p_title = null;
 $groups = new OTS_Groups_List();
 $php = false;
 $enable_tinymce = true;
 $access = 0;
 // some constants, used mainly by database (cannot by modified without schema changes)
 define('PAGE_TITLE_LIMIT', 30);
 define('PAGE_NAME_LIMIT', 30);
 define('PAGE_BODY_LIMIT', 65535); // maximum page body length
 if (!empty($action)) {
 	if ($action == 'delete' || $action == 'edit' || $action == 'hide')
 		$id = $_REQUEST['id'];
@@ -49,12 +55,13 @@ if (!empty($action)) {
 	$errors = array();
 	$player_id = 1;
-	if ($action == 'add') {
+	if ($action == 'new') {
-		if (Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
+		if (isset($p_title) && Pages::add($name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			$name = $p_title = $body = '';
 			$player_id = $access = 0;
 			$php = false;
 			$enable_tinymce = true;
 			success('Added successful.');
 		}
 	} else if ($action == 'delete') {
 		if (Pages::delete($id, $errors))
@@ -69,15 +76,18 @@ if (!empty($action)) {
 			$enable_tinymce = $_page['enable_tinymce'] == '1';
 			$access = $_page['access'];
 		} else {
-			Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access);
+			if(Pages::update($id, $name, $p_title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
-			$action = $name = $p_title = $body = '';
+				$action = $name = $p_title = $body = '';
-			$player_id = 1;
+				$player_id = 1;
-			$access = 0;
+				$access = 0;
-			$php = false;
+				$php = false;
-			$enable_tinymce = true;
+				$enable_tinymce = true;
 				success('Updated successful.');
 			}
 		}
 	} else if ($action == 'hide') {
-		Pages::toggleHidden($id, $errors);
+		Pages::toggleHidden($id, $errors, $status);
 		success(($status == 1 ? 'Show' : 'Hide') . ' successful.');
 	}
 	if (!empty($errors))
@@ -105,7 +115,7 @@ $twig->display('admin.pages.form.html.twig', array(
 	'title' => $p_title,
 	'php' => $php,
 	'enable_tinymce' => $enable_tinymce,
-	'body' => isset($body) ? htmlentities($body, ENT_COMPAT, 'UTF-8') : '',
+	'body' => isset($body) ? escapeHtml($body) : '',
 	'groups' => $groups->getGroups(),
 	'access' => $access
 ));
@@ -116,6 +126,48 @@ $twig->display('admin.pages.html.twig', array(
 class Pages
 {
 	static public function verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!isset($title[0]) || !isset($body[0])) {
 			$errors[] = 'Please fill all inputs.';
 			return false;
 		}
 		if(strlen($name) > PAGE_NAME_LIMIT) {
 			$errors[] = 'Page name cannot be longer than ' . PAGE_NAME_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($title) > PAGE_TITLE_LIMIT) {
 			$errors[] = 'Page title cannot be longer than ' . PAGE_TITLE_LIMIT . ' characters.';
 			return false;
 		}
 		if(strlen($body) > PAGE_BODY_LIMIT) {
 			$errors[] = 'Page content cannot be longer than ' . PAGE_BODY_LIMIT . ' characters.';
 			return false;
 		}
 		if(!isset($player_id) || $player_id == 0) {
 			$errors[] = 'Player ID is wrong.';
 			return false;
 		}
 		if(!isset($php) || ($php != 0 && $php != 1)) {
 			$errors[] = 'Enable PHP is wrong.';
 			return false;
 		}
 		if ($php == 1 && !getBoolean(config('admin_pages_php_enable'))) {
 			$errors[] = 'PHP pages disabled on this server. To enable go to config.php and change admin_pages_php_enable to "yes".';
 			return false;
 		}
 		if(!isset($enable_tinymce) || ($enable_tinymce != 0 && $enable_tinymce != 1)) {
 			$errors[] = 'Enable TinyMCE is wrong.';
 			return false;
 		}
 		if(!isset($access) || $access < 0 || $access > PHP_INT_MAX) {
 			$errors[] = 'Access is wrong.';
 			return false;
 		}
 		return true;
 	}
 	static public function get($id)
 	{
 		global $db;
@@ -128,31 +180,36 @@ class Pages
 	static public function add($name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		global $db;
-		if (isset($name[0]) && isset($title[0]) && isset($body[0]) && $player_id != 0) {
+		$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
-			$query = $db->select(TABLE_PREFIX . 'pages', array('name' => $name));
+		if ($query === false)
-			if ($query === false)
+			$db->insert(TABLE_PREFIX . 'pages',
-				$db->insert(TABLE_PREFIX . 'pages',
+				array(
-					array(
+					'name' => $name,
-						'name' => $name,
+					'title' => $title,
-						'title' => $title,
+					'body' => $body,
-						'body' => $body,
+					'player_id' => $player_id,
-						'player_id' => $player_id,
+					'php' => $php ? '1' : '0',
-						'php' => $php ? '1' : '0',
+					'enable_tinymce' => $enable_tinymce ? '1' : '0',
-						'enable_tinymce' => $enable_tinymce ? '1' : '0',
+					'access' => $access
-						'access' => $access
+				)
-					)
+			);
-				);
+		else
-			else
+			$errors[] = 'Page with this link already exists.';
 				$errors[] = 'Page with this link already exists.';
 		} else
 			$errors[] = 'Please fill all inputs.';
 		return !count($errors);
 	}
-	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access)
+	static public function update($id, $name, $title, $body, $player_id, $php, $enable_tinymce, $access, &$errors)
 	{
 		if(!self::verify($name, $title, $body, $player_id, $php, $enable_tinymce, $access, $errors)) {
 			return false;
 		}
 		global $db;
 		$db->update(TABLE_PREFIX . 'pages',
 			array(
@@ -165,6 +222,8 @@ class Pages
 				'access' => $access
 			),
 			array('id' => $id));
 		return true;
 	}
 	static public function delete($id, &$errors)
@@ -181,15 +240,18 @@ class Pages
 		return !count($errors);
 	}
-	static public function toggleHidden($id, &$errors)
+	static public function toggleHidden($id, &$errors, &$status)
 	{
 		global $db;
 		if (isset($id)) {
 			$query = $db->select(TABLE_PREFIX . 'pages', array('id' => $id));
-			if ($query !== false)
+			if ($query !== false) {
 				$db->update(TABLE_PREFIX . 'pages', array('hidden' => ($query['hidden'] == 1 ? 0 : 1)), array('id' => $id));
-			else
+				$status = $query['hidden'];
 			}
 			else {
 				$errors[] = 'Page with id ' . $id . ' does not exists.';
 			}
 		} else
 			$errors[] = 'id not set';
--- a/system/pages/admin/phpinfo.php
+++ b/system/pages/admin/phpinfo.php
@@ -16,4 +16,4 @@ if (!function_exists('phpinfo')) { ?>
 	<?php return;
 }
 ?>
-<iframe src="<?php echo BASE_URL; ?>admin/tools/phpinfo.php" width="1024" height="550"/>
+<iframe src="<?php echo ADMIN_URL; ?>tools/phpinfo.php" width="1024" height="550"></iframe>
--- a/admin/pages/players.php
+++ b/admin/pages/players.php
@@ -0,0 +1,908 @@
 <?php
 /**
 * Players editor
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Player editor';
 $player_base = ADMIN_URL . '?p=players';
 $use_datatable = true;
 require_once LIBS . 'forum.php';
 $skills = array(
 	POT::SKILL_FIST => array('Fist fighting', 'fist'),
 	POT::SKILL_CLUB => array('Club fighting', 'club'),
 	POT::SKILL_SWORD => array('Sword fighting', 'sword'),
 	POT::SKILL_AXE => array('Axe fighting', 'axe'),
 	POT::SKILL_DIST => array('Distance fighting', 'dist'),
 	POT::SKILL_SHIELD => array('Shielding', 'shield'),
 	POT::SKILL_FISH => array('Fishing', 'fish')
 );
 $hasBlessingsColumn = $db->hasColumn('players', 'blessings');
 $hasBlessingColumn = $db->hasColumn('players', 'blessings1');
 $hasLookAddons = $db->hasColumn('players', 'lookaddons');
 $skull_type = array("None", "Yellow", "Green", "White", "Red", "Black", "Orange");
 ?>
 <link rel="stylesheet" type="text/css" href="<?php echo BASE_URL; ?>tools/css/jquery.datetimepicker.css"/ >
 <script src="<?php echo BASE_URL; ?>tools/js/jquery.datetimepicker.js"></script>
 <?php
 $id = 0;
 $search_player = '';
 if (isset($_REQUEST['id']))
 	$id = (int)$_REQUEST['id'];
 else if (isset($_REQUEST['search'])) {
 	$search_player = $_REQUEST['search'];
 	if (strlen($search_player) < 3 && !Validator::number($search_player)) {
 		echo_error('Player name is too short.');
 	} else {
 		$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
 		if ($query->rowCount() == 1) {
 			$query = $query->fetch();
 			$id = (int)$query['id'];
 		} else {
 			$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
 			if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
 				$str_construct = 'Do you mean?<ul>';
 				foreach ($query as $row)
 					$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
 				$str_construct .= '</ul>';
 				echo_error($str_construct);
 			} else if ($query->rowCount() > 10)
 				echo_error('Specified name resulted with too many players.');
 			else
 				echo_error('No entries found.');
 		}
 	}
 }
 ?>
 <div class="row">
 	<?php
 	$groups = new OTS_Groups_List();
 	if ($id > 0) {
 		$player = new OTS_Player();
 		$player->load($id);
 		if (isset($player) && $player->isLoaded() && isset($_POST['save'])) {// we want to save
 			$error = false;
 			if ($player->isOnline())
 				echo_error('This player is actually online. You can\'t edit online players.');
 			$name = $_POST['name'];
 			$_error = '';
 			if (!Validator::characterName($name))
 				echo_error(Validator::getLastError());
 			//if(!Validator::newCharacterName($name)
 			//	echo_error(Validator::getLastError());
 			$player_db = new OTS_Player();
 			$player_db->find($name);
 			if ($player_db->isLoaded() && $player->getName() != $name)
 				echo_error('This name is already used. Please choose another name!');
 			$account_id = $_POST['account_id'];
 			verify_number($account_id, 'Account id', 11);
 			$account_db = new OTS_Account();
 			$account_db->load($account_id);
 			if (!$account_db->isLoaded())
 				echo_error('Account with this id doesn\'t exist.');
 			$group = $_POST['group'];
 			if ($groups->getGroup($group) == false)
 				echo_error('Group with this id doesn\'t exist');
 			$level = $_POST['level'];
 			verify_number($level, 'Level', 11);
 			$experience = $_POST['experience'];
 			verify_number($experience, 'Experience', 20);
 			$vocation = $_POST['vocation'];
 			verify_number($vocation, 'Vocation id', 11);
 			if (!isset($config['vocations'][$vocation])) {
 				echo_error("Vocation with this id doesn't exist.");
 			}
 			// health
 			$health = $_POST['health'];
 			verify_number($health, 'Health', 11);
 			$health_max = $_POST['health_max'];
 			verify_number($health_max, 'Health max', 11);
 			// mana
 			$magic_level = $_POST['magic_level'];
 			verify_number($magic_level, 'Magic_level', 11);
 			$mana = $_POST['mana'];
 			verify_number($mana, 'Mana', 11);
 			$mana_max = $_POST['mana_max'];
 			verify_number($mana_max, 'Mana max', 11);
 			$mana_spent = $_POST['mana_spent'];
 			verify_number($mana_spent, 'Mana spent', 11);
 			// look
 			$look_body = $_POST['look_body'];
 			verify_number($look_body, 'Look body', 11);
 			$look_feet = $_POST['look_feet'];
 			verify_number($look_feet, 'Look feet', 11);
 			$look_head = $_POST['look_head'];
 			verify_number($look_head, 'Look head', 11);
 			$look_legs = $_POST['look_legs'];
 			verify_number($look_legs, 'Look legs', 11);
 			$look_type = $_POST['look_type'];
 			verify_number($look_type, 'Look type', 11);
 			if ($hasLookAddons) {
 				$look_addons = $_POST['look_addons'];
 				verify_number($look_addons, 'Look addons', 11);
 			}
 			// pos
 			$pos_x = $_POST['pos_x'];
 			verify_number($pos_x, 'Position x', 11);
 			$pos_y = $_POST['pos_y'];
 			verify_number($pos_y, 'Position y', 11);
 			$pos_z = $_POST['pos_z'];
 			verify_number($pos_z, 'Position z', 11);
 			$soul = $_POST['soul'];
 			verify_number($soul, 'Soul', 10);
 			$town = $_POST['town'];
 			verify_number($town, 'Town', 11);
 			$capacity = $_POST['capacity'];
 			verify_number($capacity, 'Capacity', 11);
 			$sex = $_POST['sex'];
 			verify_number($sex, 'Sex', 1);
 			$lastlogin = strtotime($_POST['lastlogin']);
 			verify_number($lastlogin, 'Last login', 20);
 			$lastlogout = strtotime($_POST['lastlogout']);
 			verify_number($lastlogout, 'Last logout', 20);
 			$skull = $_POST['skull'];
 			verify_number($skull, 'Skull', 1);
 			$skull_time = $_POST['skull_time'];
 			verify_number($skull_time, 'Skull time', 11);
 			if ($db->hasColumn('players', 'loss_experience')) {
 				$loss_experience = $_POST['loss_experience'];
 				verify_number($loss_experience, 'Loss experience', 11);
 				$loss_mana = $_POST['loss_mana'];
 				verify_number($loss_mana, 'Loss mana', 11);
 				$loss_skills = $_POST['loss_skills'];
 				verify_number($loss_skills, 'Loss skills', 11);
 				$loss_containers = $_POST['loss_containers'];
 				verify_number($loss_containers, 'Loss loss_containers', 11);
 				$loss_items = $_POST['loss_items'];
 				verify_number($loss_items, 'Loss items', 11);
 			}
 			if ($db->hasColumn('players', 'offlinetraining_time')) {
 				$offlinetraining = $_POST['offlinetraining'];
 				verify_number($offlinetraining, 'Offline Training time', 11);
 			}
 			if ($hasBlessingsColumn) {
 				$blessings = $_POST['blessings'];
 				verify_number($blessings, 'Blessings', 2);
 			}
 			$balance = $_POST['balance'];
 			verify_number($balance, 'Balance', 20);
 			if ($db->hasColumn('players', 'stamina')) {
 				$stamina = $_POST['stamina'];
 				verify_number($stamina, 'Stamina', 20);
 			}
 			$deleted = (isset($_POST['deleted']) && $_POST['deleted'] == 'true');
 			$hidden = (isset($_POST['hidden']) && $_POST['hidden'] == 'true');
 			$created = strtotime($_POST['created']);
 			verify_number($created, 'Created', 11);
 			$comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'], 0, 2000))) : NULL;
 			foreach ($_POST['skills'] as $skill => $value)
 				verify_number($value, $skills[$skill][0], 10);
 			foreach ($_POST['skills_tries'] as $skill => $value)
 				verify_number($value, $skills[$skill][0] . ' tries', 10);
 			if ($hasBlessingColumn) {
 				$bless_count = $_POST['blesscount'];
 				for ($i = 1; $i <= $bless_count; $i++) {
 					$a = 'blessing' . $i;
 					${'blessing' . $i} = (isset($_POST[$a]) && $_POST[$a] == 'true');
 				}
 			}
 			if (!$error) {
 				$player->setName($name);
 				$player->setAccount($account_db);
 				$player->setGroup($groups->getGroup($group));
 				$player->setLevel($level);
 				$player->setExperience($experience);
 				$player->setVocation($vocation);
 				$player->setHealth($health);
 				$player->setHealthMax($health_max);
 				$player->setMagLevel($magic_level);
 				$player->setMana($mana);
 				$player->setManaMax($mana_max);
 				$player->setManaSpent($mana_spent);
 				$player->setLookBody($look_body);
 				$player->setLookFeet($look_feet);
 				$player->setLookHead($look_head);
 				$player->setLookLegs($look_legs);
 				$player->setLookType($look_type);
 				if ($hasLookAddons)
 					$player->setLookAddons($look_addons);
 				if ($db->hasColumn('players', 'offlinetraining_time'))
 					$player->setCustomField('offlinetraining_time', $offlinetraining);
 				$player->setPosX($pos_x);
 				$player->setPosY($pos_y);
 				$player->setPosZ($pos_z);
 				$player->setSoul($soul);
 				$player->setTownId($town);
 				$player->setCap($capacity);
 				$player->setSex($sex);
 				$player->setLastLogin($lastlogin);
 				$player->setLastLogout($lastlogout);
 				//$player->setLastIP(ip2long($lastip));
 				$player->setSkull($skull);
 				$player->setSkullTime($skull_time);
 				if ($db->hasColumn('players', 'loss_experience')) {
 					$player->setLossExperience($loss_experience);
 					$player->setLossMana($loss_mana);
 					$player->setLossSkills($loss_skills);
 					$player->setLossContainers($loss_containers);
 					$player->setLossItems($loss_items);
 				}
 				if ($db->hasColumn('players', 'blessings'))
 					$player->setBlessings($blessings);
 				if ($hasBlessingColumn) {
 					for ($i = 1; $i <= $bless_count; $i++) {
 						$a = 'blessing' . $i;
 						$player->setCustomField('blessings' . $i, ${'blessing' . $i} ? '1' : '0');
 					}
 				}
 				$player->setBalance($balance);
 				if ($db->hasColumn('players', 'stamina'))
 					$player->setStamina($stamina);
 				if ($db->hasColumn('players', 'deletion'))
 					$player->setCustomField('deletion', $deleted ? '1' : '0');
 				else
 					$player->setCustomField('deleted', $deleted ? '1' : '0');
 				$player->setCustomField('hidden', $hidden ? '1' : '0');
 				$player->setCustomField('created', $created);
 				if (isset($comment))
 					$player->setCustomField('comment', $comment);
 				foreach ($_POST['skills'] as $skill => $value) {
 					$player->setSkill($skill, $value);
 				}
 				foreach ($_POST['skills_tries'] as $skill => $value) {
 					$player->setSkillTries($skill, $value);
 				}
 				$player->save();
 				echo_success('Player saved at: ' . date('G:i'));
 				$player->load($id);
 			}
 		}
 	} else if ($id == 0) {
 		$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-info card-outline">
 				<div class="card-header">
 					<h5 class="m-0">Players</h5>
 				</div>
 				<div class="card-body">
 					<table class="player_datatable table table-striped table-bordered table-responsive d-md-table">
 						<thead>
 						<tr>
 							<th>ID</th>
 							<th>Name</th>
 							<th>Level</th>
 							<th style="width: 40px">Edit</th>
 						</tr>
 						</thead>
 						<tbody>
 						<?php foreach ($players_db as $player_db): ?>
 							<tr>
 								<th><?php echo $player_db['id']; ?></th>
 								<td><?php echo $player_db['name']; ?></a></td>
 								<td><?php echo $player_db['level']; ?></a></td>
 								<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
 										<i class="fas fa-pencil-alt"></i>
 									</a>
 								</td>
 							</tr>
 						<?php endforeach; ?>
 						</tbody>
 					</table>
 				</div>
 			</div>
 		</div>
 	<?php } ?>
 	<?php
 	if (isset($player) && $player->isLoaded()) {
 		$account = $player->getAccount();
 		?>
 		<div class="col-12 col-sm-12 col-lg-10">
 			<div class="card card-primary card-outline card-outline-tabs">
 				<div class="card-header p-0 border-bottom-0">
 					<ul class="nav nav-tabs" id="tabs-tab" role="tablist">
 						<li class="nav-item">
 							<a class="nav-link active" id="tabs-home-tab" data-toggle="pill" href="#tabs-home">Player</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-stats">Stats</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-skills">Skills</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-pos">Pos/Look</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-home-tab" data-toggle="pill" href="#tabs-misc">Misc</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-posts-tab" data-toggle="pill" href="#tabs-posts">Posts</a>
 						</li>
 						<li class="nav-item">
 							<a class="nav-link" id="tabs-chars-tab" data-toggle="pill" href="#tabs-chars">Characters</a>
 						</li>
 					</ul>
 				</div>
 				<form action="<?php echo $player_base . ((isset($id) && $id > 0) ? '&id=' . $id : ''); ?>" method="post">
 					<div class="card-body">
 						<div class="tab-content" id="tabs-tabContent">
 							<div class="tab-pane fade active show" id="tabs-home">
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="name" class="control-label">Name</label>
 										<input type="text" class="form-control" id="name" name="name" autocomplete="off" value="<?php echo $player->getName(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="account_id">Account id:</label>
 										<input type="text" class="form-control" id="account_id" name="account_id" autocomplete="off" size="8" maxlength="11" value="<?php echo $account->getId(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="group">Group:</label>
 										<select name="group" id="group" class="form-control custom-select">
 											<?php foreach ($groups->getGroups() as $id => $group): ?>
 												<option value="<?php echo $id; ?>" <?php echo($player->getGroup()->getId() == $id ? 'selected' : ''); ?>><?php echo $group->getName(); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="vocation">Vocation</label>
 										<select name="vocation" id="vocation" class="form-control custom-select">
 											<?php
 											foreach ($config['vocations'] as $id => $name) {
 												echo '<option value=' . $id . ($id == $player->getVocation() ? ' selected' : '') . '>' . $name . '</option>';
 											}
 											?>
 										</select>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="sex">Sex:</label>
 										<select name="sex" id="sex" class="form-control custom-select">>
 											<?php foreach ($config['genders'] as $id => $sex): ?>
 												<option value="<?php echo $id; ?>" <?php echo($player->getSex() == $id ? 'selected' : ''); ?>><?php echo strtolower($sex); ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="town">Town:</label>
 										<select name="town" id="town" class="form-control">
 											<?php
 											$configTowns = config('towns');
 											if (!isset($configTowns[$player->getTownId()])) {
 												$configTowns[$player->getTownId()] = 'Unknown Town';
 											}
 											foreach ($configTowns as $id => $town): ?>
 												<option value="<?php echo $id; ?>" <?php echo($player->getTownId() == $id ? 'selected' : ''); ?>><?php echo $town; ?></option>
 											<?php endforeach; ?>
 										</select>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="skull">Skull:</label>
 										<select name="skull" id="skull" class="form-control custom-select">
 											<?php
 											foreach ($skull_type as $id => $s_name) {
 												echo '<option value=' . $id . ($id == $player->getSkull() ? ' selected' : '') . '>' . $s_name . '</option>';
 											}
 											?>
 										</select>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="skull_time">Skull time:</label>
 										<input type="text" class="form-control" id="skull_time" name="skull_time"
 											   autocomplete="off" maxlength="11"
 											   value="<?php echo $player->getSkullTime(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<?php if ($hasBlessingColumn):
 										$bless_count = $player->countBlessings();
 										$bless = $player->checkBlessings($bless_count); ?>
 										<input type="hidden" name="blesscount" value="<?php echo $bless_count; ?>"/>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label>Blessings:</label><br/>
 											<?php for ($i = 1; $i <= $bless_count; $i++): ?>
 												<label><input class="" type="checkbox" name="blessing<?php echo $i; ?>" id="blessing<?php echo $i; ?>" value="true"<?php echo(($bless[$i - 1] == 1) ? ' checked' : '') ?>/><?php echo $i; ?></label>
 											<?php endfor ?>
 										</div>
 									<?php endif; ?>
 									<?php if ($hasBlessingsColumn): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="blessings">Blessings:</label>
 											<input type="text" class="form-control" id="blessings" name="blessings" autocomplete="off" maxlength="11" value="<?php echo $player->getBlessings(); ?>"/>
 										</div>
 									<?php endif; ?>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="balance" class="control-label">Bank Balance:</label>
 										<input type="text" class="form-control" id="balance" name="balance" autocomplete="off" maxlength="20" value="<?php echo $player->getBalance(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-danger">
 											<input type="checkbox" class="custom-control-input" name="deleted" id="deleted" value="true" <?php echo($player->getCustomField($db->hasColumn('players', 'deletion') ? 'deletion' : 'deleted') == '1' ? ' checked' : ''); ?>>
 											<label class="custom-control-label" for="deleted">Deleted</label>
 										</div>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<div class="custom-control custom-switch custom-switch-on-success">
 											<input type="checkbox" class="custom-control-input" name="hidden" id="hidden" value="true" <?php echo($player->isHidden() ? ' checked' : ''); ?>>
 											<label class="custom-control-label" for="hidden">Hidden</label>
 										</div>
 									</div>
 								</div>
 							</div>
 							<div class="tab-pane fade" id="tabs-stats">
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="level" class="control-label">Level:</label>
 										<input type="text" class="form-control" id="level" name="level" autocomplete="off" value="<?php echo $player->getLevel(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="experience" class="control-label">Experience:</label>
 										<input type="text" class="form-control" id="experience" name="experience" autocomplete="off" value="<?php echo $player->getExperience(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="magic_level" class="control-label">Magic level:</label>
 										<input type="text" class="form-control" id="magic_level" name="magic_level" autocomplete="off" size="8" maxlength="11" value="<?php echo $player->getMagLevel(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="mana_spent" class="control-label">Mana spent:</label>
 										<input type="text" class="form-control" id="mana_spent" name="mana_spent" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getManaSpent(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="health" class="control-label">Health:</label>
 										<input type="text" class="form-control" id="health" name="health" autocomplete="off" size="5" maxlength="11" value="<?php echo $player->getHealth(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="health_max" class="control-label">Health max:</label>
 										<input type="text" class="form-control" id="health_max" name="health_max" autocomplete="off" size="5" maxlength="11" value="<?php echo $player->getHealthMax(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="mana" class="control-label">Mana:</label>
 										<input type="text" class="form-control" id="mana" name="mana" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getMana(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="mana_max" class="control-label">Mana max:</label>
 										<input type="text" class="form-control" id="mana_max" name="mana_max" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getManaMax(); ?>"/>
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="capacity" class="control-label">Capacity:</label>
 										<input type="text" class="form-control" id="capacity" name="capacity" autocomplete="off" size="3" maxlength="11" value="<?php echo $player->getCap(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="soul" class="control-label">Soul:</label>
 										<input type="text" class="form-control" id="soul" name="soul" autocomplete="off" size="3" maxlength="10" value="<?php echo $player->getSoul(); ?>"/>
 									</div>
 									<?php if ($db->hasColumn('players', 'stamina')): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="stamina" class="control-label">Stamina:</label>
 											<input type="text" class="form-control" id="stamina" name="stamina" autocomplete="off" maxlength="20" value="<?php echo $player->getStamina(); ?>"/>
 										</div>
 									<?php endif; ?>
 									<?php if ($db->hasColumn('players', 'offlinetraining_time')): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="offlinetraining" class="control-label">Offline Training
 												Time:</label>
 											<input type="text" class="form-control" id="offlinetraining" name="offlinetraining" autocomplete="off" maxlength="11" value="<?php echo $player->getCustomField('offlinetraining_time'); ?>"/>
 										</div>
 									<?php endif; ?>
 								</div>
 							</div>
 							<div class="tab-pane fade" id="tabs-skills">
 								<?php
 								foreach ($skills as $id => $info) {
 									?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
 											<?php echo '<label for="skills[' . $id . ']" class="control-label">' . $info[0] . '</label>
 									<input type="text" class="form-control" id="skills[' . $id . ']" name="skills[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkill($id) . '"/>'; ?>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<?php echo '<label for="skills_tries[' . $id . ']" class="control-label">' . $info[0] . ' tries</label>
 									<input type="text" class="form-control" id="skills_tries[' . $id . ']" name="skills_tries[' . $id . ']" maxlength="10" autocomplete="off" value="' . $player->getSkillTries($id) . '"/>'; ?>
 										</div>
 									</div>
 								<?php } ?>
 							</div>
 							<div class="tab-pane fade" id="tabs-pos">
 								<?php $outfit = $config['outfit_images_url'] . '?id=' . $player->getLookType() . ($hasLookAddons ? '&addons=' . $player->getLookAddons() : '') . '&head=' . $player->getLookHead() . '&body=' . $player->getLookBody() . '&legs=' . $player->getLookLegs() . '&feet=' . $player->getLookFeet(); ?>
 								<div id="imgchar" style="width:64px;height:64px;position:absolute; top:30px; right:30px">
 									<img id="player_outfit" style="margin-left:0;margin-top:0;width:64px;height:64px;" src="<?php echo $outfit; ?>" alt="player outfit"/>
 								</div>
 								<td>Position:</td>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="pos_x" class="control-label">X:</label>
 										<input type="text" class="form-control" id="pos_x" name="pos_x" autocomplete="off" maxlength="11" value="<?php echo $player->getPosX(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="pos_y" class="control-label">Y:</label>
 										<input type="text" class="form-control" id="pos_y" name="pos_y" autocomplete="off" maxlength="11" value="<?php echo $player->getPosY(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-4">
 										<label for="pos_z" class="control-label">Z:</label>
 										<input type="text" class="form-control" id="pos_z" name="pos_z" autocomplete="off" maxlength="11" value="<?php echo $player->getPosZ(); ?>"/>
 									</div>
 								</div>
 								<td>Look:</td>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-3">
 										<label for="look_head" class="control-label">Head: <span id="look_head_val" class="font-weight-bold text-primary"></span></label>
 										<input class="custom-range" type="range" min="0" max="132" id="look_head" name="look_head" value="<?php echo $player->getLookHead(); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-3">
 										<label for="look_body" class="control-label">Body: <span id="look_body_val" class="font-weight-bold text-primary"></span></label>
 										<input type="range" min="0" max="132"
 											   value="<?php echo $player->getLookBody(); ?>"
 											   class="custom-range" id="look_body" name="look_body">
 									</div>
 									<div class="col-12 col-sm-12 col-lg-3">
 										<label for="look_legs" class="control-label">Legs: <span id="look_legs_val" class="font-weight-bold text-primary"></span></label>
 										<input type="range" min="0" max="132"
 											   value="<?php echo $player->getLookLegs(); ?>"
 											   class="custom-range" id="look_legs" name="look_legs">
 									</div>
 									<div class="col-12 col-sm-12 col-lg-3">
 										<label for="look_feet" class="control-label">Feet: <span id="look_feet_val" class="font-weight-bold text-primary"></span></label>
 										<input type="range" min="0" max="132"
 											   value="<?php echo $player->getLookBody(); ?>"
 											   class="custom-range" id="look_feet" name="look_feet">
 									</div>
 								</div>
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="look_type" class="control-label">Type:</label>
 										<?php
 										$outfitlist = null;
 										$outfitlist = Outfits_loadfromXML();
 										if ($outfitlist) { ?>
 											<select name="look_type" id="look_type" class="form-control custom-select">
 												<?php
 												foreach ($outfitlist as $id => $outfit) {
 													if ($outfit['enabled'] == 'yes') ;
 													echo '<option value=' . $outfit['id'] . ($outfit['id'] == $player->getLookType() ? ' selected' : '') . '>' . $outfit['name'] . ' - ' . ($outfit['type'] == 1 ? 'Male' : 'Female') . '</option>';
 												}
 												?>
 											</select>
 										<?php } else { ?>
 											<input type="text" class="form-control" id="look_type" name="look_type" autocomplete="off" maxlength="11" value="<?php echo $player->getLookType(); ?>"/>
 										<?php } ?>
 									</div>
 									<?php if ($hasLookAddons): ?>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="look_addons" class="control-label">Addons:</label>
 											<select name="look_addons" id="look_addons" class="form-control custom-select">
 												<?php
 												$addon_type = array("None", "First", "Second", "Both");
 												foreach ($addon_type as $id => $s_name) {
 													echo '<option value=' . $id . ($id == $player->getLookAddons() ? ' selected' : '') . '>' . $s_name . '</option>';
 												}
 												?>
 											</select>
 										</div>
 									<?php endif; ?>
 								</div>
 							</div>
 							<div class="tab-pane fade" id="tabs-misc">
 								<div class="form-group row">
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="created" class="control-label">Created:</label>
 										<input type="text" class="form-control" id="created" name="created"
 											   autocomplete="off"
 											   maxlength="10"
 											   value="<?php echo date("M d Y, H:i:s", $player->getCustomField('created')); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastlogin" class="control-label">Last login:</label>
 										<input type="text" class="form-control" id="lastlogin" name="lastlogin" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $player->getLastLogin()); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastlogout" class="control-label">Last logout:</label>
 										<input type="text" class="form-control" id="lastlogout" name="lastlogout" autocomplete="off" maxlength="20" value="<?php echo date("M d Y, H:i:s", $player->getLastLogout()); ?>"/>
 									</div>
 									<div class="col-12 col-sm-12 col-lg-6">
 										<label for="lastip" class="control-label">Last IP:</label>
 										<input type="text" class="form-control" id="lastip" name="lastip" autocomplete="off" maxlength="10" value="<?php
 										if (strlen($player->getLastIP()) > 11) {
 											echo inet_ntop($player->getLastIP());
 										}
 										else {
 											echo longToIp($player->getLastIP());
 										}
 										?>" readonly/>
 									</div>
 								</div>
 								<?php if ($db->hasColumn('players', 'loss_experience')): ?>
 									<div class="form-group row">
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="loss_experience" class="control-label">Experience
 												Loss:</label>
 											<input type="text" class="form-control" id="loss_experience" name="loss_experience" autocomplete="off" maxlength="11" value="<?php echo $player->getLossExperience(); ?>"/>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="loss_mana" class="control-label">Mana Loss:</label>
 											<input type="text" class="form-control" id="loss_mana" name="loss_mana" autocomplete="off" maxlength="11" value="<?php echo $player->getLossMana(); ?>"/>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="loss_skills" class="control-label">Skills Loss:</label>
 											<input type="text" class="form-control" id="loss_skills" name="loss_skills" autocomplete="off" maxlength="11" value="<?php echo $player->getLossSkills(); ?>"/>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="loss_containers" class="control-label">Containers Loss:</label>
 											<input type="text" class="form-control" id="loss_containers" name="loss_containers" autocomplete="off" maxlength="11" value="<?php echo $player->getLossContainers(); ?>"/>
 										</div>
 										<div class="col-12 col-sm-12 col-lg-6">
 											<label for="loss_items" class="control-label">Items Loss:</label>
 											<input type="text" class="form-control" id="loss_items" name="loss_items" autocomplete="off" maxlength="11" value="<?php echo $player->getLossItems(); ?>"/>
 										</div>
 									</div>
 								<?php endif; ?>
 								<div class="form-group row">
 									<div class="col-12">
 										<label for="comment" class="control-label">Comment:</label>
 										<textarea class="form-control" name="comment" rows="10" cols="50" wrap="virtual"><?php echo $player->getCustomField("comment"); ?></textarea>
 										<small>[max. length: 2000 chars, 50 lines (ENTERs)]</small>
 									</div>
 								</div>
 							</div>
 							<div class="tab-pane fade" id="tabs-posts">
 								<table class="table table-striped table-condensed table-responsive d-md-table">
 									<thead>
 									<tr>
 										<th class="w-25">Topic</th>
 										<th>Content</th>
 									</tr>
 									</thead>
 									<tbody>
 									<?php
 									$posts = $db->query('SELECT `author_guid`,`section`,`first_post`,`post_text`,`post_date`, `post_topic`,`post_html`,`post_smile`,`' . TABLE_PREFIX . 'forum_boards`.`name` AS `forum_Name` FROM `' .
 										TABLE_PREFIX . 'forum` LEFT JOIN `' . TABLE_PREFIX . 'forum_boards` ON `' .
 										TABLE_PREFIX . 'forum`.section = `' . TABLE_PREFIX . 'forum_boards`.id WHERE `author_guid` = "' . $player->getId() . '" ORDER BY `post_date` DESC LIMIT 10');
 									if ($posts->rowCount() > 0) {
 										$posts = $posts->fetchAll();
 										foreach ($posts as $post) {
 											$text = ($post['post_html'] > 0 ? $post['post_text'] : htmlspecialchars($post['post_text']));
 											$post['content'] = ($post['post_html'] > 0 ? $text : Forum::parseBBCode(nl2br($text), $post['post_smile'] == 0));
 											?>
 											<tr>
 												<th><?php echo htmlspecialchars($post['post_topic']); ?><br/><small><?php echo date('d M y H:i:s', $post['post_date']); ?></small><br/>
 													Topic: <a href="<?php echo getForumThreadLink($post['first_post']); ?>" class="link-black text-sm"><i class="fa fa-share margin-r-5"></i> Link</a><br/>
 													Forum: <a href="<?php echo getForumBoardLink($post['section']); ?>" class="link-black text-sm"><i class="fa fa-share margin-r-5"></i> <?php echo $post['forum_Name']; ?></a></th>
 												<th><?php echo $post['content']; ?></th>
 											</tr>
 											<?php
 										}
 										unset($post);
 									} else {
 										echo '<tr><td colspan="2">This user has no posts</td></tr>';
 									}; ?>
 									</tbody>
 								</table>
 							</div>
 							<div class="tab-pane fade" id="tabs-chars">
 								<div class="row">
 									<?php
 									if (isset($account) && $account->isLoaded()) {
 										$account_players = $account->getPlayersList();
 										$account_players->orderBy('id');
 										if (isset($account_players)) { ?>
 											<table class="table table-striped table-condensed table-responsive d-md-table">
 												<thead>
 												<tr>
 													<th>#</th>
 													<th>Name</th>
 													<th>Level</th>
 													<th>Vocation</th>
 													<th style="width: 40px">Edit</th>
 												</tr>
 												</thead>
 												<tbody>
 												<?php foreach ($account_players as $i => $player):
 													$player_vocation = $player->getVocation();
 													$player_promotion = $player->getPromotion();
 													if (isset($player_promotion)) {
 														if ((int)$player_promotion > 0)
 															$player_vocation += ($player_promotion * $config['vocations_amount']);
 													}
 													if (isset($config['vocations'][$player_vocation])) {
 														$vocation_name = $config['vocations'][$player_vocation];
 													} ?>
 													<tr>
 														<th><?php echo $i; ?></th>
 														<td><?php echo $player->getName(); ?></td>
 														<td><?php echo $player->getLevel(); ?></td>
 														<td><?php echo $vocation_name; ?></td>
 														<td><a href="?p=players&id=<?php echo $player->getId() ?>" class=" btn btn-success btn-sm" title="Edit"><i class="fas fa-pencil-alt"></i></a></td>
 													</tr>
 												<?php endforeach ?>
 												</tbody>
 											</table>
 											<?php
 										}
 									} ?>
 								</div>
 							</div>
 						</div>
 					</div>
 					<div class="card-footer text-center">
 						<input type="hidden" name="save" value="yes"/>
 						<button type="submit" class="btn btn-info float-left"><i class="fas fa-update"></i> Update</button>
 						<a href="<?php echo ADMIN_URL; ?>?p=accounts&id=<?php echo $account->getId(); ?>" class="btn btn-secondary">Edit Account</a>
 						<a href="<?php echo ADMIN_URL; ?>?p=players" class="btn btn-danger float-right"><i class="fas fa-cancel"></i> Cancel</a>
 					</div>
 				</form>
 			</div>
 		</div>
 		<script type="text/javascript">
 			$('#lastlogin').datetimepicker({format: "M d Y, H:i:s",});
 			$('#lastlogout').datetimepicker({format: "M d Y, H:i:s",});
 			$('#created').datetimepicker({format: "M d Y, H:i:s",});
 			$(document).ready(function () {
 				const $headSpan = $('#look_head_val');
 				const $headvalue = $('#look_head');
 				$headSpan.html($headvalue.val());
 				$headvalue.on('input', () => {
 					$headSpan.html($headvalue.val());
 				});
 				$headvalue.on('change', () => {
 					updateOutfit();
 				});
 				const $bodySpan = $('#look_body_val');
 				const $bodyvalue = $('#look_body');
 				$bodySpan.html($bodyvalue.val());
 				$bodyvalue.on('input', () => {
 					$bodySpan.html($bodyvalue.val());
 				});
 				$bodyvalue.on('change', () => {
 					updateOutfit();
 				});
 				const $legsSpan = $('#look_legs_val');
 				const $legsvalue = $('#look_legs');
 				$legsSpan.html($legsvalue.val());
 				$legsvalue.on('input', () => {
 					$legsSpan.html($legsvalue.val());
 				});
 				$legsvalue.on('change', () => {
 					updateOutfit();
 				});
 				const $feetSpan = $('#look_feet_val');
 				const $feetvalue = $('#look_feet');
 				$feetSpan.html($feetvalue.val());
 				$feetvalue.on('input', () => {
 					$feetSpan.html($feetvalue.val());
 				});
 				$feetvalue.on('change', () => {
 					updateOutfit();
 				});
 				const $lookvalue = $('#look_type');
 				$lookvalue.on('change', () => {
 					updateOutfit();
 				});
 				<?php if($hasLookAddons): ?>
 				const $addonvalue = $('#look_addons');
 				$('#look_addons').on('change', () => {
 					updateOutfit();
 				});
 				<?php endif; ?>
 			});
 			function updateOutfit() {
 				const look_head = $('#look_head').val();
 				const look_body = $('#look_body').val();
 				const look_legs = $('#look_legs').val();
 				const look_feet = $('#look_feet').val();
 				const look_type = $('#look_type').val();
 				let look_addons = '';
 				<?php if($hasLookAddons): ?>
 				look_addons = '&addons=' + $('#look_addons').val();
 				<?php endif; ?>
 				$("#player_outfit").attr("src", '<?= $config['outfit_images_url']; ?>?id=' + look_type + look_addons + '&head=' + look_head + '&body=' + look_body + '&legs=' + look_legs + '&feet=' + look_feet);
 			}
 		</script>
 	<?php } ?>
 	<div class="col-12 col-sm-12 col-lg-2">
 		<div class="card card-info card-outline">
 			<div class="card-header">
 				<h5 class="m-0">Search Player</h5>
 			</div>
 			<div class="card-body row">
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
 						<label for="name">Player Name:</label>
 						<div class="input-group input-group-sm">
 							<input type="text" class="form-control" name="search" value="<?php echo $search_player; ?>" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 				<div class="col-6 col-lg-12">
 					<form action="<?php echo $player_base; ?>" method="post">
 						<label for="name">Player ID:</label>
 						<div class="input-group input-group-sm">
 							<input type="text" class="form-control" name="id" value="" maxlength="32" size="32">
 							<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
 						</div>
 					</form>
 				</div>
 			</div>
 		</div>
 	</div>
 </div>
 <script>
 	$(document).ready(function () {
 		$('.player_datatable').DataTable({
 			"order": [[0, "asc"]]
 		});
 	});
 </script>
--- a/admin/pages/plugins.php
+++ b/admin/pages/plugins.php
@@ -0,0 +1,136 @@
 <?php
 /**
 * Plugins
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Plugin manager';
 $use_datatable = true;
 require_once LIBS . 'plugins.php';
 if (!getBoolean(config('admin_plugins_manage_enable'))) {
 	warning('Plugin installation and management is disabled in config.<br/>If you wish to enable, go to config.php and change <b>admin_plugins_manage_enable</b> to "yes".');
 }
 else {
 	$twig->display('admin.plugins.form.html.twig');
 	if (isset($_REQUEST['uninstall'])) {
 		$uninstall = $_REQUEST['uninstall'];
 		if (Plugins::uninstall($uninstall)) {
 			success('Successfully uninstalled plugin ' . $uninstall);
 		} else {
 			error('Error while uninstalling plugin ' . $uninstall . ': ' . Plugins::getError());
 		}
 	} else if (isset($_REQUEST['enable'])) {
 		$enable = $_REQUEST['enable'];
 		if (Plugins::enable($enable)) {
 			success('Successfully enabled plugin ' . $enable);
 		} else {
 			error('Error while enabling plugin ' . $enable . ': ' . Plugins::getError());
 		}
 	} else if (isset($_REQUEST['disable'])) {
 		$disable = $_REQUEST['disable'];
 		if (Plugins::disable($disable)) {
 			success('Successfully disabled plugin ' . $disable);
 		} else {
 			error('Error while disabling plugin ' . $disable . ': ' . Plugins::getError());
 		}
 	} else if (isset($_FILES['plugin']['name'])) {
 		$file = $_FILES['plugin'];
 		$filename = $file['name'];
 		$tmp_name = $file['tmp_name'];
 		$type = $file['type'];
 		$name = explode('.', $filename);
 		$accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed', 'application/octet-stream', 'application/zip-compressed');
 		if (isset($file['error'])) {
 			$error = 'Error uploading file';
 			switch ($file['error']) {
 				case UPLOAD_ERR_OK:
 					$error = false;
 					break;
 				case UPLOAD_ERR_INI_SIZE:
 				case UPLOAD_ERR_FORM_SIZE:
 					$error .= ' - file too large (limit of ' . ini_get('upload_max_filesize') . ' bytes). You can enlarge the limits by changing "upload_max_filesize" in php.ini';
 					break;
 				case UPLOAD_ERR_PARTIAL:
 					$error .= ' - file upload was not completed.';
 					break;
 				case UPLOAD_ERR_NO_FILE:
 					$error .= ' - zero-length file uploaded.';
 					break;
 				default:
 					$error .= ' - internal error #' . $file['error'];
 					break;
 			}
 		}
 		if (isset($error) && $error != false) {
 			error($error);
 		} else {
 			if (is_uploaded_file($file['tmp_name'])) {
 				$filetype = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
 				if ($filetype == 'zip') // check if it is zipped/compressed file
 				{
 					$tmp_filename = pathinfo($filename, PATHINFO_FILENAME);
 					$targetzip = BASE . 'plugins/' . $tmp_filename . '.zip';
 					if (move_uploaded_file($tmp_name, $targetzip)) { // move uploaded file
 						if (Plugins::install($targetzip)) {
 							foreach (Plugins::getWarnings() as $warning) {
 								warning($warning);
 							}
 							$info = Plugins::getPluginJson();
 							success((isset($info['name']) ? '<strong>' . $info['name'] . '</strong> p' : 'P') . 'lugin has been successfully installed.');
 						} else {
 							$error = Plugins::getError();
 							error(!empty($error) ? $error : 'Unexpected error happened while installing plugin. Please try again later.');
 						}
 						unlink($targetzip); // delete the Zipped file
 					} else
 						error('There was a problem with the upload. Please try again.');
 				} else {
 					error('The file you are trying to upload is not a .zip file. Please try again.');
 				}
 			} else {
 				error('Error uploading file - unknown error.');
 			}
 		}
 	}
 }
 $plugins = array();
 foreach (get_plugins(true) as $plugin) {
 	$string = file_get_contents(BASE . 'plugins/' . $plugin . '.json');
 	$plugin_info = json_decode($string, true);
 	if (!$plugin_info) {
 		warning('Cannot load plugin info ' . $plugin . '.json');
 	} else {
 		$disabled = (strpos($plugin, 'disabled.') !== false);
 		$pluginOriginal = ($disabled ? str_replace('disabled.', '', $plugin) : $plugin);
 		$plugins[] = array(
 			'name' => $plugin_info['name'] ?? '',
 			'description' => $plugin_info['description'] ?? '',
 			'version' => $plugin_info['version'] ?? '',
 			'author' => $plugin_info['author'] ?? '',
 			'contact' => $plugin_info['contact'] ?? '',
 			'file' => $pluginOriginal,
 			'enabled' => !$disabled,
 			'uninstall' => isset($plugin_info['uninstall'])
 		);
 	}
 }
 $twig->display('admin.plugins.html.twig', array(
 	'plugins' => $plugins
 ));
--- a/system/pages/admin/reports.php
+++ b/system/pages/admin/reports.php
@@ -4,35 +4,36 @@
 *
 * @package   MyAAC
 * @author    Lee
- * @copyright 2019 MyAAC
+ * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Report Viewer';
 $use_datatable = true;
 $files = array();
 $server_path_reports = $config['data_path'] . 'reports/';
 if (file_exists($server_path_reports)) {
-    foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
+	foreach (scandir($server_path_reports, SCANDIR_SORT_ASCENDING) as $f) {
-        if ($f[0] === '.') {
+		if ($f[0] === '.') {
-	        continue;
+			continue;
-        }
+		}
-        if (is_dir($server_path_reports . $f)) {
+		if (is_dir($server_path_reports . $f)) {
-            foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
+			foreach (scandir($server_path_reports . $f, SCANDIR_SORT_ASCENDING) as $f2) {
-                if ($f2[0] === '.') {
+				if ($f2[0] === '.') {
-	                continue;
+					continue;
-                }
+				}
-                $files[] = array($f . '/' . $f2, $server_path_reports);
+				$files[] = array($f . '/' . $f2, $server_path_reports);
-            }
+			}
-            continue;
+			continue;
-        }
+		}
-        $files[] = array($f, $server_path_reports);
+		$files[] = array($f, $server_path_reports);
-    }
+	}
 }
 foreach ($files as &$f) {
@@ -42,20 +43,19 @@ foreach ($files as &$f) {
 unset($f);
 $twig->display('admin.reports.html.twig', array('files' => $files));
 $file = isset($_GET['file']) ? $_GET['file'] : NULL;
 if (!empty($file)) {
 	if (!preg_match('/[^A-z0-9\' _\/\-\.]/', $file)) {
 		if (file_exists($server_path_reports . $file)) {
-			$content = nl2br(file_get_contents($server_path_reports . $file));
+			$file_content = nl2br(file_get_contents($server_path_reports . $file));
-			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $content));
+			$twig->display('admin.logs.view.html.twig', array('file' => $file, 'content' => $file_content));
 		} else {
 			echo 'Specified file does not exist.';
 		}
 	} else {
 		echo 'Invalid file name specified.';
 	}
-}
+}
 $twig->display('admin.reports.html.twig', array('files' => $files));
--- a/system/pages/admin/statistics.php
+++ b/system/pages/admin/statistics.php
--- a/system/pages/admin/tools.php
+++ b/system/pages/admin/tools.php
@@ -10,18 +10,24 @@
 defined('MYAAC') or die('Direct access not allowed!');
 $title = 'Tools';
-$tool = $_GET['tool'];
+if (!isset($_GET['tool'])) {
 if (!isset($tool)) {
 	echo 'Tool not set.';
 	return;
 }
 $tool = $_GET['tool'];
 if (preg_match("/[^A-z0-9_\-]/", $tool)) {
 	echo 'Invalid tool.';
 	return;
 }
-$file = BASE . 'admin/pages/tools/' . $tool . '.php';
+$file = ADMIN . 'tools/' . $tool . '.php';
-if (!@file_exists($file))
+
 if (@file_exists($file)) {
 	require $file;
 	return;
 }
 echo 'Tool <strong>' . $tool . '</strong> not found.';
 ?>
--- a/system/pages/admin/version.php
+++ b/system/pages/admin/version.php
@@ -24,10 +24,10 @@ if (!$myaac_version) {
 $version_compare = version_compare($myaac_version, MYAAC_VERSION);
 if ($version_compare == 0) {
 	success('MyAAC latest version is ' . $myaac_version . '. You\'re using the latest version.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
 } else if ($version_compare < 0) {
-	echo success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
+	success('Woah, seems you\'re using newer version as latest released one! MyAAC latest released version is ' . $myaac_version . ', and you\'re using version ' . MYAAC_VERSION . '.
-	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=changelog', 'here'));
+	<br/>View CHANGELOG ' . generateLink(ADMIN_URL . '?p=clmd', 'here'));
 } else {
 	warning('You\'re using outdated version.<br/>
 		Your version: <b>' . MYAAC_VERSION . '</b><br/>
--- a/system/pages/admin/visitors.php
+++ b/system/pages/admin/visitors.php
@@ -8,7 +8,13 @@
 * @link      https://my-aac.org
 */
 defined('MYAAC') or die('Direct access not allowed!');
 use DeviceDetector\DeviceDetector;
 use DeviceDetector\Parser\Client\Browser;
 use DeviceDetector\Parser\OperatingSystem;
 $title = 'Visitors';
 $use_datatable = true;
 if (!$config['visitors_counter']): ?>
 	Visitors counter is disabled.<br/>
@@ -29,6 +35,31 @@ function compare($a, $b)
 $tmp = $visitors->getVisitors();
 usort($tmp, 'compare');
 foreach ($tmp as &$visitor) {
 	$userAgent = $visitor['user_agent'] ?? '';
 	if (!strlen($userAgent) || $userAgent == 'unknown') {
 		$browser = 'Unknown';
 	}
 	else {
 		$dd = new DeviceDetector($userAgent);
 		$dd->parse();
 		if ($dd->isBot()) {
 			$bot = $dd->getBot();
 			$message = '(Bot) %s, <a href="%s" target="_blank">%s</a>';
 			$browser = sprintf($message, $bot['category'], $bot['url'], $bot['name']);
 		}
 		else {
 			$osFamily = OperatingSystem::getOsFamily($dd->getOs('name'));
 			$browserFamily = Browser::getBrowserFamily($dd->getClient('name'));
 			$browser = $osFamily . ', ' . $browserFamily;
 		}
 	}
 	$visitor['browser'] = $browser;
 }
 $twig->display('admin.visitors.html.twig', array(
 	'config_visitors_counter_ttl' => $config['visitors_counter_ttl'],
 	'visitors' => $tmp
--- a/admin/template/menus.php
+++ b/admin/template/menus.php
@@ -0,0 +1,66 @@
 <?php
 $menus = [
 	['name' => 'Dashboard', 'icon' => 'tachometer-alt', 'order' => 10, 'link' => 'dashboard'],
 	['name' => 'News', 'icon' => 'newspaper', 'order' => 20, 'link' =>
 		[
 			['name' => 'View', 'link' => 'news', 'icon' => 'list', 'order' => 10],
 			['name' => 'Add news', 'link' => 'news&action=new&type=1', 'icon' => 'plus', 'order' => 20],
 			['name' => 'Add ticker', 'link' => 'news&action=new&type=2', 'icon' => 'plus', 'order' => 30],
 			['name' => 'Add article', 'link' => 'news&action=new&type=3', 'icon' => 'plus', 'order' => 40],
 		],
 	],
 	['name' => 'Changelogs', 'icon' => 'newspaper', 'order' => 30, 'link' =>
 		[
 			['name' => 'View', 'link' => 'changelog', 'icon' => 'list', 'order' => 10],
 			['name' => 'Add', 'link' => 'changelog&action=new', 'icon' => 'plus', 'order' => 20],
 		],
 	],
 	['name' => 'Mailer', 'icon' => 'envelope', 'order' => 40, 'link' => 'mailer', 'disabled' => !config('mail_enabled')],
 	['name' => 'Pages', 'icon' => 'book', 'order' => 50, 'link' =>
 		[
 			['name' => 'View', 'link' => 'pages', 'icon' => 'list', 'order' => 10],
 			['name' => 'Add', 'link' => 'pages&action=new', 'icon' => 'plus', 'order' => 20],
 		],
 	],
 	['name' => 'Menus', 'icon' => 'list', 'order' => 60, 'link' => 'menus'],
 	['name' => 'Plugins', 'icon' => 'plug', 'order' => 70, 'link' => 'plugins'],
 	['name' => 'Server Data', 'icon' => 'gavel', 'order' => 80, 'link' => 'data'],
 	['name' => 'Editor', 'icon' => 'edit', 'order' => 90, 'link' =>
 		[
 			['name' => 'Accounts', 'link' => 'accounts', 'icon' => 'users', 'order' => 10],
 			['name' => 'Players', 'link' => 'players', 'icon' => 'user-astronaut', 'order' => 20],
 		],
 	],
 	['name' => 'Tools', 'icon' => 'tools', 'order' => 100, 'link' =>
 		[
 			['name' => 'Mass Account Actions', 'link' => 'mass_account', 'icon' => 'globe', 'order' => 10],
 			['name' => 'Mass Teleport Actions', 'link' => 'mass_teleport', 'icon' => 'globe', 'order' => 20],
 			['name' => 'Notepad', 'link' => 'notepad', 'icon' => 'marker', 'order' => 30],
 			['name' => 'phpinfo', 'link' => 'phpinfo', 'icon' => 'server', 'order' => 40],
 		],
 	],
 	['name' => 'Logs', 'icon' => 'bug', 'order' => 110, 'link' =>
 		[
 			['name' => 'Logs', 'link' => 'logs', 'icon' => 'book', 'order' => 10],
 			['name' => 'Reports', 'link' => 'reports', 'icon' => 'book', 'order' => 20],
 			['name' => 'Visitors', 'link' => 'visitors', 'icon' => 'user', 'order' => 30],
 		],
 	],
 ];
 $hooks->trigger(HOOK_ADMIN_MENU);
 usort($menus, function ($a, $b) {
 	return $a['order'] - $b['order'];
 });
 foreach ($menus as $i => $menu) {
 	if (isset($menu['link']) && is_array($menu['link'])) {
 		usort($menus[$i]['link'], function ($a, $b) {
 			return $a['order'] - $b['order'];
 		});
 	}
 }
 return $menus;
--- a/admin/template/style.css
+++ b/admin/template/style.css
@@ -1,44 +1,10 @@
-.slidecontainer {
+.menu-text-li {color: #4b646f; background: #1a2226;}
-	width: 100%;
+.menu-text {
 	display: block;
 	padding: .5rem 1rem;
 	white-space: nowrap;
 }
-.slider {
+.sidebar-mini.sidebar-collapse .menu-text {
-	-webkit-appearance: none;
+	display: none;
 	width: 100%;
 	outline: none;
 	opacity: 0.7;
 	-webkit-transition: .2s;
 	transition: opacity .2s;
 }
 .slider:hover {
 	opacity: 1;
 }
 .slider::-webkit-slider-thumb {
 	-webkit-appearance: none;
 	appearance: none;
 	width: 15px;
 	height: 25px;
 	background: #3c8dbc;
 	cursor: pointer;
 }
 .slider::-moz-range-thumb {
 	width: 25px;
 	height: 25px;
 	background: #3c8dbc;
 	cursor: pointer;
 }
 td.details-control {
 	text-align: center;
 	color: forestgreen;
 	cursor: pointer;
 }
 tr.shown td.details-control {
 	text-align: center;
 	color: red;
 }
--- a/admin/template/template.php
+++ b/admin/template/template.php
@@ -1,229 +1,203 @@
 <?php defined('MYAAC') or die('Direct access not allowed!'); ?>
-<!DOCTYPE html>
+<!doctype html>
-<html>
+<html lang="en">
 <head>
-	<?php echo template_header(true);
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_START); ?>
-	$title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
+	<?php echo template_header(true); ?>
-	?>
+	<title><?php echo (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];?></title>
-
+	<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-	<title><?php echo $title_full ?></title>
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/adminlte.min.css">
 	<link rel="shortcut icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
 	<link rel="icon" href="<?php echo BASE_URL; ?>images/favicon.ico" type="image/x-icon" />
 	<meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/bootstrap.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/AdminLTE.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/skins/skin-blue.min.css">
 	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/font-awesome.min.css">
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/ionicons.min.css">
+	<?php if (isset($use_datatable)) { ?>
-	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/jquery.dataTables.min.css">
+	<link rel="stylesheet" href="<?php echo BASE_URL; ?>tools/css/datatables.bs.min.css">
 	<?php } ?>
 	<link rel="stylesheet" type="text/css" href="<?php echo $template_path; ?>style.css"/>
 	<!--[if lt IE 9]>
-	<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+	<script src="<?php echo BASE_URL; ?>tools/js/html5shiv.min.js"></script>
-	<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+	<script src="<?php echo BASE_URL; ?>tools/js/respond.min.js"></script>
 	<![endif]-->
-	<link rel="stylesheet"
+	<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
-		  href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic">
+	<?php $hooks->trigger(HOOK_ADMIN_HEAD_END); ?>
 </head>
-<body class="hold-transition skin-blue sidebar-mini">
+<body class="sidebar-mini ">
-<div class="wrapper">
+<?php $hooks->trigger(HOOK_ADMIN_BODY_START); ?>
-	<?php
+<?php if ($logged && admin()) { ?>
-	if ($logged && admin()) {
+	<div class="wrapper">
-	?>
+		<nav class="main-header navbar navbar-expand navbar-white navbar-light">
-	<header class="main-header">
+			<ul class="navbar-nav">
-		<a href="." class="logo">
+				<li class="nav-item">
-			<span class="logo-mini"><b>M</b>A</span>
+					<a class="nav-link" data-widget="pushmenu" href="#"><i class="fas fa-bars"></i></a>
-			<span class="logo-lg"><b>My</b>AAC</span>
+				</li>
-		</a>
+				<li class="nav-item d-none d-sm-inline-block">
-
+					<a href="<?php echo ADMIN_URL; ?>" class="nav-link">Home</a>
-		<nav class="navbar navbar-static-top" role="navigation">
+				</li>
-			<a href="#" class="sidebar-toggle" data-toggle="push-menu" role="button">
+			</ul>
-				<span class="sr-only">Toggle navigation</span>
+			<ul class="navbar-nav ml-auto">
-			</a>
+				<li class="nav-item">
-			<div class="navbar-custom-menu">
+					<a class="nav-link" data-widget="control-sidebar" data-slide="true" href="#"><i class="fas fa-th-large"></i></a>
-				<ul class="nav navbar-nav">
+				</li>
-					<li>
+			</ul>
 						<a href="#" data-toggle="control-sidebar"><i class="fa fa-gears"></i></a>
 					</li>
 				</ul>
 			</div>
 		</nav>
-	</header>
+		<aside class="main-sidebar sidebar-dark-info elevation-4">
-	<aside class="main-sidebar">
+			<a href="<?php echo ADMIN_URL; ?>" class="brand-link navbar-info">
-		<section class="sidebar">
+				<img src="<?php echo ADMIN_URL; ?>images/logo.png" class="brand-image img-circle elevation-3" style="opacity: .8">
-			<ul class="sidebar-menu" data-widget="tree">
+				<span class="brand-text"><b>My</b>AAC</span>
-				<li class="header">MyAAC</li>
+			</a>
 			<div class="sidebar">
 				<nav class="mt-1">
 					<ul class="nav nav-pills nav-sidebar flex-column nav-legacy nav-child-indent" data-widget="treeview" data-accordion="false">
 						<li class="menu-text-li">
 							<span class="menu-text">
 								<a class="text-info" href="<?php echo BASE_URL; ?>" target="_blank">
 									<?php echo $config['lua']['serverName'] ?>
 								</a>
 							</span>
 						</li>
 						<?php
 						// name = Display name of link
 						// icon = fontawesome icon name without "fas fa-"
 						// link = Page link or use as array for sub items
 						$menus = require __DIR__ . '/menus.php';
-				<?php
+						foreach ($menus as $category => $menu) {
-				$icons_a = array(
+							if (isset($menu['disabled']) && $menu['disabled']) {
-                    'dashboard','newspaper-o', 'envelope',
+								continue;
-                    'book', 'list',
+							}
-                    'plug', 'user',
+
-                    'edit', 'gavel',
+							$has_child = is_array($menu['link']);
-                    'wrench', 'edit', 'book', 'book',
+							if (!$has_child) { ?>
-                );
+								<li class="nav-item">
-
+									<a class="nav-link<?php echo(strpos($menu['link'], $page) !== false ? ' active' : '') ?>" href="?p=<?php echo $menu['link'] ?>">
-				$menus = array(
+										<i class="nav-icon fas fa-<?php echo(isset($menu['icon']) ? $menu['icon'] : 'link') ?>"></i>
-					'Dashboard' => 'dashboard',
+										<p><?php echo $menu['name'] ?></p>
-					'News' => 'news',
+									</a>
-					'Mailer' => 'mailer',
+								</li>
-					'Pages' => 'pages',
+								<?php
-					'Menus' => 'menus',
+							} else if ($has_child) {
-					'Plugins' => 'plugins',
+								$used_menu = null;
-					'Visitors' => 'visitors',
+								$nav_construct = '';
-					'Editor' => array(
+								foreach ($menu['link'] as $category => $sub_menu) {
-						'Accounts' => 'accounts',
+									$nav_construct .= '<li class="nav-item"><a href="?p=' . $sub_menu['link'] . '" class="nav-link';
-						'Players' => 'players',
+									if ($page == $sub_menu['link']) {
-					),
+										$nav_construct .= ' active';
-					'Items' => 'items',
+										$used_menu = true;
-					'Tools' => array(
+									}
-						'Notepad' => 'notepad',
+									$nav_construct .= '"><i class="fas fa-' . ($sub_menu['icon'] ?? 'circle') . ' nav-icon"></i><p>' . $sub_menu['name'] . '</p></a></li>';
-						'phpinfo' => 'phpinfo',
+								}
-					),
+								?>
-					'Logs' => array(
+								<li class="nav-item has-treeview<?php echo($used_menu ? ' menu-open' : '') ?>">
-						'Logs' => 'logs',
+									<a href="#" class="nav-link<?php echo($used_menu ? ' active' : '') ?>">
-						'Reports' => 'reports',
+										<i class="nav-icon fas fa-<?php echo($menu['icon'] ?? 'link') ?>"></i>
-					),
+										<p><?php echo $menu['name'] ?></p><i class="right fas fa-angle-left"></i>
-				);
+									</a>
-
+									<ul class="nav nav-treeview">
-				$i = 0;
+										<?php echo $nav_construct; ?>
-				foreach ($menus as $_name => $_page) {
+									</ul>
-					$has_child = is_array($_page);
+								</li>
-					if (!$has_child) {
+								<?php
 						echo '<li ';
 						if ($page == $_page) echo ' class="active"';
 						echo ">";
 						echo '<a href="?p=' . $_page . '"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span></a></li>';
 					}
 					if ($has_child) {
 						$used_menu = "";
 						$nav_construct = '';
 						foreach ($_page as $__name => $__page) {
 							$nav_construct = $nav_construct . '<li';
 							if ($page == $__page) {
 								$nav_construct = $nav_construct . ' class="active"';
 								$used_menu = true;
 							}
 							$nav_construct = $nav_construct . '><a href="?p=' . $__page . '"><i class="fa fa-circle-o"></i> ' . $__name . '</a></li>';
 						}
-						echo '<li class="treeview' . (($used_menu) ? ' menu-open' : '') . '">
+						$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
-                                      <a href="#"><i class="fa fa-' . (isset($icons_a[$i]) ? $icons_a[$i] : 'link') . '"></i> <span>' . $_name . '</span>
+						$menu_db = $query->fetchAll();
-						              <span class="pull-right-container"><i class="fa fa-angle-left pull-right"></i></span></a>
+						foreach ($menu_db as $item) {
-						              <ul class="treeview-menu" style="' . (($used_menu) ? '  display: block' : ' display: none') . '">';
+							if ($item['flags'] == 0 || hasFlag($item['flags'])) { ?>
-						echo $nav_construct;
+								<li class="nav-item">
-						echo '</ul>
+									<a class="nav-link<?php echo($page == $item['page'] ? ' active' : '') ?>" href="?p=<?php echo $item['page'] ?>">
-                                </li>';
+										<i class="nav-icon fas fa-link"></i>
-					}
+										<p><?php echo $item['name'] ?></p>
-					$i++;
+									</a>
-				}
+								</li>
 								<?php
 							}
 						}
 						?>
 					</ul>
 				</nav>
 			</div>
 		</aside>
-				$query = $db->query('SELECT `name`, `page`, `flags` FROM `' . TABLE_PREFIX . 'admin_menu` ORDER BY `ordering`');
+		<div class="content-wrapper" style="min-height: 823px;">
-				$menu_db = $query->fetchAll();
+			<div class="content-header">
-				foreach ($menu_db as $item) {
+				<div class="container-fluid">
-					if ($item['flags'] == 0 || hasFlag($item['flags'])) {
+					<div class="row mb-2">
-						echo '<li ';
+						<div class="col-sm-6">
-						if ($page == $item['page']) echo ' class="active"';
+							<h3 class="m-0 text-dark"><?php echo(isset($title) ? $title : ''); ?><small> - Admin Panel</small></h3>
-						echo ">";
+						</div>
-						echo '<a href="?p=' . $item['page'] . '"><i class="fa fa-link"></i> <span>' . $item['name'] . '</span></a></li>';
+						<div class="col-sm-6">
-					}
+							<div class="float-sm-right d-none d-sm-inline">
-				}
+								<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
-				?>
+							</div>
-			</ul>
+						</div>
-		</section>
+					</div>
 	</aside>
 	<div class="content-wrapper">
 		<section class="content-header">
 			<h1><?php echo(isset($title) ? $title : ''); ?>
 				<small> - Admin Panel</small>
 				<div class="pull-right">
 					<span class="label label-<?php echo(($status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 				</div>
-			</h1>
+			</div>
-		</section>
+			<div class="content">
-		<section class="content">
+				<div class="container-fluid">
-			<?php echo $content; ?>
+					<?php echo $content; ?>
-		</section>
+				</div>
 			</div>
 		</div>
 		<aside class="control-sidebar control-sidebar-dark">
 			<div class="p-3">
 				<h4>Account:</h4>
 				<p><h5><a href="?action=logout"><i class="fas fa-sign-out-alt text-danger"></i> Log out</h5></a>
 				<small>This will log you out</small></p>
 			</div>
 			<div class="p-3">
 				<h4>Site:</h4>
 				<p><h5><a href="<?php echo BASE_URL; ?>" target="_blank"><i class="far fa-eye text-blue"></i> Preview</a></h5>
 				<small>This will open a new tab</small></p>
 			</div>
 			<div class="p-3">
 				<h4>Version:</h4>
 				<p><h5><a href="?p=version"><i class="fas fa-code-branch"></i> <?php echo MYAAC_VERSION; ?></a></h5>
 				<small>Check for updates</small></p>
 			</div>
 			<div class="p-3">
 				<h4>Site:</h4>
 				<p><h5><a href="https://github.com/slawkens/myaac" target="_blank"><i class="fab fa-github"></i> Github</a></h5>
 				<small>Goto GitHub Page</small></p>
 				<p><h5><a href="http://my-aac.org/" target="_blank"><i class="fas fa-shoe-prints"></i> MyAAC Official</a></h5>
 				<small>Goto MyAAC Official Website</small></p>
 				<p><h5><a href="?p=open_source"><i class="fas fa-wrench"></i> Open Source</a></h5>
 				<small>View Open Source Software MyAAC is using</small></p>
 			</div>
 		</aside>
 		<footer class="main-footer">
 			<div class="float-sm-right d-none d-sm-inline">
 				<span class="p-2 right badge badge-<?php echo((isset($status['online']) and $status['online']) ? 'success' : 'danger'); ?>"><?php echo $config['lua']['serverName'] ?></span>
 			</div>
 			<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
 		</footer>
 		<div id="sidebar-overlay"></div>
 	</div>
-	<footer class="main-footer">
+<?php } else if (!$logged && !admin()) {
 		<div class="pull-right hidden-xs">
 			<div id="status">
 				<?php if ($status['online']): ?>
 					<p class="success" style="width: 120px; text-align: center;">Server Online</p>
 				<?php else: ?>
 					<p class="error" style="width: 120px; text-align: center;">Server Offline</p>
 				<?php endif; ?>
 			</div>
 		</div>
 		<?php echo base64_decode('UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vbXktYWFjLm9yZyIgdGFyZ2V0PSJfYmxhbmsiPk15QUFDLjwvYT4='); ?>
 	</footer>
 	<aside class="control-sidebar control-sidebar-dark">
 		<ul class="nav nav-tabs nav-justified control-sidebar-tabs">
 			<li class="active"><a href="#control-sidebar-home-tab" data-toggle="tab"><i class="fa fa-home"></i></a></li>
 			<li><a href="#control-sidebar-settings-tab" data-toggle="tab"><i class="fa fa-gears"></i></a></li>
 		</ul>
 		<div class="tab-content">
 			<div class="tab-pane active" id="control-sidebar-home-tab">
 				<h3 class="control-sidebar-heading">Account</h3>
 				<ul class="control-sidebar-menu">
 					<li>
 						<a href="?action=logout">
 							<i class="menu-icon fa  fa-sign-out bg-red"></i>
 							<div class="menu-info">
 								<h4 class="control-sidebar-subheading">Log out</h4>
 								<p>This will log you out
 									of <?php echo(USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()); ?></p>
 							</div>
 						</a>
 					</li>
 				</ul>
 				<h3 class="control-sidebar-heading">Site</h3>
 				<ul class="control-sidebar-menu">
 					<li>
 						<a href="<?php echo BASE_URL; ?>" target="_blank">
 							<i class="menu-icon fa  fa-eye bg-blue"></i>
 							<div class="menu-info">
 								<h4 class="control-sidebar-subheading">Preview</h4>
 								<p>This will open a new tab</p>
 							</div>
 						</a>
 					</li>
 				</ul>
 			</div>
 			<div class="tab-pane" id="control-sidebar-settings-tab">
 				<form method="post">
 					<h3 class="control-sidebar-heading">Version</h3>
 					<div class="form-group">
 						<label class="control-sidebar-subheading">
 							<?php echo MYAAC_VERSION; ?> (<a href="?p=version">Check for updates</a>)<br/>
 						</label>
 						<label class="control-sidebar-subheading">
 							<p><a href="https://github.com/slawkens/myaac" target="_blank">Github</a></p>
 					</div>
 				</form>
 			</div>
 		</div>
 	</aside>
 	<div class="control-sidebar-bg"></div>
 </div>
 <?php }
 if (!$logged && !admin()) {
 	echo $content;
 }
 ?>
-
+<?php
 /**
 * @var OTS_Account $account_logged
 */
 if ($logged && admin()) {
 	$twig->display('admin-bar.html.twig', [
 		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
 	]);
 }
 ?>
 <script src="<?php echo BASE_URL; ?>tools/js/bootstrap.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/jquery-ui.min.js"></script>
-<script src="<?php echo BASE_URL; ?>tools/js/jquery.dataTables.min.js"></script>
+<?php if (isset($use_datatable))  { ?>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.min.js"></script>
 <script src="<?php echo BASE_URL; ?>tools/js/datatables.bs.min.js"></script>
 <?php } ?>
 <script src="<?php echo BASE_URL; ?>tools/js/adminlte.min.js"></script>
 <?php $hooks->trigger(HOOK_ADMIN_BODY_END); ?>
 </body>
-</html>
+</html>
--- a/admin/tools/phpinfo.php
+++ b/admin/tools/phpinfo.php
@@ -1,4 +1,6 @@
 <?php
 define('MYAAC_ADMIN', true);
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
--- a/admin/tools/reload_data.php
+++ b/admin/tools/reload_data.php
@@ -0,0 +1,46 @@
 <?php
 /**
 * Project: MyAAC
 *     Automatic Account Creator for Open Tibia Servers
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 * @package   MyAAC
 * @author    Slawkens <slawkens@gmail.com>
 * @copyright 2020 MyAAC
 * @link      https://my-aac.org
 */
 define('MYAAC_ADMIN', true);
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 if (!admin())
 	die('Access denied.');
 ini_set('max_execution_time', 300);
 ob_implicit_flush();
 ob_end_flush();
 header('X-Accel-Buffering: no');
 require LIBS . 'DataLoader.php';
 require LOCALE . 'en/main.php';
 require LOCALE . 'en/install.php';
 DataLoader::setLocale($locale);
 DataLoader::load();
--- a/admin/tools/status.php
+++ b/admin/tools/status.php
@@ -1,4 +1,6 @@
 <?php
 define('MYAAC_ADMIN', true);
 require '../../common.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'functions.php';
--- a/admin/tools/upload_image.php
+++ b/admin/tools/upload_image.php
@@ -0,0 +1,53 @@
 <?php
 define('MYAAC_ADMIN', true);
 require '../../common.php';
 require SYSTEM . 'functions.php';
 require SYSTEM . 'init.php';
 require SYSTEM . 'login.php';
 if(!admin())
 	die('Access denied.');
 // Don't attempt to process the upload on an OPTIONS request
 if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
 	header('Access-Control-Allow-Methods: POST, OPTIONS');
 	return;
 }
 $imageFolder = BASE . EDITOR_IMAGES_DIR;
 reset ($_FILES);
 $temp = current($_FILES);
 if (is_uploaded_file($temp['tmp_name'])) {
 	header('Access-Control-Allow-Credentials: true');
 	header('P3P: CP="There is no P3P policy."');
 	// Sanitize input
 	if (preg_match("/([^\w\s\d\-_~,;:\[\]\(\).])|([\.]{2,})/", $temp['name'])) {
 		header('HTTP/1.1 400 Invalid file name.');
 		return;
 	}
 	// Verify extension
 	$ext = strtolower(pathinfo($temp['name'], PATHINFO_EXTENSION));
 	if (!in_array($ext, ['gif', 'jpg', 'png'])) {
 		header('HTTP/1.1 400 Invalid extension.');
 		return;
 	}
 	do {
 		$randomName = generateRandomString(8). ".$ext";
 		$fileToWrite = $imageFolder . $randomName;
 	} while (file_exists($fileToWrite));
 	move_uploaded_file($temp['tmp_name'], $fileToWrite);
 	$returnPathToImage = BASE_URL . EDITOR_IMAGES_DIR . $randomName;
 	echo json_encode(['location' => $returnPathToImage]);
 } else {
 	// Notify editor that the upload failed
 	header('HTTP/1.1 500 Server Error');
 }
--- a/common.php
+++ b/common.php
@@ -23,67 +23,97 @@
 * @copyright 2019 MyAAC
 * @link      https://my-aac.org
 */
-if (version_compare(phpversion(), '5.5', '<')) die('PHP version 5.5 or higher is required.');
+if (version_compare(phpversion(), '7.2.5', '<')) die('PHP version 7.2.5 or higher is required.');
 session_start();
-define('MYAAC', true);
+const MYAAC = true;
-define('MYAAC_VERSION', '0.8.2-dev');
+const MYAAC_VERSION = '0.9.0-alpha';
-define('DATABASE_VERSION', 30);
+const DATABASE_VERSION = 35;
-define('TABLE_PREFIX', 'myaac_');
+const TABLE_PREFIX = 'myaac_';
 define('START_TIME', microtime(true));
 define('MYAAC_OS', stripos(PHP_OS, 'WIN') === 0 ? 'WINDOWS' : (strtoupper(PHP_OS) === 'DARWIN' ? 'MAC' : 'LINUX'));
 define('IS_CLI', in_array(php_sapi_name(), ['cli', 'phpdb']));
 // account flags
-define('FLAG_ADMIN', 1);
+const FLAG_NONE = 0;
-define('FLAG_SUPER_ADMIN', 2);
+const FLAG_ADMIN = 1;
-define('FLAG_CONTENT_PAGES', 4);
+const FLAG_SUPER_ADMIN = 2;
-define('FLAG_CONTENT_MAILER', 8);
+const FLAG_SUPER_BOTH = 3;
-define('FLAG_CONTENT_NEWS', 16);
+const FLAG_CONTENT_PAGES = 4;
-define('FLAG_CONTENT_FORUM', 32);
+const FLAG_CONTENT_MAILER = 8;
-define('FLAG_CONTENT_COMMANDS', 64);
+const FLAG_CONTENT_NEWS = 16;
-define('FLAG_CONTENT_SPELLS', 128);
+const FLAG_CONTENT_FORUM = 32;
-define('FLAG_CONTENT_MONSTERS', 256);
+const FLAG_CONTENT_COMMANDS = 64;
-define('FLAG_CONTENT_GALLERY', 512);
+const FLAG_CONTENT_SPELLS = 128;
-define('FLAG_CONTENT_VIDEOS', 1024);
+const FLAG_CONTENT_MONSTERS = 256;
-define('FLAG_CONTENT_FAQ', 2048);
+const FLAG_CONTENT_GALLERY = 512;
-define('FLAG_CONTENT_MENUS', 4096);
+const FLAG_CONTENT_VIDEOS = 1024;
-define('FLAG_CONTENT_PLAYERS', 8192);
+const FLAG_CONTENT_FAQ = 2048;
 const FLAG_CONTENT_MENUS = 4096;
 const FLAG_CONTENT_PLAYERS = 8192;
 // account access types
 const ACCOUNT_WEB_FLAGS = [
 	FLAG_NONE => 'None',
 	FLAG_ADMIN =>'Admin',
 	FLAG_SUPER_ADMIN => 'Super Admin',
 	FLAG_SUPER_BOTH =>'(Admin + Super Admin)',
 ];
 // news
-define('NEWS', 1);
+const NEWS = 1;
-define('TICKER', 2);
+const TICKER = 2;
-define('ARTICLE', 3);
+const ARTICLE = 3;
 // here you can change location of admin panel
 // you need also to rename folder "admin"
 // this may improve security
 const ADMIN_PANEL_FOLDER = 'admin';
 // directories
-define('BASE', __DIR__ . '/');
+const BASE = __DIR__ . '/';
-define('ADMIN', BASE . 'admin/');
+const ADMIN = BASE . ADMIN_PANEL_FOLDER . '/';
-define('SYSTEM', BASE . 'system/');
+const SYSTEM = BASE . 'system/';
-define('CACHE', SYSTEM . 'cache/');
+const CACHE = SYSTEM . 'cache/';
-define('LOCALE', SYSTEM . 'locale/');
+const LOCALE = SYSTEM . 'locale/';
-define('LIBS', SYSTEM . 'libs/');
+const LIBS = SYSTEM . 'libs/';
-define('LOGS', SYSTEM . 'logs/');
+const LOGS = SYSTEM . 'logs/';
-define('PAGES', SYSTEM . 'pages/');
+const PAGES = SYSTEM . 'pages/';
-define('PLUGINS', BASE . 'plugins/');
+const PLUGINS = BASE . 'plugins/';
-define('TEMPLATES', BASE . 'templates/');
+const TEMPLATES = BASE . 'templates/';
-define('TOOLS', BASE . 'tools/');
+const TOOLS = BASE . 'tools/';
 const VENDOR = BASE . 'vendor/';
 // other dirs
 const SESSIONS_DIR = SYSTEM . 'php_sessions';
 const GUILD_IMAGES_DIR = 'images/guilds/';
 const EDITOR_IMAGES_DIR = 'images/editor/';
 const GALLERY_DIR = 'images/gallery/';
 // menu categories
-define('MENU_CATEGORY_NEWS', 1);
+const MENU_CATEGORY_NEWS = 1;
-define('MENU_CATEGORY_ACCOUNT', 2);
+const MENU_CATEGORY_ACCOUNT = 2;
-define('MENU_CATEGORY_COMMUNITY', 3);
+const MENU_CATEGORY_COMMUNITY = 3;
-define('MENU_CATEGORY_FORUM', 4);
+const MENU_CATEGORY_FORUM = 4;
-define('MENU_CATEGORY_LIBRARY', 5);
+const MENU_CATEGORY_LIBRARY = 5;
-define('MENU_CATEGORY_SHOP', 6);
+const MENU_CATEGORY_SHOP = 6;
 // otserv versions
-define('OTSERV', 1);
+const OTSERV = 1;
-define('OTSERV_06', 2);
+const OTSERV_06 = 2;
-define('OTSERV_FIRST', OTSERV);
+const OTSERV_FIRST = OTSERV;
-define('OTSERV_LAST', OTSERV_06);
+const OTSERV_LAST = OTSERV_06;
-define('TFS_02', 3);
+const TFS_02 = 3;
-define('TFS_03', 4);
+const TFS_03 = 4;
-define('TFS_FIRST', TFS_02);
+const TFS_FIRST = TFS_02;
-define('TFS_LAST', TFS_03);
+const TFS_LAST = TFS_03;
 // other definitions
 const ACCOUNT_NUMBER_LENGTH = 8;
 if (!IS_CLI) {
 	session_save_path(SESSIONS_DIR);
 	session_start();
 }
 // basedir
 $basedir = '';
@@ -92,26 +122,30 @@ $size = count($tmp) - 1;
 for($i = 1; $i < $size; $i++)
 	$basedir .= '/' . $tmp[$i];
-$basedir = str_replace(array('/admin', '/install'), '', $basedir);
+$basedir = str_replace(['/' . ADMIN_PANEL_FOLDER, '/install', '/tools'], '', $basedir);
 define('BASE_DIR', $basedir);
-if(isset($_SERVER['HTTP_HOST'][0])) {
+if(!IS_CLI) {
-	$baseHost = $_SERVER['HTTP_HOST'];
+	if (isset($_SERVER['HTTP_HOST'][0])) {
-}
+		$baseHost = $_SERVER['HTTP_HOST'];
-else {
+	} else {
-	if(isset($_SERVER['SERVER_NAME'][0])) {
+		if (isset($_SERVER['SERVER_NAME'][0])) {
-		$baseHost = $_SERVER['SERVER_NAME'];
+			$baseHost = $_SERVER['SERVER_NAME'];
-	}
+		} else {
-	else {
+			$baseHost = $_SERVER['SERVER_ADDR'];
-		$baseHost = $_SERVER['SERVER_ADDR'];
+		}
 	}
 	define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
 	define('BASE_URL', SERVER_URL . BASE_DIR . '/');
 	define('ADMIN_URL', SERVER_URL . BASE_DIR . '/' . ADMIN_PANEL_FOLDER . '/');
 	//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
 }
-define('SERVER_URL', 'http' . (isset($_SERVER['HTTPS'][0]) && strtolower($_SERVER['HTTPS']) === 'on' ? 's' : '') . '://' . $baseHost);
+$autoloadFile = VENDOR . 'autoload.php';
-define('BASE_URL', SERVER_URL . BASE_DIR . '/');
+if (!is_file($autoloadFile)) {
-define('ADMIN_URL', SERVER_URL . BASE_DIR . '/admin/');
+	throw new RuntimeException('The vendor folder is missing. Please download Composer: <a href="https://getcomposer.org/download">https://getcomposer.org/download</a>, install it and execute in the main MyAAC directory this command: <b>composer install</b>. Or download MyAAC from <a href="https://github.com/slawkens/myaac/releases">GitHub releases</a>, which includes Vendor folder.');
 }
-//define('CURRENT_URL', BASE_URL . $_SERVER['REQUEST_URI']);
+require $autoloadFile;
 require SYSTEM . 'exception.php';
 require SYSTEM . 'autoload.php';
--- a/composer.json
+++ b/composer.json
@@ -0,0 +1,19 @@
 {
    "require": {
        "php": "^7.2.5 || ^8.0",
        "ext-pdo": "*",
        "ext-pdo_mysql": "*",
        "ext-json": "*",
        "ext-xml": "*",
        "ext-dom": "*",
        "phpmailer/phpmailer": "^6.1",
        "composer/semver": "^3.2",
        "twig/twig": "^2.0",
        "erusev/parsedown": "^1.7",
        "nikic/fast-route": "^1.3",
        "matomo/device-detector": "^6.0"
    },
    "require-dev": {
        "filp/whoops": "^2.15"
    }
 }
--- a/config.php
+++ b/config.php
@@ -52,7 +52,6 @@ $config = array(
 	// head options (html)
 	'meta_description' => 'Tibia is a free massive multiplayer online role playing game (MMORPG).', // description of the site
 	'meta_keywords' => 'free online game, free multiplayer game, ots, open tibia server', // keywords list separated by commas
 	'title_separator' => ' - ',
 	// footer
 	'footer' => ''/*'<br/>Your Server &copy; 2016. All rights reserved.'*/,
@@ -74,7 +73,7 @@ $config = array(
 	'database_user' => '',
 	'database_password' => '',
 	'database_name' => '',
-	'database_log' => false, // should database queries be logged and and saved into system/logs/database.log?
+	'database_log' => false, // should database queries be logged and saved into system/logs/database.log?
 	'database_socket' => '', // set if you want to connect to database through socket (example: /var/run/mysqld/mysqld.sock)
 	'database_persistent' => false, // use database permanent connection (like server), may speed up your site
@@ -86,15 +85,34 @@ $config = array(
 	),
 	// images
-	'outfit_images_url' => 'http://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
+	'outfit_images_url' => 'https://outfit-images.ots.me/outfit.php', // set to animoutfit.php for animated outfit
-	'item_images_url' => 'http://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
+	'outfit_images_wrong_looktypes' => [75, 126, 127, 266, 302], // this looktypes needs to have different margin-top and margin-left because they are wrong positioned
 	'item_images_url' => 'https://item-images.ots.me/1092/', // set to images/items if you host your own items in images folder
 	'item_images_extension' => '.gif',
 	// creatures
 	'creatures_images_url' => 'images/monsters/', // set to images/monsters if you host your own creatures in images folder
 	'creatures_images_extension' => '.gif',
 	'creatures_images_preview' => false,  // set to true to allow picture previews for creatures
 	'creatures_items_url' => 'https://tibia.fandom.com/wiki/', // set to website which shows details about items.
 	'creatures_loot_percentage' => true, // set to true to show the loot tooltip percent
 	// account
 	'account_management' => true, // disable if you're using other method to manage users (fe. tfs account manager)
 	'account_login_by_email' => false, // use email instead of Account Name like in latest Tibia
 	'account_login_by_email_fallback' => false, // allow also additionally login by Account Name/Number (for users that might forget their email)
 	'account_create_auto_login' => false, // auto login after creating account?
 	'account_create_character_create' => true, // allow directly to create character on create account page?
-	'account_mail_verify' => false, // force users to confirm their email addresses when registering account
+	'account_mail_verify' => false, // force users to confirm their email addresses when registering
 	'account_mail_confirmed_reward' => [ // reward users for confirming their E-Mails
 		// account_mail_verify needs to be enabled too
 		'premium_days' => 0,
 		'premium_points' => 0,
 		'coins' => 0,
 		'message' => 'You received %d %s for confirming your E-Mail address.' // example: You received 20 premium points for confirming your E-Mail address.
 	],
 	'account_mail_unique' => true, // email addresses cannot be duplicated? (one account = one email)
 	'account_mail_block_plus_sign' => true, // block email with '+' signs like test+box@gmail.com (help protect against spamming accounts)
 	'account_premium_days' => 0, // default premium days on new account
 	'account_premium_points' => 0, // default premium points on new account
 	'account_welcome_mail' => true, // send welcome email when user registers
@@ -124,18 +142,24 @@ $config = array(
 	'smtp_secure' => '', // What kind of encryption to use on the SMTP connection. Options: '', 'ssl' (GMail) or 'tls' (Microsoft Outlook)
 	'smtp_debug' => false, // set true to debug (you will see more info in error.log)
 	// reCAPTCHA (prevent spam bots)
 	'recaptcha_enabled' => false, // enable recaptcha verification code
 	'recaptcha_site_key' => '', // get your own site and secret keys at https://www.google.com/recaptcha
 	'recaptcha_secret_key' => '',
 	'recaptcha_theme' => 'light', // light, dark
 	//
 	'generate_new_reckey' => true,				// let player generate new recovery key, he will receive e-mail with new rec key (not display on page, hacker can't generate rec key)
 	'generate_new_reckey_price' => 20,			// price for new recovery key
 	'send_mail_when_change_password' => true,	// send e-mail with new password when change password to account
 	'send_mail_when_generate_reckey' => true,	// send e-mail with rec key (key is displayed on page anyway when generate)
 	// you may need to adjust this for older tfs versions
 	// by removing Community Manager
 	'account_types' => [
 		'None',
 		'Normal',
 		'Tutor',
 		'Senior Tutor',
 		'Gamemaster',
 		'Community Manager',
 		'God',
 	],
 	// genders (aka sex)
 	'genders' => array(
 		0 => 'Female',
@@ -151,17 +175,25 @@ $config = array(
 		4 => 'Knight Sample'
 	),
 	'use_character_sample_skills' => false,
 	// it must show limited number of players after using search in character page
 	'characters_search_limit' => 15,
 	// town list used when creating character
 	// won't be displayed if there is only one item (rookgaard for example)
 	'character_towns' => array(1),
-	// characters lenght
+	// characters length
-	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum lenght be 21.
+	// This is the minimum and the maximum length that a player can create a character. It is highly recommend the maximum length to be 21.
 	'character_name_min_length' => 4,
 	'character_name_max_length' => 21,
 	'character_name_npc_check' => true,
 	// list of towns
-	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (generated from your .OTBM map)
+	// if you use TFS 1.3 with support for 'towns' table in database, then you can ignore this - it will be configured automatically (from MySQL database - Table - towns)
 	// otherwise it will try to load from your .OTBM map file
 	// if you don't see towns on website, then you need to fill this out
 	'towns' => array(
 		0 => 'No town',
 		1 => 'Sample town'
@@ -172,6 +204,7 @@ $config = array(
 	'guild_need_level' => 1, // min. level to form a guild
 	'guild_need_premium' => true, // require premium account to form a guild?
 	'guild_image_size_kb' => 80, // maximum size of the guild logo image in KB (kilobytes)
 	'guild_description_default' => 'New guild. Leader must edit this text :)',
 	'guild_description_chars_limit' => 1000, // limit of guild description
 	'guild_description_lines_limit' => 6, // limit of lines, if description has more lines it will be showed as long text, without 'enters'
 	'guild_motd_chars_limit' => 150, // limit of MOTD (message of the day) that is shown later in the game on the guild channel
@@ -192,19 +225,19 @@ $config = array(
 	'team_display_outfit' => true,
 	// bans page
-	'bans_limit' => 50,
+	'bans_per_page' => 20,
 	'bans_display_all' => true, // should all bans be displayed? (sorted page by page)
 	// highscores page
 	'highscores_vocation_box' => true, // show 'Choose a vocation' box on the highscores (allowing peoples to sort highscores by vocation)?
 	'highscores_vocation' => true, // show player vocation under his nickname?
-	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)? Only 0.3
+	'highscores_frags' => false, // show 'Frags' tab (best fraggers on the server)?
 	'highscores_balance' => false, // show 'Balance' tab (richest players on the server)
 	'highscores_outfit' => true, // show player outfit?
 	'highscores_country_box' => false, // doesnt work yet! (not implemented)
 	'highscores_groups_hidden' => 3, // this group id and higher won't be shown on the highscores
 	'highscores_ids_hidden' => array(0), // this ids of players will be hidden on the highscores (should be ids of samples)
-	'highscores_length' => 100, // how many records per page on highscores
+	'highscores_per_page' => 100, // how many records per page on highscores
 	'highscores_cache_ttl' => 15, // how often to update highscores from database in minutes (default 15 minutes)
 	// characters page
 	'characters' => array( // what things to display on character view page (true/false in each option)
@@ -221,7 +254,10 @@ $config = array(
 		'frags' => false,
 		'deleted' => false, // should deleted characters from same account be still listed on the list of characters? When enabled it will show that character is "[DELETED]"
 	),
-	'quests' => array(), // quests list (displayed in character view), name => storage
+	'quests' => array(
 		//'Some Quest' => 123,
 		//'Some Quest Two' => 456,
 	), // quests list (displayed in character view), name => storage
 	'signature_enabled' => true,
 	'signature_type' => 'tibian', // signature engine to use: tibian, mango, gesior
 	'signature_cache_time' => 5, // how long to store cached file (in minutes), default 5 minutes
@@ -252,9 +288,10 @@ $config = array(
 	'last_kills_limit' => 50, // max. number of deaths shown on the last kills page
 	// status, took automatically from config file if empty
 	'status_enabled' => true, // you can disable status checking by settings this to "false"
 	'status_ip' => '',
 	'status_port' => '',
-	'status_timeout' => 2, // how long to wait for the initial response from the server (default: 2 seconds)
+	'status_timeout' => 2.0, // how long to wait for the initial response from the server (default: 2 seconds)
 	// how often to connect to server and update status (default: every minute)
 	// if your status timeout in config.lua is bigger, that it will be used instead
@@ -262,7 +299,11 @@ $config = array(
 	'status_interval' => 60,
 	// admin panel
-	'admin_panel_modules' => 'lastlogin,points,coins',
+	'admin_plugins_manage_enable' => 'yes', // you can disable possibility to upload and uninstall plugins, for security
 	// enable support for plain php pages in admin panel, for security
 	// existing pages still will be working, so you need to delete them manually
 	'admin_pages_php_enable' => 'no',
 	'admin_panel_modules' => 'statistics,web_status,server_status,lastlogin,created,points,coins,balance',    // default - statistics,web_status,server_status,lastlogin,created,points,coins,balance
 	// other
 	'anonymous_usage_statistics' => true,
--- a/cypress.config.js
+++ b/cypress.config.js
@@ -0,0 +1,9 @@
 const { defineConfig } = require("cypress");
 module.exports = defineConfig({
  e2e: {
    setupNodeEvents(on, config) {
      // implement node event listeners here
    },
  },
 });
--- a/cypress/e2e/1-install.cy.js
+++ b/cypress/e2e/1-install.cy.js
@@ -0,0 +1,75 @@
 describe('Install MyAAC', () => {
 	beforeEach(() => {
 		// Cypress starts out with a blank slate for each test
 		// so we must tell it to visit our website with the `cy.visit()` command.
 		// Since we want to visit the same URL at the start of all our tests,
 		// we include it in our beforeEach function so that it runs before each test
 		cy.visit(Cypress.env('URL'))
 	})
 	it('Go through installer', () => {
 		cy.visit(Cypress.env('URL') + '/install/?step=welcome')
 		cy.wait(1000)
 		cy.screenshot('install-welcome')
 		// step 1 - Welcome
 		cy.get('select[name="lang"]').select('en')
 		//cy.get('input[type=button]').contains('Next »').click()
 		cy.get('form').submit()
 		// step 2 - License
 		// just skip
 		cy.contains('GNU/GPL License');
 		cy.get('form').submit()
 		// step 3 - Requirements
 		cy.contains('Requirements check');
 		cy.get('#step').then(elem => {
 			elem.val('config');
 		});
 		cy.get('form').submit()
 		// step 4 - Configuration
 		cy.contains('Basic configuration');
 		cy.get('#vars_server_path').click().clear().type(Cypress.env('SERVER_PATH'))
 		cy.get('#vars_mail_admin').click().clear().type('noone@example.net')
 		cy.get('[type="checkbox"]').uncheck() // usage statistics uncheck
 		cy.wait(1000)
 		cy.get('form').submit()
 		// check if there is any error
 		// step 5 - Import Schema
 		cy.contains('Import MySQL schema');
 		// AAC is not installed yet, this message should not come
 		cy.contains('Seems AAC is already installed. Skipping importing MySQL schema..').should('not.exist')
 		cy.contains('[class="alert alert-success"]', 'Local configuration has been saved into file: config.local.php').should('be.visible')
 		cy.get('form').submit()
 		// step 6 - Admin Account
 		cy.get('#vars_email').click().clear().type('admin@my-aac.org')
 		cy.get('#vars_account').click().clear().type('admin')
 		cy.get('#vars_password').click().clear().type('test1234')
 		cy.get('#vars_password_confirm').click().clear().type('test1234')
 		cy.get('#vars_player_name').click().clear().type('Admin')
 		cy.get('form').submit()
 		cy.contains('[class="alert alert-success"]', 'Congratulations', { timeout: 30000 }).should('be.visible')
 		cy.screenshot('install-finish')
 	})
 })
--- a/cypress/e2e/2-create-account.cy.js
+++ b/cypress/e2e/2-create-account.cy.js
@@ -0,0 +1,33 @@
 describe('Create Account Page', () => {
 	beforeEach(() => {
 		// Cypress starts out with a blank slate for each test
 		// so we must tell it to visit our website with the `cy.visit()` command.
 		// Since we want to visit the same URL at the start of all our tests,
 		// we include it in our beforeEach function so that it runs before each test
 		cy.visit(Cypress.env('URL') + '/index.php/account/create')
 	})
 	it('Create Test Account', () => {
 		cy.screenshot('create-account-page')
 		cy.get('#account_input').type('tester')
 		cy.get('#email').type('tester@example.com')
 		cy.get('#password').type('test1234')
 		cy.get('#password2').type('test1234')
 		cy.get('#character_name').type('Slaw')
 		cy.get('#sex1').check()
 		cy.get('#vocation1').check()
 		cy.get('#accept_rules').check()
 		cy.get('#createaccount').submit()
 		// no errors please
 		cy.contains('The Following Errors Have Occurred:').should('not.exist')
 		// ss of post page
 		cy.screenshot('create-account-page-post')
 	})
 })
--- a/cypress/fixtures/example.json
+++ b/cypress/fixtures/example.json
@@ -0,0 +1,5 @@
 {
  "name": "Using fixtures to represent data",
  "email": "hello@cypress.io",
  "body": "Fixtures are a great way to mock data for responses to routes"
 }
--- a/cypress/support/commands.js
+++ b/cypress/support/commands.js
@@ -0,0 +1,25 @@
 // ***********************************************
 // This example commands.js shows you how to
 // create various custom commands and overwrite
 // existing commands.
 //
 // For more comprehensive examples of custom
 // commands please read more here:
 // https://on.cypress.io/custom-commands
 // ***********************************************
 //
 //
 // -- This is a parent command --
 // Cypress.Commands.add('login', (email, password) => { ... })
 //
 //
 // -- This is a child command --
 // Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
 //
 //
 // -- This is a dual command --
 // Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
 //
 //
 // -- This will overwrite an existing command --
 // Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })
--- a/cypress/support/e2e.js
+++ b/cypress/support/e2e.js
@@ -0,0 +1,20 @@
 // ***********************************************************
 // This example support/e2e.js is processed and
 // loaded automatically before your test files.
 //
 // This is a great place to put global configuration and
 // behavior that modifies Cypress.
 //
 // You can change the location of this file or turn off
 // automatically serving support files with the
 // 'supportFile' configuration option.
 //
 // You can read more here:
 // https://on.cypress.io/configuration
 // ***********************************************************
 // Import commands.js using ES2015 syntax:
 import './commands'
 // Alternatively you can use CommonJS syntax:
 // require('./commands')
--- a/images/del.png
+++ b/images/del.png
--- a/images/druid.png
+++ b/images/druid.png
--- a/images/edit.png
+++ b/images/edit.png
--- a/images/editor/index.html
+++ b/images/editor/index.html
--- a/images/error.png
+++ b/images/error.png
--- a/images/false.png
+++ b/images/false.png
--- a/images/hist.png
+++ b/images/hist.png
--- a/images/info.png
+++ b/images/info.png
--- a/images/knight.png
+++ b/images/knight.png
--- a/images/news/delete.png
+++ b/images/news/delete.png
--- a/images/notify.png
+++ b/images/notify.png
--- a/images/paladin.png
+++ b/images/paladin.png
--- a/images/plus.png
+++ b/images/plus.png
--- a/images/search.png
+++ b/images/search.png
--- a/images/sorcerer.png
+++ b/images/sorcerer.png
--- a/images/success.png
+++ b/images/success.png
--- a/images/trash.png
+++ b/images/trash.png
--- a/images/true.png
+++ b/images/true.png
--- a/index.php
+++ b/index.php
@@ -28,18 +28,22 @@ require_once 'common.php';
 require_once SYSTEM . 'functions.php';
 $uri = $_SERVER['REQUEST_URI'];
 if(false !== strpos($uri, 'index.php')) {
 	$uri = str_replace_first('/index.php', '', $uri);
 }
-$tmp = BASE_DIR;
+if(0 === strpos($uri, '/')) {
 if(!empty($tmp))
 	$uri = str_replace(BASE_DIR . '/', '', $uri);
 else
 	$uri = str_replace_first('/', '', $uri);
 }
-$uri = str_replace(array('index.php/', '?'), '', $uri);
+if(preg_match("/^[A-Za-z0-9-_%'+\/]+\.png$/i", $uri)) {
-define('URI', $uri);
+	if (!empty(BASE_DIR)) {
 		$tmp = explode('.', str_replace_first(str_replace_first('/', '', BASE_DIR) . '/', '', $uri));
 	}
 	else {
 		$tmp = explode('.', $uri);
 	}
 if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	$tmp = explode('.', $uri);
 	$_REQUEST['name'] = urldecode($tmp[0]);
 	chdir(TOOLS . 'signature');
@@ -47,8 +51,8 @@ if(preg_match("/^[A-Za-z0-9-_%\'+]+\.png$/i", $uri)) {
 	exit();
 }
-if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|php|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
+if(preg_match("/^(.*)\.(gif|jpg|png|jpeg|tiff|bmp|css|js|less|map|html|zip|rar|gz|ttf|woff|ico)$/i", $_SERVER['REQUEST_URI'])) {
-	header('HTTP/1.0 404 Not Found');
+	http_response_code(404);
 	exit;
 }
@@ -56,11 +60,17 @@ if(file_exists(BASE . 'config.local.php')) {
 	require_once BASE . 'config.local.php';
 }
 ini_set('log_errors', 1);
 if(config('env') === 'dev') {
 	ini_set('display_errors', 1);
 	ini_set('display_startup_errors', 1);
 	error_reporting(E_ALL);
 }
 else {
 	ini_set('display_errors', 0);
 	ini_set('display_startup_errors', 0);
 	error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
 }
 if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE . 'install'))
 {
@@ -68,108 +78,15 @@ if((!isset($config['installed']) || !$config['installed']) && file_exists(BASE .
 	throw new RuntimeException('Setup detected that <b>install/</b> directory exists. Please visit <a href="' . BASE_URL . 'install">this</a> url to start MyAAC Installation.<br/>Delete <b>install/</b> directory if you already installed MyAAC.<br/>Remember to REFRESH this page when you\'re done!');
 }
 $found = false;
 if(empty($uri) || isset($_REQUEST['template'])) {
 	$_REQUEST['p'] = 'news';
 	$found = true;
 }
 else {
 	$tmp = strtolower($uri);
 	if(!preg_match('/[^A-z0-9_\-]/', $uri) && file_exists(SYSTEM . 'pages/' . $tmp . '.php')) {
 		$_REQUEST['p'] = $uri;
 		$found = true;
 	}
 	else {
 		$rules = array(
 			'/^account\/manage\/?$/' => array('subtopic' => 'accountmanagement'),
 			'/^account\/create\/?$/' => array('subtopic' => 'createaccount'),
 			'/^account\/lost\/?$/' => array('subtopic' => 'lostaccount'),
 			'/^account\/logout\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'logout'),
 			'/^account\/password\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_password'),
 			'/^account\/register\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register'),
 			'/^account\/register\/new\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'register_new'),
 			'/^account\/email\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_email'),
 			'/^account\/info\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_info'),
 			'/^account\/character\/create\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'create_character'),
 			'/^account\/character\/name\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_name'),
 			'/^account\/character\/sex\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_sex'),
 			'/^account\/character\/delete\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'delete_character'),
 			'/^account\/character\/comment\/[A-Za-z0-9-_%+\']+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment', 'name' => '$3'),
 			'/^account\/character\/comment\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'change_comment'),
 			'/^account\/confirm_email\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'accountmanagement', 'action' => 'confirm_email', 'v' => '$2'),
 			'/^characters\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'characters', 'name' => '$1'),
 			'/^changelog\/[0-9]+\/?$/' => array('subtopic' => 'changelog', 'page' => '$1'),
 			'/^commands\/add\/?$/' => array('subtopic' => 'commands', 'action' => 'add'),
 			'/^commands\/edit\/?$/' => array('subtopic' => 'commands', 'action' => 'edit'),
 			'/^faq\/add\/?$/' => array('subtopic' => 'faq', 'action' => 'add'),
 			'/^faq\/edit\/?$/' => array('subtopic' => 'faq', 'action' => 'edit'),
 			'/^forum\/add_board\/?$/' => array('subtopic' => 'forum', 'action' => 'add_board'),#
 			'/^forum\/edit_board\/?$/' => array('subtopic' => 'forum', 'action' => 'edit_board'),
 			'/^forum\/board\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2'),
 			'/^forum\/board\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_board', 'id' => '$2', 'page' => '$3'),
 			'/^forum\/thread\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2'),
 			'/^forum\/thread\/[0-9]+\/[0-9]+\/?$/' => array('subtopic' => 'forum', 'action' => 'show_thread', 'id' => '$2', 'page' => '$3'),
 			'/^gallery\/add\/?$/' => array('subtopic' => 'gallery', 'action' => 'add'),
 			'/^gallery\/edit\/?$/' => array('subtopic' => 'gallery', 'action' => 'edit'),
 			'/^gallery\/[0-9]+\/?$/' => array('subtopic' => 'gallery', 'image' => '$1'),
 			'/^gifts\/history\/?$/' => array('subtopic' => 'gifts', 'action' => 'show_history'),
 			'/^guilds\/[A-Za-z0-9-_%+\']+$/' => array('subtopic' => 'guilds', 'action' => 'show', 'guild' => '$1'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2', 'page' => '$3'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[0-9]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'page' => '$2'),
 			'/^highscores\/[A-Za-z0-9-_]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1', 'vocation' => '$2'),
 			'/^highscores\/[A-Za-z0-9-_\']+\/?$/' => array('subtopic' => 'highscores', 'list' => '$1'),
 			'/^news\/add\/?$/' => array('subtopic' => 'news', 'action' => 'add'),
 			'/^news\/edit\/?$/' => array('subtopic' => 'news', 'action' => 'edit'),
 			'/^news\/archive\/?$/' => array('subtopic' => 'newsarchive'),
 			'/^news\/archive\/[0-9]+\/?$/' => array('subtopic' => 'newsarchive', 'id' => '$2'),
 			'/^polls\/[0-9]+\/?$/' => array('subtopic' => 'polls', 'id' => '$1'),
 			'/^spells\/[A-Za-z0-9-_%]+\/[A-Za-z0-9-_]+\/?$/' => array('subtopic' => 'spells', 'vocation' => '$1', 'order' => '$2'),
 			'/^houses\/view\/?$/' => array('subtopic' => 'houses', 'page' => 'view')
 		);
 		foreach($rules as $rule => $redirect) {
 			if (preg_match($rule, $uri)) {
 				$tmp = explode('/', $uri);
 				/* @var $redirect array */
 				foreach($redirect as $key => $value) {
 					if(strpos($value, '$') !== false) {
 						$value = str_replace('$' . $value[1], $tmp[$value[1]], $value);
 					}
 					$_REQUEST[$key] = $value;
 					$_GET[$key] = $value;
 				}
 				$found = true;
 				break;
 			}
 		}
 	}
 }
 // define page visited, so it can be used within events system
 $page = isset($_REQUEST['subtopic']) ? $_REQUEST['subtopic'] : (isset($_REQUEST['p']) ? $_REQUEST['p'] : '');
 if(empty($page) || !preg_match('/^[A-z0-9\_\-]+$/', $page)) {
 	$tmp = URI;
 	if(!empty($tmp)) {
 		$page = $tmp;
 	}
 	else {
 		if(!$found)
 			$page = '404';
 		else
 			$page = 'news';
 	}
 }
 $page = strtolower($page);
 define('PAGE', $page);
 $template_place_holders = array();
 require_once SYSTEM . 'init.php';
 // verify myaac tables exists in database
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
 // event system
 require_once SYSTEM . 'hooks.php';
 $hooks = new Hooks();
@@ -181,31 +98,9 @@ require_once SYSTEM . 'status.php';
 $twig->addGlobal('config', $config);
 $twig->addGlobal('status', $status);
-// verify myaac tables exists in database
+require_once SYSTEM . 'router.php';
 if(!$db->hasTable('myaac_account_actions')) {
 	throw new RuntimeException('Seems that the table <strong>myaac_account_actions</strong> of MyAAC doesn\'t exist in the database. This is a fatal error. You can try to reinstall MyAAC by visiting <a href="' . BASE_URL . 'install">this</a> url.');
 }
-// database migrations
+require SYSTEM . 'migrate.php';
 $tmp = '';
 if(fetchDatabaseConfig('database_version', $tmp)) { // we got version
 	$tmp = (int)$tmp;
 	if($tmp < DATABASE_VERSION) { // import if older
 		$db->revalidateCache();
 		for($i = $tmp + 1; $i <= DATABASE_VERSION; $i++) {
 			require SYSTEM . 'migrations/' . $i . '.php';
 			updateDatabaseConfig('database_version', $i);
 		}
 	}
 }
 else { // register first version
 	registerDatabaseConfig('database_version', 0);
 	$db->revalidateCache();
 	for($i = 1; $i <= DATABASE_VERSION; $i++) {
 		require SYSTEM . 'migrations/' . $i . '.php';
 		updateDatabaseConfig('database_version', $i);
 	}
 }
 $hooks->trigger(HOOK_STARTUP);
@@ -253,35 +148,6 @@ if($config['visitors_counter'])
 	$visitors = new Visitors($config['visitors_counter_ttl']);
 }
 // page content loading
 if(!isset($content[0]))
 	$content = '';
 $load_it = true;
 // check if site has been closed
 $site_closed = false;
 if(fetchDatabaseConfig('site_closed', $site_closed)) {
 	$site_closed = ($site_closed == 1);
 	if($site_closed) {
 		if(!admin())
 		{
 			$title = getDatabaseConfig('site_closed_title');
 			$content .= '<p class="note">' . getDatabaseConfig('site_closed_message') . '</p><br/>';
 			$load_it = false;
 		}
 		if(!$logged)
 		{
 			ob_start();
 			require SYSTEM . 'pages/accountmanagement.php';
 			$content .= ob_get_contents();
 			ob_end_clean();
 			$load_it = false;
 		}
 	}
 }
 define('SITE_CLOSED', $site_closed);
 // backward support for gesior
 if($config['backward_support']) {
 	define('INITIALIZED', true);
@@ -290,7 +156,6 @@ if($config['backward_support']) {
 	$layout_name = $template_path;
 	$news_content = '';
 	$tickers_content = '';
 	$subtopic = PAGE;
 	$main_content = '';
 	$config['access_admin_panel'] = 2;
@@ -320,63 +185,15 @@ if($config['backward_support']) {
 		$config['status']['serverStatus_' . $key] = $value;
 }
-if($load_it)
+/**
-{
+ * @var OTS_Account $account_logged
-	if(SITE_CLOSED && admin())
+ */
-		$content .= '<p class="note">Site is under maintenance (closed mode). Only privileged users can see it.</p>';
+if ($logged && admin()) {
-
+	$content .= $twig->render('admin-bar.html.twig', [
-	if($config['backward_support'])
+		'username' => USE_ACCOUNT_NAME ? $account_logged->getName() : $account_logged->getId()
-		require SYSTEM . 'compat_pages.php';
+	]);
 	$ignore = false;
 	$logged_access = 1;
 	if($logged && $account_logged && $account_logged->isLoaded()) {
 		$logged_access = $account_logged->getAccess();
 	}
 	$success = false;
 	$tmp_content = getCustomPage($page, $success);
 	if($success) {
 		$content .= $tmp_content;
 		if(hasFlag(FLAG_CONTENT_PAGES) || superAdmin()) {
 			$pageInfo = getCustomPageInfo($page);
 			$content = $twig->render('admin.pages.links.html.twig', array(
 					'page' => array('id' => $pageInfo !== null ? $pageInfo['id'] : 0, 'hidden' => $pageInfo !== null ? $pageInfo['hidden'] : '0')
 				)) . $content;
 		}
 	} else {
 		$file = SYSTEM . 'pages/' . $page . '.php';
 		if(!@file_exists($file))
 		{
 			$page = '404';
 			$file = SYSTEM . 'pages/404.php';
 		}
 	}
 	ob_start();
 	if($hooks->trigger(HOOK_BEFORE_PAGE)) {
 		if(!$ignore)
 			require $file;
 	}
 	if($config['backward_support'] && isset($main_content[0]))
 		$content .= $main_content;
 	$content .= ob_get_contents();
 	ob_end_clean();
 	$hooks->trigger(HOOK_AFTER_PAGE);
 }
-
+$title_full =  (isset($title) ? $title . ' - ' : '') . $config['lua']['serverName'];
 if($config['backward_support']) {
 	$main_content = $content;
 	if(!isset($title))
 		$title = ucfirst($page);
 	$topic = $title;
 }
 $title_full =  (isset($title) ? $title . $config['title_separator'] : '') . $config['lua']['serverName'];
 require $template_path . '/' . $template_index;
 echo base64_decode('PCEtLSBQb3dlcmVkIGJ5IE15QUFDIDo6IGh0dHBzOi8vd3d3Lm15LWFhYy5vcmcvIC0tPg==') . PHP_EOL;
--- a/install/includes/database.php
+++ b/install/includes/database.php
@@ -6,12 +6,18 @@ $ots = POT::getInstance();
 require SYSTEM . 'database.php';
 if(!isset($db)) {
-	$database_error = $locale['step_database_error_mysql_connect'] . '<br/>' .
+	$database_error = '<p class="lead">' . $locale['step_database_error_mysql_connect'] . '</p>';
-			$locale['step_database_error_mysql_connect_2'] .
+	
-			'<ul>' .
+	$database_error .= '<p>' . $locale['step_database_error_mysql_connect_2'] . '</p>';
-				'<li>' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
+
-				'<li>' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
+	$database_error .= '<ul class="list-group">' .
-			'</ul>' . '<br/>' . $error;
+							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_3'] . '</li>' .
 							'<li class="list-group-item list-group-item-warning">' . $locale['step_database_error_mysql_connect_4'] . '</li>' .
 						'</ul>';
 	$database_error .= '<div class="alert alert-danger mt-4">
 							<span>' . $error . '</span>
 						</div>';
 }
 else {
 	if($db->hasTable('accounts'))
--- a/install/includes/functions.php
+++ b/install/includes/functions.php
@@ -62,9 +62,9 @@ function next_buttons($previous = true, $next = true)
 		$ret .= '<input class="button" type="submit" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\';" value="' . $locale['next'] . '" />';
 */
 	if($previous)
-		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
+		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i - 1] . '\'; this.form.submit();" value="&laquo; ' . $locale['previous'] . '" />';
 	if($next)
-		$ret .= '<input type="button" class="button" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
+		$ret .= '<input type="button" class="button btn btn-primary m-2" onclick="document.getElementById(\'step\').value=\'' . $steps[$i + 1] . '\'; this.form.submit(); " value="' . $locale['next'] . ' &raquo;" />';
 	$ret .= '</div>';
 	return $ret;
--- a/install/includes/schema.sql
+++ b/install/includes/schema.sql
@@ -1,3 +1,5 @@
 SET @myaac_database_version = 35;
 CREATE TABLE `myaac_account_actions`
 (
 	`account_id` INT(11) NOT NULL,
@@ -57,6 +59,8 @@ CREATE TABLE `myaac_config`
 	UNIQUE (`name`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 INSERT INTO `myaac_config` (`name`, `value`) VALUES ('database_version', @myaac_database_version);
 CREATE TABLE `myaac_faq`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
@@ -199,25 +203,29 @@ CREATE TABLE `myaac_monsters` (
 	`mana` int(11) NOT NULL DEFAULT 0,
 	`exp` int(11) NOT NULL,
 	`health` int(11) NOT NULL,
 	`look` VARCHAR(255) NOT NULL DEFAULT '',
 	`speed_lvl` int(11) NOT NULL default 1,
 	`use_haste` tinyint(1) NOT NULL,
 	`voices` text NOT NULL,
 	`immunities` varchar(255) NOT NULL,
 	`elements` TEXT NOT NULL,
 	`summonable` tinyint(1) NOT NULL,
 	`convinceable` tinyint(1) NOT NULL,
 	`pushable` TINYINT(1) NOT NULL DEFAULT '0',
 	`canpushitems` TINYINT(1) NOT NULL DEFAULT '0',
 	`canwalkonenergy` TINYINT(1) NOT NULL DEFAULT '0',
 	`canwalkonpoison` TINYINT(1) NOT NULL DEFAULT '0',
 	`canwalkonfire` TINYINT(1) NOT NULL DEFAULT '0',
 	`runonhealth` TINYINT(1) NOT NULL DEFAULT '0',
 	`hostile` TINYINT(1) NOT NULL DEFAULT '0',
 	`attackable` TINYINT(1) NOT NULL DEFAULT '0',
 	`rewardboss` TINYINT(1) NOT NULL DEFAULT '0',
 	`defense` INT(11) NOT NULL DEFAULT '0',
 	`armor` INT(11) NOT NULL DEFAULT '0',
 	`canpushcreatures` TINYINT(1) NOT NULL DEFAULT '0',
 	`race` varchar(255) NOT NULL,
 	`loot` text NOT NULL,
-	PRIMARY KEY (`id`)
+	`summons` TEXT NOT NULL,
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
 CREATE TABLE `myaac_videos`
 (
 	`id` INT(11) NOT NULL AUTO_INCREMENT,
 	`title` VARCHAR(100) NOT NULL DEFAULT '',
 	`youtube_id` VARCHAR(20) NOT NULL,
 	`author` VARCHAR(50) NOT NULL DEFAULT '',
 	`ordering` INT(11) NOT NULL DEFAULT 0,
 	`hidden` TINYINT(1) NOT NULL DEFAULT 0,
 	PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
@@ -320,9 +328,10 @@ CREATE TABLE `myaac_spells`
 CREATE TABLE `myaac_visitors`
 (
-	`ip` VARCHAR(16) NOT NULL,
+	`ip` VARCHAR(45) NOT NULL,
 	`lastvisit` INT(11) NOT NULL DEFAULT 0,
-	`page` VARCHAR(100) NOT NULL,
+	`page` VARCHAR(2048) NOT NULL,
 	`user_agent` VARCHAR(255) NOT NULL DEFAULT '',
 	UNIQUE (`ip`)
 ) ENGINE=InnoDB DEFAULT CHARACTER SET=utf8;
--- a/install/includes/twig_error.html
+++ b/install/includes/twig_error.html
@@ -1,11 +1,11 @@
-We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 660 system/cache</span>
+We have detected that you don't have access to write to the system/cache directory. Under linux you can fix it by using this two command, where first one should be enough (for apache):<br/><br/><span class="console">chown -R www-data.www-data /var/www/*</span><br/><span class="console">chmod -R 760 system/cache</span>
 <style type="text/css">
 .console {
-	font-family:Courier;
+	font-family: Courier,serif;
 	color: #CCCCCC;
 	background: #000000;
 	border: 3px double #CCCCCC;
-	padding: 0px;
+	padding: 0;
 }
-</style>
+</style>
--- a/install/index.php
+++ b/install/index.php
@@ -26,13 +26,13 @@ $twig = new Twig_Environment($twig_loader, array(
 ));
 // load installation status
-$step = isset($_POST['step']) ? $_POST['step'] : 'welcome';
+$step = $_REQUEST['step'] ?? 'welcome';
 $install_status = array();
 if(file_exists(CACHE . 'install.txt')) {
 	$install_status = unserialize(file_get_contents(CACHE . 'install.txt'));
-	if(!isset($_POST['step'])) {
+	if(!isset($_REQUEST['step'])) {
 		$step = isset($install_status['step']) ? $install_status['step'] : '';
 	}
 }
@@ -70,7 +70,7 @@ if($step == 'database') {
 		$key = str_replace('var_', '', $key);
-		if(in_array($key, array('account', 'password', 'email', 'player_name'))) {
+		if(in_array($key, array('account', 'account_id', 'password', 'password_confirm', 'email', 'player_name'))) {
 			continue;
 		}
@@ -95,10 +95,6 @@ if($step == 'database') {
 			$errors[] = $locale['step_config_mail_admin_error'];
 			break;
 		}
 		else if($key == 'mail_address' && !Validator::email($value)) {
 			$errors[] = $locale['step_config_mail_address_error'];
 			break;
 		}
 		else if($key == 'timezone' && !in_array($value, DateTimeZone::listIdentifiers())) {
 			$errors[] = $locale['step_config_timezone_error'];
 			break;
@@ -114,18 +110,17 @@ if($step == 'database') {
 	}
 }
 else if($step == 'admin') {
-	$config_failed = true;
+	if(!file_exists(BASE . 'config.local.php') || !isset($config['installed']) || !$config['installed']) {
 	if(file_exists(BASE . 'config.local.php') && isset($config['installed']) && $config['installed'] && isset($_SESSION['saved'])) {
 		$config_failed = false;
 	}
 	if($config_failed) {
 		$step = 'database';
 	}
 	else {
 		$_SESSION['saved'] = true;
 	}
 }
 else if($step == 'finish') {
 	$email = $_SESSION['var_email'];
 	$password = $_SESSION['var_password'];
 	$password_confirm = $_SESSION['var_password_confirm'];
 	$player_name = $_SESSION['var_player_name'];
 	// email check
@@ -167,6 +162,9 @@ else if($step == 'finish') {
 	else if(!Validator::password($password)) {
 		$errors[] = $locale['step_admin_password_error_format'];
 	}
 	else if($password != $password_confirm) {
 		$errors[] = $locale['step_admin_password_confirm_error_not_same'];
 	}
 	// player name check
 	if(empty($player_name)) {
--- a/install/steps/1-welcome.php
+++ b/install/steps/1-welcome.php
@@ -1,7 +1,7 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['saved'])) {
-	echo '<p class="warning">' . $locale['already_installed'] . '</p>';
+	echo '<div class="alert alert-warning"><span>' . $locale['already_installed'] . '</span></div>';
 }
 else {
 	unset($_SESSION['saved']);
--- a/install/steps/3-requirements.php
+++ b/install/steps/3-requirements.php
@@ -1,6 +1,23 @@
 <?php
 defined('MYAAC') or die('Direct access not allowed!');
 // configuration
 $dirs_required = [
 	'system/logs',
 	'system/cache',
 ];
 $dirs_optional = [
 	GUILD_IMAGES_DIR => $locale['step_requirements_warning_images_guilds'],
 	GALLERY_DIR => $locale['step_requirements_warning_images_gallery'],
 ];
 $extensions_required = [
 	'pdo', 'pdo_mysql', 'json', 'xml'
 ];
 $extensions_optional = [
 	'gd' => $locale['step_requirements_warning_player_signatures'],
 	'zip' => $locale['step_requirements_warning_install_plugins'],
 ];
 /*
 *
 * @param string $name
@@ -10,11 +27,11 @@ defined('MYAAC') or die('Direct access not allowed!');
 function version_check($name, $ok, $info = '', $warning = false)
 {
 	global $failed;
-	echo '<p class="' . ($ok ? 'success' : ($warning ? 'warning' : 'error')) . '">' . $name;
+	echo '<div class="alert alert-' . ($ok ? 'success' : ($warning ? 'warning' : 'danger')) . '">' . $name;
 	if(!empty($info))
 		echo ': <b>' . $info . '</b>';
-	echo '</p>';
+	echo '</div>';
 	if(!$ok && !$warning)
 		$failed = true;
 }
@@ -23,27 +40,42 @@ $failed = false;
 // start validating
 version_check($locale['step_requirements_php_version'], (PHP_VERSION_ID >= 50500), PHP_VERSION);
-foreach(array('images/guilds', 'images/houses', 'images/gallery') as $value)
+
 foreach ($dirs_required as $value)
 {
-	$is_writable = is_writable(BASE . $value);
+	$is_writable = is_writable(BASE . $value) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $value));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $value, $is_writable);
 }
 foreach ($dirs_optional as $dir => $errorMsg) {
 	$is_writable = is_writable(BASE . $dir) && (MYAAC_OS != 'WINDOWS' || win_is_writable(BASE . $dir));
 	version_check($locale['step_requirements_write_perms'] . ': ' . $dir, $is_writable, $is_writable ? '' : $errorMsg, true);
 }
 $ini_register_globals = ini_get_bool('register_globals');
 version_check('register_long_arrays', !$ini_register_globals, $ini_register_globals ? $locale['on'] : $locale['off']);
 $ini_safe_mode = ini_get_bool('safe_mode');
 version_check('safe_mode', !$ini_safe_mode, $ini_safe_mode ? $locale['on'] : $locale['off'], true);
-version_check(str_replace('$EXTENSION$', 'PDO', $locale['step_requirements_extension']) , extension_loaded('pdo'), extension_loaded('pdo') ? $locale['loaded'] : $locale['not_loaded']);
+foreach ($extensions_required as $ext) {
-version_check(str_replace('$EXTENSION$', 'XML', $locale['step_requirements_extension']), extension_loaded('xml'), extension_loaded('xml') ? $locale['loaded'] : $locale['not_loaded']);
+	$loaded = extension_loaded($ext);
-version_check(str_replace('$EXTENSION$', 'ZIP', $locale['step_requirements_extension']), extension_loaded('zip'), extension_loaded('zip') ? $locale['loaded'] : $locale['not_loaded']);
+	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded']);
 if($failed)
 {
 	echo '<br/><b>' . $locale['step_requirements_failed'];
 	echo next_form(true, false);
 }
-else
+
 foreach ($extensions_optional as $ext => $errorMsg) {
 	$loaded = extension_loaded($ext);
 	version_check(str_replace('$EXTENSION$', strtoupper($ext), $locale['step_requirements_extension']) , $loaded, $loaded ? $locale['loaded'] : $locale['not_loaded'] . '. ' . $errorMsg, true);
 }
 echo '<div class="text-center m-3">';
 if($failed) {
 	echo '<div class="alert alert-warning"><span>' . $locale['step_requirements_failed'] . '</span></div>';
 	echo next_form(true, false);
 }else {
 	echo next_form(true, true);
-?>
+}
 echo '</div>';
 ?>
--- a/install/steps/5-database.php
+++ b/install/steps/5-database.php
@@ -21,8 +21,6 @@ if(!$error) {
 	// user can disable when he wants
 	$content .= '$config[\'env\'] = \'prod\'; // dev or prod';
 	$content .= PHP_EOL;
 	$content .= '$config[\'mail_enabled\'] = true;';
 	$content .= PHP_EOL;
 	foreach($_SESSION as $key => $value)
 	{
 		if(strpos($key, 'var_') !== false)
@@ -57,20 +55,34 @@ if(!$error) {
 			error($database_error);
 		}
 		else {
-			$twig->display('install.installer.html.twig', array(
+			if(!$db->hasTable('accounts')) {
-				'url' => 'tools/5-database.php',
+				$tmp = str_replace('$TABLE$', 'accounts', $locale['step_database_error_table']);
-				'message' => $locale['loading_spinner']
+				error($tmp);
-			));
+				$error = true;
 			}
 			if(!$db->hasTable('players')) {
 				$tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
 				error($tmp);
 				$error = true;
 			}
 			if(!$db->hasTable('guilds')) {
 				$tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
 				error($tmp);
 				$error = true;
 			}
 			if(!$error) {
 				$twig->display('install.installer.html.twig', array(
 					'url' => 'tools/5-database.php',
 					'message' => $locale['loading_spinner']
 				));
 				if(!Validator::email($_SESSION['var_mail_admin'])) {
 					error($locale['step_config_mail_admin_error']);
 					$error = true;
 				}
 				if(!Validator::email($_SESSION['var_mail_address'])) {
 					error($locale['step_config_mail_address_error']);
 					$error = true;
 				}
 				$content .= '$config[\'session_prefix\'] = \'myaac_' . generateRandomString(8, true, false, true, false) . '_\';';
 				$content .= PHP_EOL;
@@ -82,6 +94,7 @@ if(!$error) {
 				}
 				if($saved) {
 					success($locale['step_database_config_saved']);
 					if(!$error) {
 						$_SESSION['saved'] = true;
 					}
@@ -91,7 +104,7 @@ if(!$error) {
 					unset($_SESSION['saved']);
 					$locale['step_database_error_file'] = str_replace('$FILE$', '<b>' . BASE . 'config.local.php</b>', $locale['step_database_error_file']);
-					warning($locale['step_database_error_file'] . '<br/>
+					error($locale['step_database_error_file'] . '<br/>
 						<textarea cols="70" rows="10">' . $content . '</textarea>');
 				}
 			}
@@ -100,8 +113,10 @@ if(!$error) {
 }
 ?>
-<form action="<?php echo BASE_URL; ?>install/" method="post">
+<div class="text-center m-3">
-	<input type="hidden" name="step" id="step" value="admin" />
+	<form action="<?php echo BASE_URL; ?>install/" method="post">
-	<?php echo next_buttons(true, $error ? false : true);
+		<input type="hidden" name="step" id="step" value="admin" />
-	?>
+		<?php echo next_buttons(true, !$error);
-</form>
+		?>
 	</form>
 </div>
--- a/install/steps/7-finish.php
+++ b/install/steps/7-finish.php
@@ -8,15 +8,14 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
 else {
 	require SYSTEM . 'init.php';
 	if(!$error) {
-		if(USE_ACCOUNT_NAME)
+		if(USE_ACCOUNT_NAME || USE_ACCOUNT_NUMBER)
 			$account = isset($_SESSION['var_account']) ? $_SESSION['var_account'] : null;
 		else
 			$account_id = isset($_SESSION['var_account_id']) ? $_SESSION['var_account_id'] : null;
 		$password = $_SESSION['var_password'];
-		$config_salt_enabled = $db->hasColumn('accounts', 'salt');
+		if(USE_ACCOUNT_SALT)
 		if($config_salt_enabled)
 		{
 			$salt = generateRandomString(10, false, true, true);
 			$password = $salt . $password;
@@ -66,7 +65,6 @@ else {
 			$new_account->setPassword(encrypt($password));
 			$new_account->setEMail($email);
 			$new_account->unblock();
 			$new_account->save();
 			$new_account->setCustomField('created', time());
@@ -75,7 +73,7 @@ else {
 			$account_used = &$new_account;
 		}
-		if($config_salt_enabled)
+		if(USE_ACCOUNT_SALT)
 			$account_used->setCustomField('salt', $salt);
 		$account_used->setCustomField('web_flags', FLAG_ADMIN + FLAG_SUPER_ADMIN);
@@ -83,7 +81,7 @@ else {
 		if($db->hasColumn('accounts', 'group_id'))
 			$account_used->setCustomField('group_id', $groups->getHighestId());
 		if($db->hasColumn('accounts', 'type'))
-			$account_used->setCustomField('type', 5);
+			$account_used->setCustomField('type', 6);
 		if(!$player_db->isLoaded())
 			$player->setAccountId($account_used->getId());
--- a/install/template/style.css
+++ b/install/template/style.css
@@ -1,299 +1,13 @@
-* {
+@import url('https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400&display=swap');
-	margin: 0; padding: 0;
+
 }
 body {
-	text-align: center;
+    font-family: 'Roboto', sans-serif;
 	font: 12px Verdana;
 	color: #000000;
 	background-color: #000000;
 }
 img {
 	border: 0;
 }
-.break {
+h1{
-	font-size: 0;
+    font-weight: 100 !important;
 	width: 0; height: 0;
 	clear: both;
 }
 .alignleft {
 	float: left;
 	margin: 4px 10px 5px 0;
 }
 .alignright {
 	float: right;
 	margin: 4px 0 5px 10px;
 }
 .aligncenter {
 	text-align: center;
 }
-/** BEGIN wrapper **/
+h3 {
-#wrapper {
+    font-weight: 300 !important;
-	background: #ffffff url(images/background.jpg) repeat-x 0 0;
+}
 	width: 980px;
 }
 #header {
 	margin-bottom: 10px;
 	border-bottom: 1px solid #eee;
 	padding-bottom: 15px;
 }
 #footer {
 	padding-top: 15px;
 	border-top: 1px solid #eee;
 	margin-top: 10px;
 	text-align: right;
 	color: #555;
 }
 #header h1 {
 	font-weight: bold;
 	margin: 0;
 	padding: 0;
 }
 #header span {
 	font-size: 25px;
 	color: #000;
 	font-weight: bold;
 	padding-left: 40px;
 	line-height: 80px;
 }
 #version {
 	float: right;
 	color: #000;
 	font-size: 17px;
 	padding-top: 25px;
 	padding-right: 5px;
 }
 /** BEGIN body **/
 #body {
 	background: url(images/wrapper.gif) repeat-y 0 0;
 }
 /** END body **/
 /** BEGIN content **/
 #content {
 	width: 642px;
 	float: left;
 	padding: 20px 18px 20px 20px;
 	color: #434242;
 }
 	/** begin headers **/
 	h1, h2, h3, h4, h5, h6 {
 		font-family: Tahoma;
 		margin-bottom: 10px;
 	}
 	h2, h3, h4, h5, h6 {
 		margin-top: 30px;
 	}
 	h1 { font-size: 2em; }
 	h2 { font-size: 1.6em; }
 	h3 { font-size: 1.3em; }
 	h4, h5, h6 { font-size: 1em; }
 	/** end headers **/
 	/** begin messages **/
 	.error, .success, .note, .warning {
 		font-weight: bold;
 		font-size: 0.9em;
 		padding: 4px 10px 4px 24px;
 		background-repeat: no-repeat;
 		background-position: 5px 6px;
 		border-style: solid;
 		border-width: 1px;
 		line-height: 1.6em;
 		margin-bottom: 10px;
 	}
 	.error {
 		background-color: #FDD9D9;
 		background-image: url(images/error.gif);
 		border-color: #FBA3A3;
 		color: #D80303;
 	}
 	.success {
 		background-color: #E4FCD9;
 		background-image: url(images/success.gif);
 		border-color: #BFFDA3;
 		color: #35A502;
 	}
 	.note {
 		background-color: #DDEAFA;
 		background-image: url(images/note.gif);
 		border-color: #A3D8FD;
 		color: #026DA5;
 	}
 	.warning {
 		background-color: #FBF0B3;
 		background-image: url(images/warning.gif);
 		border-color: #FBBB95;
 		color: #FD6002;
 	}
 	/** end messages **/
 	/** begin form **/
 	form {
 		border: 1px solid #DDDDDD;
 		padding: 16px;
 	}
 		form .input {
 			padding-top: 12px;
 			clear: both;
 		}
 		form .first { 
 			padding-top: 0;
 		}
 		form .input p {
 			margin-bottom: 7px !important;
 		}
 		form input {
 			margin-right: 5px;
 		}
 		form label {
 			margin-right: 10px;
 			color: #8B8B8B;
 		}
 		form input.text, form textarea {
 			border: 1px solid #BEBDBD;
 			font-size: 1em;
 			font-family: Verdana;
 			background-color: #F3F3F3;
 			color: #808080;
 			padding: 2px;
 			max-width: 100%;
 		}
 		.positive, .negative {
 			font-size: 0.9em;
 			font-weight: bold;
 			padding: 1px 0 0 20px;
 			background-repeat: no-repeat;
 			background-position: 0 0;
 			display: inline;
 			margin-top: 2px;
 		}
 		.positive {
 			background-image: url(images/positive.gif);
 			color: #35A502;
 		}
 		.negative {
 			background-image: url(images/negative.gif);
 			color: #D80303;
 		}
 		form textarea {
 			line-height: 1.6em;
 		}
 		form button, form input.button {
 			font-size: 0.9em;
 			font-family: Verdana;
 			font-weight: bold;
 			color: #ffffff;
 			background: #B6B4B4 url(images/button.gif) repeat-x 0 0;
 			border: 1px solid #B6B4B4;
 			padding: 5px 10px;
 		}
 	/** end form **/
 	/** begin table **/
 	table {
 	}
 		table th {
 			font-size: 0.9em;
 			color: #ffffff;
 			background-color: #679BC5;
 			padding: 2px 4px;
 			line-height: 1.6em;
 		}
 		table td {
 			line-height: 1.6em;
 			padding: 2px 4px;
 		}
 		table tr.odd td { background-color: #EEEEEE; }
 		table tr.even td { background-color: #E5E5E5; }
 	/** end table **/
 	/** begin paragraphs, lists, etc. **/
 	#content p {
 		line-height: 1.6em;
 		margin-bottom: 10px;
 	}
 	#content ul, #content ol {
 		list-style-position: inside;
 	}
 	#content li {
 		line-height: 1.6em;
 		padding: 2px 0 2px 0;
 	}
 	a {
 		color: #679BC5;
 	}
 	a:hover {
 		color: #ff0000;
 		text-decoration: none;
 	}
 	blockquote {
 		padding: 10px;
 		background-color: #eeeeee;
 		line-height: 1.6em;
 		border-width: 2px 0 1px;
 		border-style: solid;
 		border-color: #e0e0e0;
 	}
 	/** end paragraphs, lists, etc. **/
 /** END content **/
 /** BEGIN sidebar **/
 #sidebar {
 	width: 300px;
 	float: right;
 	padding: 10px 0;
 }
 	#sidebar h2 {
 		background: green url(images/sidehead.gif) no-repeat 0 0;
 		margin: 0 10px;
 		font-size: 1em;
 		color: #ffffff;
 		padding: 7px 10px;
 	}
 	#sidebar ul {
 		list-style-type: none;
 		background: #E0E0E0 url(images/sidebody.gif) no-repeat 0 bottom;
 		padding: 10px;
 		margin: 0 10px 10px;
 	}
 	#sidebar ul li {
 		padding: 4px 0 4px 14px;
 		background: none;
 		line-height: 1.6em;
 		font-size: 0.9em;
 		font-weight: bold;
 	}
 	#sidebar ul li a {
 		color: #000000;
 		text-decoration: none;
 	}
 	#sidebar ul li a:hover {
 		text-decoration: none;
 		color: #ff0000;
 	}
 	#sidebar ul li a:active {
 		text-decoration: none;
 		color: #ff0000;
 	}
 	#sidebar ul li current {
 		text-decoration: none;
 		color: #ff0000;
 	}
 	.current {
 		text-decoration: none;
 		color: #ff0000;
 	}
--- a/Show More
+++ b/Show More